last executing test programs:

6m10.629314276s ago: executing program 3 (id=1507):
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000001080)='/dev/v4l-touch5\x00', 0x103040, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_BATADV_CMD_TP_METER(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="4627cdf4", @ANYRES16=0x0, @ANYBLOB="3b3d2cbd7000fbdbdf250200000008000300", @ANYRES32=0x0, @ANYBLOB="0a000900aa"], 0x28}, 0x1, 0x100000001000000, 0x0, 0x2019}, 0x8080)
openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x2, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sem\x00', 0xc8202, 0x0)
socket(0x18, 0x80000, 0x2)
sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0)
r1 = socket(0x11, 0xa, 0x9)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0)
socket(0xa, 0x2, 0x0)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000001280)='/dev/sequencer2\x00', 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r1, @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082)
write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef)

6m10.228500942s ago: executing program 3 (id=1509):
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x2183, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(r0, 0x0, 0x7)
writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x9}, 0x3)
kexec_load$auto(0x1, 0x9, 0x0, 0x4)

6m8.257002687s ago: executing program 3 (id=1516):
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
r0 = socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x269)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
ioctl$auto_FIONCLEX(r0, 0x5450, 0xfffffffffffffff9)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8)
openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r0)
r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(r2, 0x0, 0x400018)
sendmsg$auto_NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x70, r1, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r2}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x4}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x4}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x2f, 0x0, 0x1, [@typed={0x12, 0x147, 0x0, 0x0, @str='/dev/ubi_ctrl\x00'}]}, @NL802154_ATTR_SEC_KEY={0x20, 0x30, 0x0, 0x1, [@generic="632878d04d57d508d91e0643211bd90ba07c8928", @typed={0x8, 0xd5, 0x0, 0x0, @fd=r0}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20008040}, 0x4008011)
openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$auto_XFS_IOC_FREESP(r2, 0x4030580b, &(0x7f0000000240)={0x6, 0x1, 0x2, 0x3ff, 0x5, <r3=>0x0})
ptrace$auto(0x4bfd, r3, 0xcf, 0x7)

6m7.133288954s ago: executing program 3 (id=1521):
r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0)
openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0xffffffffffffffff, 0x8000)
r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0)
io_uring_setup$auto(0x2008, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f2b, 0x0)
r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fb0\x00', 0x2a082, 0x0)
r3 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8001, 0x0)
ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r3, 0x1, &(0x7f0000000000)="140400000000000037")
ioctl$auto_FBIOPAN_DISPLAY(r2, 0x4606, &(0x7f0000000000))
statmount$auto(0x0, 0x0, 0x7ffffffff001, 0x0)
socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x7, 0x0, 0x5, 0x3, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0x2, 0x3, 0x105, 0x7, 0x0, 0x0, 0x2}, 0x1fe, 0x81)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000180)=ANY=[@ANYBLOB='*', @ANYRES16, @ANYBLOB="010029bd"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x400c890}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1300"], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0)
mmap$auto(0x4, 0x8, 0xe2, 0xeb1, 0x405, 0x8000)
setsockopt$auto(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x8004)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/block/nbd12/queue/write_cache\x00', 0x80002, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000080)={0x1000, 0x1, 0x3})

6m6.792258636s ago: executing program 3 (id=1522):
set_mempolicy$auto(0x1, &(0x7f0000000180)=0x2, 0x6)
r0 = fanotify_init$auto(0x6c2500, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000850)
unshare$auto(0x40000080)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x9, 0x40000000eb1, r0, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff)
madvise$auto(0x0, 0x2003f2, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
r4 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x282400, 0x0)
write$auto_proc_uid_map_operations_base(r4, 0x0, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r3, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8103cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000)
madvise$auto(0xd, 0x9, 0x3)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/pagemap\x00', 0x200641, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000000, 0xe)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
madvise$auto(0x0, 0x8, 0xe)
fanotify_init$auto(0x6a1, 0x2000000000002)

5m51.617367597s ago: executing program 32 (id=1522):
set_mempolicy$auto(0x1, &(0x7f0000000180)=0x2, 0x6)
r0 = fanotify_init$auto(0x6c2500, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000850)
unshare$auto(0x40000080)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x9, 0x40000000eb1, r0, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff)
madvise$auto(0x0, 0x2003f2, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
r4 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x282400, 0x0)
write$auto_proc_uid_map_operations_base(r4, 0x0, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r3, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8103cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000)
madvise$auto(0xd, 0x9, 0x3)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/pagemap\x00', 0x200641, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000000, 0xe)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
madvise$auto(0x0, 0x8, 0xe)
fanotify_init$auto(0x6a1, 0x2000000000002)

2m4.983954009s ago: executing program 1 (id=2391):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/aoe/flush/uevent\x00', 0x80, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/4072, 0xfe8)
r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/mem\x00', 0x2200, 0x0)
fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0xa17, &(0x7f0000000080)='/sys/devices/virtual/aoe/flush/uevent\x00', &(0x7f0000001140)="d05db2d8653d9637056d105d922fd23ec51614e7323f397c312f46596e4032a599bcc9ce16006f33bca326bc533ae4c760e919f1a98bda65728e8dff065ce0dd1e521777ec696ac448670bb9a9bcc18ce47ac842c6130efa6e36c74ae04e634bbf89d383f9febb006b39272256cd80be11384d5ad2d05a78456bec865eff0fbf1a59ee442d7af4b3a6a3ccc1d5de4bc1820062800cd50790abdfdb1ad1d26494b372384c950838b352a325b244b12917d6056d5e6b1f7226e1", 0x0)
setrlimit$auto(0xfff, &(0x7f00000010c0)={0x5, 0x7})

2m4.638093992s ago: executing program 1 (id=2392):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0)
mmap$auto(0x0, 0x6, 0x10000000000df, 0xeb2, 0x401, 0x8000)
ioctl$auto(0x3, 0x81484d11, 0x38)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
open(&(0x7f0000000100)='.\x00', 0x595002, 0x60c)
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020007, 0x9, 0x6c9f, r1, 0x2008000)
keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff)
madvise$auto(0x0, 0x2003f2, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
r4 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x200000, 0x0)
write$auto_proc_uid_map_operations_base(r4, 0x0, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r3, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8103cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000000, 0xe)

1m49.395840294s ago: executing program 33 (id=2392):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0)
mmap$auto(0x0, 0x6, 0x10000000000df, 0xeb2, 0x401, 0x8000)
ioctl$auto(0x3, 0x81484d11, 0x38)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
open(&(0x7f0000000100)='.\x00', 0x595002, 0x60c)
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020007, 0x9, 0x6c9f, r1, 0x2008000)
keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff)
madvise$auto(0x0, 0x2003f2, 0x15)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
r4 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x200000, 0x0)
write$auto_proc_uid_map_operations_base(r4, 0x0, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r3, @ANYBLOB="01002cbd7000fddbdf2502000000810004006e66736600d8efe42d132b72f30c54315aa74a5b8103cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0)
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000000, 0xe)

1m38.174719056s ago: executing program 5 (id=2415):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x101202, 0x0)
r1 = ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f00000000c0)=0x200)
pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*<P\xb0\x8a\"\x176\xe1p*0\xac\xb9\xd5\xab\xcc$\x9ai\xca\v(\xcd?\x8d\xd2\x1d\xe1\x99N\x028\xe2\x12\t6x\xca{\n\xe86;\x81\xc4\x00\x8b\xed\xfa\xc0\x18\xe7\xd0\x97\xd8\x00\xd5\x85\x03\xf1\f\xcc\xf7\xb16L\xd4\xb0AV.\xe3\x9e\x8csh\x8a\x84\xe30\xde\x8d\xe3\xa4\xf1e\xcf\xb2Rx\x8f\x98G\xc3\xc8UP\xb4-\aW\xb5h\x8b\x98T\xe0n\x8d~\xf2\x8b\x1c>\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xde<o\xb6[o\b\x00', 0x4e, 0x3)
ioctl$auto_VHOST_SET_VRING_ERR2(r1, 0x4008af22, &(0x7f0000000100)={0x5, r0})
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c01, 0x0)
unshare$auto(0x40000080)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x105402, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
r2 = prctl$auto_PR_SET_MM_ARG_START(0x0, 0x8, 0x0, 0xacb, 0xfffffffffffffe01)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)
unshare$auto(0xc470)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07)
read$auto(0x3, 0x0, 0x7fffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x404c534a, 0x38)
quotactl_fd$auto(0x0, 0x80000201, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0x12, 0x10000009}, {0x0, 0x800}}, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x141502, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000280), 0x8000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

1m36.978821639s ago: executing program 5 (id=2438):
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0)
ioctl$auto(r1, 0x40104d07, r1)
ioctl$auto(r0, 0x5646, r0)
pread64$auto(r0, &(0x7f0000000040)='veth1\x00', 0x200000000006, 0x8)
ioctl$auto_FIOASYNC(r0, 0x5452, 0x4)
read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000280)=""/40, 0x28)

1m36.108601895s ago: executing program 5 (id=2440):
socket(0x2, 0x1, 0x106)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x24, r1, 0x1, 0x70bd2a, 0x25dfdc01, {}, [@NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0xe}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x24}}, 0x20040080)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)

1m28.588977475s ago: executing program 0 (id=2454):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1200, 0x0)
r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x301001, 0x0)
ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x1, 0x106)
socket(0xa, 0x2, 0x0)
socket(0x2, 0x1, 0x106)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x51)
socketpair$auto(0x800019, 0xf, 0x1, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyprintk\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)
ioctl$auto(r1, 0x4008af04, r0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0xc0, 0x0)

1m28.178477449s ago: executing program 0 (id=2456):
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000)
sysfs$auto(0x4000002, 0xffff, 0x1)
fsopen$auto(0x0, 0x1)
getgid()
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, r0, 0x0)
openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/filesystems\x00', 0x2, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000280)=""/144, 0x90)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0)
r3 = eventfd2$auto(0x7f, 0x0)
r4 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000200)={0xd, "74a517f574545f6e56dd0a76e95f7ebe732ad2c90cf711c0bb363ed3997e3e14", @inferred=r3})
ioctl$auto(r2, 0x9, r4)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0)
read$auto_tracing_fops_trace(0xffffffffffffffff, &(0x7f0000001580)=""/4077, 0xfed)
mmap$auto(0x4, 0x1, 0xdf, 0x9b72, 0x2, 0x40008000)
close_range$auto(0x2, 0x8, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
unshare$auto(0x40000080)
statmount$auto(0x0, &(0x7f0000000180)={0x3, 0xb9, 0x44f, 0xa, 0x1, 0x1007181, 0x8a0d, 0x4, 0x10007, 0x7, 0x89, 0x29, 0x4, 0x200000000000, 0xfffffffffffff340, 0xfffffffffffffffa, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffb, 0x6, 0x401, 0x22002, 0x9, 0xfffffffd, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x70e2, 0x0, 0xe573, 0xb7, 0x0, 0x0, 0x8, 0x0, 0x9, 0x100000, 0x10000, 0x15b, 0x7, 0x1fc, 0x0, 0x10000000000002, 0x0, 0x0, 0x48, 0x0, 0x3a, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0xe, 0x0, 0x0, 0x0, 0xa53, 0xfffffffffffffffd, 0xfffffffffffffffd]}, 0x7, 0xd)
r5 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r5, 0xfffffff7effffd04, &(0x7f00000001c0))
r6 = socket(0xa, 0x5, 0x0)
bind$auto(r6, &(0x7f0000000040)=@in={0x2, 0x0, @local}, 0x69)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8)

1m27.267696444s ago: executing program 0 (id=2458):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x7fffffff)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/afs/cells\x00', 0x4a801, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000580)="97444df294042614be73f7b0544b102024", 0x11)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
r1 = waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000180)={@_si_pad}, 0x57, &(0x7f0000000200)={{0xeb, 0x8}, {0xfffffffffffffffa, 0x5}, 0x7fffffff, 0x9, 0x9, 0x8, 0x1, 0xffffffff, 0x7ff, 0x4, 0x2, 0x5, 0x4, 0x8, 0x5})
r2 = clone$auto(0x2, 0x2, &(0x7f00000002c0)=0x10, &(0x7f0000000300)=0xffffffff, 0x6)
waitid$auto_P_PGID(0x2, r1, &(0x7f0000000340)={@siginfo_0_0={0x2, 0x4, 0x8, @_timer={r2, 0x4000, @sival_int=0x37, 0x81}}}, 0x0, &(0x7f00000003c0)={{0xfff, 0x5}, {0x7fffffffffffffff, 0x2}, 0xfff, 0x9, 0x7, 0xd15, 0x401, 0x8000, 0x57677380, 0x3, 0x5, 0xa, 0xfb, 0x6, 0x3})
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)

1m27.098026407s ago: executing program 0 (id=2459):
r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x494a42, 0x0)
openat$auto_generic(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
ioctl$auto_BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/system/machinecheck/machinecheck0/cmci_disabled\x00', 0x2062, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000)
mprotect$auto(0x200000000000, 0x806121, 0x6)

1m23.787129312s ago: executing program 0 (id=2464):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)
chdir$auto(&(0x7f0000000000)='}[,&*}\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48)
fchown$auto(r0, 0x0, 0x400)
mmap$auto(0x0, 0x2020008, 0x1000000000000007, 0xeb1, 0x0, 0x1008000)
sysfs$auto(0x2, 0x46, 0x0)
r1 = fsopen$auto(0x0, 0x1)
close_range$auto(0x0, 0xfffff004, 0x2)
socket(0x2a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = socket(0xa, 0x2, 0x88)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x80002, 0x73)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)
select$auto(0x4, 0x0, &(0x7f0000000340)={[0x209c, 0x40000000e9e, 0x7, 0x9, 0x33, 0x100000001, 0xa, 0xf, 0x1, 0x6, 0x3, 0x8000000d59, 0x8, 0x100000ff, 0x3, 0x80080001]}, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000300), r1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r8=>0x0})
sendmsg$auto_NL80211_CMD_SET_HW_TIMESTAMP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r6, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x804}, 0x4080)
sendmsg$auto_NL80211_CMD_SET_REG(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x2c, r6, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_WIPHY_NAME={0x12, 0x2, ',:\'\'+\':/@{/,&\x00'}]}, 0x2c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bond0\x00', <r9=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r9, r4, 0x8, 0xfc, r2, @relative_fd, 0xe600}, 0xf)

1m23.360881401s ago: executing program 0 (id=2465):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x101202, 0x0)
r1 = ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f00000000c0)=0x200)
pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*<P\xb0\x8a\"\x176\xe1p*0\xac\xb9\xd5\xab\xcc$\x9ai\xca\v(\xcd?\x8d\xd2\x1d\xe1\x99N\x028\xe2\x12\t6x\xca{\n\xe86;\x81\xc4\x00\x8b\xed\xfa\xc0\x18\xe7\xd0\x97\xd8\x00\xd5\x85\x03\xf1\f\xcc\xf7\xb16L\xd4\xb0AV.\xe3\x9e\x8csh\x8a\x84\xe30\xde\x8d\xe3\xa4\xf1e\xcf\xb2Rx\x8f\x98G\xc3\xc8UP\xb4-\aW\xb5h\x8b\x98T\xe0n\x8d~\xf2\x8b\x1c>\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xde<o\xb6[o\b\x00', 0x4e, 0x3)
ioctl$auto_VHOST_SET_VRING_ERR2(r1, 0x4008af22, &(0x7f0000000100)={0x5, r0})
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c01, 0x0)
unshare$auto(0x40000080)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x105402, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
prctl$auto_PR_SET_MM_ARG_START(0x0, 0x8, 0x0, 0xacb, 0xfffffffffffffe01)
close_range$auto(0x2, 0x8, 0x3000000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07)
read$auto(0x3, 0x0, 0x7fffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x404c534a, 0x38)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0x12, 0x10000009}, {0x0, 0x800}}, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x141502, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000280), 0x8000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

1m20.775073856s ago: executing program 34 (id=2440):
socket(0x2, 0x1, 0x106)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x24, r1, 0x1, 0x70bd2a, 0x25dfdc01, {}, [@NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0xe}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x24}}, 0x20040080)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)

1m11.219912577s ago: executing program 4 (id=2494):
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/afs/cells\x00', 0x100, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000080)=""/158, 0x9e)
mremap$auto(0x8000000003, 0xda1, 0x3fd6, 0xb, 0xfffffffffffffffd)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
timerfd_create$auto(0x9, 0x0)
r1 = epoll_create$auto(0x3e)
epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000003100), 0xffffffffffffffff)
sendmsg$auto_IPVS_CMD_GET_DEST(r2, &(0x7f0000003b40)={0x0, 0x0, &(0x7f0000003b00)={&(0x7f0000003200)={0x14, r3, 0xad36ff18956c1b91, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20045800}, 0x20040000)
shmctl$auto_SHM_UNLOCK(0x7, 0xc, &(0x7f0000000140)={{0x0, 0xffffffffffffffff, 0xee01, 0x815, 0x5, 0x6, 0x6}, 0x82, 0x6, 0x7fffffffffffffff, 0x1, @raw=0x7, @raw=0x8000, 0x4, 0x0, &(0x7f0000000040)="7537a2ed15bc6671db3ecd8b98b8c33ca529a27c624414016d2f60b23c03a25c82a440710074ec2e6a5240ed17a5c156cd1df85411a07c27ed99d5608f4f56632d150c58505edbe4d8146f66e2e9ca7183d7dd96c848da694cdaf0dd7e2de8fd423580fe73ca14d6510c2fa931cb9bc176a91288c11e9305e60d8364d2a0b3cc0dd264224e95b65afa8528a53a597722fb705eb060084e9e4f040accb2e020d0ffe33553ad27a38ac081ed2b5e49fed997a2f17702", &(0x7f0000000100)="4463a38a9682b9b2e425ac1f"})
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r4, 0x4, 0x7ff)
r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/025/001\x00', 0x8901, 0x0)
ioctl$auto(r5, 0x5522, r5)
ioctl$auto(r5, 0x5521, 0xffffffffffffffff)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nbd0\x00', 0x24000, 0x0)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000884)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x18b2c2, 0x0)
ioctl$auto(r6, 0x5646, r6)
read$auto_v4l2_fops_v4l2_dev(r6, &(0x7f0000000280)=""/40, 0x28)
ioctl$auto(r6, 0x2400000, 0xffffffffffffffff)
futex$auto(0x0, 0x4f549, 0xc, 0x0, 0x0, 0x404)
unshare$auto(0x40000080)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0)
socket(0x18, 0x3, 0x0)

1m10.326326222s ago: executing program 4 (id=2497):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
futex$auto(0x0, 0x3, 0x9, &(0x7f00000000c0)={0x9, 0xffff}, 0x0, 0x5)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x55)
socket(0x2, 0x3, 0x8)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55)
r0 = open(0x0, 0x161340, 0x130)
statx$auto(r0, 0x0, 0x1003, 0xb8d, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x7000000, 0x100}}, 0x3, 0x0)

1m10.014902413s ago: executing program 4 (id=2498):
mmap$auto(0x3, 0x6, 0xf, 0x40eb2, 0xffffffffffffffff, 0x0)
r0 = fanotify_init$auto(0x3e6, 0x4)
mmap$auto(0xfffffffffffffffb, 0xbffffffc, 0xdf, 0xe91, r0, 0xf)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0d566b3dd008e4edd9650200000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async\x00', 0x183941, 0x0)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x6, 0x1}, 0x5}, 0x3, 0x0)
close_range$auto(0x0, r1, 0x0)
openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/current_tracer\x00', 0x1, 0x0)
keyctl$auto(0x5, 0xffffffffffffffff, 0x200008, 0x6, 0x3)
keyctl$auto(0x11, 0xffffffffffffffff, 0x2, 0x3b, 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/nr4/broadcast\x00', 0x400, 0x0)
r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0)
socketpair$auto(0xb, 0xc, 0x1000, 0x0)
semctl$auto(0x1000, 0x10, 0x3, 0x5)
r4 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0)
read$auto_rfcomm_dlc_debugfs_fops_(r3, &(0x7f0000000300)=""/131, 0x83)
write$auto(r4, 0x0, 0xc3)

1m9.012925862s ago: executing program 4 (id=2501):
keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x1000000000)
socket(0x11, 0x80003, 0x300)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socketpair$auto(0x80001e, 0x4, 0x8000000000000000, 0x0)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200", @ANYBLOB="5de1523353"], 0x1ac}, 0x1, 0x0, 0x0, 0x4004800}, 0x40000)
recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x401, &(0x7f0000000080)={&(0x7f0000000140), 0xcb}, 0x8, 0x0, 0x80000000, 0x7}}, 0x7, 0x4, 0x0)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy6/aql_txq_limit\x00', 0x400, 0x0)
setsockopt$auto(0x3, 0x1, 0x28, 0x0, 0x808)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11\x11\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1\x80\x1a\xbc_\xef\x8b\t\xcc\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)
recvmmsg$auto(0x3, 0x0, 0x2, 0x0, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x8400)
socket(0x18, 0xa, 0x1)
r2 = socket(0xa, 0x2, 0x0)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYRES16=0x0], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
mmap$auto(0x5, 0x1000000020009, 0x1dd, 0xeb1, r0, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="70010000"], 0x1ac}, 0x1, 0x0, 0x0, 0x20004094}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1bff, &(0x7f00000002c0)={0x0, 0xc4}, 0x8000000000000000, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
sendmmsg$auto(r1, 0x0, 0x9a6, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
statmount$auto(0x0, &(0x7f0000000400)={0x8, 0x2, 0x9, 0x7, 0xb, 0x93e, 0x1ffde, 0x3, 0x2, 0x9, 0x9, 0x5, 0xffffffffffffffff, 0x85b5, 0xb0, 0x7, 0x200, 0x3, 0x7, 0x7fff, 0x0, 0x3ffff, 0x0, 0x3, 0x7069, 0x0, 0xfffffffffffffffc, 0x0, 0x100001ad, 0x0, 0x3, [0x0, 0x0, 0x2, 0x200, 0x4, 0x8000004, 0x0, 0x100000000000000, 0xfffffffffffffffb, 0x1, 0x2, 0xfc, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x1, 0x2, 0x4, 0x8, 0x40000000002, 0x2, 0x0, 0x7, 0x2, 0x0, 0x80800, 0x0, 0x8001, 0x0, 0x8000000000000004, 0x0, 0x1, 0x0, 0x0, 0xfff, 0x4, 0x8000002, 0x0, 0x2000000000000001], "017056779a5a459fe08370f4ea203cc73a1e54be90f71b775c0356c42376d896c0900e82e5195a57bbd5168933a406253a4f0cc078c0f0a92ecb4a7831910042eefefb1d1aa409fde8cb5636305837009ae8be9fca1893c82130c601cc5a909d5c5c4656d7f6ebc2cd4819aee9c2812739c5ce481b6acd2ec94bf5881bf53c00860c5728d34b00c5ea1aca817d"}, 0x0, 0x7d)
r4 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="72010000", @ANYRES16=r3, @ANYRES32, @ANYRES16=r2, @ANYRES32], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
recvmmsg$auto(r4, &(0x7f0000000300)={{0x0, 0x3, 0x0, 0x3, 0x0, 0x80000002, 0x8}, 0xfffffffc}, 0x7, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c001b"], 0x1ac}}, 0x40000)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r4)

1m8.789221719s ago: executing program 2 (id=2502):
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/conf/all/accept_local\x00', 0x81, 0x0)
write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0)
semget$auto(0x0, 0x2e4a, 0x8000)
mkdir$auto(0x0, 0x8cd)
bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@test={0xffffffffffffffff, 0x0, 0x856, 0x189, 0x8, 0x7fff, 0x7fff, 0x10000, 0xc91a, 0x7, 0x5, 0x3, 0x3, 0x3, 0x6}, 0x1)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0)
openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0)
r1 = socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x850}, 0x40d4)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x582, 0x0)
writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3)
r2 = io_uring_setup$auto(0xc, 0x0)
pipe2$auto(0x0, 0x80)
r3 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0)
socketpair$auto(0x0, 0x1, 0x8000000000000000, 0x0)
fcntl$auto_F_DUPFD_CLOEXEC(r2, 0x406, r1)
write$auto_uhid_fops_uhid(r3, 0x0, 0xfccd)
unshare$auto(0x40000080)
settimeofday$auto(0x0, &(0x7f0000000100)={0x82, 0x4})
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
read$auto(0x3, 0x0, 0x400000000f34)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/dfscache\x00', 0x101a41, 0x0)
mmap$auto(0x0, 0x7, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
write$auto(r4, 0x0, 0x6)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)

1m8.054419681s ago: executing program 35 (id=2465):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x101202, 0x0)
r1 = ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f00000000c0)=0x200)
pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*<P\xb0\x8a\"\x176\xe1p*0\xac\xb9\xd5\xab\xcc$\x9ai\xca\v(\xcd?\x8d\xd2\x1d\xe1\x99N\x028\xe2\x12\t6x\xca{\n\xe86;\x81\xc4\x00\x8b\xed\xfa\xc0\x18\xe7\xd0\x97\xd8\x00\xd5\x85\x03\xf1\f\xcc\xf7\xb16L\xd4\xb0AV.\xe3\x9e\x8csh\x8a\x84\xe30\xde\x8d\xe3\xa4\xf1e\xcf\xb2Rx\x8f\x98G\xc3\xc8UP\xb4-\aW\xb5h\x8b\x98T\xe0n\x8d~\xf2\x8b\x1c>\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xde<o\xb6[o\b\x00', 0x4e, 0x3)
ioctl$auto_VHOST_SET_VRING_ERR2(r1, 0x4008af22, &(0x7f0000000100)={0x5, r0})
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c01, 0x0)
unshare$auto(0x40000080)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x105402, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
prctl$auto_PR_SET_MM_ARG_START(0x0, 0x8, 0x0, 0xacb, 0xfffffffffffffe01)
close_range$auto(0x2, 0x8, 0x3000000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07)
read$auto(0x3, 0x0, 0x7fffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x404c534a, 0x38)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0x12, 0x10000009}, {0x0, 0x800}}, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x141502, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000280), 0x8000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

1m8.044234825s ago: executing program 4 (id=2504):
r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x494a42, 0x0)
openat$auto_generic(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
ioctl$auto_BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, 0x0, 0x80000000)
mprotect$auto(0x200000000000, 0x806121, 0x6)

