last executing test programs:

16.609259408s ago: executing program 1 (id=711):
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/usbmon38\x00', 0x400, 0x0)
mmap$auto(0x0, 0x2000c, 0x81, 0x20eb5, 0x40000000000a5, 0x8000000000000000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9)
getrusage$auto(0xfffffffe, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000)
clone$auto(0x21, 0x8cd, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4)
mlockall$auto(0x5)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000002c40)=0xd0)
ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0)
ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0)
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x20400, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x800, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x7, 0x3, 0x2, 0x4, 0x7, 0x6d3e, 0x9, 0x2, 0xffffffffffffffff]}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
socket$nl_generic(0x10, 0x3, 0x10)

15.11589096s ago: executing program 1 (id=715):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/suspend_stats/failed_suspend_noirq\x00', 0x8a100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/38, 0x26)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
socket(0xa, 0x1, 0x100)
r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
pread64$auto(r1, 0x0, 0x200000000007ff, 0x400)
socket(0x1a, 0x1, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x3, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000340)="feecc4fcf9b67b8cd1d3b8fa15064e15e7d72c736e2153c7dc04b4d79821af6511d5fb6e7316e007d8322be54f3c26cb54c4f32cce426edc96c124c5be2e46567b646ae069d7a3b3d058f3703db5177887f85bdf3e008cdd3f6cbbca5c3282bc3309ce7b9a02cfc1821f2dc3b60591bb83d4ca6efa8d85f28d4c3c5840a0cd8732c9fd9d0daeaa4cabd5ced26e4b4bfb3ca95c56f403dd6bf89b28c2c2d8", 0x9e)
ioctl$auto(0x3, 0x2287, 0xffffffffffffffff)
r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000)
madvise$auto(0x0, 0x20200, 0x15)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)

14.222709055s ago: executing program 0 (id=717):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setresgid$auto(0x0, 0xee01, 0xffffffffffffffff)
r0 = getegid()
mmap$auto(0x400, 0x9, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8002)
semctl$auto(0x7, 0x2, 0x13, 0x1)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/ipsec\x00', 0xc2040, 0x0)
r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r1, 0x4b72, r2)
setregid$auto(r0, r0)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0)
ioctl$auto_SOUND_MIXER_READ_RECMASK2(r3, 0x80044dfd, 0x0)
r4 = io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r4, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x8)
socket(0xa, 0x3, 0xff)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x6, 0x101, 0x1, 0xfffffffffffffff1, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r5 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
write$auto_proc_mem_operations_base(r5, &(0x7f0000001680)="a7", 0x80000)
listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x220402, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0)
write$auto(r6, 0x0, 0x2b6)

12.716795388s ago: executing program 1 (id=719):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netstat\x00', 0x100, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000440), 0x20100, 0x0)
ioctl$auto_LOOP_CTL_REMOVE(r1, 0x4c81, 0x0)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000480)='/proc/asound/card1/cable#0\x00', 0x10000, 0x0)
socket(0x1e, 0x80000, 0x5c)
r2 = openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
write$auto_cachefiles_daemon_fops_internal(r2, 0x0, 0x0)
mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
clock_nanosleep$auto(0x0, 0x1000, 0x0, &(0x7f0000000040)={0x9, 0x1000000000004})
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_REMOVE_LINK_STA(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000001040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3], 0x1c}, 0x1, 0x0, 0x0, 0xc1}, 0x4000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
sendmsg$auto_NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x3a8044}, 0xc, &(0x7f0000000400)={&(0x7f00000010c0)={0x40, r3, 0x0, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x200}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x9}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x7}, @NL80211_ATTR_TDLS_SUPPORT={0x4}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xff}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x4e22}]}, 0x40}, 0x1, 0x0, 0x0, 0xc814}, 0x10)
madvise$auto(0x0, 0x20499d, 0x9)
syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r4)
sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd7000fbdbdf2503000000180001801400020073797a5f74756e0000000000000000000500020000000000"], 0x34}, 0x1, 0x0, 0x0, 0x4000840}, 0x2000c840)
sendmsg$auto_NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, 0x0, 0x810)
madvise$auto(0x108000, 0x800032, 0x4)
madvise$auto(0x0, 0x5, 0x15)
madvise$auto(0x0, 0x200007, 0x19)
read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)=""/4070, 0xffffff7d)
madvise$auto(0xa58a, 0x8, 0x99d0)
write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9)