1m7.660421095s ago: executing program 4 (id=2506):
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0)
signalfd$auto(0xffffffffffffffff, 0x0, 0x3cb)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
mmap$auto(0x2000000000000, 0x400000200006, 0x2, 0x18, r1, 0x300000000000)
openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/free_buffer\x00', 0x20103, 0x0)
r2 = getpid()
process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x9, 0x0)
linkat$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x400)
ioctl$auto_BLKRRPART(r1, 0xc0401289, 0x0)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0)
read$auto(r3, 0x0, 0x39b8)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000)
r4 = socket(0xa, 0x3, 0x3b)
getsockopt$auto(r4, 0x29, 0x3, 0x0, 0x0)
r5 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0)
mount$auto(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x4, 0x20009, 0x4000000000df, 0x18, r5, 0x7)
close_range$auto(0x2, 0x8, 0x0)
r6 = openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/id\x00', 0xa2000, 0x0)
read$auto_ftrace_event_id_fops_trace_events(r6, 0x0, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004)
io_uring_setup$auto(0x6, 0x0)

1m7.288780877s ago: executing program 2 (id=2507):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/sysname\x00', 0xaa102, 0x0)
preadv$auto(r0, &(0x7f0000000240)={&(0x7f0000000200), 0x8}, 0x5, 0x8, 0x5)
r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
fadvise64$auto_POSIX_FADV_NOREUSE(r2, 0x9, 0x8, 0x5)
sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001500)={0x50, r1, 0x1, 0x70bd25, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x38, 0x1, 0x0, 0x1, [@nested={0x8, 0x10, 0x0, 0x1, [@nested={0x4, 0xf}]}, @nested={0x2c, 0x9b, 0x0, 0x1, [@nested={0x10, 0xb1, 0x0, 0x1, [@nested={0xc, 0x10f, 0x0, 0x1, [@typed={0x5, 0xb8, 0x0, 0x0, @str='\x00'}]}]}, @typed={0x14, 0x120, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @nested={0x4, 0x1f}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x24040071}, 0x800)

1m6.70055667s ago: executing program 2 (id=2509):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pwrite64$auto(0xc8, 0x0, 0x8fdef, 0x4000000000000007)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x20008800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x38}}, 0x40008c0)
close_range$auto(0x2, 0x8, 0x0)
fanotify_init$auto(0x1, 0x2)
socket(0x1d, 0x2, 0x2)
connect$auto(0x3, 0x0, 0x53)
socket(0x10, 0x3, 0x6)
socketpair$auto(0x1e, 0xb, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x38}, 0x6, 0x0, 0x4, 0x9}, 0x9}, 0x6, 0x1f04)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x14)
sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="250025bd7000fedbdf2504000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/002/001\x00', 0x402000, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000b00), r0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00')
sendmsg$auto_GTP_CMD_ECHOREQ(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fddbdf250300000008000400000000000800050000000000080002000d000000080001000300000008000700", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x90}, 0x80)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, r3, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000100)={0x3, 0x0, [{0x268, 0x10, 0x1}]})
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

1m5.821325123s ago: executing program 2 (id=2510):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
write$auto(0xffffffffffffffff, 0x0, 0x8) (async)
unshare$auto(0x40000080)
write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
listen$auto(0x3, 0x81) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async)
madvise$auto(0x0, 0x200007, 0x19) (async)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/snmp\x00', 0x40, 0x0)
pread64$auto(r0, 0x0, 0x80000000, 0x9fffffffd) (async)
pread64$auto(0xffffffffffffffff, 0x0, 0x100000002, 0x100000001) (async)
mq_notify$auto(0xffffffffffffffff, 0x0)
sysfs$auto(0x2, 0xd, 0x0)
r1 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) (async)
read$auto_udf_dir_operations_udfdecl(r1, 0x0, 0x0) (async)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000080), 0x600780, 0x0) (async)
socket(0x11, 0x2, 0x3) (async)
io_uring_setup$auto(0x401, 0x0) (async)
close_range$auto(0x2, 0x8000, 0x0) (async)
socket(0x18, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe) (async)
socket(0x2b, 0x3, 0x1)

1m2.34418497s ago: executing program 2 (id=2513):
r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x494a42, 0x0)
openat$auto_generic(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
ioctl$auto_BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, 0x0, 0x80000000)
mprotect$auto(0x200000000000, 0x806121, 0x6)

1m2.107503944s ago: executing program 2 (id=2514):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00", @ANYBLOB="01032cb57000fbdbdf250a004b4900000600010017000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0)
sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040)
unshare$auto(0x40000080)
socket(0xa, 0x5, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9)
ioctl$auto(0xffffffffffffffff, 0x540a, 0x0)
close_range$auto(0x2, r2, 0x4401)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x82000, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
ioctl$auto(0x3, 0xc0105303, 0x38)
poll$auto(&(0x7f0000000180)={<r3=>0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9)
ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
ioctl$auto_UBI_IOCDET(r4, 0x40046f41, 0x0)
migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2)
ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f00000003c0))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r5, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x34, r6, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x20, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x14, 0x1, "5e1f970f497f9f23d63e72850177cde9"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '-\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r6, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x91b}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x5}, @NFSD_A_SERVER_SCOPE={0x12, 0x4, '/dev/ubi_ctrl\x00'}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x4040085)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)

55.182067114s ago: executing program 6 (id=2531):
mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000300), r0)
sendmsg$auto_SMC_PNETID_FLUSH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x14, r1, 0x4ebf37b1785661fb, 0x70bd27, 0x25dfdc00}, 0x14}}, 0x20)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0)
r2 = getpid()
sendmsg$auto_NL80211_CMD_SET_HW_TIMESTAMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4080)
process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0)
r3 = bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7)
close_range$auto(r3, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
r4 = socket(0x10, 0x3, 0x6)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c001b"], 0x1ac}}, 0x40000)
bpf$auto_BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000003c0)=@token_create={0x0, r4}, 0x9c54)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

54.879985041s ago: executing program 6 (id=2532):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x15, 0x0)
r0 = fsopen$auto(0x0, 0x1)
syslog$auto_SYSLOG_ACTION_READ_CLEAR(0x4, &(0x7f00000003c0)='}\x00', 0x8001)
fstat$auto(0xffffffffffffffff, &(0x7f0000000140)={0xffff, 0x74, 0x3, 0x1, 0xee00, <r1=>0xee00, 0x0, 0x2, 0x8, 0x6, 0x200, 0x100000001, 0x0, 0x7f, 0x8000000000000001, 0x3, 0x401})
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000001c00)='/dev/snd/controlC1\x00', 0x8000, 0x0)
pipe$auto(&(0x7f0000000000))
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x642, 0x0)
socket(0x15, 0x5, 0x0)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x1, 0x0)
socket(0x10, 0x2, 0x0)
memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x6, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x10, 0x4, 0x88)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={r4, @new_map_fd=r3, 0x4, @old_map_fd}, 0xa3)
ioctl$auto_EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000200)=0x80000001)
sysfs$auto(0x4d000, 0x5, 0x4)
ioctl$auto_SNDRV_CTL_IOCTL_POWER_STATE(r2, 0x800455d1, &(0x7f0000001c40))
fsconfig$auto(r0, 0x6, &(0x7f0000000000)='^+\\\xa8(\x00', &(0x7f0000000040)="18b56c12295e6ab78b6b84710886381e7a1174b7fea7b1fc74943974d8d2b21223714d72b082e451c01f6f0627763c3cfc9d9a15331a531440ced1f7e0c8a2761a8f0891e2fe446b6f51bb616e0bd7900c13006b92a9d4a89205ecd211f2cd43fd28f6648b49a1c05e6ea2976cee8449ae7e2c4c263f8a36eeb26e4398c4d8e697fe2b2239725f1e2250235ea75296fc030f84cd6846691aee44835fb54b29191584335b97a526f5d64fbb010a9fe21164e73cd06a979073c8eb6f7ac8f85fa39d20f3ea3a7b", r1)
close_range$auto(r0, 0xa, 0x0)

54.242428726s ago: executing program 6 (id=2533):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0)
ioctl$auto(r0, 0x921064a0, 0x20000000020000a)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0) (async)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0)
setfsuid$auto(0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:00.0/enable\x00', 0x18b042, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)

53.944660861s ago: executing program 6 (id=2534):
mmap$auto(0x0, 0x2020006, 0x3, 0x2000000100000eb1, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000)
r1 = socket(0xa, 0x5, 0x84)
io_uring_setup$auto(0x401, 0x0)
getsockopt$auto(r1, 0x84, 0x18, 0x0, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000fff, 0x8000000008011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
shmctl$auto_SHM_STAT(0x3, 0xd, &(0x7f0000000300)={{0xf, <r2=>0xee00, 0x0, 0xffff, 0x26ab1215, 0x0, 0xba}, 0x81, 0x8, 0xa, 0xa7a, @raw=0x6, @inferred, 0x3, 0x0, &(0x7f0000000100)="02ce3358094ac65445fd291ebb3e010de60f3246467701732de5b6c2dd9ab27ce42bf5f43269627423a6cfbe0866122999cc6bd41b32610f724e22c8190f117bab11673182a52bea663139da36914a228d6fe9a3cabfba0cf56b11415278ea6dd360f3f7a02d8bea4f63dd92221f52ae85adccbe5ed7cc3291431881089f51bab19c500ecdda678f713b3a3432c1e5ec1dd81d376e849b4c01324210435f6aeec75fdf9c6ffa9021317162c5825000e4ac0b202032b3487e8a1738f5abffc2c004453a08c0316d0d1e941fe5be", &(0x7f0000000280)="31955288e54fcca0b5f34033c5fce352341ee0308dc2f30c1a8b9054b2d76c174c78b96b9ac22cdc0aec4768b6dd3d510bfc36a9ca7ed617d794055bb095939e8071e6418d173c368d1b42d41f1676554a99d526ffce75332cf5fa94cf18fe4368e026685524abddcd01bbaf72b305511a46143aa3"})
msgctl$auto_IPC_SET(0x7, 0x1, &(0x7f0000000400)={{0x28403f56, <r3=>0xee01, 0xee01, 0x4, 0xffffffff, 0x5a400000, 0x10}, &(0x7f0000000380)=0x8, &(0x7f00000003c0)=0x2, 0x4, 0x3591, 0x2, 0x8001, 0x8000000000000001, 0x7, 0x7f, 0xfffe, @inferred=0xffffffffffffffff, @raw=0x7ff})
setresuid$auto(0x0, r2, r3)
r4 = socket(0xa, 0x3, 0x3a)
close$auto(r4)
io_uring_setup$auto(0x7a527d95, 0x0)
io_uring_register$auto(r4, 0x8, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = open(0x0, 0x4603, 0x56)
getdents$auto(r5, 0x0, 0x400018)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/irq/5/node\x00', 0x4764c3, 0x0)
preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x801, 0x4f46, 0x6)
sendfile$auto(0x2, 0x3, 0x0, 0xc3e0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/fs/ext4/sda1/sra_exceeded_retry_limit\x00', 0x103080, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000003800)=""/168, 0xa8)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
socket(0x10, 0x2, 0x0)

51.808997308s ago: executing program 36 (id=2506):
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0)
signalfd$auto(0xffffffffffffffff, 0x0, 0x3cb)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
mmap$auto(0x2000000000000, 0x400000200006, 0x2, 0x18, r1, 0x300000000000)
openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/free_buffer\x00', 0x20103, 0x0)
r2 = getpid()
process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x9, 0x0)
linkat$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x400)
ioctl$auto_BLKRRPART(r1, 0xc0401289, 0x0)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0)
read$auto(r3, 0x0, 0x39b8)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000)
r4 = socket(0xa, 0x3, 0x3b)
getsockopt$auto(r4, 0x29, 0x3, 0x0, 0x0)
r5 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0)
mount$auto(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x4, 0x20009, 0x4000000000df, 0x18, r5, 0x7)
close_range$auto(0x2, 0x8, 0x0)
r6 = openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/id\x00', 0xa2000, 0x0)
read$auto_ftrace_event_id_fops_trace_events(r6, 0x0, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004)
io_uring_setup$auto(0x6, 0x0)

49.563952136s ago: executing program 6 (id=2539):
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fsetxattr$auto(0x1, &(0x7f0000000000)='%\x175\xc0\x8d\xbb\x04\xb3\x97\xd8\xf4\xf6', 0x0, 0xfffffffffffffffe, 0x1ee)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC0\x00', 0x228d01, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0)
ioctl$auto_USBDEVFS_CLAIMINTERFACE(r2, 0x8004550f, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xebd, 0x6, 0x8000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r4 = socket(0x10, 0x2, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00')
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffee2, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x81, 0x9}, 0x7}, 0x7, 0x0)
recvmmsg$auto(r3, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000380)="58255361272bbadbc4bd1cc1a9ab47ff6cc30df3c3675b49f78ac8fef5db19cc68379e7e1b8c3ba21f7ca3e19796f831d57c9390d0a44f68b6749c2c1f080000002f20bc2e14fefc33fb5cc3ce6897eb071f8f4f4cdb80f34a571f367dc073ad7fb89d34cb85f1083a345b6756eb8ba0", 0xcb}, 0x3, 0x0, 0x80000003, 0x80a}, 0x9}, 0x6, 0x6, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="180027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000044}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_NEW(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000580)={{@raw=0x80000003, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00"}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800004000000400e, 0x2000000b752, 0x1}, "6cc1294d63a407b6764a54c5368de438f8cc142ef60500000073a1187f0000000000311121c760cbce506f486947a99807bcc100"})
mkdir$auto(&(0x7f00000000c0)='}[,&*}\x00', 0x2)
mount$auto(0x0, &(0x7f0000000540)='}[,&*}\x00', &(0x7f0000000040)='nfsd\x00', 0x3, 0x0)
r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000000080)={0x1, 0x1, 0x800000ff, 0xffffff71, 0x10000})
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0)

49.311267558s ago: executing program 6 (id=2540):
capset$auto(&(0x7f0000000100)={0x20080522}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
socket(0x2, 0x80802, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
socket(0x2, 0x2, 0x0)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffffff, &(0x7f0000000100)=""/169, 0xa9)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50)
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x3, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0)
process_mrelease$auto(0xffffffffffffffff, 0xa)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r0)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000011c0)=ANY=[], 0x1058}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r2 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x805, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r2}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x1000}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0)
openat$auto_fops_x16_ro_(0xffffffffffffff9c, 0x0, 0x8040, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
sendmsg$auto_IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010028bd7000fedbdf250c0000001d000280d2f7abf5204c1c01107d33d6d37bc50e476301cfa9375e0781"], 0x34}, 0x1, 0x0, 0x0, 0x20004014}, 0x4014)
pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

46.333526964s ago: executing program 37 (id=2514):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00", @ANYBLOB="01032cb57000fbdbdf250a004b4900000600010017000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r0)
sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040)
unshare$auto(0x40000080)
socket(0xa, 0x5, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9)
ioctl$auto(0xffffffffffffffff, 0x540a, 0x0)
close_range$auto(0x2, r2, 0x4401)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x82000, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
ioctl$auto(0x3, 0xc0105303, 0x38)
poll$auto(&(0x7f0000000180)={<r3=>0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9)
ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
ioctl$auto_UBI_IOCDET(r4, 0x40046f41, 0x0)
migrate_pages$auto(0x0, 0xa, &(0x7f00000000c0)=0x52a6, &(0x7f0000000140)=0x2)
ioctl$auto_VHOST_SET_LOG_FD2(0xffffffffffffffff, 0x4004af07, &(0x7f00000003c0))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r5, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x34, r6, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x20, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x14, 0x1, "5e1f970f497f9f23d63e72850177cde9"}, @NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, '-\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x40, r6, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x91b}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x5}, @NFSD_A_SERVER_SCOPE={0x12, 0x4, '/dev/ubi_ctrl\x00'}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x4040085)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)

45.899143164s ago: executing program 8 (id=2536):
r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x494a42, 0x0)
openat$auto_generic(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
ioctl$auto_BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000)
mprotect$auto(0x200000000000, 0x806121, 0x6)

44.206159502s ago: executing program 8 (id=2546):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x101202, 0x0)
r1 = ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f00000000c0)=0x200)
pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*<P\xb0\x8a\"\x176\xe1p*0\xac\xb9\xd5\xab\xcc$\x9ai\xca\v(\xcd?\x8d\xd2\x1d\xe1\x99N\x028\xe2\x12\t6x\xca{\n\xe86;\x81\xc4\x00\x8b\xed\xfa\xc0\x18\xe7\xd0\x97\xd8\x00\xd5\x85\x03\xf1\f\xcc\xf7\xb16L\xd4\xb0AV.\xe3\x9e\x8csh\x8a\x84\xe30\xde\x8d\xe3\xa4\xf1e\xcf\xb2Rx\x8f\x98G\xc3\xc8UP\xb4-\aW\xb5h\x8b\x98T\xe0n\x8d~\xf2\x8b\x1c>\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xde<o\xb6[o\b\x00', 0x4e, 0x3)
ioctl$auto_VHOST_SET_VRING_ERR2(r1, 0x4008af22, &(0x7f0000000100)={0x5, <r2=>r0})
ioctl$auto_SG_GET_RESERVED_SIZE(r2, 0x4c01, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r3)
sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3800000116144a14bbd31a35e5971e909e3e853fed8448f8145268446c060b06f7fa87f5166fecf736523dab87570883149b62d11242aa46dda3606e0fd97e7126cef259c1a925beff1cda8e17c23027304b32d86192ba1102a060f5793bdb3a163ac1d603a6eed0f864b1d586660d309fb7c8c9f2efc933321038279ccdb59c248f359227824e1b6d645449e269fc977707eb4ff2df7a2daf560bb28ec3e29e76366a7b36c438ad2dabf9a2d98de903270be008cf3737ce217adf0e826985d7cf68e57140f94a6bad83f84dc10b7c38537ad90f153e452d6ae971c50e623b8994dab50c6305f8a71667d6486dd9b9bfd337769688a58d07e19f630ee45b020f7583a6d048b5d97d41ca965b437818e45fd00680044eb6c2d6eb51b410b32df7d0035a4046c66ede89c54997046bd6f764f89ac7c381d5204b7b2bc6050c7838bbeb2ef46e1544c3804d1a", @ANYRES16=r4, @ANYBLOB="01002cbd7000fcdbdf2519000000180001801400020076657468315f766c616e0000000000000c00078008000100a7000000"], 0x38}, 0x1, 0x0, 0x0, 0x802}, 0x4000000)
unshare$auto(0x40000080)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x105402, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
prctl$auto_PR_SET_MM_ARG_START(0x0, 0x8, 0x0, 0xacb, 0xfffffffffffffe01)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07)
open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x1, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0x10, 0x2, 0x6)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x55)
socket(0x2, 0x3, 0xa)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000)
connect$auto(0x3, &(0x7f00000000c0), 0x55)
write$auto(0x3, 0x0, 0x5b4)

43.289762765s ago: executing program 8 (id=2549):
ioctl$auto_FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, &(0x7f0000000080)="b75fb9e42c035e63035fc42ceccb6640")
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_INFO(0xffffffffffffffff, 0x810c5701, &(0x7f00000003c0)={0x8, 0x7, 0x0, 0x8, 0x3, "643b20f2cd9ca66a9446432dc65b1c3b559de8abce8c88f80e0b47261f8b92863f99d3e64297ddfbc4a6876738b09fb23dff3c7b2b78ec47f280f456bbe75d35", "0dca75fa79eef4e966898575354caa255fc0d2576bd32d5ff9e62c43a490376947961558ce5215d0a3076f89e5e14cec5684723a5e80b0947c116da9ce16f1e043c0802bafd899e4e903b990690a10ee", "8869480c8c4a4a74848f9fb21f8167479d358f1ff61bb53902f195a35c503c5b", 0x1, 0xffffffff, 0x2, "3baaa9f6273476c2182fee840366cecdbb4ea3c1a5f9dbd939698a4eac17f8a1a6dd1c884933614246ef326a762dc75f1e83e9acddce00b658d97a2f"})
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
io_setup$auto(0x1, 0x0)
io_pgetevents$auto(0x4, 0x8, 0xa31f, 0x0, 0x0, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
r1 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b)
write$auto(r1, &(0x7f0000000080)='.\\,\x00', 0x7)
read$auto(r1, 0x0, 0x1)
setxattrat$auto(r1, &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f0000000040)='\x00', &(0x7f00000000c0)={0x1, 0xe160, 0xe0e}, 0x5)
semctl$auto_IPC_INFO(0x1000, 0x9, 0x3, 0xb)
ioctl$auto(r0, 0x8916, 0x1)

42.962574999s ago: executing program 8 (id=2551):
timer_getoverrun$auto(0x40) (async)
write$auto(0xca, &(0x7f0000000040)='\x04\x1c\xdc\xec7z\xdf3\xf2\xd3!\v\xb0M\xf8Q\x15\f', 0x2d8) (async)
r0 = bpf$auto_BPF_PROG_LOAD(0x5, &(0x7f0000000080)=@enable_stats={0x7}, 0x6)
mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) (async)
r1 = io_uring_setup$auto(0x999, 0x0) (async)
ustat$auto(0x801, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
open(0x0, 0x22240, 0x155) (async)
socket(0x2, 0x2, 0x0) (async)
r2 = socket(0x2, 0x1, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
open(0x0, 0x22240, 0x1a2) (async)
socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) (async)
socket(0x2, 0x1, 0x106) (async)
listen$auto(0x3, 0x81) (async)
r3 = socket(0x10, 0x2, 0xc)
r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x24, r4, 0x10, 0x70bd2c, 0x25dfdbfa, {0xa, 0x0, 0xa00}, [@CTRL_ATTR_FAMILY_NAME={0x0, 0x2, '%/\x00\xe2\xa8\\A\xe7Z\x02q[-\xf5\x00\x00\x11\x00\xdf(\xff\xfee\xc3\x17py\x9f\xda\xb88\xaa\xf6q*\x82\xe6(\xc9\xe6B\x9aJ82\v-i(c\x92{\xd7D\xb4\xf7\xb4\t\xb2\x98b\xd3%vu\xd4\xfd\t\xd7J\x83\x19)\xb1\x00[\xdd(\xef?\xc5\xae(\x84\xefjx\xfe\xdb\xeb\xbceaAw\x1eW\x12Bh\xc3y2\xc9\x0e\xc9\x99#\x92j\x97\xbbDOi\x03\xa4\x11\x02F<y\xba\xf7\x8c5\x82\x7fF\xef\xb3{\xe9rw\xd8\x110\xbdC\xe3\x1c`4v\x10\xf3\xe6_=`\xd3\xd1\xe21\xc0\xcc#\xadV\xff#V]\x95\xcf\xaf\xc7\xa9*d\xda\x18\xc0\xc0\x1c'}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x6}]}, 0x51}, 0x1, 0x0, 0x0, 0x24050803}, 0x10004010)
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), r1)
sendmsg$auto_NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000001180)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001140)={&(0x7f00000010c0)={0x7c, r5, 0x400, 0x70bd26, 0x25dfdbfa, {}, [@NL80211_ATTR_ROAM_SUPPORT={0x4}, @NL80211_ATTR_MLO_LINKS={0x58, 0x138, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NL80211_ATTR_TDLS_INITIATOR={0x4}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_ATTR_MAC={0x30, 0x6, "a68e727db2558440b5e33774a14ea314abd57cd48b8bc602d3c7120a7d63c4663bf25f1580d9b9ca2d1977fd"}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_EHT_CAPABILITY={0xe, 0x136, "272d19f587e656630a2d"}]}]}, @NL80211_ATTR_REG_INDOOR={0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x6}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4008000}, 0x14)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) (async)
accept$auto(r1, 0x0, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r6 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sda1\x00', 0x48100, 0x0)
ioctl$auto_IOC_PR_REGISTER(r7, 0x401870c8, 0x0) (async)
read$auto_rng_chrdev_ops_core(r6, &(0x7f0000000040)=""/4096, 0xfffffe82) (async)
write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) (async)
ioctl$auto_BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, &(0x7f0000000000)={0x9, 0x3e, 0x5})

41.888166997s ago: executing program 8 (id=2553):
r0 = socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x5}, 0x101)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0)
socket(0x22, 0x3, 0x0)
ioctl$auto(r2, 0x40104d01, r2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
close_range$auto(r2, r2, 0x0)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0)
pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x34500, 0x0)
ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0)
ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000100)={0x0, 0x2200004, 0x7})
pread64$auto(r3, 0x0, 0x7ff, 0xd)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/ram4/queue/nr_zones\x00', 0x17003, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000000)='\x00', 0x1)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_VERSION_GET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r6, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x2000c014}, 0x240480c0)
mmap$auto(0x3fd, 0x1, 0x4000000000df, 0x40eb4, 0x401, 0x3)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_max\x00', 0x800, 0x0)

34.121691287s ago: executing program 38 (id=2540):
capset$auto(&(0x7f0000000100)={0x20080522}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
socket(0x2, 0x80802, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
socket(0x2, 0x2, 0x0)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffffff, &(0x7f0000000100)=""/169, 0xa9)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50)
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x3, 0x4000000000df, 0xeb1, 0x401, 0x8000)
ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0)
process_mrelease$auto(0xffffffffffffffff, 0xa)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r0)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000011c0)=ANY=[], 0x1058}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r2 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x805, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r2}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x1000}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0)
openat$auto_fops_x16_ro_(0xffffffffffffff9c, 0x0, 0x8040, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
sendmsg$auto_IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010028bd7000fedbdf250c0000001d000280d2f7abf5204c1c01107d33d6d37bc50e476301cfa9375e0781"], 0x34}, 0x1, 0x0, 0x0, 0x20004014}, 0x4014)
pwrite64$auto(0xc8, &(0x7f0000000040)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/231, 0xfdf2, 0x3a)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

30.474990003s ago: executing program 7 (id=2581):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim0/del_port\x00', 0xa001, 0x0) (async)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim0/del_port\x00', 0xa001, 0x0)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vivid.0/video4linux/video30/dev_debug\x00', 0x129102, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r0)
sendmsg$auto_NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x400, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) (async)
sendmsg$auto_NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x400, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) (async)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, r3, 0x0)
r4 = socket(0x10, 0x2, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r5, 0x0, 0x810)
syz_genetlink_get_family_id$auto_nl80211(0x0, r5)
read$auto(r5, &(0x7f0000000000)='\x00', 0x91e2)
socket(0x10, 0x2, 0xc)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0)
fanotify_init$auto(0x9, 0x4)
socket(0x10, 0x2, 0xc) (async)
r6 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES8=r6], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) (async)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES8=r6], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050)
write$auto(r4, &(0x7f0000000000)='-\xd3', 0xfdef)
madvise$auto(0x0, 0x2003f2, 0x15)
madvise$auto(0x0, 0x1010001, 0x100000003) (async)
madvise$auto(0x0, 0x1010001, 0x100000003)
madvise$auto(0x1000, 0x400050, 0x9)
write$auto(0x1, 0x0, 0x80000000)
munmap$auto(0x8000, 0xffffffff) (async)
munmap$auto(0x8000, 0xffffffff)
write$auto(r1, &(0x7f0000000000)='y\x8c', 0x2) (async)
write$auto(r1, &(0x7f0000000000)='y\x8c', 0x2)

29.268163195s ago: executing program 7 (id=2582):
r0 = socket(0x18, 0x4, 0x0)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@THERMAL_GENL_ATTR_THRESHOLD_DIRECTION={0x8, 0x1a, 0x5}, @THERMAL_GENL_ATTR_TZ_ID={0x8, 0x2, 0x3}, @THERMAL_GENL_ATTR_THRESHOLD_DIRECTION={0x8, 0x1a, 0x1cd}, @THERMAL_GENL_ATTR_THRESHOLD_DIRECTION={0x8, 0x1a, 0x1ff}, @THERMAL_GENL_ATTR_TZ_TEMP={0x8, 0x3, 0x80000001}]}, 0x3c}}, 0x20008000)
listmount$auto(&(0x7f0000000540)={0x8, @inferred=r0, 0x8, 0x1, 0x7}, &(0x7f0000000580)=0x1000, 0x8000000000000000, 0x800)
syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000240), r0)
r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fbdbdf2503000000040001800d000180080003800400c08075fbff000400080035d3c929c4103ad1569f79046ba6161f91cd744c1f503eed5747f1e2927a8404a908f178c1c94c0e91113a86be7bd2d2aa6b1bb3d3f924c9d10b11834731810932c4159ed491ba2763afbe051c7e875c5f2cc539b77ad8118eb951b2621fd35adfb3f943467a31f286a16e6f69c636b3e4031014043ed2f2256157b562cd5c7f099e967d6100d661749f681cf58a72b163565c83fe813c3ca0752c5aa369573895a11390571d01d1a7b0983cd02d8163f832700511d4019d84e6afa3db3e651e53142222bb6aa825bd12c506ec3536041b5875"], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r0)
r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000400), r0)
sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x68, r4, 0x20, 0x70bd25, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xc, 0x2, 'nl80211\x00'}, @CTRL_ATTR_OP={0x8, 0xa, 0x5}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x574c}, @CTRL_ATTR_FAMILY_NAME={0xd, 0x2, 'ovs_flow\x00'}, @CTRL_ATTR_OP={0x8, 0xa, 0xd3b1}, @CTRL_ATTR_OP={0x8, 0xa, 0xd5}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0xdefa}, @CTRL_ATTR_OP={0x8}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x81}]}, 0x68}, 0x1, 0x0, 0x0, 0x488c4}, 0x20048814)
sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x8c, r3, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0xd}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_MLO_TTLM_ULINK={0x5f, 0x149, "0042009389b6cdd9f8f77d01066459b416be4dec0ed38f554f53e2ac46f13480e142de20ebde0ad7afa0907a2fad08022a92a13f701e3074daf2f30029ff55e37db369d761d020e1b4dbcabd2f539988ba94619daee72e27cf0a2f"}, @NL80211_ATTR_TIMED_OUT={0x4}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x4}]}, 0x8c}, 0x1, 0x0, 0x0, 0x24004004}, 0x40008)
socket(0x18, 0x4, 0x0) (async)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@THERMAL_GENL_ATTR_THRESHOLD_DIRECTION={0x8, 0x1a, 0x5}, @THERMAL_GENL_ATTR_TZ_ID={0x8, 0x2, 0x3}, @THERMAL_GENL_ATTR_THRESHOLD_DIRECTION={0x8, 0x1a, 0x1cd}, @THERMAL_GENL_ATTR_THRESHOLD_DIRECTION={0x8, 0x1a, 0x1ff}, @THERMAL_GENL_ATTR_TZ_TEMP={0x8, 0x3, 0x80000001}]}, 0x3c}}, 0x20008000) (async)
listmount$auto(&(0x7f0000000540)={0x8, @inferred=r0, 0x8, 0x1, 0x7}, &(0x7f0000000580)=0x1000, 0x8000000000000000, 0x800) (async)
syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000240), r0) (async)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fbdbdf2503000000040001800d000180080003800400c08075fbff000400080035d3c929c4103ad1569f79046ba6161f91cd744c1f503eed5747f1e2927a8404a908f178c1c94c0e91113a86be7bd2d2aa6b1bb3d3f924c9d10b11834731810932c4159ed491ba2763afbe051c7e875c5f2cc539b77ad8118eb951b2621fd35adfb3f943467a31f286a16e6f69c636b3e4031014043ed2f2256157b562cd5c7f099e967d6100d661749f681cf58a72b163565c83fe813c3ca0752c5aa369573895a11390571d01d1a7b0983cd02d8163f832700511d4019d84e6afa3db3e651e53142222bb6aa825bd12c506ec3536041b5875"], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800) (async)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r0) (async)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000400), r0) (async)
sendmsg$auto_CTRL_CMD_GETPOLICY(r2, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x68, r4, 0x20, 0x70bd25, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0xc, 0x2, 'nl80211\x00'}, @CTRL_ATTR_OP={0x8, 0xa, 0x5}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x574c}, @CTRL_ATTR_FAMILY_NAME={0xd, 0x2, 'ovs_flow\x00'}, @CTRL_ATTR_OP={0x8, 0xa, 0xd3b1}, @CTRL_ATTR_OP={0x8, 0xa, 0xd5}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0xdefa}, @CTRL_ATTR_OP={0x8}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x81}]}, 0x68}, 0x1, 0x0, 0x0, 0x488c4}, 0x20048814) (async)
sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x8c, r3, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0xd}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_MLO_TTLM_ULINK={0x5f, 0x149, "0042009389b6cdd9f8f77d01066459b416be4dec0ed38f554f53e2ac46f13480e142de20ebde0ad7afa0907a2fad08022a92a13f701e3074daf2f30029ff55e37db369d761d020e1b4dbcabd2f539988ba94619daee72e27cf0a2f"}, @NL80211_ATTR_TIMED_OUT={0x4}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x4}]}, 0x8c}, 0x1, 0x0, 0x0, 0x24004004}, 0x40008) (async)

29.010526976s ago: executing program 7 (id=2583):
mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
memfd_create$auto(0x0, 0x5) (async)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async, rerun: 32)
socket(0x10, 0x2, 0x0) (rerun: 32)
r0 = userfaultfd$auto(0x1)
socket(0xa, 0x801, 0x84) (async)
socket(0xa, 0x4, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1, 0x1, 0x1) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
socket(0xa, 0x801, 0x84) (rerun: 32)
socket(0x2, 0x801, 0x106)
io_uring_setup$auto(0x5, 0x0)
socket(0xa, 0x2, 0x0) (async)
socket(0xa, 0x2, 0x3a)
r1 = socket(0xa, 0x2, 0x88)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
bpf$auto(0x0, &(0x7f0000000200)=@link_update={r1, @new_map_fd=r0, 0x4, @old_prog_fd=r1}, 0xa3)
bpf$auto(0x4, &(0x7f0000000040)=@query={@target_ifindex, 0x7, 0x6, 0x9, 0x9, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0x9, 0xffffffffffffff66}, 0x7)
socket(0x10, 0x2, 0x0) (async, rerun: 64)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x88000, 0x0) (async, rerun: 64)
close_range$auto(0x2, 0x8000, 0x0) (async)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/Fixed MDIO bus.0/power/runtime_status\x00', 0x80842, 0x0) (async, rerun: 32)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async, rerun: 32)
syz_clone3(&(0x7f0000000180)={0xa7102000, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x2}, 0x58) (async)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)

26.920255016s ago: executing program 7 (id=2585):
unshare$auto(0x40000080)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x40e00, 0x0)
socket(0xa, 0x2, 0x0)
pidfd_open$auto(0x1, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000)
move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x280001, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0)
ioctl$auto_TCFLSH2(r2, 0x5422, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.max.descendants\x00', 0x22022, 0x0)
write$auto(r4, &(0x7f0000000100)='-\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3\t!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4)
writev$auto(r3, 0x0, 0x3)
syz_genetlink_get_family_id$auto_smbd_genl(0x0, 0xffffffffffffffff)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(0xffffffffffffffff, 0x0, 0x30004850)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0)
read$auto(0xffffffffffffffff, 0x0, 0xb4d3)
ioctl$auto(0xffffffffffffffff, 0x4b72, 0xffffffffffffffff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd4/queue/iosched/front_merges\x00', 0xe0281, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0xa, 0x10003)
getrlimit$auto(0xfffffffb, &(0x7f00000001c0)={0x9e, 0x1})
execve$auto(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=&(0x7f00000000c0)='/sys/kernel/debug/page_tables/current_user\x00', 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0)

26.859816157s ago: executing program 39 (id=2553):
r0 = socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x5}, 0x101)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0)
socket(0x22, 0x3, 0x0)
ioctl$auto(r2, 0x40104d01, r2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
close_range$auto(r2, r2, 0x0)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0)
pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x34500, 0x0)
ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0)
ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000100)={0x0, 0x2200004, 0x7})
pread64$auto(r3, 0x0, 0x7ff, 0xd)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/ram4/queue/nr_zones\x00', 0x17003, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000000)='\x00', 0x1)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_VERSION_GET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r6, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x2000c014}, 0x240480c0)
mmap$auto(0x3fd, 0x1, 0x4000000000df, 0x40eb4, 0x401, 0x3)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/sctp/rto_max\x00', 0x800, 0x0)

18.962294811s ago: executing program 7 (id=2589):
sendmsg$auto_IPVS_CMD_SET_CONFIG(0xffffffffffffffff, 0x0, 0x4014) (async)
keyctl$auto(0x5, 0xffffeffffffffffe, 0x107, 0x803, 0x800000000000c) (async)
keyctl$auto(0xf, 0xfffffbfffffffffe, 0x2, 0x32, 0x77c)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async)
capset$auto(0x0, 0x0) (async)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x40, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) (async)
r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000340), 0x80080, 0x0)
ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x30, 0xff, 0x0, @raw=0xfffff030}}) (async, rerun: 64)
r3 = open(0x0, 0x800, 0x140) (rerun: 64)
getdents$auto(r3, 0x0, 0x18) (async)
ioctl$auto_CEC_ADAP_G_LOG_ADDRS(r3, 0x805c6103, &(0x7f0000000240)={"3006f568", 0x3, 0x7, 0x3, 0xb5b4, 0x9, "d8c4a7c58ea93d6eda10b110c0639d", "25c08a09", "08f83253", "7228cfaa", ["02968038de60063dc1bc3855", "6c67a8fbd98f113af0a262f3", "a2f2826c84154f0a8438953f", "fc601679d461e5274b3be86b"]})
mmap$auto(0x200000000000000, 0x2000020006, 0x4000001000df, 0xd0, r0, 0x8000) (async)
ioctl$auto_PPPIOCGDEBUG(r2, 0x80047441, &(0x7f0000000200)=0x2) (async, rerun: 32)
close_range$auto(0x2, 0x8, 0x41) (async, rerun: 32)
r4 = socket(0x2, 0x80002, 0x73)
r5 = socket(0xa, 0x5, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000001c0)=<r6=>0x0)
connect$auto(r4, &(0x7f0000000180)=@nfc={0x27, r6, 0xffffffffffffffff, 0x3}, 0xc) (async, rerun: 32)
sysfs$auto(0x2, 0x810000000000003a, 0x0) (rerun: 32)
getsockopt$auto(r5, 0x84, 0x1c, 0x0, 0x0) (async)
close_range$auto(r0, r1, 0x80000001)
msgsnd$auto(0x8, &(0x7f0000000040)={0xe00, 0x5}, 0x8, 0x1) (async)
mprotect$auto(0x1ffffffffffe, 0x806121, 0x8) (async)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000080), 0x2040, 0x0) (async, rerun: 32)
mq_getsetattr$auto(0xffffffffffffffff, 0x0, 0x0) (rerun: 32)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001a40), 0xffffffffffffffff)
poll$auto(0x0, 0x2, 0x5)

16.792767404s ago: executing program 3 (id=2570):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x101202, 0x0)
r1 = ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f00000000c0)=0x200)
pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*<P\xb0\x8a\"\x176\xe1p*0\xac\xb9\xd5\xab\xcc$\x9ai\xca\v(\xcd?\x8d\xd2\x1d\xe1\x99N\x028\xe2\x12\t6x\xca{\n\xe86;\x81\xc4\x00\x8b\xed\xfa\xc0\x18\xe7\xd0\x97\xd8\x00\xd5\x85\x03\xf1\f\xcc\xf7\xb16L\xd4\xb0AV.\xe3\x9e\x8csh\x8a\x84\xe30\xde\x8d\xe3\xa4\xf1e\xcf\xb2Rx\x8f\x98G\xc3\xc8UP\xb4-\aW\xb5h\x8b\x98T\xe0n\x8d~\xf2\x8b\x1c>\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xde<o\xb6[o\b\x00', 0x4e, 0x3)
ioctl$auto_VHOST_SET_VRING_ERR2(r1, 0x4008af22, &(0x7f0000000100)={0x5, r0})
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c01, 0x0)
unshare$auto(0x40000080)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x105402, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
prctl$auto_PR_SET_MM_ARG_START(0x0, 0x8, 0x0, 0xacb, 0xfffffffffffffe01)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07)
r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x1, 0x0)
ioctl$auto_FBIOPUT_CON2FBMAP(r2, 0x4610, &(0x7f0000000040))
read$auto(0x3, 0x0, 0x7fffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
semctl$auto(0x1, 0x2, 0x13, 0xc)
r3 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r3, 0x29, 0x20, 0x0, 0x20)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x404c534a, 0x38)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0x12, 0x10000009}, {0x0, 0x800}}, 0x0)

13.31912389s ago: executing program 7 (id=2594):
openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Virtual-1/edid_override\x00', 0xc0a82, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
write$auto(0x3, 0x0, 0x100082)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326bd7017fddbdf250200000008002700080000000a001800aaaa8aaaaabb0000"], 0x28}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
sysfs$auto(0x2, 0x100000000000033, 0x0)
fsopen$auto(0x0, 0x1)
mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000)
close_range$auto(0x0, 0x5, 0x0)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x2003, 0x0)
epoll_create$auto(0x3e)
socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
connect$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x4003, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0)
mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0)
socket(0x2c, 0x2, 0x3b)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x2, 0x0)
r0 = socket(0xa, 0x3, 0xff)
connect$auto(r0, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)

12.318043087s ago: executing program 1 (id=2586):
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000)
sysfs$auto(0x4000002, 0xffff, 0x1)
getgid()
r0 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, r0, 0x0)
r1 = openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0)
writev$auto(r1, &(0x7f00000001c0)={&(0x7f0000000140)="6f0652c6086ae0a2fe7ab4fa6240270adb45e1a618e291796886fc09ad6a0f5e589370cb94080bbef19b1e212655c621c94ee58d38b93391ee04cf580d3228d761076197a69792f3c9d55ba8aa142016aa036adb69e8", 0x7}, 0x3)
r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/filesystems\x00', 0x2, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f0000000280)=""/144, 0x90)
r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0)
r4 = eventfd2$auto(0x7f, 0x0)
r5 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000200)={0xd, "74a517f574545f6e56dd0a76e95f7ebe732ad2c90cf711c0bb363ed3997e3e14", @inferred=r4})
ioctl$auto(r3, 0x9, r5)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0)
read$auto_tracing_fops_trace(0xffffffffffffffff, &(0x7f0000001580)=""/4077, 0xfed)
mmap$auto(0x4, 0x1, 0xdf, 0x9b72, 0x2, 0x40008000)
close_range$auto(0x2, 0x8, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
unshare$auto(0x40000080)
statmount$auto(0x0, &(0x7f0000000180)={0x3, 0xb9, 0x44f, 0xa, 0x1, 0x1007181, 0x8a0d, 0x4, 0x10007, 0x7, 0x89, 0x29, 0x4, 0x200000000000, 0xfffffffffffff340, 0xfffffffffffffffa, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffb, 0x6, 0x401, 0x22002, 0x9, 0xfffffffd, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x70e2, 0x0, 0xe573, 0xb7, 0x0, 0x0, 0x8, 0x0, 0x9, 0x100000, 0x10000, 0x15b, 0x7, 0x1fc, 0x0, 0x10000000000002, 0x0, 0x0, 0x48, 0x0, 0x3a, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0xe, 0x0, 0x0, 0x0, 0xa53, 0xfffffffffffffffd, 0xfffffffffffffffd]}, 0x7, 0xd)
r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r6, 0xfffffff7effffd04, &(0x7f00000001c0))
r7 = socket(0xa, 0x5, 0x0)
bind$auto(r7, &(0x7f0000000040)=@in={0x2, 0x0, @local}, 0x69)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8)

11.318865493s ago: executing program 1 (id=2597):
r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x494a42, 0x0)
rt_sigprocmask$auto(0x26, &(0x7f0000000040)={0x80000000}, 0x0, 0x8)
r1 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
ioctl$auto_BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = syz_clone(0x4200080, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r2, 0x4, 0x7ff)
mmap$auto(0x0, 0x1e89ea9f, 0x2, 0x9b7f, r1, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xc5c, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x7, 0x400005, 0xdf, 0x13, 0xffffffffffffffff, 0x7)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
r4 = bpf$auto(0x0, &(0x7f0000000040)=@query={@target_fd, 0x4, 0x7, 0x9, 0x1, @count=0x4, 0x0, 0x80000000, 0xc, 0xe, 0x5}, 0x7)
futex_wake$auto(&(0x7f0000000700)="81e24483fd8fcbd3e97cc97e27cc58aab3c27c3b4a429bc89b8907ee60dc4a49bff7f21ccdcb724cac7f64ddf945f0cb9444eb81f13b6c6e558bc2687b57ca02f4ba6c9dbf9c13941c4364007aa5d46745a583b8890f77b11ba381fd54af089367da57920f8175ade15da818da3f2f423f7b3466e073da0d0b61605de912cda594c3bedd901cb97fb21121a67001d07f8dd18f05e46940de51b3f84476355e89f87040f8547e54155185501cd9c5532ea443397a1645f8a305918465ddab48a213f80122bea9db54ada19599fcbbb435d824591d55cc46107dec96a7ec40d5bbc8478d213190b708920e4336b8a27221ff6717dbb12d3ab1cf13be9dd542265a00de19a5bb85687cfc51dc5c92924306ea8bb917e529ddf42aad3026639cce01f5ee82188b223e78540d36de020617769e2658d30e05d88d330a518e21809087826c628c34278f86cab30378cd1875f1ac3f2992a8ac01baba459eb4f18f0f43f92115f3764d13f278ba4340077287c2ee332c10cbff75417b4aa6fc2b34a41a1f5aa1a13894", 0x8, 0x6, 0xa)
fanotify_mark$auto(0xffffffffffffffff, 0x5, 0x7fff, 0xffffffffffffffff, &(0x7f0000000400)='./file0\x00')
read$auto(r3, 0x0, 0x20)
r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0)
writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002dbd7000fbdbdf2501000000040007800c000200010000000000000004000980080001000004000089611644ecaa57fa79a123b66a8bef0ea8ffbfd8b6567b20d5a5b1263ef710ab8a1067c79822a1a8ae3ac14715619e5757e493838192e6666865cf7d7918cf20d5a5d2f83b1533ca1a16e07e6cab227a69da372413284c37c4c4a5da0161047907c65dfd3ace6610b3a816b29945dfcaa6a79eedfd2445902db228651efb698b36de42ac114df6"], 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002a00), r4)
sendmsg$auto_IPVS_CMD_NEW_DEST(r6, 0x0, 0x800)
write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000180)="168700efdb", 0x5)
r8 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x22001, 0x0)
ioctl$auto_dma_heap_fops_dma_heap(r8, 0xffffffffffdffe00, &(0x7f0000000140))
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, 0x0)
madvise$auto(0x0, 0x2000000080000001, 0x3)

7.232598017s ago: executing program 1 (id=2600):
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$auto(0x0, 0x202000d, 0x8000000002, 0xeb1, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0)
read$auto(r0, 0x0, 0x1ff)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
unshare$auto(0x40000080)
unshare$auto(0x93a3)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x2c, 0x1, 0x0)
listen$auto(0x3, 0x81)
r4 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fcntl$auto_F_NOTIFY(r4, 0x402, 0x9000)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0)
ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0)
mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2)
mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000)
fsopen$auto(0x0, 0x1)
prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4000000)
sendmsg$auto_NL80211_CMD_SET_COALESCE(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x24, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x7}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x80)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0)
sendfile$auto(r6, r6, 0x0, 0x3)
close_range$auto(0x2, 0x8, 0x0)

4.676422128s ago: executing program 9 (id=2601):
ioctl$auto_TIOCGICOUNT(0xffffffffffffffff, 0x545d, 0xfffffffffffffffe)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x840, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
connect$auto(0xffffffffffffffff, &(0x7f0000000140)=@tipc=@id={0x1e, 0x3, 0x1, {0x4e20, 0x1}}, 0x100)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)

4.452005721s ago: executing program 9 (id=2602):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffff004, 0x2)
r0 = socket(0x2a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0xa, 0x2, 0x88)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
open(0x0, 0x561342, 0x0)
mlockall$auto(0x7)
setresuid$auto(0x8, 0x8, 0x0)
mlock$auto(0xcecc, 0xd325)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyp5\x00', 0x14000, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bond0\x00'})
bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_5={@target_fd=r0, r3, 0x8, 0xfc, r1, @relative_fd, 0xe600}, 0xf)
bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc)

4.059266865s ago: executing program 9 (id=2603):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
connect$auto(0x3, 0x0, 0x58)
r0 = waitid$auto_P_PID(0x1, 0xffffffffffffffff, 0x0, 0x57, 0x0)
r1 = clone$auto(0x2, 0x2, &(0x7f00000002c0)=0x10, &(0x7f0000000300)=0xffffffff, 0x6)
waitid$auto_P_PGID(0x2, r0, &(0x7f0000000340)={@siginfo_0_0={0x2, 0x4, 0x8, @_timer={r1, 0x4000, @sival_int=0x37, 0x81}}}, 0x0, &(0x7f00000003c0)={{0xfff, 0x5}, {0x7fffffffffffffff, 0x2}, 0xfff, 0x9, 0x7, 0xd15, 0x401, 0x8000, 0x57677380, 0x3, 0x5, 0xa, 0xfb, 0x6, 0x3})
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)

3.688875884s ago: executing program 9 (id=2604):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
futex$auto(0x0, 0x3, 0x9, &(0x7f00000000c0)={0x9, 0xffff}, 0x0, 0x5)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x55)
socket(0x2, 0x3, 0x8)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55)
r0 = open(0x0, 0x161340, 0x130)
statx$auto(r0, 0x0, 0x1003, 0xb8d, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x114}}, 0x3, 0x0)

3.319978784s ago: executing program 9 (id=2605):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
socket(0xa, 0x1, 0x84)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
socket(0xa, 0x2, 0x3a)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/pci/drivers/ccp/remove_id\x00', 0x60c200, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/uevent\x00', 0x800, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/user\x00')
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0x0, 0x0)
io_uring_setup$auto(0x6, 0x0)
socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1)
r0 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r0, 0x107, 0x14, 0x0, 0x4)
sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x3, 0x0, 0x5, 0x7}, 0x5}, 0x100000, 0x1) (fail_nth: 3)

1.576734203s ago: executing program 40 (id=2570):
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x101202, 0x0)
r1 = ioctl$auto_TUNSETVNETHDRSZ2(0xffffffffffffffff, 0x400454d8, &(0x7f00000000c0)=0x200)
pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:<\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xadCl\x9e\xeb\xcd\vp\x99\x00\xc8\x06\xa5\xdc3\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0A\x94\xa3\xaef\x87\xd8\x95I\xfd\xa8\t\xac\x87\xb7\x1d\xd5\x83\xdcyu]\xde\xbe\xbf$<.}\x8b`\x04\xfc\xa2\xab\xb5]\x80\x00\xb9D\xc5\xbc\xf2a\xd66\xa5\xd3\xc1r\x96\x1e\x8db\x05=`\x01\x11\x04Tz\x87A$\x115\x95PUf\xa7\xfe\x19\x00\x82go}@W\xd5\xaej\x01\xbf>5n\x17S\xc0\x8a\xaf%O\xd1W\xa3ua+sUJ\xea\xf9\xb7p-\x128\x9d\xbaM_\xff\x1c\xc3sG\x04\xf2\xd3\xf3{;\xd4\xd7\x1c\x1dZ\xe9\xe9\xc9\x9cu5\xe9\xa2\xb3N\xd2\xc1\xc8\xa5\xadt\xd5BKD\x86\xeb%\a*<P\xb0\x8a\"\x176\xe1p*0\xac\xb9\xd5\xab\xcc$\x9ai\xca\v(\xcd?\x8d\xd2\x1d\xe1\x99N\x028\xe2\x12\t6x\xca{\n\xe86;\x81\xc4\x00\x8b\xed\xfa\xc0\x18\xe7\xd0\x97\xd8\x00\xd5\x85\x03\xf1\f\xcc\xf7\xb16L\xd4\xb0AV.\xe3\x9e\x8csh\x8a\x84\xe30\xde\x8d\xe3\xa4\xf1e\xcf\xb2Rx\x8f\x98G\xc3\xc8UP\xb4-\aW\xb5h\x8b\x98T\xe0n\x8d~\xf2\x8b\x1c>\x06\xbb\x1e\xfb\x11U\f&\xcbP\xf1\xcf\xccb\xe8Wb\xc5ae\xe3\xf9l\xa9vK\xed\x8cL\xfb%g\x83;\xe1\xe2w\xd6\xaa6\x16\x8fx\x1a\xd7\xc8\xf4[\xbc\b\xe1Z\x92\x14Q\xde<o\xb6[o\b\x00', 0x4e, 0x3)
ioctl$auto_VHOST_SET_VRING_ERR2(r1, 0x4008af22, &(0x7f0000000100)={0x5, r0})
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c01, 0x0)
unshare$auto(0x40000080)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x105402, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
prctl$auto_PR_SET_MM_ARG_START(0x0, 0x8, 0x0, 0xacb, 0xfffffffffffffe01)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07)
r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x1, 0x0)
ioctl$auto_FBIOPUT_CON2FBMAP(r2, 0x4610, &(0x7f0000000040))
read$auto(0x3, 0x0, 0x7fffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
semctl$auto(0x1, 0x2, 0x13, 0xc)
r3 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r3, 0x29, 0x20, 0x0, 0x20)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x404c534a, 0x38)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0x12, 0x10000009}, {0x0, 0x800}}, 0x0)