7.955658578s ago: executing program 0 (id=722):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x1f, 0x3, 0x1c400)
socket(0xa, 0x3, 0xff)
setsockopt$auto(0x400000000000003, 0x29, 0x16, 0x0, 0x20056b)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0)
r1 = socket(0x22, 0x2, 0x3)
r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xa083, 0x0)
r5 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000280), r2)
sendmsg$auto_SEG6_CMD_SETHMAC(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000227bd080000000800030005000000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x44000)
close_range$auto(r2, r4, 0x672)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r4)
socket(0xa, 0x3, 0x3a)
ioctl$auto_KVM_CREATE_VM(r3, 0x4048aecb, 0x0)
mmap$auto(0x0, 0x400008, 0x4000000000df, 0x9b72, 0x2, 0x8000)
execve$auto(0x0, 0x0, 0x0)
r6 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0)
r7 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r7, 0x6f2a, 0x0)
write$auto_tomoyo_operations_securityfs_if(r6, 0x0, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x8741, 0x0)
sendmsg$auto_SMC_NETLINK_GET_SYS_INFO(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='A\x00\x00\x00', @ANYRES16, @ANYBLOB="00042cbd7000fbdbdf25010000007e5ce5af06eb3374792d77a625ca5d795541d749d78beae6c6c8d42a0a175164cef314dba01412e9ea1c22775512dd7ea2482bd9f4985724b2250000"], 0x50}}, 0x20000080)
socket(0x25, 0x2, 0x0)
unshare$auto(0x40000080)

7.917761777s ago: executing program 1 (id=723):
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0xa, 0x1, 0x100)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1e2142, 0x0)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0)
sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000400)="554ae44a7d4987918c09937d09e9a38b1a0400a76365bd775b80b928eef63a4c9692537d2547ab9845f6733f7f389da21c9b7335def9a1e06c7211bc1d5406f760fb6ec2c40e12cc75b4cc40a4607993d4a772b27a3fa10548", 0x100, 0x8}, 0x8}, 0x3, 0x6)
write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9)
sendfile$auto(r1, r1, 0x0, 0x7fff)
unshare$auto(0xa4)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0)
ioperm$auto(0x7, 0x6, 0x2)
arch_prctl$auto_ARCH_GET_CPUID(0x1011, 0xa445)
ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0)
r4 = socket(0x0, 0x3, 0x3c)
unshare$auto(0x40000080)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16, @ANYBLOB="4cb245184f86db"], 0xf8}}, 0x10004010)
sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x64f4040a6ccda016}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="ffffff", @ANYRES16, @ANYBLOB="00012cbd7000fcdbdf250a00000005000200000000000600010061c5000008000a000c000000060001005d00000008000a001803000006000100b438000008000a000100010008000a000200000008000a0006000000"], 0x5c}, 0x1, 0x0, 0x0, 0x220088c0}, 0x40)
close_range$auto(0x2, 0x8, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlockall$auto(0x7)