652.340814ms ago: executing program 9 (id=2607):
mmap$auto(0x0, 0x4, 0xc00000072, 0x8b72, 0x1000000002, 0x8000)
io_uring_setup$auto(0x86, 0x0)
mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
select$auto(0x4, 0x0, 0x0, 0x0, 0x0)
r0 = io_uring_setup$auto(0x1d48, 0x0)
close_range$auto(0x2, r0, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nbd0\x00', 0x24000, 0x0)
ioctl$auto(r1, 0xab03, 0xffffffffffffffff)
syslog$auto_SYSLOG_ACTION_READ(0x2, &(0x7f0000000280)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00', 0x3)
write$auto_fops_init_pkru_pkeys(r0, &(0x7f0000000000)="ec7e193027745f0d3f48044c72e0d7bb85f48280c339e236ee", 0x19)
ptrace$auto_PTRACE_GETREGS(0xc, 0x0, 0x80000000, 0x1)
pread64$auto(0xffffffffffffffff, 0x0, 0x101, 0x103)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
listen$auto(r0, 0x5)
mmap$auto(0x0, 0x20009, 0xdb, 0xeb1, 0x40000000000a5, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
shutdown$auto(0x200000003, 0x2)
setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0)
r2 = socket(0xa, 0x1, 0x84)
getsockopt$auto(r2, 0x0, 0x53, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000680), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_SMC_NETLINK_REMOVE_UEID(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000840)={0x14, r3, 0x1, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24008040}, 0x4040)

0s ago: executing program 1 (id=2608):
r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x494a42, 0x0)
openat$auto_generic(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
ioctl$auto_BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000)
mprotect$auto(0x200003000000, 0x806121, 0x6)

kernel console output (not intermixed with test programs):

00000000401 R09: 0000300000000000
[  592.077218][T14990] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000
[  592.077233][T14990] R13: 00007f9f95a16128 R14: 00007f9f95a16090 R15: 00007ffdfd7caa18
[  592.077259][T14990]  ? __UNIQUE_ID_modinfo_711+0x63e08673/0xffffffffffec9f73
[  592.077307][T14990]  </TASK>
[  592.731353][T14986] FAULT_INJECTION: forcing a failure.
[  592.731353][T14986] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  592.836907][T14986] CPU: 0 UID: 0 PID: 14986 Comm: syz.0.2160 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  592.836945][T14986] Tainted: [L]=SOFTLOCKUP
[  592.836955][T14986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  592.836969][T14986] Call Trace:
[  592.836977][T14986]  <TASK>
[  592.836986][T14986]  dump_stack_lvl+0x100/0x190
[  592.837027][T14986]  should_fail_ex.cold+0x5/0xa
[  592.837052][T14986]  ? prepare_alloc_pages+0x16d/0x5f0
[  592.837084][T14986]  should_fail_alloc_page+0xeb/0x140
[  592.837113][T14986]  prepare_alloc_pages+0x1f0/0x5f0
[  592.837147][T14986]  __alloc_frozen_pages_noprof+0x19a/0x2ba0
[  592.837186][T14986]  ? __print_lock_name+0x61/0x80
[  592.837209][T14986]  ? is_bpf_text_address+0x8a/0x1a0
[  592.837248][T14986]  ? is_bpf_text_address+0x8a/0x1a0
[  592.837287][T14986]  ? bpf_ksym_find+0x124/0x1c0
[  592.837317][T14986]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  592.837345][T14986]  ? is_bpf_text_address+0x94/0x1a0
[  592.837384][T14986]  ? kernel_text_address+0x8d/0x100
[  592.837421][T14986]  ? __kernel_text_address+0xd/0x30
[  592.837457][T14986]  ? unwind_get_return_address+0x59/0xa0
[  592.837485][T14986]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  592.837536][T14986]  ? __pfx_stack_trace_save+0x10/0x10
[  592.837568][T14986]  ? stack_depot_save_flags+0x27/0x9d0
[  592.837608][T14986]  ? stack_trace_save+0x8e/0xc0
[  592.837634][T14986]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  592.837683][T14986]  ? policy_nodemask+0xed/0x4f0
[  592.837712][T14986]  alloc_pages_mpol+0x1fb/0x550
[  592.837740][T14986]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  592.837775][T14986]  alloc_pages_noprof+0x136/0x390
[  592.837823][T14986]  kimage_alloc_pages+0x72/0x380
[  592.837855][T14986]  kimage_alloc_control_pages+0x157/0xa20
[  592.837890][T14986]  ? __pfx_kimage_alloc_control_pages+0x10/0x10
[  592.837926][T14986]  do_kexec_load+0x275/0x810
[  592.837957][T14986]  ? __pfx_do_kexec_load+0x10/0x10
[  592.837988][T14986]  ? _copy_from_user+0x59/0xd0
[  592.838023][T14986]  __x64_sys_kexec_load+0x1bf/0x230
[  592.838054][T14986]  do_syscall_64+0x106/0xf80
[  592.838078][T14986]  ? clear_bhb_loop+0x40/0x90
[  592.838108][T14986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.838133][T14986] RIP: 0033:0x7f099619c819
[  592.838154][T14986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  592.838178][T14986] RSP: 002b:00007f0997117028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[  592.838201][T14986] RAX: ffffffffffffffda RBX: 00007f0996415fa0 RCX: 00007f099619c819
[  592.838218][T14986] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000001
[  592.838233][T14986] RBP: 00007f0996232c91 R08: 0000000000000000 R09: 0000000000000000
[  592.838249][T14986] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000
[  592.838264][T14986] R13: 00007f0996416038 R14: 00007f0996415fa0 R15: 00007ffeae857fa8
[  592.838295][T14986]  </TASK>
[  592.841790][T14986] kexec: Could not allocate control_code_buffer
[  594.071293][T15005] FAULT_INJECTION: forcing a failure.
[  594.071293][T15005] name failslab, interval 1, probability 0, space 0, times 0
[  594.173915][T15005] CPU: 0 UID: 0 PID: 15005 Comm: syz.1.2157 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  594.173954][T15005] Tainted: [L]=SOFTLOCKUP
[  594.173964][T15005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  594.173978][T15005] Call Trace:
[  594.173987][T15005]  <TASK>
[  594.173996][T15005]  dump_stack_lvl+0x100/0x190
[  594.174039][T15005]  should_fail_ex.cold+0x5/0xa
[  594.174069][T15005]  should_failslab+0xc2/0x120
[  594.174098][T15005]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  594.174138][T15005]  ? __d_alloc+0x34/0xa80
[  594.174179][T15005]  ? __pfx_stack_trace_save+0x10/0x10
[  594.174210][T15005]  __d_alloc+0x34/0xa80
[  594.174241][T15005]  d_alloc_parallel+0x111/0x14e0
[  594.174293][T15005]  ? find_held_lock+0x2b/0x80
[  594.174317][T15005]  ? __d_lookup+0x25c/0x4a0
[  594.174359][T15005]  ? __pfx_d_alloc_parallel+0x10/0x10
[  594.174400][T15005]  ? __d_lookup+0x266/0x4a0
[  594.174443][T15005]  lookup_open.isra.0+0x57c/0x11b0
[  594.174487][T15005]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  594.174530][T15005]  ? __pfx___might_resched+0x10/0x10
[  594.174567][T15005]  ? mnt_get_write_access+0x52/0x2f0
[  594.174606][T15005]  ? __pfx_down_write+0x10/0x10
[  594.174632][T15005]  ? mnt_get_write_access+0x1e9/0x2f0
[  594.174676][T15005]  path_openat+0x2291/0x31a0
[  594.174707][T15005]  ? entry_SYSCALL_64_after_hwframe+0x48/0x7f
[  594.174735][T15005]  ? __pfx_path_openat+0x10/0x10
[  594.174772][T15005]  do_file_open+0x20e/0x430
[  594.174801][T15005]  ? __pfx_do_file_open+0x10/0x10
[  594.174847][T15005]  ? _raw_spin_unlock+0x28/0x50
[  594.174883][T15005]  ? alloc_fd+0x476/0x790
[  594.174916][T15005]  do_sys_openat2+0x10d/0x1e0
[  594.174950][T15005]  ? __pfx_do_sys_openat2+0x10/0x10
[  594.174994][T15005]  __x64_sys_open+0xfe/0x1d0
[  594.175027][T15005]  ? __pfx___x64_sys_open+0x10/0x10
[  594.175071][T15005]  do_syscall_64+0x106/0xf80
[  594.175094][T15005]  ? clear_bhb_loop+0x40/0x90
[  594.175124][T15005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.175148][T15005] RIP: 0033:0x7fbc4e99c819
[  594.175168][T15005] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  594.175191][T15005] RSP: 002b:00007fbc4f778028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  594.175213][T15005] RAX: ffffffffffffffda RBX: 00007fbc4ec16180 RCX: 00007fbc4e99c819
[  594.175230][T15005] RDX: 0000000000000156 RSI: 0000000000022240 RDI: 0000200000000800
[  594.175245][T15005] RBP: 00007fbc4ea32c91 R08: 0000000000000000 R09: 0000000000000000
[  594.175260][T15005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  594.175274][T15005] R13: 00007fbc4ec16218 R14: 00007fbc4ec16180 R15: 00007fff26de2248
[  594.175305][T15005]  </TASK>
[  595.635227][T14986] Process accounting resumed
[  596.126922][T15025] input: f¬
 as /devices/virtual/input/input20
[  596.523642][T15035] netlink: 'syz.2.2169': attribute type 1 has an invalid length.
[  596.551790][T15035] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2169'.
[  597.049787][T13912] Bluetooth: hci0: ACL packet for unknown connection handle 0
[  597.187991][T15050] netlink: 'syz.2.2174': attribute type 1 has an invalid length.
[  597.234333][T15050] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2174'.
[  602.008073][T13912] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19
[  602.017139][T13912] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00
[  603.488387][T15131] kexec: Could not allocate control_code_buffer
[  608.989235][T12204] NFSD: Failed to start, no listeners configured.
[  610.064021][T15246] zswap: compressor  not available
[  613.874952][T15309] netlink: zone id is out of range
[  613.982102][T15309] netlink: zone id is out of range
[  614.022952][T15309] netlink: zone id is out of range
[  614.056095][T15309] netlink: zone id is out of range
[  614.075596][T15309] netlink: zone id is out of range
[  614.120903][T15309] netlink: zone id is out of range
[  614.146900][T15309] netlink: zone id is out of range
[  614.203229][T15309] netlink: zone id is out of range
[  614.252325][T15309] netlink: set zone limit has 8 unknown bytes
[  615.021712][T15334] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2247'.
[  617.209274][T15361] kAFS: Invalid Command on /proc/fs/afs/cells file
[  617.325628][T15364] FAULT_INJECTION: forcing a failure.
[  617.325628][T15364] name failslab, interval 1, probability 0, space 0, times 0
[  617.402374][T15364] CPU: 0 UID: 0 PID: 15364 Comm: syz.1.2253 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  617.402412][T15364] Tainted: [L]=SOFTLOCKUP
[  617.402420][T15364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  617.402434][T15364] Call Trace:
[  617.402442][T15364]  <TASK>
[  617.402451][T15364]  dump_stack_lvl+0x100/0x190
[  617.402492][T15364]  should_fail_ex.cold+0x5/0xa
[  617.402522][T15364]  should_failslab+0xc2/0x120
[  617.402550][T15364]  __kvmalloc_node_noprof+0xfa/0xa00
[  617.402573][T15364]  ? seq_read_iter+0x819/0x1270
[  617.402618][T15364]  seq_read_iter+0x819/0x1270
[  617.402670][T15364]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  617.402716][T15364]  kernfs_fop_read_iter+0x46c/0x610
[  617.402750][T15364]  copy_splice_read+0x4ba/0xb90
[  617.402781][T15364]  ? __pfx_copy_splice_read+0x10/0x10
[  617.402821][T15364]  ? __pfx_copy_splice_read+0x10/0x10
[  617.402845][T15364]  do_splice_read+0x285/0x370
[  617.402872][T15364]  splice_file_to_pipe+0x82/0x120
[  617.402900][T15364]  do_splice+0xda1/0x1fd0
[  617.402925][T15364]  ? __lock_acquire+0x4a5/0x2630
[  617.402974][T15364]  ? ksys_write+0x190/0x250
[  617.403006][T15364]  ? __pfx_do_splice+0x10/0x10
[  617.403029][T15364]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  617.403055][T15364]  ? find_held_lock+0x2b/0x80
[  617.403088][T15364]  __do_splice+0x113/0x370
[  617.403115][T15364]  ? __pfx___do_splice+0x10/0x10
[  617.403149][T15364]  __x64_sys_splice+0x187/0x250
[  617.403180][T15364]  do_syscall_64+0x106/0xf80
[  617.403203][T15364]  ? clear_bhb_loop+0x40/0x90
[  617.403232][T15364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.403263][T15364] RIP: 0033:0x7fbc4e99c819
[  617.403282][T15364] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  617.403306][T15364] RSP: 002b:00007fbc4f7ba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  617.403341][T15364] RAX: ffffffffffffffda RBX: 00007fbc4ec15fa0 RCX: 00007fbc4e99c819
[  617.403356][T15364] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000004
[  617.403370][T15364] RBP: 00007fbc4f7ba090 R08: 0000000080000001 R09: 0000000000000009
[  617.403385][T15364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  617.403399][T15364] R13: 00007fbc4ec16038 R14: 00007fbc4ec15fa0 R15: 00007fff26de2248
[  617.403430][T15364]  </TASK>
[  619.302855][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  619.516421][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  619.671934][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  619.760595][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  619.806397][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  619.931095][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  619.987810][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  620.060360][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  620.060389][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  620.060409][T15400] futex_wake_op: syz.1.2260 tries to shift op by -2048; fix this program
[  620.076981][T15410] block2mtd: illegal erase size
[  621.537602][T15426] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[15426]
[  622.158133][T15432] FAULT_INJECTION: forcing a failure.
[  622.158133][T15432] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  622.248344][T15432] CPU: 0 UID: 0 PID: 15432 Comm: syz.1.2266 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  622.248381][T15432] Tainted: [L]=SOFTLOCKUP
[  622.248390][T15432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  622.248410][T15432] Call Trace:
[  622.248418][T15432]  <TASK>
[  622.248428][T15432]  dump_stack_lvl+0x100/0x190
[  622.248469][T15432]  should_fail_ex.cold+0x5/0xa
[  622.248498][T15432]  _copy_to_user+0x32/0xd0
[  622.248532][T15432]  simple_read_from_buffer+0xcb/0x170
[  622.248574][T15432]  proc_fail_nth_read+0x1af/0x230
[  622.248606][T15432]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  622.248652][T15432]  ? rw_verify_area+0xce/0x6d0
[  622.248691][T15432]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  622.248723][T15432]  vfs_read+0x1e4/0xb30
[  622.248749][T15432]  ? __pfx_vfs_read+0x10/0x10
[  622.248787][T15432]  ? __fget_files+0x215/0x3d0
[  622.248819][T15432]  ? __fget_files+0x21f/0x3d0
[  622.248851][T15432]  ksys_read+0x12a/0x250
[  622.248874][T15432]  ? __pfx_ksys_read+0x10/0x10
[  622.248905][T15432]  do_syscall_64+0x106/0xf80
[  622.248930][T15432]  ? clear_bhb_loop+0x40/0x90
[  622.248959][T15432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.248984][T15432] RIP: 0033:0x7fbc4e95d04e
[  622.249004][T15432] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  622.249027][T15432] RSP: 002b:00007fbc4f7b9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  622.249050][T15432] RAX: ffffffffffffffda RBX: 00007fbc4f7ba6c0 RCX: 00007fbc4e95d04e
[  622.249067][T15432] RDX: 000000000000000f RSI: 00007fbc4f7ba0a0 RDI: 0000000000000005
[  622.249082][T15432] RBP: 00007fbc4f7ba090 R08: 0000000000000000 R09: 0000000000000000
[  622.249097][T15432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  622.249112][T15432] R13: 00007fbc4ec16038 R14: 00007fbc4ec15fa0 R15: 00007fff26de2248
[  622.249143][T15432]  </TASK>
[  622.779510][T15436] kAFS: Invalid Command on /proc/fs/afs/cells file
[  622.970051][T15441] FAULT_INJECTION: forcing a failure.
[  622.970051][T15441] name failslab, interval 1, probability 0, space 0, times 0
[  623.075785][T15441] CPU: 0 UID: 0 PID: 15441 Comm: syz.0.2267 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  623.075823][T15441] Tainted: [L]=SOFTLOCKUP
[  623.075832][T15441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  623.075847][T15441] Call Trace:
[  623.075855][T15441]  <TASK>
[  623.075865][T15441]  dump_stack_lvl+0x100/0x190
[  623.075906][T15441]  should_fail_ex.cold+0x5/0xa
[  623.075938][T15441]  ? tomoyo_realpath_from_path+0xb6/0x690
[  623.075977][T15441]  should_failslab+0xc2/0x120
[  623.076005][T15441]  __kmalloc_noprof+0xe0/0x850
[  623.076051][T15441]  tomoyo_realpath_from_path+0xb6/0x690
[  623.076113][T15441]  tomoyo_path_number_perm+0x23c/0x580
[  623.076144][T15441]  ? tomoyo_path_number_perm+0x22e/0x580
[  623.076177][T15441]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  623.076238][T15441]  ? find_held_lock+0x2b/0x80
[  623.076262][T15441]  ? current_check_access_path+0x281/0x460
[  623.076300][T15441]  ? __pfx_current_check_access_path+0x10/0x10
[  623.076338][T15441]  ? d_alloc_parallel+0x864/0x14e0
[  623.076381][T15441]  tomoyo_path_mknod+0x164/0x190
[  623.076405][T15441]  ? __pfx_tomoyo_path_mknod+0x10/0x10
[  623.076427][T15441]  ? find_held_lock+0x2b/0x80
[  623.076453][T15441]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  623.076484][T15441]  security_path_mknod+0x161/0x300
[  623.076523][T15441]  may_o_create+0x30/0x3a0
[  623.076562][T15441]  lookup_open.isra.0+0xa0d/0x11b0
[  623.076607][T15441]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  623.076652][T15441]  ? __pfx___might_resched+0x10/0x10
[  623.076721][T15441]  ? mnt_get_write_access+0x52/0x2f0
[  623.076763][T15441]  ? __pfx_down_write+0x10/0x10
[  623.076791][T15441]  ? mnt_get_write_access+0x1e9/0x2f0
[  623.076834][T15441]  path_openat+0x2291/0x31a0
[  623.076867][T15441]  ? entry_SYSCALL_64_after_hwframe+0x48/0x7f
[  623.076896][T15441]  ? __pfx_path_openat+0x10/0x10
[  623.076937][T15441]  do_file_open+0x20e/0x430
[  623.076967][T15441]  ? __pfx_do_file_open+0x10/0x10
[  623.077016][T15441]  ? _raw_spin_unlock+0x28/0x50
[  623.077053][T15441]  ? alloc_fd+0x476/0x790
[  623.077087][T15441]  do_sys_openat2+0x10d/0x1e0
[  623.077122][T15441]  ? __pfx_do_sys_openat2+0x10/0x10
[  623.077168][T15441]  __x64_sys_open+0xfe/0x1d0
[  623.077202][T15441]  ? __pfx___x64_sys_open+0x10/0x10
[  623.077248][T15441]  do_syscall_64+0x106/0xf80
[  623.077272][T15441]  ? clear_bhb_loop+0x40/0x90
[  623.077302][T15441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.077328][T15441] RIP: 0033:0x7f099619c819
[  623.077349][T15441] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  623.077373][T15441] RSP: 002b:00007f09970d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  623.077397][T15441] RAX: ffffffffffffffda RBX: 00007f0996416180 RCX: 00007f099619c819
[  623.077414][T15441] RDX: 0000000000000156 RSI: 0000000000022240 RDI: 0000200000000800
[  623.077430][T15441] RBP: 00007f0996232c91 R08: 0000000000000000 R09: 0000000000000000
[  623.077446][T15441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  623.077461][T15441] R13: 00007f0996416218 R14: 00007f0996416180 R15: 00007ffeae857fa8
[  623.077493][T15441]  </TASK>
[  623.400485][T15441] ERROR: Out of memory at tomoyo_realpath_from_path.
[  624.383732][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.390426][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  625.496422][T15459] zswap: compressor  not available
[  627.229356][T15449] Process accounting paused
[  628.053506][T15503] FAULT_INJECTION: forcing a failure.
[  628.053506][T15503] name failslab, interval 1, probability 0, space 0, times 0
[  628.130418][T15503] CPU: 0 UID: 0 PID: 15503 Comm: syz.2.2281 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  628.130455][T15503] Tainted: [L]=SOFTLOCKUP
[  628.130463][T15503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  628.130478][T15503] Call Trace:
[  628.130486][T15503]  <TASK>
[  628.130495][T15503]  dump_stack_lvl+0x100/0x190
[  628.130534][T15503]  should_fail_ex.cold+0x5/0xa
[  628.130562][T15503]  ? __register_sysctl_table+0xbe4/0x1650
[  628.130586][T15503]  should_failslab+0xc2/0x120
[  628.130612][T15503]  __kmalloc_noprof+0xe0/0x850
[  628.130654][T15503]  __register_sysctl_table+0xbe4/0x1650
[  628.130685][T15503]  ? __pfx___register_sysctl_table+0x10/0x10
[  628.130714][T15503]  ? rcu_is_watching+0x11/0xc0
[  628.130772][T15503]  ? __asan_memcpy+0x3c/0x60
[  628.130809][T15503]  register_pidns_sysctls+0x11d/0x1c0
[  628.130844][T15503]  ? __ns_common_init+0x299/0x4b0
[  628.130874][T15503]  copy_pid_ns+0x680/0x10a0
[  628.130905][T15503]  ? __pfx_copy_pid_ns+0x10/0x10
[  628.130934][T15503]  ? rcu_is_watching+0x12/0xc0
[  628.130972][T15503]  ? copy_mnt_ns+0x106/0xc30
[  628.131002][T15503]  ? create_new_namespaces+0x30/0xac0
[  628.131033][T15503]  create_new_namespaces+0x2aa/0xac0
[  628.131066][T15503]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  628.131095][T15503]  ksys_unshare+0x473/0xad0
[  628.131128][T15503]  ? __pfx_ksys_unshare+0x10/0x10
[  628.131169][T15503]  __x64_sys_unshare+0x31/0x40
[  628.131199][T15503]  do_syscall_64+0x106/0xf80
[  628.131222][T15503]  ? clear_bhb_loop+0x40/0x90
[  628.131251][T15503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.131275][T15503] RIP: 0033:0x7f9f9579c819
[  628.131295][T15503] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  628.131318][T15503] RSP: 002b:00007f9f96590028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  628.131346][T15503] RAX: ffffffffffffffda RBX: 00007f9f95a16090 RCX: 00007f9f9579c819
[  628.131362][T15503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
[  628.131377][T15503] RBP: 00007f9f95832c91 R08: 0000000000000000 R09: 0000000000000000
[  628.131392][T15503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  628.131407][T15503] R13: 00007f9f95a16128 R14: 00007f9f95a16090 R15: 00007ffdfd7caa18
[  628.131437][T15503]  </TASK>
[  628.131447][T15503] sysctl could not get directory: /kernel -12
[  631.457666][T15544] openvswitch: netlink: IP tunnel dst address not specified
[  632.175945][   T30] audit: type=1800 audit(2147485914.467:30): pid=15550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2291" name="discovery_nqn" dev="configfs" ino=66218 res=0 errno=0
[  632.329424][T15550] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2291'.
[  633.673694][T15576] netlink: 'syz.0.2296': attribute type 1 has an invalid length.
[  633.716936][T15576] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2296'.
[  635.238128][T15596] netlink: 'syz.2.2303': attribute type 8 has an invalid length.
[  635.367299][T15594] netlink: 'syz.2.2303': attribute type 8 has an invalid length.
[  635.862002][T15614] vivid-007: =================  START STATUS  =================
[  635.908595][T15614] vivid-007: Generate PTS: true
[  635.933663][T15614] vivid-007: Generate SCR: true
[  635.965007][T15614] tpg source WxH: 320x240 (Y'CbCr)
[  635.995824][T15614] tpg field: 1
[  635.999332][T15614] tpg crop: (0,0)/320x240
[  636.069225][T15614] tpg compose: (0,0)/320x240
[  636.143734][T15614] tpg colorspace: 8
[  636.192872][T15614] tpg transfer function: 0/0
[  636.270886][T15614] tpg Y'CbCr encoding: 0/0
[  636.317087][T15614] tpg quantization: 0/0
[  636.347608][T15614] tpg RGB range: 0/2
[  636.374078][T15614] vivid-007: ==================  END STATUS  ==================
[  638.438272][T11637] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  638.450465][T11637] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  638.458267][T11637] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  638.471269][T11637] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  638.479306][T11637] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  640.319223][T15655] chnl_net:caif_netlink_parms(): no params data found
[  640.523698][T11637] Bluetooth: hci5: command tx timeout
[  640.985880][T15655] bridge0: port 1(bridge_slave_0) entered blocking state
[  641.036177][T15655] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.076381][T15655] bridge_slave_0: entered allmulticast mode
[  641.115879][T15655] bridge_slave_0: entered promiscuous mode
[  641.200725][T15655] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.207975][T15655] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.267251][T15655] bridge_slave_1: entered allmulticast mode
[  641.288882][T15655] bridge_slave_1: entered promiscuous mode
[  641.420685][T15655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  641.457361][T15655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  641.615869][T15655] team0: Port device team_slave_0 added
[  641.659405][T15655] team0: Port device team_slave_1 added
[  641.700050][T15701] QAT: Stopping all acceleration devices.
[  641.780479][T15655] batman_adv: batadv0: Adding interface: batadv_slave_0
[  641.818180][T15655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  641.927423][T15655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  641.988886][T15655] batman_adv: batadv0: Adding interface: batadv_slave_1
[  642.020423][T15655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  642.135658][T15655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  642.452626][T15655] hsr_slave_0: entered promiscuous mode
[  642.470875][T15655] hsr_slave_1: entered promiscuous mode
[  642.504874][T15655] debugfs: 'hsr0' already exists in 'hsr'
[  642.531763][T15655] Cannot create hsr debugfs directory
[  642.600161][T11637] Bluetooth: hci5: command tx timeout
[  643.475340][T15655] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  643.711685][T15655] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  643.866088][T15655] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.127244][T15655] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  644.680611][T11637] Bluetooth: hci5: command tx timeout
[  645.515424][T15655] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  645.550648][T15655] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  645.605042][T15655] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  645.648203][T15655] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  646.244522][T15655] 8021q: adding VLAN 0 to HW filter on device bond0
[  646.453734][T15655] 8021q: adding VLAN 0 to HW filter on device team0
[  646.469122][T15768] zswap: compressor  not available
[  646.525044][T14028] bridge0: port 1(bridge_slave_0) entered blocking state
[  646.532348][T14028] bridge0: port 1(bridge_slave_0) entered forwarding state
[  646.619292][T14028] bridge0: port 2(bridge_slave_1) entered blocking state
[  646.626572][T14028] bridge0: port 2(bridge_slave_1) entered forwarding state
[  646.762575][T11637] Bluetooth: hci5: command tx timeout
[  647.511100][T15655] 8021q: adding VLAN 0 to HW filter on device batadv0
[  647.818152][T15655] veth0_vlan: entered promiscuous mode
[  647.918668][T15655] veth1_vlan: entered promiscuous mode
[  648.061890][T15655] veth0_macvtap: entered promiscuous mode
[  648.088046][T15806] kAFS: Invalid Command on /proc/fs/afs/cells file
[  648.102816][T15655] veth1_macvtap: entered promiscuous mode
[  648.183077][T15655] batman_adv: batadv0: Interface activated: batadv_slave_0
[  648.265427][T15655] batman_adv: batadv0: Interface activated: batadv_slave_1
[  648.356101][T14033] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  648.412974][T14033] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  648.422390][T14031] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  648.431127][T14031] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  648.880902][T14031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  648.925295][T14031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  649.130667][T14042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  649.168455][T14042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  649.218567][T15809] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  649.324352][T15809] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  649.359159][T15809] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  649.389523][T15809] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  649.429495][T15809] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  649.472396][T15809] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  649.478401][T15809] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  649.593963][T15809] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  650.844835][T11637] Bluetooth: hci1: command 0x0c1a tx timeout
[  651.404285][T11637] Bluetooth: hci2: command 0x0c1a tx timeout
[  651.411503][T13912] Bluetooth: hci3: command 0x0c1a tx timeout
[  651.417929][T11608] Bluetooth: hci0: command 0x0c1a tx timeout
[  651.484657][T11637] Bluetooth: hci4: command 0x040f tx timeout
[  651.567139][T11637] Bluetooth: hci5: command 0x0c1a tx timeout
[  652.812026][T15892] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2363'.
[  652.922191][T15893] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2363'.
[  653.644841][T11637] Bluetooth: hci5: command 0x0c1a tx timeout
[  655.388006][T15923] kAFS: Invalid Command on /proc/fs/afs/cells file
[  655.725672][T11637] Bluetooth: hci5: command 0x0c1a tx timeout
[  656.835058][T15943] FAULT_INJECTION: forcing a failure.
[  656.835058][T15943] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  656.967296][T15943] CPU: 0 UID: 0 PID: 15943 Comm: syz.1.2377 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  656.967335][T15943] Tainted: [L]=SOFTLOCKUP
[  656.967344][T15943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  656.967358][T15943] Call Trace:
[  656.967366][T15943]  <TASK>
[  656.967375][T15943]  dump_stack_lvl+0x100/0x190
[  656.967417][T15943]  should_fail_ex.cold+0x5/0xa
[  656.967441][T15943]  ? prepare_alloc_pages+0x16d/0x5f0
[  656.967473][T15943]  should_fail_alloc_page+0xeb/0x140
[  656.967503][T15943]  prepare_alloc_pages+0x1f0/0x5f0
[  656.967531][T15943]  ? kasan_save_track+0x14/0x30
[  656.967553][T15943]  ? kasan_save_free_info+0x3b/0x70
[  656.967595][T15943]  __alloc_frozen_pages_noprof+0x19a/0x2ba0
[  656.967634][T15943]  ? __handle_mm_fault+0x18c7/0x2b60
[  656.967668][T15943]  ? do_user_addr_fault+0x5a3/0x12f0
[  656.967691][T15943]  ? exc_page_fault+0x6f/0xd0
[  656.967713][T15943]  ? asm_exc_page_fault+0x26/0x30
[  656.967750][T15943]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  656.967793][T15943]  ? __lock_acquire+0x4a5/0x2630
[  656.967828][T15943]  ? __lock_acquire+0x4a5/0x2630
[  656.967869][T15943]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  656.967897][T15943]  ? policy_nodemask+0xed/0x4f0
[  656.967926][T15943]  alloc_pages_mpol+0x1fb/0x550
[  656.967954][T15943]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  656.967982][T15943]  ? swap_entry_swapped+0x1ff/0x2b0
[  656.968007][T15943]  ? __pfx_swap_entry_swapped+0x10/0x10
[  656.968038][T15943]  folio_alloc_mpol_noprof+0x36/0x340
[  656.968072][T15943]  swap_cache_alloc_folio+0x1a8/0x300
[  656.968111][T15943]  ? __pfx_swap_cache_alloc_folio+0x10/0x10
[  656.968149][T15943]  ? css_rstat_updated+0x1ce/0x5a0
[  656.968183][T15943]  swap_cluster_readahead+0x53b/0x770
[  656.968227][T15943]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  656.968271][T15943]  ? lru_gen_add_folio+0x20f/0x13e0
[  656.968304][T15943]  ? get_vma_policy+0x23d/0x3b0
[  656.968335][T15943]  swapin_readahead+0x160/0x12c0
[  656.968380][T15943]  ? __pfx_swapin_readahead+0x10/0x10
[  656.968415][T15943]  ? find_held_lock+0x2b/0x80
[  656.968443][T15943]  ? swap_table_get+0x103/0x2c0
[  656.968475][T15943]  ? swap_table_get+0x103/0x2c0
[  656.968513][T15943]  ? swap_table_get+0x10d/0x2c0
[  656.968547][T15943]  ? swap_cache_get_folio+0x1ae/0x600
[  656.968589][T15943]  ? __pfx_swap_cache_get_folio+0x10/0x10
[  656.968623][T15943]  ? __pfx_get_swap_device+0x10/0x10
[  656.968654][T15943]  ? do_swap_page+0xb2e/0x6900
[  656.968686][T15943]  do_swap_page+0xb2e/0x6900
[  656.968734][T15943]  ? __pfx_do_swap_page+0x10/0x10
[  656.968771][T15943]  ? userfaultfd_unmap_complete+0x267/0x380
[  656.968799][T15943]  ? rcu_is_watching+0x12/0xc0
[  656.968837][T15943]  ? __pte_offset_map+0x179/0x310
[  656.968867][T15943]  __handle_mm_fault+0x18c7/0x2b60
[  656.968907][T15943]  ? reacquire_held_locks+0xce/0x1e0
[  656.968940][T15943]  ? __pfx___handle_mm_fault+0x10/0x10
[  656.968980][T15943]  ? lock_vma_under_rcu+0x17c/0x590
[  656.969031][T15943]  handle_mm_fault+0x36d/0xa20
[  656.969072][T15943]  do_user_addr_fault+0x5a3/0x12f0
[  656.969104][T15943]  exc_page_fault+0x6f/0xd0
[  656.969128][T15943]  asm_exc_page_fault+0x26/0x30
[  656.969152][T15943] RIP: 0033:0x7f6e23e62afd
[  656.969172][T15943] Code: fe ff 48 83 c4 78 5b 5d 41 5c 41 5e c3 48 8b 44 24 20 48 8b 5c 24 08 48 8b b0 88 00 00 00 8b 78 08 48 8d 53 30 e8 d3 3b ff ff <48> 89 83 88 00 00 00 e9 35 fe ff ff 0f 1f 80 00 00 00 00 8b 7c 24
[  656.969196][T15943] RSP: 002b:00007f6e24e35050 EFLAGS: 00010206
[  656.969216][T15943] RAX: ffffffffffffffff RBX: 00007f6e24216090 RCX: 00007f6e24032c91
[  656.969232][T15943] RDX: 0000000000000000 RSI: 0000000000810004 RDI: 0000000000000000
[  656.969247][T15943] RBP: 00007f6e24032c91 R08: 0000000000000003 R09: 0000000000000000
[  656.969261][T15943] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000000
[  656.969275][T15943] R13: 00007f6e24216128 R14: 00007f6e24216090 R15: 00007ffc36f90138
[  656.969306][T15943]  </TASK>
[  658.191817][T15955] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2378'.
[  660.680885][T15947] Process accounting resumed
[  661.416600][T15987] mtrr: base(0xb00000) is not aligned on a size(0x4000000000) boundary
[  661.827682][T16007] batman_adv: Routing algorithm '7' is not supported
[  663.731444][T16032] kAFS: Invalid Command on /proc/fs/afs/cells file
[  665.682672][T11608] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  665.695254][T11608] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  665.703541][T11608] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  665.711623][T11608] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  665.729340][T11608] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  666.616362][T16065] chnl_net:caif_netlink_parms(): no params data found
[  667.236568][T14044] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.369341][T16065] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.401496][T16065] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.430528][T16065] bridge_slave_0: entered allmulticast mode
[  667.442921][T16065] bridge_slave_0: entered promiscuous mode
[  667.475437][T16065] bridge0: port 2(bridge_slave_1) entered blocking state
[  667.501731][T16065] bridge0: port 2(bridge_slave_1) entered disabled state
[  667.508979][T16065] bridge_slave_1: entered allmulticast mode
[  667.556816][T16065] bridge_slave_1: entered promiscuous mode
[  667.695206][T14044] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.811812][T11608] Bluetooth: hci6: command tx timeout
[  667.844094][T16065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  667.902549][T16065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  668.214646][T14044] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  668.314646][T16065] team0: Port device team_slave_0 added
[  668.343496][T16065] team0: Port device team_slave_1 added
[  668.453067][T16065] batman_adv: batadv0: Adding interface: batadv_slave_0
[  668.460070][T16065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  668.581965][T16065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  668.734799][T14044] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  668.820812][T16065] batman_adv: batadv0: Adding interface: batadv_slave_1
[  668.850500][T16065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  668.934044][T16065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  669.270774][T16065] hsr_slave_0: entered promiscuous mode
[  669.297139][T16065] hsr_slave_1: entered promiscuous mode
[  669.323069][T16065] debugfs: 'hsr0' already exists in 'hsr'
[  669.336837][T16065] Cannot create hsr debugfs directory
[  669.750529][T14044] gretap0: left allmulticast mode
[  669.773783][T14044] gretap0: left promiscuous mode
[  669.781316][T14044] bridge0: port 3(gretap0) entered disabled state
[  669.892967][T11608] Bluetooth: hci6: command tx timeout
[  669.982391][T14044] batadv0: left allmulticast mode
[  670.012672][T14044] batadv0: left promiscuous mode
[  670.026377][T14044] bridge0: port 2(batadv0) entered disabled state
[  670.068492][T14044] bridge_slave_0: left allmulticast mode
[  670.112947][T14044] bridge_slave_0: left promiscuous mode
[  670.118757][T14044] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.919330][T14044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  671.975160][T11608] Bluetooth: hci6: command tx timeout
[  672.054178][T14044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  672.093497][T14044] bond0 (unregistering): Released all slaves
[  672.338323][T14044] &#$@\]\-: left promiscuous mode
[  674.054902][T11608] Bluetooth: hci6: command tx timeout
[  674.555927][T14044] hsr_slave_0: left promiscuous mode
[  674.607874][T14044] hsr_slave_1: left promiscuous mode
[  674.635762][T14044] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  674.643673][T14044] batman_adv: batadv0: Removing interface: batadv_slave_0
[  674.812658][T14044] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  674.855176][T14044] batman_adv: batadv0: Removing interface: batadv_slave_1
[  675.140997][T14044] veth1_macvtap: left promiscuous mode
[  675.181580][T14044] veth0_macvtap: left promiscuous mode
[  675.189685][T16153] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  675.210157][T14044] veth1_vlan: left promiscuous mode
[  675.244097][T14044] veth0_vlan: left promiscuous mode
[  677.099612][T14044] team0 (unregistering): Port device team_slave_1 removed
[  677.194212][T14044] team0 (unregistering): Port device team_slave_0 removed
[  677.676474][T16065] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  677.723022][T16065] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  677.784974][T16065] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  677.864278][T16065] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  678.333060][T16197] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2416'.
[  678.425435][T16197] bond0 (unregistering): (slave ›): Releasing backup interface
[  678.513305][T11637] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  678.527865][T11637] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  678.536750][T11637] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  678.545019][T11637] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  678.552708][T11637] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  678.588755][T16197] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  678.616628][T16197] bond0 (unregistering): Released all slaves
[  678.669874][   T30] audit: type=1806 audit(4294967308.454:31): xattr=08 res=-22
[  678.723727][T16065] 8021q: adding VLAN 0 to HW filter on device bond0
[  678.914445][T16065] 8021q: adding VLAN 0 to HW filter on device team0
[  678.976209][T14042] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.983520][T14042] bridge0: port 1(bridge_slave_0) entered forwarding state
[  679.082070][T14028] bridge0: port 2(bridge_slave_1) entered blocking state
[  679.089368][T14028] bridge0: port 2(bridge_slave_1) entered forwarding state
[  679.419825][T16213] FAULT_INJECTION: forcing a failure.
[  679.419825][T16213] name failslab, interval 1, probability 0, space 0, times 0
[  679.492782][T16199] chnl_net:caif_netlink_parms(): no params data found
[  679.510961][T16213] CPU: 0 UID: 0 PID: 16213 Comm: syz.0.2418 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  679.510999][T16213] Tainted: [L]=SOFTLOCKUP
[  679.511008][T16213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  679.511023][T16213] Call Trace:
[  679.511031][T16213]  <TASK>
[  679.511040][T16213]  dump_stack_lvl+0x100/0x190
[  679.511082][T16213]  should_fail_ex.cold+0x5/0xa
[  679.511111][T16213]  should_failslab+0xc2/0x120
[  679.511139][T16213]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  679.511178][T16213]  ? security_inode_alloc+0x3b/0x2c0
[  679.511206][T16213]  ? lockdep_init_map_type+0x5c/0x250
[  679.511243][T16213]  security_inode_alloc+0x3b/0x2c0
[  679.511272][T16213]  inode_init_always_gfp+0xced/0x1040
[  679.511303][T16213]  alloc_inode+0x8e/0x250
[  679.511337][T16213]  sock_alloc+0x44/0x280
[  679.511360][T16213]  ? security_socket_create+0x7f/0x250
[  679.511387][T16213]  __sock_create+0xc2/0x860
[  679.511423][T16213]  inet_ctl_sock_create+0x94/0x230
[  679.511453][T16213]  ? __pfx_inet_ctl_sock_create+0x10/0x10
[  679.511484][T16213]  ? ndisc_net_init+0x1b1/0x230
[  679.511519][T16213]  ? __pfx_ndisc_net_init+0x10/0x10
[  679.511552][T16213]  igmp6_net_init+0x1b2/0x430
[  679.511582][T16213]  ? __pfx_igmp6_net_init+0x10/0x10
[  679.511612][T16213]  ops_init+0x1e2/0x5f0
[  679.511639][T16213]  setup_net+0x118/0x3a0
[  679.511663][T16213]  ? __pfx_setup_net+0x10/0x10
[  679.511686][T16213]  ? lockdep_init_map_type+0x5c/0x250
[  679.511719][T16213]  ? mutex_init_lockep+0x110/0x150
[  679.511758][T16213]  copy_net_ns+0x46f/0x7c0
[  679.511788][T16213]  create_new_namespaces+0x3ea/0xac0
[  679.511821][T16213]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  679.511851][T16213]  ksys_unshare+0x473/0xad0
[  679.511884][T16213]  ? __pfx_ksys_unshare+0x10/0x10
[  679.511927][T16213]  __x64_sys_unshare+0x31/0x40
[  679.511958][T16213]  do_syscall_64+0x106/0xf80
[  679.511982][T16213]  ? clear_bhb_loop+0x40/0x90
[  679.512011][T16213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.512036][T16213] RIP: 0033:0x7f099619c819
[  679.512056][T16213] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  679.512080][T16213] RSP: 002b:00007f0997117028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  679.512103][T16213] RAX: ffffffffffffffda RBX: 00007f0996415fa0 RCX: 00007f099619c819
[  679.512120][T16213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  679.512134][T16213] RBP: 00007f0996232c91 R08: 0000000000000000 R09: 0000000000000000
[  679.512148][T16213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  679.512163][T16213] R13: 00007f0996416038 R14: 00007f0996415fa0 R15: 00007ffeae857fa8
[  679.512194][T16213]  </TASK>
[  679.512223][T16213] socket: no more sockets
[  680.336326][T16199] bridge0: port 1(bridge_slave_0) entered blocking state
[  680.347698][T16199] bridge0: port 1(bridge_slave_0) entered disabled state
[  680.402366][T16213] Failed to initialize the IGMP6 autojoin socket (err -23)
[  680.412362][T16199] bridge_slave_0: entered allmulticast mode
[  680.434089][T16199] bridge_slave_0: entered promiscuous mode
[  680.506314][T16065] 8021q: adding VLAN 0 to HW filter on device batadv0
[  680.529020][T16199] bridge0: port 2(bridge_slave_1) entered blocking state
[  680.536235][T16199] bridge0: port 2(bridge_slave_1) entered disabled state
[  680.576673][T16199] bridge_slave_1: entered allmulticast mode
[  680.609870][T16199] bridge_slave_1: entered promiscuous mode
[  680.620598][T11608] Bluetooth: hci2: command tx timeout
[  680.789210][T16199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  680.833009][T16199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  681.002676][T16199] team0: Port device team_slave_0 added
[  681.036270][T16199] team0: Port device team_slave_1 added
[  681.161530][T16199] batman_adv: batadv0: Adding interface: batadv_slave_0
[  681.182763][T16199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  681.284716][T16199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  681.377834][T16199] batman_adv: batadv0: Adding interface: batadv_slave_1
[  681.406714][T16199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  681.503610][T16199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  681.534150][T16065] veth0_vlan: entered promiscuous mode
[  681.683274][T16065] veth1_vlan: entered promiscuous mode
[  681.737176][T16199] hsr_slave_0: entered promiscuous mode
[  681.769393][T16199] hsr_slave_1: entered promiscuous mode
[  681.790090][T16199] debugfs: 'hsr0' already exists in 'hsr'
[  681.795952][T16199] Cannot create hsr debugfs directory
[  682.024843][T16065] veth0_macvtap: entered promiscuous mode
[  682.158488][T16065] veth1_macvtap: entered promiscuous mode
[  682.272648][T16065] batman_adv: batadv0: Interface activated: batadv_slave_0
[  682.308224][T16065] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.432268][T14031] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.459580][T14031] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.516928][T14031] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.573043][T14031] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  682.699706][T11608] Bluetooth: hci2: command tx timeout
[  682.762471][T16199] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  682.801814][T14031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.810744][T16199] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  682.849064][T14031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.880999][T16199] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  682.949830][T16199] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  683.064323][T16241] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2422'.
[  683.075522][T14031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  683.094419][T14031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  683.114563][T16241] ipvlan0: entered promiscuous mode
[  683.122686][T16241] ipvlan0: entered allmulticast mode
[  683.128136][T16241] veth0_vlan: entered allmulticast mode
[  683.391528][T16199] 8021q: adding VLAN 0 to HW filter on device bond0
[  683.447737][T16251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  683.463074][T16199] 8021q: adding VLAN 0 to HW filter on device team0
[  683.496136][T16251] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  683.518239][T14033] bridge0: port 1(bridge_slave_0) entered blocking state
[  683.525434][T14033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  683.551760][T16251] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  683.591335][T16251] page_type: f5(slab)
[  683.606247][T14036] bridge0: port 2(bridge_slave_1) entered blocking state
[  683.613736][T14036] bridge0: port 2(bridge_slave_1) entered forwarding state
[  683.641487][T16251] raw: 00fff00000000040 ffff88813fe3b140 dead000000000100 dead000000000122
[  683.708380][T16251] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  683.833454][T16251] head: 00fff00000000040 ffff88813fe3b140 dead000000000100 dead000000000122
[  683.962256][T16251] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  684.033609][T16254] lo: entered allmulticast mode
[  684.091403][T16254] lo: left allmulticast mode
[  684.129081][T16251] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff
[  684.290238][T16251] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  684.434902][T16251] page dumped because: unmovable page
[  684.464097][T16258] Invalid ELF header magic: != ELF
[  684.493423][T16270] kAFS: Invalid Command on /proc/fs/afs/cells file
[  684.550832][T16251] page_owner tracks the page as allocated
[  684.608435][T16251] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 10969, tgid 10968 (syz.1.1246), ts 348832726685, free_ts 348741929961
[  684.781065][T11608] Bluetooth: hci2: command tx timeout
[  684.821409][T16251]  post_alloc_hook+0x153/0x170
[  684.858457][T16251]  get_page_from_freelist+0x111d/0x3140
[  684.895522][T16251]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[  684.911763][T16251]  new_slab+0xa6/0x6b0
[  684.931996][T16251]  refill_objects+0x26b/0x400
[  684.936765][T16251]  __pcs_replace_empty_main+0x1ab/0x660
[  684.984310][T16251]  __kmalloc_cache_noprof+0x493/0x6f0
[  685.010147][T16251]  nf_conncount_init+0xe4/0x3d0
[  685.030190][T16251]  ovs_ct_init+0x277/0x4b0
[  685.044910][T16251]  ovs_init_net+0x2ff/0x5a0
[  685.065177][T16251]  ops_init+0x1e2/0x5f0
[  685.069416][T16251]  setup_net+0x118/0x3a0
[  685.119545][T16251]  copy_net_ns+0x46f/0x7c0
[  685.139794][T16251]  create_new_namespaces+0x3ea/0xac0
[  685.170297][T16251]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  685.176036][T16251]  ksys_unshare+0x473/0xad0
[  685.216902][T16251] page last free pid 10971 tgid 10971 stack trace:
[  685.243959][T16251]  __free_frozen_pages+0x7e1/0x10d0
[  685.249262][T16251]  qlist_free_all+0x47/0xe0
[  685.295269][T16251]  kasan_quarantine_reduce+0x1a0/0x1f0
[  685.311821][T16251]  __kasan_slab_alloc+0x69/0x90
[  685.316738][T16251]  kmem_cache_alloc_noprof+0x241/0x6e0
[  685.369038][T16251]  jbd2__journal_start+0x194/0x6a0
[  685.390042][T16251]  __ext4_journal_start_sb+0x382/0x6a0
[  685.416055][T16251]  ext4_dirty_inode+0xa1/0x130
[  685.436369][T16251]  __mark_inode_dirty+0x1f3/0x1790
[  685.456612][T16251]  file_update_time_flags+0x46b/0x500
[  685.480401][T16251]  ext4_page_mkwrite+0x35b/0x1980
[  685.485536][T16251]  do_page_mkwrite+0x17a/0x440
[  685.530437][T16251]  do_fault+0x3d7/0x18e0
[  685.545254][T16251]  __handle_mm_fault+0x1815/0x2b60
[  685.580534][T16251]  handle_mm_fault+0x36d/0xa20
[  685.590452][T16251]  do_user_addr_fault+0x5a3/0x12f0
[  685.826298][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  685.832959][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  685.863776][T16199] 8021q: adding VLAN 0 to HW filter on device batadv0
[  686.354698][T16281] FAULT_INJECTION: forcing a failure.
[  686.354698][T16281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  686.524727][T16281] CPU: 0 UID: 0 PID: 16281 Comm: syz.4.2427 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  686.524771][T16281] Tainted: [L]=SOFTLOCKUP
[  686.524781][T16281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  686.524798][T16281] Call Trace:
[  686.524808][T16281]  <TASK>
[  686.524818][T16281]  dump_stack_lvl+0x100/0x190
[  686.524865][T16281]  should_fail_ex.cold+0x5/0xa
[  686.524900][T16281]  _copy_from_user+0x2e/0xd0
[  686.524937][T16281]  __sys_bpf+0x243/0x4b90
[  686.524982][T16281]  ? __pfx___sys_bpf+0x10/0x10
[  686.525008][T16281]  ? proc_fail_nth_write+0x9f/0x220
[  686.525039][T16281]  ? find_held_lock+0x2b/0x80
[  686.525068][T16281]  ? rcu_read_lock_any_held+0x6a/0xa0
[  686.525091][T16281]  ? vfs_write+0x15d/0x1070
[  686.525115][T16281]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  686.525148][T16281]  ? __pfx_vfs_write+0x10/0x10
[  686.525170][T16281]  ? do_sys_openat2+0x157/0x1e0
[  686.525218][T16281]  ? ksys_write+0x1ac/0x250
[  686.525240][T16281]  ? __pfx_ksys_write+0x10/0x10
[  686.525268][T16281]  __x64_sys_bpf+0x7b/0xc0
[  686.525295][T16281]  ? lockdep_hardirqs_on+0x78/0x100
[  686.525320][T16281]  do_syscall_64+0x106/0xf80
[  686.525343][T16281]  ? clear_bhb_loop+0x40/0x90
[  686.525371][T16281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.525395][T16281] RIP: 0033:0x7f924f19c819
[  686.525414][T16281] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  686.525437][T16281] RSP: 002b:00007f925002b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  686.525459][T16281] RAX: ffffffffffffffda RBX: 00007f924f415fa0 RCX: 00007f924f19c819
[  686.525475][T16281] RDX: 000000000000000c RSI: 00002000000001c0 RDI: 0000000000000003
[  686.525489][T16281] RBP: 00007f925002b090 R08: 0000000000000000 R09: 0000000000000000
[  686.525502][T16281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  686.525516][T16281] R13: 00007f924f416038 R14: 00007f924f415fa0 R15: 00007ffc8dc15588
[  686.525546][T16281]  </TASK>
[  687.068337][T11608] Bluetooth: hci2: command tx timeout
[  687.786542][T16199] veth0_vlan: entered promiscuous mode
[  687.836482][T16199] veth1_vlan: entered promiscuous mode
[  688.074922][T16199] veth0_macvtap: entered promiscuous mode
[  688.114278][T16199] veth1_macvtap: entered promiscuous mode
[  688.195847][T16199] batman_adv: batadv0: Interface activated: batadv_slave_0
[  688.267388][T16199] batman_adv: batadv0: Interface activated: batadv_slave_1
[  688.344692][T14044] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  688.391329][T14044] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  688.502051][T14044] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  688.546232][T14044] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  688.722730][T14028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  688.730685][T14028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  688.859372][T14044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  688.889365][T14044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  690.562184][T16326] MTRR 0 not used
[  690.615357][T16326] vivid-007: =================  START STATUS  =================
[  690.664221][T16326] vivid-007: Generate PTS: true
[  690.688927][T16326] vivid-007: Generate SCR: true
[  690.733327][T16326] tpg source WxH: 320x240 (Y'CbCr)
[  690.756587][T16326] tpg field: 1
[  690.760029][T16326] tpg crop: (0,0)/320x240
[  690.805005][T16326] tpg compose: (0,0)/320x240
[  690.851765][T16326] tpg colorspace: 8
[  690.861836][T16326] tpg transfer function: 0/0
[  690.903389][T16326] tpg Y'CbCr encoding: 0/0
[  690.922038][T16326] tpg quantization: 0/0
[  690.950313][T16326] tpg RGB range: 0/2
[  690.967875][T11637] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  690.980221][T11637] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  690.988652][T11637] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  691.009052][T11637] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  691.017513][T11637] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  691.060581][T16326] vivid-007: ==================  END STATUS  ==================
[  691.388650][ T8472] Process accounting paused
[  692.230618][T16332] chnl_net:caif_netlink_parms(): no params data found
[  692.756407][T16332] bridge0: port 1(bridge_slave_0) entered blocking state
[  692.763558][T16332] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.827481][T16332] bridge_slave_0: entered allmulticast mode
[  692.868129][T16332] bridge_slave_0: entered promiscuous mode
[  692.905658][T16332] bridge0: port 2(bridge_slave_1) entered blocking state
[  692.912806][T16332] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.971212][T16332] bridge_slave_1: entered allmulticast mode
[  693.005615][T16332] bridge_slave_1: entered promiscuous mode
[  693.106579][T11608] Bluetooth: hci0: command tx timeout
[  693.147105][T16332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  693.234734][T16332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  693.865154][T16332] team0: Port device team_slave_0 added
[  693.910418][T16332] team0: Port device team_slave_1 added
[  694.064085][T16332] batman_adv: batadv0: Adding interface: batadv_slave_0
[  694.095802][T16332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  694.200700][T16332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  694.235648][T16332] batman_adv: batadv0: Adding interface: batadv_slave_1
[  694.242635][T16332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  694.340722][T16332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  694.537671][T16332] hsr_slave_0: entered promiscuous mode
[  694.544650][T16332] hsr_slave_1: entered promiscuous mode
[  694.575726][T16332] debugfs: 'hsr0' already exists in 'hsr'
[  694.604948][T16332] Cannot create hsr debugfs directory
[  695.097043][T16332] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.185899][T11608] Bluetooth: hci0: command tx timeout
[  695.342277][T16332] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.481402][T16332] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.629651][T16332] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  696.060409][T16332] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  696.102199][T16332] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  696.127015][T16332] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  696.153713][T16332] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  696.290373][T16372] mkiss: ax0: crc mode is auto.
[  696.378640][T16332] 8021q: adding VLAN 0 to HW filter on device bond0
[  696.422275][T16332] 8021q: adding VLAN 0 to HW filter on device team0
[  696.472033][T14033] bridge0: port 1(bridge_slave_0) entered blocking state
[  696.479252][T14033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  696.519662][T14033] bridge0: port 2(bridge_slave_1) entered blocking state
[  696.526929][T14033] bridge0: port 2(bridge_slave_1) entered forwarding state
[  696.771072][T16383] kAFS: Invalid Command on /proc/fs/afs/cells file
[  697.250700][T16332] 8021q: adding VLAN 0 to HW filter on device batadv0
[  697.266791][T11608] Bluetooth: hci0: command tx timeout
[  697.370791][T16332] veth0_vlan: entered promiscuous mode
[  697.403129][T16332] veth1_vlan: entered promiscuous mode
[  697.492881][T16332] veth0_macvtap: entered promiscuous mode
[  697.532846][T16332] veth1_macvtap: entered promiscuous mode
[  697.575991][T16332] batman_adv: batadv0: Interface activated: batadv_slave_0
[  697.623120][T16332] batman_adv: batadv0: Interface activated: batadv_slave_1
[  697.716297][T14036] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  697.755916][T14036] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  697.811029][T14028] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  697.939553][T14028] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  698.153699][T14036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.193231][T14036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  698.332574][T14044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  698.359406][T14044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.347679][T11608] Bluetooth: hci0: command tx timeout
[  699.633943][T16427] FAULT_INJECTION: forcing a failure.
[  699.633943][T16427] name failslab, interval 1, probability 0, space 0, times 0
[  699.681023][T16427] CPU: 0 UID: 0 PID: 16427 Comm: syz.2.2455 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  699.681063][T16427] Tainted: [L]=SOFTLOCKUP
[  699.681072][T16427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  699.681087][T16427] Call Trace:
[  699.681095][T16427]  <TASK>
[  699.681105][T16427]  dump_stack_lvl+0x100/0x190
[  699.681149][T16427]  should_fail_ex.cold+0x5/0xa
[  699.681179][T16427]  should_failslab+0xc2/0x120
[  699.681207][T16427]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  699.681246][T16427]  ? security_file_alloc+0x34/0x2c0
[  699.681280][T16427]  ? trace_kmem_cache_alloc+0xf3/0x120
[  699.681313][T16427]  security_file_alloc+0x34/0x2c0
[  699.681348][T16427]  init_file+0x95/0x480
[  699.681380][T16427]  alloc_empty_file+0x73/0x1c0
[  699.681415][T16427]  alloc_file_pseudo+0x13a/0x230
[  699.681449][T16427]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  699.681484][T16427]  ? alloc_fd+0x476/0x790
[  699.681515][T16427]  sock_alloc_file+0x50/0x210
[  699.681561][T16427]  __sys_socket+0x1c0/0x260
[  699.681594][T16427]  ? __pfx___sys_socket+0x10/0x10
[  699.681636][T16427]  __x64_sys_socket+0x72/0xb0
[  699.681668][T16427]  ? lockdep_hardirqs_on+0x78/0x100
[  699.681700][T16427]  do_syscall_64+0x106/0xf80
[  699.681725][T16427]  ? clear_bhb_loop+0x40/0x90
[  699.681756][T16427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.681781][T16427] RIP: 0033:0x7f771839c819
[  699.681802][T16427] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  699.681827][T16427] RSP: 002b:00007f7719197028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  699.681850][T16427] RAX: ffffffffffffffda RBX: 00007f7718616180 RCX: 00007f771839c819
[  699.681867][T16427] RDX: 000000000000000a RSI: 000000000000000a RDI: 0000000000000002
[  699.681882][T16427] RBP: 00007f7718432c91 R08: 0000000000000000 R09: 0000000000000000
[  699.681897][T16427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  699.681912][T16427] R13: 00007f7718616218 R14: 00007f7718616180 R15: 00007fff9382e098
[  699.681943][T16427]  </TASK>
[  700.066554][T16438] kAFS: Invalid Command on /proc/fs/afs/cells file
[  705.075188][T16468] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2466'.
[  705.152620][T16468] ipvlan1: entered promiscuous mode
[  705.157981][T16468] ipvlan1: entered allmulticast mode
[  707.052678][T16476] FAULT_INJECTION: forcing a failure.
[  707.052678][T16476] name failslab, interval 1, probability 0, space 0, times 0
[  707.129450][T11637] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  707.151452][T11637] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  707.160531][T11637] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  707.171061][T11637] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  707.178868][T11637] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  707.310129][T16476] CPU: 0 UID: 0 PID: 16476 Comm: syz.2.2467 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  707.310168][T16476] Tainted: [L]=SOFTLOCKUP
[  707.310177][T16476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  707.310192][T16476] Call Trace:
[  707.310200][T16476]  <TASK>
[  707.310209][T16476]  dump_stack_lvl+0x100/0x190
[  707.310253][T16476]  should_fail_ex.cold+0x5/0xa
[  707.310291][T16476]  should_failslab+0xc2/0x120
[  707.310320][T16476]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  707.310360][T16476]  ? security_inode_alloc+0x3b/0x2c0
[  707.310389][T16476]  ? lockdep_init_map_type+0x5c/0x250
[  707.310428][T16476]  security_inode_alloc+0x3b/0x2c0
[  707.310459][T16476]  inode_init_always_gfp+0xced/0x1040
[  707.310490][T16476]  alloc_inode+0x8e/0x250
[  707.310526][T16476]  new_inode+0x22/0x1c0
[  707.310578][T16476]  hugetlbfs_get_inode+0x313/0x750
[  707.310615][T16476]  hugetlb_file_setup+0x3cc/0x5b0
[  707.310648][T16476]  newseg+0xabb/0xed0
[  707.310687][T16476]  ? __pfx_newseg+0x10/0x10
[  707.310721][T16476]  ? down_write+0x146/0x1f0
[  707.310750][T16476]  ? ksys_write+0x190/0x250
[  707.310774][T16476]  ? ksys_write+0x190/0x250
[  707.310802][T16476]  ipcget+0xee/0xf50
[  707.310837][T16476]  ? do_futex+0x192/0x350
[  707.310871][T16476]  ? __pfx_do_futex+0x10/0x10
[  707.310909][T16476]  ? __pfx_ipcget+0x10/0x10
[  707.310945][T16476]  ? __x64_sys_futex+0x34f/0x4d0
[  707.310978][T16476]  ? __x64_sys_futex+0x358/0x4d0
[  707.311017][T16476]  __x64_sys_shmget+0x13b/0x1b0
[  707.311053][T16476]  ? __pfx___x64_sys_shmget+0x10/0x10
[  707.311098][T16476]  do_syscall_64+0x106/0xf80
[  707.311122][T16476]  ? clear_bhb_loop+0x40/0x90
[  707.311152][T16476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.311178][T16476] RIP: 0033:0x7f771839c819
[  707.311199][T16476] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  707.311224][T16476] RSP: 002b:00007f7719176028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  707.311247][T16476] RAX: ffffffffffffffda RBX: 00007f7718616270 RCX: 00007f771839c819
[  707.311269][T16476] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[  707.311285][T16476] RBP: 00007f7718432c91 R08: 0000000000000000 R09: 0000000000000000
[  707.311300][T16476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  707.311316][T16476] R13: 00007f7718616308 R14: 00007f7718616270 R15: 00007fff9382e098
[  707.311347][T16476]  </TASK>
[  707.761015][T16492] chnl_net:caif_netlink_parms(): no params data found
[  707.957428][T16492] bridge0: port 1(bridge_slave_0) entered blocking state
[  707.981805][T16492] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.989071][T16492] bridge_slave_0: entered allmulticast mode
[  708.033734][T16492] bridge_slave_0: entered promiscuous mode
[  708.056539][T16492] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.075964][T16492] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.096205][T16492] bridge_slave_1: entered allmulticast mode
[  708.118908][T16492] bridge_slave_1: entered promiscuous mode
[  708.222678][T16492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  708.293729][T16492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  708.493573][T16492] team0: Port device team_slave_0 added
[  708.518837][T16492] team0: Port device team_slave_1 added
[  708.654434][T16492] batman_adv: batadv0: Adding interface: batadv_slave_0
[  708.661429][T16492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  708.789140][T16492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  708.815789][T16511] FAULT_INJECTION: forcing a failure.
[  708.815789][T16511] name failslab, interval 1, probability 0, space 0, times 0
[  708.837851][T16492] batman_adv: batadv0: Adding interface: batadv_slave_1
[  708.851182][T16492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  708.882915][T16511] CPU: 0 UID: 0 PID: 16511 Comm: syz.4.2474 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  708.882956][T16511] Tainted: [L]=SOFTLOCKUP
[  708.882964][T16511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  708.882981][T16511] Call Trace:
[  708.882989][T16511]  <TASK>
[  708.882998][T16511]  dump_stack_lvl+0x100/0x190
[  708.883041][T16511]  should_fail_ex.cold+0x5/0xa
[  708.883072][T16511]  should_failslab+0xc2/0x120
[  708.883100][T16511]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  708.883141][T16511]  ? shmem_alloc_inode+0x25/0x50
[  708.883171][T16511]  ? __lock_acquire+0x4a5/0x2630
[  708.883217][T16511]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  708.883247][T16511]  shmem_alloc_inode+0x25/0x50
[  708.883274][T16511]  alloc_inode+0x68/0x250
[  708.883307][T16511]  new_inode+0x22/0x1c0
[  708.883342][T16511]  shmem_get_inode+0x212/0x1040
[  708.883379][T16511]  ? __pfx_shmem_get_inode+0x10/0x10
[  708.883411][T16511]  ? rcu_is_watching+0x12/0xc0
[  708.883447][T16511]  ? percpu_counter_add_batch+0xb9/0x230
[  708.883486][T16511]  __shmem_file_setup+0x3ac/0x490
[  708.883522][T16511]  ? __pfx___shmem_file_setup+0x10/0x10
[  708.883560][T16511]  ? vm_area_alloc+0x1f/0x160
[  708.883597][T16511]  shmem_zero_setup+0x96/0x1b0
[  708.883623][T16511]  __mmap_region+0x2198/0x29e0
[  708.883664][T16511]  ? __pfx___mmap_region+0x10/0x10
[  708.883716][T16511]  ? __lock_acquire+0x4a5/0x2630
[  708.883746][T16511]  ? find_held_lock+0x2b/0x80
[  708.883782][T16511]  ? find_held_lock+0x2b/0x80
[  708.883804][T16511]  ? finish_task_switch.isra.0+0x200/0xb80
[  708.883843][T16511]  ? finish_task_switch.isra.0+0x200/0xb80
[  708.883879][T16511]  ? trace_sched_exit_tp+0x13a/0x180
[  708.883914][T16511]  ? __schedule+0x1000/0x6120
[  708.884003][T16511]  ? rcu_is_watching+0x12/0xc0
[  708.884043][T16511]  ? cap_capable+0x107/0x460
[  708.884087][T16511]  mmap_region+0x180/0x3e0
[  708.884131][T16511]  do_mmap+0xc63/0x12f0
[  708.884163][T16511]  ? __pfx_do_mmap+0x10/0x10
[  708.884190][T16511]  ? __pfx_down_write_killable+0x10/0x10
[  708.884222][T16511]  vm_mmap_pgoff+0x29e/0x470
[  708.884254][T16511]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  708.884283][T16511]  ? do_futex+0x192/0x350
[  708.884314][T16511]  ? __pfx_do_futex+0x10/0x10
[  708.884344][T16511]  ? fd_install+0x223/0x580
[  708.884368][T16511]  ksys_mmap_pgoff+0xe1/0x650
[  708.884393][T16511]  ? __x64_sys_futex+0x34f/0x4d0
[  708.884422][T16511]  ? __x64_sys_futex+0x358/0x4d0
[  708.884453][T16511]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  708.884478][T16511]  ? xfd_validate_state+0x129/0x190
[  708.884517][T16511]  __x64_sys_mmap+0x125/0x190
[  708.884554][T16511]  do_syscall_64+0x106/0xf80
[  708.884576][T16511]  ? clear_bhb_loop+0x40/0x90
[  708.884603][T16511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.884626][T16511] RIP: 0033:0x7f924f19c819
[  708.884645][T16511] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  708.884667][T16511] RSP: 002b:00007f925002b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  708.884688][T16511] RAX: ffffffffffffffda RBX: 00007f924f415fa0 RCX: 00007f924f19c819
[  708.884703][T16511] RDX: 00000000000000df RSI: 0000000000020009 RDI: 0000000000000000
[  708.884716][T16511] RBP: 00007f924f232c91 R08: 00040000000000a5 R09: 0000000000008000
[  708.884731][T16511] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  708.884744][T16511] R13: 00007f924f416038 R14: 00007f924f415fa0 R15: 00007ffc8dc15588
[  708.884773][T16511]  </TASK>
[  709.248201][T16492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  709.324659][T11637] Bluetooth: hci7: command tx timeout
[  709.455464][T16492] hsr_slave_0: entered promiscuous mode
[  709.461900][T16492] hsr_slave_1: entered promiscuous mode
[  709.469517][T16492] debugfs: 'hsr0' already exists in 'hsr'
[  709.475749][T16492] Cannot create hsr debugfs directory
[  709.779862][T16492] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  709.811326][T16492] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  709.829955][T16492] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  709.848641][T16492] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  710.215918][T16492] 8021q: adding VLAN 0 to HW filter on device bond0
[  710.282512][T16492] 8021q: adding VLAN 0 to HW filter on device team0
[  710.344689][T14028] bridge0: port 1(bridge_slave_0) entered blocking state
[  710.351980][T14028] bridge0: port 1(bridge_slave_0) entered forwarding state
[  710.410891][T14028] bridge0: port 2(bridge_slave_1) entered blocking state
[  710.418118][T14028] bridge0: port 2(bridge_slave_1) entered forwarding state
[  711.130364][T16492] 8021q: adding VLAN 0 to HW filter on device batadv0
[  711.353870][T11637] Bluetooth: hci7: command tx timeout
[  712.066781][T16492] veth0_vlan: entered promiscuous mode
[  712.132546][T16492] veth1_vlan: entered promiscuous mode
[  712.300956][T16492] veth0_macvtap: entered promiscuous mode
[  712.346486][T16492] veth1_macvtap: entered promiscuous mode
[  712.428874][T16492] batman_adv: batadv0: Interface activated: batadv_slave_0
[  712.471207][T16492] batman_adv: batadv0: Interface activated: batadv_slave_1
[  712.733768][T14042] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  712.773062][T14042] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  712.853580][T14042] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  712.904205][T14042] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  713.201495][T14028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  713.238047][T14028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  713.350920][T14044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  713.400498][T14044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  713.434998][T11637] Bluetooth: hci7: command tx timeout
[  713.712138][T16572] kAFS: Invalid Command on /proc/fs/afs/cells file
[  715.516186][T11637] Bluetooth: hci7: command tx timeout
[  715.642098][T16611] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied.
[  716.926477][T16630] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2496'.
[  717.541038][T16636] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2498'.
[  718.664318][T16651] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2501'.
[  718.751468][T16654] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2501'.
[  718.828859][T16655] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  718.863992][T16654] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2501'.
[  719.832504][T11608] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  719.848693][T11608] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  719.856493][T11608] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  719.865846][T11608] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  719.879049][T11608] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  720.310184][T16675] openvswitch: netlink: Key type 155 is out of range max 32
[  721.344433][T16667] chnl_net:caif_netlink_parms(): no params data found
[  721.918796][T11608] Bluetooth: hci8: command tx timeout
[  721.931027][T16667] bridge0: port 1(bridge_slave_0) entered blocking state
[  722.005599][T16667] bridge0: port 1(bridge_slave_0) entered disabled state
[  722.063768][T16667] bridge_slave_0: entered allmulticast mode
[  722.123818][T16667] bridge_slave_0: entered promiscuous mode
[  722.225335][T16667] bridge0: port 2(bridge_slave_1) entered blocking state
[  722.273647][T16667] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.321965][T16667] bridge_slave_1: entered allmulticast mode
[  722.364763][T16667] bridge_slave_1: entered promiscuous mode
[  722.820622][T16667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  722.868719][T16667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  723.351448][T16667] team0: Port device team_slave_0 added
[  723.385119][T16667] team0: Port device team_slave_1 added
[  723.575600][T16667] batman_adv: batadv0: Adding interface: batadv_slave_0
[  723.605947][T16667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  723.738517][T16667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  723.784303][T16667] batman_adv: batadv0: Adding interface: batadv_slave_1
[  723.813753][T16667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  723.939590][T16667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  724.002302][T11608] Bluetooth: hci8: command tx timeout
[  724.207911][T16667] hsr_slave_0: entered promiscuous mode
[  724.252210][T16667] hsr_slave_1: entered promiscuous mode
[  724.279299][T16667] debugfs: 'hsr0' already exists in 'hsr'
[  724.302354][T16667] Cannot create hsr debugfs directory
[  725.261414][T16667] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  725.309348][T16667] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  725.356238][T16667] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  725.394883][T16667] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  725.819844][T16667] 8021q: adding VLAN 0 to HW filter on device bond0
[  725.854221][T16724] netlink: ct_mark mask cannot be 0
[  725.891799][T16724] FAULT_INJECTION: forcing a failure.
[  725.891799][T16724] name failslab, interval 1, probability 0, space 0, times 0
[  725.905309][T16667] 8021q: adding VLAN 0 to HW filter on device team0
[  725.933157][T16724] CPU: 0 UID: 0 PID: 16724 Comm: syz.6.2515 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  725.933195][T16724] Tainted: [L]=SOFTLOCKUP
[  725.933204][T16724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  725.933219][T16724] Call Trace:
[  725.933227][T16724]  <TASK>
[  725.933237][T16724]  dump_stack_lvl+0x100/0x190
[  725.933280][T16724]  should_fail_ex.cold+0x5/0xa
[  725.933310][T16724]  should_failslab+0xc2/0x120
[  725.933345][T16724]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  725.933385][T16724]  ? vm_area_dup+0x27/0x8e0
[  725.933426][T16724]  vm_area_dup+0x27/0x8e0
[  725.933462][T16724]  __split_vma+0x18c/0xd90
[  725.933503][T16724]  ? __pfx___split_vma+0x10/0x10
[  725.933546][T16724]  ? __mpol_equal+0xaf/0x340
[  725.933585][T16724]  vma_modify+0x1121/0x2250
[  725.933629][T16724]  ? __pfx_vma_modify+0x10/0x10
[  725.933673][T16724]  vma_modify_policy+0x238/0x300
[  725.933713][T16724]  ? __pfx_vma_modify_policy+0x10/0x10
[  725.933776][T16724]  mbind_range+0x175/0x550
[  725.933812][T16724]  do_mbind+0x7dc/0xfd0
[  725.933850][T16724]  ? __might_fault+0xc5/0x140
[  725.933887][T16724]  ? __pfx_do_mbind+0x10/0x10
[  725.933926][T16724]  ? _copy_from_user+0x59/0xd0
[  725.933965][T16724]  ? __pfx_get_nodes+0x10/0x10
[  725.933997][T16724]  kernel_mbind+0x1b7/0x200
[  725.934032][T16724]  ? __pfx_kernel_mbind+0x10/0x10
[  725.934064][T16724]  ? arch_syscall_is_vdso_sigreturn+0xb6/0x200
[  725.934099][T16724]  ? syscall_user_dispatch+0x76/0x130
[  725.934146][T16724]  do_syscall_64+0x106/0xf80
[  725.934171][T16724]  ? clear_bhb_loop+0x40/0x90
[  725.934215][T16724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.934239][T16724] RIP: 0033:0x7fb6f439c819
[  725.934259][T16724] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  725.934283][T16724] RSP: 002b:00007fb6f5258028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  725.934306][T16724] RAX: ffffffffffffffda RBX: 00007fb6f4615fa0 RCX: 00007fb6f439c819
[  725.934323][T16724] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000
[  725.934360][T16724] RBP: 00007fb6f4432c91 R08: 0000000000000003 R09: 0000000000000003
[  725.934376][T16724] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000
[  725.934391][T16724] R13: 00007fb6f4616038 R14: 00007fb6f4615fa0 R15: 00007ffcd6a058d8
[  725.934423][T16724]  </TASK>
[  725.938912][T14044] bridge0: port 1(bridge_slave_0) entered blocking state
[  726.180876][T14044] bridge0: port 1(bridge_slave_0) entered forwarding state
[  726.247066][T11608] Bluetooth: hci8: command tx timeout
[  726.400073][T14044] bridge0: port 2(bridge_slave_1) entered blocking state
[  726.407305][T14044] bridge0: port 2(bridge_slave_1) entered forwarding state
[  727.058983][T16667] 8021q: adding VLAN 0 to HW filter on device batadv0
[  727.183316][T16743] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  727.670096][T16667] veth0_vlan: entered promiscuous mode
[  727.713159][T16667] veth1_vlan: entered promiscuous mode
[  727.769626][T16667] veth0_macvtap: entered promiscuous mode
[  727.794374][T16667] veth1_macvtap: entered promiscuous mode
[  727.842605][T16667] batman_adv: batadv0: Interface activated: batadv_slave_0
[  727.867599][T16667] batman_adv: batadv0: Interface activated: batadv_slave_1
[  727.894932][T14044] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  727.930204][T14044] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  727.958029][T14044] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  727.977306][T14044] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  728.162832][T14028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  728.192540][T14028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  728.274194][T14044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  728.296598][T14044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  728.323563][T11608] Bluetooth: hci8: command tx timeout
[  729.628516][T16775] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2523'.
[  733.972104][T16825] Invalid ELF header magic: != ELF
[  735.954470][T11637] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  735.967191][T11637] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  735.977516][T11637] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  735.985215][T11637] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  735.993517][T11637] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  736.087240][T16834] program syz.7.2537 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  736.864080][T16832] chnl_net:caif_netlink_parms(): no params data found
[  736.905486][T16831] kexec: Could not allocate control_code_buffer
[  737.361407][T16832] bridge0: port 1(bridge_slave_0) entered blocking state
[  737.402617][T16832] bridge0: port 1(bridge_slave_0) entered disabled state
[  737.429816][T16832] bridge_slave_0: entered allmulticast mode
[  737.468653][T16832] bridge_slave_0: entered promiscuous mode
[  737.499249][T16832] bridge0: port 2(bridge_slave_1) entered blocking state
[  737.528064][T16832] bridge0: port 2(bridge_slave_1) entered disabled state
[  737.552002][T16832] bridge_slave_1: entered allmulticast mode
[  737.587898][T16832] bridge_slave_1: entered promiscuous mode
[  737.707903][T16832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  737.789010][T16832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  737.910193][T16832] team0: Port device team_slave_0 added
[  737.950859][T16832] team0: Port device team_slave_1 added
[  738.049828][T16832] batman_adv: batadv0: Adding interface: batadv_slave_0
[  738.069208][T16832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  738.110928][T11637] Bluetooth: hci9: command tx timeout
[  738.141313][T16832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  738.178485][T16832] batman_adv: batadv0: Adding interface: batadv_slave_1
[  738.196594][T16832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  738.271840][T16832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  738.393504][T16832] hsr_slave_0: entered promiscuous mode
[  738.413480][T16832] hsr_slave_1: entered promiscuous mode
[  738.429251][T16832] debugfs: 'hsr0' already exists in 'hsr'
[  738.435046][T16832] Cannot create hsr debugfs directory
[  738.843328][T16832] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  738.871614][T16832] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  738.903697][T16832] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  738.925036][T16832] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  739.164755][T16832] 8021q: adding VLAN 0 to HW filter on device bond0
[  739.233113][T16832] 8021q: adding VLAN 0 to HW filter on device team0
[  739.260390][T14044] bridge0: port 1(bridge_slave_0) entered blocking state
[  739.267582][T14044] bridge0: port 1(bridge_slave_0) entered forwarding state
[  739.309161][T14044] bridge0: port 2(bridge_slave_1) entered blocking state
[  739.316332][T14044] bridge0: port 2(bridge_slave_1) entered forwarding state
[  739.811997][T16832] 8021q: adding VLAN 0 to HW filter on device batadv0
[  740.170734][T11637] Bluetooth: hci9: command tx timeout
[  740.228979][T11637] Bluetooth: hci8: unexpected subevent 0x01 length: 123 > 18
[  740.370935][T16871] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  740.393531][T16832] veth0_vlan: entered promiscuous mode
[  740.429762][T16832] veth1_vlan: entered promiscuous mode
[  740.502524][T16832] veth0_macvtap: entered promiscuous mode
[  740.535720][T16832] veth1_macvtap: entered promiscuous mode
[  740.593342][T16832] batman_adv: batadv0: Interface activated: batadv_slave_0
[  740.637794][T16832] batman_adv: batadv0: Interface activated: batadv_slave_1
[  740.691635][T14036] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  740.724348][T14036] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  740.777262][T14036] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  740.830275][T14036] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  741.030349][T14024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  741.074546][T14024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  741.180780][T14028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  741.205562][T14028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  741.510350][T11608] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  741.523192][T11608] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  741.546857][T11608] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  741.561546][T11608] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  741.583265][T11608] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  741.690584][T16880] FAULT_INJECTION: forcing a failure.
[  741.690584][T16880] name failslab, interval 1, probability 0, space 0, times 0
[  741.743075][T16880] CPU: 0 UID: 0 PID: 16880 Comm: syz.7.2545 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  741.743114][T16880] Tainted: [L]=SOFTLOCKUP
[  741.743123][T16880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  741.743137][T16880] Call Trace:
[  741.743145][T16880]  <TASK>
[  741.743154][T16880]  dump_stack_lvl+0x100/0x190
[  741.743194][T16880]  should_fail_ex.cold+0x5/0xa
[  741.743224][T16880]  should_failslab+0xc2/0x120
[  741.743252][T16880]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[  741.743277][T16880]  ? nf_lwtunnel_net_init+0x38/0xf0
[  741.743301][T16880]  ? __pfx__proc_mkdir+0x10/0x10
[  741.743325][T16880]  ? kmem_cache_alloc_noprof+0x292/0x6e0
[  741.743367][T16880]  ? __pfx_nf_lwtunnel_net_init+0x10/0x10
[  741.743392][T16880]  kmemdup_noprof+0x29/0x60
[  741.743416][T16880]  nf_lwtunnel_net_init+0x38/0xf0
[  741.743441][T16880]  ops_init+0x1e2/0x5f0
[  741.743467][T16880]  setup_net+0x118/0x3a0
[  741.743492][T16880]  ? __pfx_setup_net+0x10/0x10
[  741.743515][T16880]  ? lockdep_init_map_type+0x5c/0x250
[  741.743549][T16880]  ? mutex_init_lockep+0x110/0x150
[  741.743588][T16880]  copy_net_ns+0x46f/0x7c0
[  741.743618][T16880]  create_new_namespaces+0x3ea/0xac0
[  741.743651][T16880]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  741.743681][T16880]  ksys_unshare+0x473/0xad0
[  741.743715][T16880]  ? __pfx_ksys_unshare+0x10/0x10
[  741.743757][T16880]  __x64_sys_unshare+0x31/0x40
[  741.743788][T16880]  do_syscall_64+0x106/0xf80
[  741.743812][T16880]  ? clear_bhb_loop+0x40/0x90
[  741.743841][T16880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.743880][T16880] RIP: 0033:0x7fefebb9c819
[  741.743900][T16880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  741.743924][T16880] RSP: 002b:00007fefec9ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  741.743948][T16880] RAX: ffffffffffffffda RBX: 00007fefebe15fa0 RCX: 00007fefebb9c819
[  741.743964][T16880] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  741.743979][T16880] RBP: 00007fefebc32c91 R08: 0000000000000000 R09: 0000000000000000
[  741.743994][T16880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  741.744009][T16880] R13: 00007fefebe16038 R14: 00007fefebe15fa0 R15: 00007ffdde216728
[  741.744039][T16880]  </TASK>
[  742.282124][T11608] Bluetooth: hci9: command tx timeout
[  743.155718][T16875] chnl_net:caif_netlink_parms(): no params data found
[  743.615796][T11608] Bluetooth: hci10: command tx timeout
[  743.714235][T16875] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.743003][T16875] bridge0: port 1(bridge_slave_0) entered disabled state
[  743.765251][T16875] bridge_slave_0: entered allmulticast mode
[  743.776163][T16902] futex_atomic_op_inuser: 55 callbacks suppressed
[  743.776181][T16902] futex_wake_op: syz.7.2548 tries to shift op by -2048; fix this program
[  743.797300][T16875] bridge_slave_0: entered promiscuous mode
[  743.805756][T16875] bridge0: port 2(bridge_slave_1) entered blocking state
[  743.818959][T16875] bridge0: port 2(bridge_slave_1) entered disabled state
[  743.836272][T16875] bridge_slave_1: entered allmulticast mode
[  743.848021][T16902] futex_wake_op: syz.7.2548 tries to shift op by -2048; fix this program
[  743.863077][T16875] bridge_slave_1: entered promiscuous mode
[  744.152927][T16875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  744.223811][T16875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  744.330265][T11608] Bluetooth: hci9: command tx timeout
[  744.372135][T16875] team0: Port device team_slave_0 added
[  744.404376][T16875] team0: Port device team_slave_1 added
[  744.470267][T11608] Bluetooth: hci9: unexpected event 0x1c length: 725 > 5
[  744.498812][T16910] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2551'.
[  744.526848][T16875] batman_adv: batadv0: Adding interface: batadv_slave_0
[  744.551818][T16875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  744.599919][T11608] Bluetooth: hci9: unexpected event 0x3e length: 726 > 260
[  744.599951][T11608] Bluetooth: hci9: unexpected subevent 0x0d length: 725 > 260
[  744.620632][T11608] Bluetooth: hci9: Unknown advertising packet type: 0x7f
[  744.620697][T11608] Bluetooth: hci9: adv larger than maximum supported
[  744.628182][T11608] Bluetooth: hci9: Malformed LE Event: 0x0d
[  744.709069][T16875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  744.783999][T16875] batman_adv: batadv0: Adding interface: batadv_slave_1
[  744.806582][T16875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  744.923348][T16875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  744.949142][T16918] netlink: 342 bytes leftover after parsing attributes in process `syz.7.2552'.
[  745.039340][T16918] netlink: 342 bytes leftover after parsing attributes in process `syz.7.2552'.
[  745.099060][T16875] hsr_slave_0: entered promiscuous mode
[  745.127090][T16875] hsr_slave_1: entered promiscuous mode
[  745.149466][T16875] debugfs: 'hsr0' already exists in 'hsr'
[  745.168612][T16875] Cannot create hsr debugfs directory
[  745.691344][T11608] Bluetooth: hci10: command tx timeout
[  745.784793][T16875] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  745.817879][T16875] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  745.856211][T16875] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  745.879771][T16875] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  746.028616][T16932] kernel profiling enabled (shift: 1)
[  746.120224][T16875] 8021q: adding VLAN 0 to HW filter on device bond0
[  746.169628][T16875] 8021q: adding VLAN 0 to HW filter on device team0
[  746.207122][T14036] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.214361][T14036] bridge0: port 1(bridge_slave_0) entered forwarding state
[  746.262615][T14036] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.269813][T14036] bridge0: port 2(bridge_slave_1) entered forwarding state
[  746.785708][T16875] 8021q: adding VLAN 0 to HW filter on device batadv0
[  747.311864][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  747.318219][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  747.376565][T16875] veth0_vlan: entered promiscuous mode
[  747.403878][T16875] veth1_vlan: entered promiscuous mode
[  747.479330][T16875] veth0_macvtap: entered promiscuous mode
[  747.503173][T16875] veth1_macvtap: entered promiscuous mode
[  747.561049][T16875] batman_adv: batadv0: Interface activated: batadv_slave_0
[  747.592515][T16875] batman_adv: batadv0: Interface activated: batadv_slave_1
[  747.622338][T14044] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  747.644133][T14044] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  747.675402][T14044] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  747.716789][T14044] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  747.772294][T11608] Bluetooth: hci10: command tx timeout
[  747.913797][T14044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  747.947342][T14044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  748.029487][T14044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  748.047579][T14044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.857222][T11608] Bluetooth: hci10: command tx timeout
[  752.872593][T17000] vivid-007: =================  START STATUS  =================
[  752.893505][T17000] vivid-007: Generate PTS: true
[  752.907707][T17000] vivid-007: Generate SCR: true
[  752.932440][T17000] tpg source WxH: 320x240 (Y'CbCr)
[  752.947116][T17000] tpg field: 1
[  752.953904][T17000] tpg crop: (0,0)/320x240
[  752.967154][T17000] tpg compose: (0,0)/320x240
[  752.993319][T17000] tpg colorspace: 8
[  752.999754][T17000] tpg transfer function: 0/0
[  753.014158][T17000] tpg Y'CbCr encoding: 0/0
[  753.019351][T17000] tpg quantization: 0/0
[  753.023555][T17000] tpg RGB range: 0/2
[  753.039555][T17000] vivid-007: ==================  END STATUS  ==================
[  753.631191][T11637] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  753.643624][T11637] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  753.654301][T11637] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  753.666652][T11637] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  753.674307][T11637] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  754.506482][T17023] netlink: 338 bytes leftover after parsing attributes in process `syz.9.2573'.
[  754.614309][T17014] chnl_net:caif_netlink_parms(): no params data found
[  754.714946][T17026] netlink: 338 bytes leftover after parsing attributes in process `syz.9.2573'.
[  755.023189][T17014] bridge0: port 1(bridge_slave_0) entered blocking state
[  755.066469][T17014] bridge0: port 1(bridge_slave_0) entered disabled state
[  755.096758][T17014] bridge_slave_0: entered allmulticast mode
[  755.123216][T17014] bridge_slave_0: entered promiscuous mode
[  755.154704][T17014] bridge0: port 2(bridge_slave_1) entered blocking state
[  755.187694][T17014] bridge0: port 2(bridge_slave_1) entered disabled state
[  755.217087][T17014] bridge_slave_1: entered allmulticast mode
[  755.242808][T17014] bridge_slave_1: entered promiscuous mode
[  755.402529][T17014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  755.458587][T17014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  755.614856][T17014] team0: Port device team_slave_0 added
[  755.667981][T17014] team0: Port device team_slave_1 added
[  755.775514][T11637] Bluetooth: hci11: command tx timeout
[  755.812935][T17014] batman_adv: batadv0: Adding interface: batadv_slave_0
[  755.834275][T17014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  755.935697][T17014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  756.001192][T17014] batman_adv: batadv0: Adding interface: batadv_slave_1
[  756.029424][T17014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  756.127026][T17014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  756.367954][T17014] hsr_slave_0: entered promiscuous mode
[  756.384887][T17014] hsr_slave_1: entered promiscuous mode
[  756.403961][T17014] debugfs: 'hsr0' already exists in 'hsr'
[  756.416857][T17014] Cannot create hsr debugfs directory
[  757.489611][T17014] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  757.757917][T17014] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  757.857823][T11637] Bluetooth: hci11: command tx timeout
[  758.021478][T17014] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.318783][T17014] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.746237][T17068] cgroup: fork rejected by pids controller in /syz7
[  759.135139][T17014] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  759.232710][T17014] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  759.323377][T17014] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  759.473806][T17014] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  759.938069][T11637] Bluetooth: hci11: command tx timeout
[  760.876458][T11608] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  760.890175][T11608] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  760.904863][T11608] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  760.913771][T11608] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  760.928211][T11608] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  761.471204][T17014] 8021q: adding VLAN 0 to HW filter on device bond0
[  761.671453][T17014] 8021q: adding VLAN 0 to HW filter on device team0
[  761.761442][T14044] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.768630][T14044] bridge0: port 1(bridge_slave_0) entered forwarding state
[  761.818181][T14044] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.825373][T14044] bridge0: port 2(bridge_slave_1) entered forwarding state
[  762.028698][T11608] Bluetooth: hci11: command tx timeout
[  762.154715][T17211] chnl_net:caif_netlink_parms(): no params data found
[  762.984400][T11608] Bluetooth: hci12: command tx timeout
[  763.280079][T17014] 8021q: adding VLAN 0 to HW filter on device batadv0
[  763.487657][T17014] veth0_vlan: entered promiscuous mode
[  763.506509][T17211] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.514622][T17211] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.531740][T17211] bridge_slave_0: entered allmulticast mode
[  763.554993][T17211] bridge_slave_0: entered promiscuous mode
[  763.587205][T17014] veth1_vlan: entered promiscuous mode
[  763.598355][T17211] bridge0: port 2(bridge_slave_1) entered blocking state
[  763.610504][T17211] bridge0: port 2(bridge_slave_1) entered disabled state
[  763.629658][T17211] bridge_slave_1: entered allmulticast mode
[  763.647468][T17211] bridge_slave_1: entered promiscuous mode
[  765.061894][T11608] Bluetooth: hci12: command tx timeout
[  765.350497][T17014] veth0_macvtap: entered promiscuous mode
[  765.603371][T17211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  765.642232][T17211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  765.747033][T17014] veth1_macvtap: entered promiscuous mode
[  765.818648][T17014] batman_adv: batadv0: Interface activated: batadv_slave_0
[  765.867444][T17211] team0: Port device team_slave_0 added
[  765.891944][T17014] batman_adv: batadv0: Interface activated: batadv_slave_1
[  765.925206][T17211] team0: Port device team_slave_1 added
[  766.344275][T14028] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  766.372054][T14028] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  766.596296][T14028] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  766.633881][T14028] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  767.015390][T17211] batman_adv: batadv0: Adding interface: batadv_slave_0
[  767.062471][T17211] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  767.149845][T11608] Bluetooth: hci12: command tx timeout
[  767.177759][T17211] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  767.220324][T17211] batman_adv: batadv0: Adding interface: batadv_slave_1
[  767.253823][T17211] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  767.363249][T17211] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  767.845247][T17211] hsr_slave_0: entered promiscuous mode
[  767.858559][T17211] hsr_slave_1: entered promiscuous mode
[  767.887604][T17211] debugfs: 'hsr0' already exists in 'hsr'
[  767.904957][T17211] Cannot create hsr debugfs directory
[  768.062564][T17241] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  768.092594][T17241] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  768.112008][T17241] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  768.133783][T17241] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  768.155945][T17241] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  768.192617][T17241] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  768.274582][T17241] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  768.392885][T17241] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  768.438387][T17241] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  768.554077][T17241] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  768.564749][T17211] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  768.600819][T17241] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  768.622068][T17241] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  768.649706][T17241] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  768.687311][T17241] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  768.715745][T17241] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  768.735372][T17241] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  768.809662][T17211] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  768.844310][T17241] Bluetooth: hci8: Opcode 0x0c1a failed: -4
[  768.858109][T17241] Bluetooth: hci8: Opcode 0x0406 failed: -4
[  768.896648][T17241] Bluetooth: hci8: Opcode 0x0406 failed: -4
[  768.927052][T17241] Bluetooth: hci8: Opcode 0x0406 failed: -4
[  768.980964][T17241] Bluetooth: hci9: Opcode 0x0c1a failed: -4
[  769.001471][T17211] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  769.023591][T17241] Bluetooth: hci9: Opcode 0x0406 failed: -4
[  769.045715][T17241] Bluetooth: hci9: Opcode 0x0406 failed: -4
[  769.081313][T17241] Bluetooth: hci10: Opcode 0x0c1a failed: -4
[  769.097259][T17241] Bluetooth: hci10: Opcode 0x0406 failed: -4
[  769.134318][T17241] Bluetooth: hci10: Opcode 0x0406 failed: -4
[  769.149854][T17211] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  769.165329][T17241] Bluetooth: hci11: Opcode 0x0c1a failed: -4
[  769.183151][T17241] Bluetooth: hci11: Opcode 0x0406 failed: -4
[  769.223561][T11608] Bluetooth: hci12: command tx timeout
[  769.245009][T17241] Bluetooth: hci11: Opcode 0x0406 failed: -4
[  769.277442][T17241] Bluetooth: hci12: Opcode 0x0c1a failed: -4
[  769.301506][T17241] Bluetooth: hci12: Opcode 0x0406 failed: -4
[  769.335205][T17241] Bluetooth: hci12: Opcode 0x0406 failed: -4
[  769.695818][T14031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  769.751997][T14031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  769.835857][T17211] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  769.990506][T17211] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  770.060104][T17211] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  770.103963][T11608] Bluetooth: hci3: command 0x0c1a tx timeout
[  770.110136][T11637] Bluetooth: hci1: command 0x0c1a tx timeout
[  770.134182][T14033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  770.142747][T17211] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  770.160633][T14033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  770.183456][T11608] Bluetooth: hci6: command 0x0c1a tx timeout
[  770.191954][T11637] Bluetooth: hci5: command 0x0c1a tx timeout
[  770.198189][T11637] Bluetooth: hci4: command 0x040f tx timeout
[  770.431013][T11608] Bluetooth: hci2: command 0x0c1a tx timeout
[  770.592455][T17211] 8021q: adding VLAN 0 to HW filter on device bond0
[  770.663520][T11608] Bluetooth: hci0: command 0x0c1a tx timeout
[  770.699609][T17211] 8021q: adding VLAN 0 to HW filter on device team0
[  770.743190][T11608] Bluetooth: hci7: command 0x0c1a tx timeout
[  770.771834][T14036] bridge0: port 1(bridge_slave_0) entered blocking state
[  770.779208][T14036] bridge0: port 1(bridge_slave_0) entered forwarding state
[  770.904263][T11608] Bluetooth: hci8: command 0x0c1a tx timeout
[  770.929505][T14024] bridge0: port 2(bridge_slave_1) entered blocking state
[  770.936715][T14024] bridge0: port 2(bridge_slave_1) entered forwarding state
[  770.985632][T11608] Bluetooth: hci9: command 0x0c1a tx timeout
[  771.145046][T11608] Bluetooth: hci10: command 0x0c1a tx timeout
[  771.224764][T11608] Bluetooth: hci11: command 0x0c1a tx timeout
[  771.303891][T11608] Bluetooth: hci12: command 0x0c1a tx timeout
[  771.524532][T17211] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  771.582364][T17211] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  772.273769][T11608] Bluetooth: hci6: command 0x0c1a tx timeout
[  772.506724][T11637] Bluetooth: hci2: command 0x0c1a tx timeout
[  772.748096][T11637] Bluetooth: hci0: command 0x0c1a tx timeout
[  772.824254][T11637] Bluetooth: hci7: command 0x0c1a tx timeout
[  772.863376][T17211] 8021q: adding VLAN 0 to HW filter on device batadv0
[  772.987411][T11637] Bluetooth: hci8: command 0x0c1a tx timeout
[  773.065232][T11637] Bluetooth: hci9: command 0x0c1a tx timeout
[  773.099590][T17211] veth0_vlan: entered promiscuous mode
[  773.156228][T17211] veth1_vlan: entered promiscuous mode
[  773.225921][T11637] Bluetooth: hci10: command 0x0c1a tx timeout
[  773.304649][T11637] Bluetooth: hci11: command 0x0c1a tx timeout
[  773.346980][T17211] veth0_macvtap: entered promiscuous mode
[  773.386355][T11637] Bluetooth: hci12: command 0x0c1a tx timeout
[  773.417700][T17211] veth1_macvtap: entered promiscuous mode
[  773.483714][T17377] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2593'.
[  773.524457][T17211] batman_adv: batadv0: Interface activated: batadv_slave_0
[  773.572205][T17211] batman_adv: batadv0: Interface activated: batadv_slave_1
[  773.636683][T14036] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  773.674619][T14036] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  773.844759][T17377] HfR: entered promiscuous mode
[  773.855075][T14036] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  773.897993][T14036] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  774.320508][T14033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  774.355324][T11637] Bluetooth: hci6: command 0x0c1a tx timeout
[  774.387033][T14033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  774.504173][T14033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  774.546341][T14033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  774.588590][T11637] Bluetooth: hci2: command 0x0c1a tx timeout
[  774.841357][T11637] Bluetooth: hci0: command 0x0c1a tx timeout
[  774.907305][T11608] Bluetooth: hci7: command 0x0c1a tx timeout
[  775.065471][T11608] Bluetooth: hci8: command 0x0c1a tx timeout
[  775.147326][T11608] Bluetooth: hci9: command 0x0c1a tx timeout
[  775.254681][T17388] bridge0: port 3(vlan0) entered blocking state
[  775.293030][T17388] bridge0: port 3(vlan0) entered disabled state
[  775.306064][T11608] Bluetooth: hci10: command 0x0c1a tx timeout
[  775.354446][T17388] vlan0: entered allmulticast mode
[  775.388820][T11608] Bluetooth: hci11: command 0x0c1a tx timeout
[  775.407591][T17388] veth0_vlan: entered allmulticast mode
[  775.471674][T11608] Bluetooth: hci12: command 0x0c1a tx timeout
[  775.483777][T17388] vlan0: entered promiscuous mode
[  775.528292][T17388] bridge0: port 3(vlan0) entered blocking state
[  775.534772][T17388] bridge0: port 3(vlan0) entered forwarding state
[  776.334548][T17394] FAULT_INJECTION: forcing a failure.
[  776.334548][T17394] name failslab, interval 1, probability 0, space 0, times 0
[  776.475684][T17394] CPU: 0 UID: 0 PID: 17394 Comm: syz.1.2597 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  776.475724][T17394] Tainted: [L]=SOFTLOCKUP
[  776.475738][T17394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  776.475753][T17394] Call Trace:
[  776.475762][T17394]  <TASK>
[  776.475772][T17394]  dump_stack_lvl+0x100/0x190
[  776.475815][T17394]  should_fail_ex.cold+0x5/0xa
[  776.475847][T17394]  should_failslab+0xc2/0x120
[  776.475875][T17394]  __kmalloc_cache_node_noprof+0x7d/0x770
[  776.475902][T17394]  ? init_rescuer+0x19f/0x550
[  776.475942][T17394]  init_rescuer+0x19f/0x550
[  776.475977][T17394]  ? __pfx_init_rescuer+0x10/0x10
[  776.476019][T17394]  ? wq_adjust_max_active+0x352/0x4a0
[  776.476061][T17394]  __alloc_workqueue+0xc90/0x1880
[  776.476102][T17394]  alloc_workqueue_noprof+0xd2/0x200
[  776.476134][T17394]  ? __pfx_alloc_workqueue_noprof+0x10/0x10
[  776.476182][T17394]  ? kobject_init+0x159/0x1b0
[  776.476210][T17394]  ? __alloc_disk_node+0x4d8/0x6b0
[  776.476246][T17394]  nbd_dev_add+0x51a/0xb10
[  776.476274][T17394]  ? find_held_lock+0x2b/0x80
[  776.476317][T17394]  ? __pfx_nbd_dev_add+0x10/0x10
[  776.476344][T17394]  ? nbd_genl_connect+0x131a/0x1a40
[  776.476392][T17394]  ? bpf_lsm_capable+0x9/0x10
[  776.476421][T17394]  ? __radix_tree_lookup+0x217/0x2b0
[  776.476465][T17394]  nbd_genl_connect+0xb8d/0x1a40
[  776.476494][T17394]  ? rcu_is_watching+0x12/0xc0
[  776.476537][T17394]  ? __pfx_nbd_genl_connect+0x10/0x10
[  776.476568][T17394]  ? __nla_parse+0x40/0x60
[  776.476595][T17394]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280
[  776.476634][T17394]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280
[  776.476673][T17394]  genl_family_rcv_msg_doit+0x214/0x300
[  776.476707][T17394]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  776.476739][T17394]  ? genl_get_cmd+0x3ef/0x720
[  776.476775][T17394]  ? __dev_queue_xmit+0x5af/0x4800
[  776.476808][T17394]  ? __radix_tree_lookup+0x217/0x2b0
[  776.476851][T17394]  genl_rcv_msg+0x560/0x800
[  776.476885][T17394]  ? __pfx_genl_rcv_msg+0x10/0x10
[  776.476915][T17394]  ? __pfx_nbd_genl_connect+0x10/0x10
[  776.476957][T17394]  netlink_rcv_skb+0x159/0x420
[  776.476983][T17394]  ? __pfx_genl_rcv_msg+0x10/0x10
[  776.477015][T17394]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  776.477053][T17394]  ? netlink_deliver_tap+0x1ae/0xcc0
[  776.477099][T17394]  genl_rcv+0x28/0x40
[  776.477125][T17394]  netlink_unicast+0x5aa/0x870
[  776.477155][T17394]  ? __pfx_netlink_unicast+0x10/0x10
[  776.477193][T17394]  netlink_sendmsg+0x8b0/0xda0
[  776.477224][T17394]  ? __pfx_netlink_sendmsg+0x10/0x10
[  776.477248][T17394]  ? __import_iovec+0x1d2/0x640
[  776.477284][T17394]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  776.477316][T17394]  ____sys_sendmsg+0x9e1/0xb70
[  776.477344][T17394]  ? __pfx_netlink_sendmsg+0x10/0x10
[  776.477373][T17394]  ? __pfx_____sys_sendmsg+0x10/0x10
[  776.477409][T17394]  ? __pfx_futex_wake_mark+0x10/0x10
[  776.477454][T17394]  ___sys_sendmsg+0x190/0x1e0
[  776.477488][T17394]  ? __pfx____sys_sendmsg+0x10/0x10
[  776.477568][T17394]  __sys_sendmsg+0x170/0x220
[  776.477608][T17394]  ? __pfx___sys_sendmsg+0x10/0x10
[  776.477652][T17394]  ? __x64_sys_futex+0x34f/0x4d0
[  776.477702][T17394]  do_syscall_64+0x106/0xf80
[  776.477745][T17394]  ? clear_bhb_loop+0x40/0x90
[  776.477775][T17394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  776.477801][T17394] RIP: 0033:0x7f632939c819
[  776.477821][T17394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  776.477846][T17394] RSP: 002b:00007f632a209028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  776.477869][T17394] RAX: ffffffffffffffda RBX: 00007f6329615fa0 RCX: 00007f632939c819
[  776.477886][T17394] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 0000000000000004
[  776.477902][T17394] RBP: 00007f6329432c91 R08: 0000000000000000 R09: 0000000000000000
[  776.477918][T17394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  776.477933][T17394] R13: 00007f6329616038 R14: 00007f6329615fa0 R15: 00007ffc87999b78
[  776.477965][T17394]  </TASK>
[  777.586129][T11608] Bluetooth: hci8: command 0x0c1a tx timeout
[  778.790303][T17394] workqueue: Failed to allocate a rescuer for wq "nbd1024-recv"
[  778.847348][T17394] block (null): Could not allocate knbd recv work queue.
[  778.917352][T17394] nbd: failed to add new device
[  780.189567][T17416] FAULT_INJECTION: forcing a failure.
[  780.189567][T17416] name failslab, interval 1, probability 0, space 0, times 0
[  780.239155][T17416] CPU: 0 UID: 0 PID: 17416 Comm: syz.1.2600 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  780.239194][T17416] Tainted: [L]=SOFTLOCKUP
[  780.239203][T17416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  780.239218][T17416] Call Trace:
[  780.239227][T17416]  <TASK>
[  780.239237][T17416]  dump_stack_lvl+0x100/0x190
[  780.239288][T17416]  should_fail_ex.cold+0x5/0xa
[  780.239319][T17416]  should_failslab+0xc2/0x120
[  780.239348][T17416]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  780.239390][T17416]  ? security_inode_alloc+0x3b/0x2c0
[  780.239419][T17416]  ? lockdep_init_map_type+0x5c/0x250
[  780.239457][T17416]  security_inode_alloc+0x3b/0x2c0
[  780.239486][T17416]  inode_init_always_gfp+0xced/0x1040
[  780.239518][T17416]  alloc_inode+0x8e/0x250
[  780.239552][T17416]  sock_alloc+0x44/0x280
[  780.239576][T17416]  ? security_socket_create+0x7f/0x250
[  780.239604][T17416]  sock_create_lite+0x82/0x120
[  780.239633][T17416]  __netlink_kernel_create+0xbd/0x750
[  780.239660][T17416]  ? __lock_acquire+0x4a5/0x2630
[  780.239693][T17416]  ? __pfx___netlink_kernel_create+0x10/0x10
[  780.239734][T17416]  rtnetlink_net_init+0xb9/0x140
[  780.239773][T17416]  ? __pfx_rtnetlink_net_init+0x10/0x10
[  780.239808][T17416]  ? lockdep_init_map_type+0x5c/0x250
[  780.239841][T17416]  ? __pfx_rtnetlink_rcv+0x10/0x10
[  780.239874][T17416]  ? __pfx_rtnetlink_bind+0x10/0x10
[  780.239911][T17416]  ? mutex_init_lockep+0x110/0x150
[  780.239949][T17416]  ? __pfx_rtnetlink_net_init+0x10/0x10
[  780.239983][T17416]  ops_init+0x1e2/0x5f0
[  780.240009][T17416]  setup_net+0x118/0x3a0
[  780.240034][T17416]  ? __pfx_setup_net+0x10/0x10
[  780.240057][T17416]  ? lockdep_init_map_type+0x5c/0x250
[  780.240091][T17416]  ? mutex_init_lockep+0x110/0x150
[  780.240130][T17416]  copy_net_ns+0x46f/0x7c0
[  780.240160][T17416]  create_new_namespaces+0x3ea/0xac0
[  780.240193][T17416]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  780.240224][T17416]  ksys_unshare+0x473/0xad0
[  780.240257][T17416]  ? __pfx_ksys_unshare+0x10/0x10
[  780.240307][T17416]  __x64_sys_unshare+0x31/0x40
[  780.240339][T17416]  do_syscall_64+0x106/0xf80
[  780.240364][T17416]  ? clear_bhb_loop+0x40/0x90
[  780.240394][T17416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.240420][T17416] RIP: 0033:0x7f632939c819
[  780.240441][T17416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  780.240466][T17416] RSP: 002b:00007f632a209028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  780.240490][T17416] RAX: ffffffffffffffda RBX: 00007f6329615fa0 RCX: 00007f632939c819
[  780.240507][T17416] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  780.240523][T17416] RBP: 00007f6329432c91 R08: 0000000000000000 R09: 0000000000000000
[  780.240539][T17416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  780.240553][T17416] R13: 00007f6329616038 R14: 00007f6329615fa0 R15: 00007ffc87999b78
[  780.240585][T17416]  </TASK>
[  783.908996][T17092] syz.7.2583 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  784.112855][T17092] CPU: 0 UID: 0 PID: 17092 Comm: syz.7.2583 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  784.112894][T17092] Tainted: [L]=SOFTLOCKUP
[  784.112902][T17092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  784.112918][T17092] Call Trace:
[  784.112925][T17092]  <TASK>
[  784.112935][T17092]  dump_stack_lvl+0x100/0x190
[  784.112976][T17092]  dump_header+0xfb/0x606
[  784.113003][T17092]  oom_kill_process.cold+0xd/0x330
[  784.113032][T17092]  out_of_memory+0x340/0x14f0
[  784.113076][T17092]  ? __pfx_out_of_memory+0x10/0x10
[  784.113122][T17092]  mem_cgroup_out_of_memory+0xc6/0x130
[  784.113158][T17092]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  784.113197][T17092]  ? find_held_lock+0x2b/0x80
[  784.113227][T17092]  ? do_raw_spin_unlock+0x145/0x1e0
[  784.113264][T17092]  ? _raw_spin_unlock+0x28/0x50
[  784.113304][T17092]  try_charge_memcg+0x652/0xc90
[  784.113338][T17092]  ? __pfx_try_charge_memcg+0x10/0x10
[  784.113365][T17092]  ? find_held_lock+0x2b/0x80
[  784.113387][T17092]  ? rcu_read_unlock+0x17/0x60
[  784.113414][T17092]  ? rcu_read_unlock+0x17/0x60
[  784.113451][T17092]  charge_memcg+0xa6/0x280
[  784.113479][T17092]  __mem_cgroup_charge+0x2b/0x1e0
[  784.113511][T17092]  shmem_alloc_and_add_folio+0x451/0xd40
[  784.113557][T17092]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  784.113598][T17092]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  784.113637][T17092]  ? do_fault+0x666/0x18e0
[  784.113670][T17092]  shmem_get_folio_gfp+0x6ab/0x1900
[  784.113714][T17092]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  784.113761][T17092]  shmem_write_begin+0x1a4/0x420
[  784.113818][T17092]  ? __pfx_shmem_write_begin+0x10/0x10
[  784.113859][T17092]  ? balance_dirty_pages_ratelimited_flags+0x91/0x1170
[  784.113889][T17092]  ? lockdep_hardirqs_on+0x78/0x100
[  784.113917][T17092]  generic_perform_write+0x292/0xa40
[  784.113962][T17092]  ? __pfx_generic_perform_write+0x10/0x10
[  784.114003][T17092]  ? file_update_time_flags+0x373/0x500
[  784.114039][T17092]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  784.114066][T17092]  shmem_file_write_iter+0x10e/0x140
[  784.114097][T17092]  __kernel_write_iter+0x2ac/0x920
[  784.114124][T17092]  ? __pfx___kernel_write_iter+0x10/0x10
[  784.114148][T17092]  ? __up_read+0x2c5/0x700
[  784.114191][T17092]  ? dump_user_range+0x73b/0xb50
[  784.114226][T17092]  dump_user_range+0x3f9/0xb50
[  784.114261][T17092]  ? __pfx_dump_user_range+0x10/0x10
[  784.114299][T17092]  ? __pfx_writenote+0x10/0x10
[  784.114336][T17092]  elf_core_dump+0x2d5f/0x3d10
[  784.114384][T17092]  ? __pfx_elf_core_dump+0x10/0x10
[  784.114416][T17092]  ? trace_ignore_this_task+0xc3/0x100
[  784.114453][T17092]  ? event_filter_pid_sched_wakeup_probe_post+0x128/0x270
[  784.114485][T17092]  ? find_held_lock+0x2b/0x80
[  784.114509][T17092]  ? 0xffffffffff600000
[  784.114530][T17092]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  784.114568][T17092]  ? lockdep_hardirqs_on+0x78/0x100
[  784.114634][T17092]  ? vfs_coredump+0x27bc/0x5570
[  784.114659][T17092]  vfs_coredump+0x27bc/0x5570
[  784.114699][T17092]  ? __pfx_vfs_coredump+0x10/0x10
[  784.114729][T17092]  ? __lock_acquire+0x4a5/0x2630
[  784.114772][T17092]  ? lock_acquire+0x1cf/0x380
[  784.114815][T17092]  ? is_bpf_text_address+0x8a/0x1a0
[  784.114854][T17092]  ? bpf_ksym_find+0x124/0x1c0
[  784.114891][T17092]  ? __kernel_text_address+0xd/0x30
[  784.114927][T17092]  ? unwind_get_return_address+0x59/0xa0
[  784.114954][T17092]  ? arch_stack_walk+0xa6/0xf0
[  784.114989][T17092]  ? __sigqueue_free+0xbe/0x2a0
[  784.115035][T17092]  ? stack_trace_save+0x8e/0xc0
[  784.115059][T17092]  ? __pfx_stack_trace_save+0x10/0x10
[  784.115081][T17092]  ? kasan_save_stack+0x3f/0x50
[  784.115102][T17092]  ? stack_depot_save_flags+0x27/0x9d0
[  784.115136][T17092]  ? __lock_acquire+0x4a5/0x2630
[  784.115239][T17092]  ? proc_coredump_connector+0x2d3/0x4f0
[  784.115277][T17092]  ? __pfx_proc_coredump_connector+0x10/0x10
[  784.115322][T17092]  ? rcu_is_watching+0x12/0xc0
[  784.115364][T17092]  get_signal+0x1f2a/0x21e0
[  784.115402][T17092]  ? __pfx_get_signal+0x10/0x10
[  784.115426][T17092]  ? find_held_lock+0x2b/0x80
[  784.115448][T17092]  ? bad_area_access_error+0xab/0x1d0
[  784.115470][T17092]  ? fixup_vdso_exception+0x2d1/0x370
[  784.115506][T17092]  arch_do_signal_or_restart+0x91/0x770
[  784.115539][T17092]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  784.115579][T17092]  ? do_user_addr_fault+0x8d6/0x12f0
[  784.115609][T17092]  irqentry_exit+0x1f8/0x670
[  784.115635][T17092]  asm_exc_page_fault+0x26/0x30
[  784.115659][T17092] RIP: 0033:0x0
[  784.115675][T17092] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  784.115687][T17092] RSP: 002b:000000000000000a EFLAGS: 00010217
[  784.115706][T17092] RAX: 0000000000000000 RBX: 00007fefebe16090 RCX: 00007fefebb9c819
[  784.115722][T17092] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46
[  784.115737][T17092] RBP: 00007fefebc32c91 R08: 0000000000000002 R09: 0000000000000000
[  784.115752][T17092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  784.115766][T17092] R13: 00007fefebe16128 R14: 00007fefebe16090 R15: 00007ffdde216728
[  784.115798][T17092]  </TASK>
[  784.115807][T17092] memory: usage 307128kB, limit 307200kB, failcnt 24550
[  784.725257][T17439] FAULT_INJECTION: forcing a failure.
[  784.725257][T17439] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  784.820159][T17439] CPU: 0 UID: 0 PID: 17439 Comm: syz.9.2605 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  784.820196][T17439] Tainted: [L]=SOFTLOCKUP
[  784.820205][T17439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  784.820219][T17439] Call Trace:
[  784.820227][T17439]  <TASK>
[  784.820236][T17439]  dump_stack_lvl+0x100/0x190
[  784.820275][T17439]  should_fail_ex.cold+0x5/0xa
[  784.820302][T17439]  _copy_from_user+0x2e/0xd0
[  784.820334][T17439]  ____sys_sendmsg+0x1d1/0xb70
[  784.820366][T17439]  ? __pfx_____sys_sendmsg+0x10/0x10
[  784.820399][T17439]  ? __pfx__kstrtoull+0x10/0x10
[  784.820441][T17439]  ___sys_sendmsg+0x190/0x1e0
[  784.820472][T17439]  ? __pfx____sys_sendmsg+0x10/0x10
[  784.820515][T17439]  ? find_held_lock+0x2b/0x80
[  784.820556][T17439]  __sys_sendmmsg+0x205/0x430
[  784.820582][T17439]  ? __pfx___sys_sendmmsg+0x10/0x10
[  784.820612][T17439]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  784.820650][T17439]  ? fput+0x79/0x100
[  784.820677][T17439]  ? ksys_write+0x1ac/0x250
[  784.820700][T17439]  ? __pfx_ksys_write+0x10/0x10
[  784.820727][T17439]  __x64_sys_sendmmsg+0x9c/0x100
[  784.820749][T17439]  ? lockdep_hardirqs_on+0x78/0x100
[  784.820771][T17439]  do_syscall_64+0x106/0xf80
[  784.820794][T17439]  ? clear_bhb_loop+0x40/0x90
[  784.820823][T17439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  784.820846][T17439] RIP: 0033:0x7fb33b59c819
[  784.820865][T17439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  784.820894][T17439] RSP: 002b:00007fb33c3ea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  784.820916][T17439] RAX: ffffffffffffffda RBX: 00007fb33b815fa0 RCX: 00007fb33b59c819
[  784.820931][T17439] RDX: 0000000000100000 RSI: 0000200000000400 RDI: 000000000000000c
[  784.820945][T17439] RBP: 00007fb33c3ea090 R08: 0000000000000000 R09: 0000000000000000
[  784.820960][T17439] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  784.820973][T17439] R13: 00007fb33b816038 R14: 00007fb33b815fa0 R15: 00007ffc2a8455a8
[  784.821002][T17439]  </TASK>
[  786.173825][T11637] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  786.205023][T11637] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  786.221215][T11637] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  786.230331][T11637] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  786.239036][T11637] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  787.030342][T17449] block nbd0: Cannot use ioctl interface on a netlink controlled device.
[  787.070142][T17442] chnl_net:caif_netlink_parms(): no params data found
[  787.634587][   T31] INFO: task syz.1.228:6726 blocked for more than 143 seconds.
[  787.651142][   T31]       Tainted: G             L      syzkaller #0
[  787.672383][T17442] bridge0: port 1(bridge_slave_0) entered blocking state
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  787.697319][   T31]       Blocked by coredump.
[  787.744049][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  787.759586][T17442] bridge0: port 1(bridge_slave_0) entered disabled state
[  787.796300][T17442] bridge_slave_0: entered allmulticast mode
[  787.821852][   T31] task:syz.1.228       state:D stack:27320 pid:6726  tgid:6726  ppid:5825   task_flags:0x40044c flags:0x00080003
[  787.873633][T17442] bridge_slave_0: entered promiscuous mode
[  787.915336][   T31] Call Trace:
[  787.918725][   T31]  <TASK>
[  787.952826][T17442] bridge0: port 2(bridge_slave_1) entered blocking state
[  788.015188][   T31]  __schedule+0xfee/0x6120
[  788.019746][   T31]  ? __lock_acquire+0x4a5/0x2630
[  788.061807][T17442] bridge0: port 2(bridge_slave_1) entered disabled state
[  788.069124][T17442] bridge_slave_1: entered allmulticast mode
[  788.150202][   T31]  ? __pfx___schedule+0x10/0x10
[  788.180016][   T31]  ? find_held_lock+0x2b/0x80
[  788.230810][   T31]  ? schedule+0x2bf/0x390
[  788.242272][T17442] bridge_slave_1: entered promiscuous mode
[  788.262522][   T31]  schedule+0xdd/0x390
[  788.266773][   T31]  schedule_preempt_disabled+0x13/0x30
[  788.279910][T11637] Bluetooth: hci13: command tx timeout
[  788.381773][   T31]  __mutex_lock+0xc9a/0x1b90
[  788.426282][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[  788.431641][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  788.503222][   T31]  ? net_generic+0xea/0x2a0
[  788.507825][   T31]  ? net_generic+0xea/0x2a0
[  788.566138][   T31]  ? nfsd_shutdown_threads+0x5b/0xf0
[  788.571502][   T31]  nfsd_shutdown_threads+0x5b/0xf0
[  788.612133][   T31]  nfsd_umount+0x3b/0x60
[  788.616473][   T31]  deactivate_locked_super+0xc1/0x1b0
[  788.622109][T17092] memory+swap: usage 432156kB, limit 9007199254740988kB, failcnt 0
[  788.651957][   T31]  deactivate_super+0xe7/0x110
[  788.657155][   T31]  cleanup_mnt+0x21f/0x450
[  788.711980][   T31]  task_work_run+0x150/0x240
[  788.716673][   T31]  ? __pfx_task_work_run+0x10/0x10
[  788.721829][   T31]  do_exit+0x8b8/0x2b60
[  788.756256][   T31]  ? __pfx_do_exit+0x10/0x10
[  788.792712][   T31]  ? cgroup_update_frozen_flag+0x107/0x210
[  788.832998][   T31]  ? find_held_lock+0x2b/0x80
[  788.852192][   T31]  ? get_signal+0x184f/0x21e0
[  788.856953][   T31]  do_group_exit+0xd5/0x2a0
[  788.861547][   T31]  get_signal+0x1ec7/0x21e0
[  788.932009][   T31]  ? __asan_memset+0x23/0x50
[  788.952039][   T31]  ? __pfx_get_signal+0x10/0x10
[  788.957010][   T31]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  788.992282][   T31]  arch_do_signal_or_restart+0x91/0x770
[  788.998030][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  789.052136][   T31]  ? __x64_sys_clock_nanosleep+0x347/0x480
[  789.058029][   T31]  exit_to_user_mode_loop+0x86/0x4a0
[  789.082316][   T31]  do_syscall_64+0x668/0xf80
[  789.087075][   T31]  ? clear_bhb_loop+0x40/0x90
[  789.122133][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  789.128095][   T31] RIP: 0033:0x7fbc4e95d04e
[  789.152744][   T31] RSP: 002b:00007fbc4f7b9f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6
[  789.161271][   T31] RAX: fffffffffffffdfc RBX: 00007fbc4f7ba6c0 RCX: 00007fbc4e95d04e
[  789.212232][   T31] RDX: 00007fbc4f7b9fb0 RSI: 0000000000000000 RDI: 0000000000000000
[  789.220378][   T31] RBP: 00007fbc4ea32c91 R08: 0000000000000000 R09: 0000000000000000
[  789.276499][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  789.302424][   T31] R13: 00007fbc4ec16038 R14: 00007fbc4ec15fa0 R15: 00007fff26de2248
[  789.335637][   T31]  </TASK>
[  789.379730][   T31] 
[  789.379730][   T31] Showing all locks held in the system:
[  789.412305][   T31] 1 lock held by khungtaskd/31:
[  789.417209][   T31]  #0: ffffffff8e7e7760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  789.488055][   T31] 2 locks held by kworker/0:6/5926:
[  789.512178][   T31]  #0: ffff88813fe63148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0
[  789.572334][   T31]  #1: ffffc90003f87d08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0
[  789.638343][   T31] 2 locks held by syz.1.228/6726:
[  789.655920][   T31]  #0: ffff8880775420e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110
[  789.759819][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  789.819519][   T31] 2 locks held by syz.0.626/8472:
[  789.842816][   T31]  #0: ffff8880289760e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110
[  789.895796][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  789.942570][   T31] 2 locks held by syz.3.1522/12204:
[  789.948015][   T31]  #0: ffffffff906c3030 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  790.000332][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x6c1/0xc00
[  790.052636][   T31] 2 locks held by syz.1.2392/16025:
[  790.058247][   T31]  #0: ffffffff906c3030 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  790.102922][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x6c1/0xc00
[  790.142677][   T31] 2 locks held by syz-executor/16332:
[  790.148097][   T31]  #0: ffff8880939f40e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110
[  790.205115][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  790.229332][   T31] 2 locks held by syz.5.2440/16338:
[  790.252796][   T31]  #0: ffffffff906c3030 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  790.282725][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x6c1/0xc00
[  790.322776][   T31] 2 locks held by syz-executor/16492:
[  790.328221][   T31]  #0: ffff88807e4440e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110
[  790.355994][T11608] Bluetooth: hci13: command tx timeout
[  790.385739][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  790.422877][   T31] 1 lock held by syz-executor/16667:
[  790.428220][   T31] 2 locks held by syz.4.2506/16672:
[  790.463112][   T31]  #0: ffff888088b5c0e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110
[  790.506252][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0
[  790.536626][   T31] 2 locks held by syz.2.2514/16717:
[  790.541991][   T31]  #0: ffffffff906c3030 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  790.578114][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1a80
[  790.682933][   T31] 2 locks held by syz.8.2553/16923:
[  790.688190][   T31]  #0: ffffffff906c3030 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  790.784561][   T31]  #1: ffffffff8ec58e28 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_get_doit+0x18c/0x7f0
[  790.863008][   T31] 2 locks held by syz.7.2574/17022:
[  790.868273][   T31] 1 lock held by syz.7.2583/17071:
[  790.933775][   T31] 1 lock held by syz.7.2583/17072:
[  790.939209][   T31] 1 lock held by syz.7.2583/17073:
[  790.983086][   T31] 1 lock held by syz.7.2583/17077:
[  791.023136][   T31] 1 lock held by syz.7.2583/17078:
[  791.028733][   T31] 1 lock held by syz.7.2583/17081:
[  791.094050][   T31] 1 lock held by syz.7.2583/17088:
[  791.099259][   T31] 4 locks held by syz.7.2583/17092:
[  791.163188][   T31] 1 lock held by syz.7.2583/17096:
[  791.168453][   T31] 2 locks held by syz.3.2570/17365:
[  791.223434][   T31] 1 lock held by syz.7.2594/17432:
[  791.228613][   T31] 5 locks held by syz-executor/17442:
[  791.290625][   T31]  #0: ffff8880921a4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0
[  791.343527][   T31]  #1: ffff8880921a40c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240
[  791.404475][   T31]  #2: ffffffff908affc8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280
[  791.484147][   T31]  #3: ffff888030dd6300 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x95/0x710
[  791.524758][   T31]  #4: ffffffff8e7f32b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[  791.573684][   T31] 1 lock held by syz.1.2608/17452:
[  791.579033][   T31]  #0: ffffffff90616ce8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220
[  791.624070][   T31] 
[  791.626473][   T31] =============================================
[  791.626473][   T31] 
[  791.683642][   T31] NMI backtrace for cpu 0
[  791.683666][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  791.683698][   T31] Tainted: [L]=SOFTLOCKUP
[  791.683706][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  791.683720][   T31] Call Trace:
[  791.683727][   T31]  <TASK>
[  791.683737][   T31]  dump_stack_lvl+0x100/0x190
[  791.683777][   T31]  nmi_cpu_backtrace.cold+0x12d/0x151
[  791.683816][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  791.683852][   T31]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  791.683888][   T31]  sys_info+0x141/0x190
[  791.683915][   T31]  watchdog+0xd25/0x1050
[  791.683947][   T31]  ? __pfx_watchdog+0x10/0x10
[  791.683971][   T31]  ? __kthread_parkme+0x18c/0x230
[  791.684001][   T31]  ? kthread+0x13a/0x450
[  791.684031][   T31]  ? __pfx_watchdog+0x10/0x10
[  791.684052][   T31]  kthread+0x370/0x450
[  791.684082][   T31]  ? __pfx_kthread+0x10/0x10
[  791.684114][   T31]  ret_from_fork+0x754/0xd80
[  791.684151][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  791.684188][   T31]  ? __switch_to+0x7b4/0x1120
[  791.684215][   T31]  ? __pfx_kthread+0x10/0x10
[  791.684254][   T31]  ret_from_fork_asm+0x1a/0x30
[  791.684294][   T31]  </TASK>
[  791.893531][T17092] kmem: usage 3104kB, limit 9007199254740988kB, failcnt 0
[  791.900700][T17092] Memory cgroup stats for /syz7:
[  791.901003][T17092] cache 211673088
[  792.124337][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  792.131249][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  792.141964][   T31] Tainted: [L]=SOFTLOCKUP
[  792.146302][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  792.156722][   T31] Call Trace:
[  792.160019][   T31]  <TASK>
[  792.162975][   T31]  dump_stack_lvl+0x100/0x190
[  792.167863][   T31]  vpanic+0x552/0x970
[  792.171880][   T31]  ? __pfx_vpanic+0x10/0x10
[  792.176418][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  792.182609][   T31]  panic+0xd1/0xe0
[  792.186443][   T31]  ? __pfx_panic+0x10/0x10
[  792.190902][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  792.197105][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  792.203390][   T31]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  792.210010][   T31]  ? watchdog.cold+0x198/0x1ca
[  792.214791][   T31]  ? watchdog+0xd35/0x1050
[  792.219229][   T31]  watchdog.cold+0x1a9/0x1ca
[  792.223863][   T31]  ? __pfx_watchdog+0x10/0x10
[  792.228565][   T31]  ? __kthread_parkme+0x18c/0x230
[  792.233614][   T31]  ? kthread+0x13a/0x450
[  792.237875][   T31]  ? __pfx_watchdog+0x10/0x10
[  792.242578][   T31]  kthread+0x370/0x450
[  792.246755][   T31]  ? __pfx_kthread+0x10/0x10
[  792.251404][   T31]  ret_from_fork+0x754/0xd80
[  792.256033][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  792.261175][   T31]  ? __switch_to+0x7b4/0x1120
[  792.265866][   T31]  ? __pfx_kthread+0x10/0x10
[  792.270566][   T31]  ret_from_fork_asm+0x1a/0x30
[  792.275382][   T31]  </TASK>
[  792.278585][   T31] Kernel Offset: disabled
[  792.282951][   T31] Rebooting in 86400 seconds..