7.853666794s ago: executing program 2 (id=724):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000400)='/dev/fb0\x00', 0x20401, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000080)='\xfddev/sequencer\x00', 0xb90)
ioctl$sock_SIOCGIFINDEX(r0, 0x4604, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/topology/cluster_id\x00', 0x400, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x280d43, 0x0)
r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000100), 0x360801, 0x0)
ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyt5\x00', 0x509080, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, &(0x7f0000000380)="96bf9c09c7f6e20b7dcbd0f5706812a7cbff461ff64f9a2a4ff873f5aba9bad321e0e5cd4cbcf7f6357ef273a1d6d5dd01cb0a8c81d62d0c62c74285619add36ea9a02945ef0178102c083f63511760a7b4c")
io_uring_setup$auto(0x9, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001380)='/sys/devices/system/clocksource/clocksource0/unbind_clocksource\x00', 0xa001, 0x0)
write$auto(0xffffffffffffffff, &(0x7f00000006c0)='7\x00\\\xa0\x04|\xfe\xca\x12\xfa\b\x1c\xc7k\xff\xfe\x8e\xaf\xeeu~\a\xc0/(d\n\x05\x13EE\xf0\xad\r\xcb\xbc\xef\xe3\xb4\x93\xfbc/\xfd<\xb7w%]\xcc\xfb\xcdm\x8f\nd\xca+Rg\xab\xf2<^\xc7\x8fG# \x06\xc8!\x177GA\x84n\x0e\xa3\xa1\xdb\x8au\xf1\xee\xb25\x04 \x16\xbd\x9d\xa1;>\x99\x8d\x1d\x83>\xf5cE\x06\xe8\xb8\xc1)\x15\xe8\x1a\xef{\xfd\x19\xa6\x84V\x7f\xf5\x9f\xf0\xa4\x1b\xf7\xa5\x91.q\xc21k\n\xca\x91L/{d\xf6#\xb5\xb4\x01\xc2/\xdf\xb4\x89y|\xc7^c,\xf3\x98\x9fo\xaa\xb1\xbf\x92\x9bX\xc8\x8f\x13\x10K+~\xde\x00gib\x8a\xebm\xc1\n\xf4\x8a\x9eQ\xea\xa4\xb4\x16?*$\x1a\b\xa7\x8e\xe7dd[\rWN\xc8<\x8a:\\\x98\xc3yX?\xfd3\x06\xaf\xb10\x11 \x836\xb7\xe1+\xe3|B\xe7\xc6H\fS\xe5Y@\xdfZ\xdf\x9e\xd0\xa6\r\x94\xf6\xe0\xe1\x98v\x8d\x06\xfa\x06$\xf9s\xdb\x9c\xfd\xf5\xa3\xa1\x1a\x96b]}\x86\xc1\x84\xe4\xfc\x17\xe4\xaa\x8dL\x11uO\xd8Y\x17\xc4FK\x8b\xcbR\xa9,\x9bJt\xe9+?`6\xa2\xeb\xablIZ\x815u)\xc5FQ\xa0|\xcfC~Eo\xe9\xc1\xb7\xa9K {\xe3\xc6\x15\xda\x94\x13\x87\x89\xd5U\tAnMZ\x16\x06\x19B\xef\xa0\xeb\xb0\xde\xc4F\x9b\x86\xde\xb4\xff!\xcb\xa2\x97`9wi\x1e[\xb7\xbc\xfc\xfe2\xdbA\x86\xbf\xd1\x90\x18\x99\xc9\x14\xf90\x97\xc8\x19\r{\x9f\x9cLG\xa6)\x95@\x94\xdf\x04f\xdd\xe4\xaf\xa4]\xa8Z\xd2f\xb6\xd8A\no>\xf6\x10L\xcc\xb8\x7f>#\xf9#`Y\rt\xcck\xcd\bS\x80-\xa6\xa5\x85\"\x98e\xfc\xe0\x9a\x0e^\xef\xc5\xaa4\xf2\x82\xe3\x82\x85*F457\xfc\xc2A\x00'/489, 0x81)
clock_nanosleep$auto(0x2, 0x9, 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffffff, &(0x7f0000000480)="7a760fae9598bdb929f93897d08aeb3dcc49b3be66585460f98aaf010fbb4c0def6a3608f4d7739d5e9ea20b5cd5c57c83cca7f6880976a8f731bbae7f1806972d944cc04f837100ec103d6e6b6ab031f38ca129182a26b169c5169f656f81e96d6fb39d0cde007bbb958cf8227556f98c6d5cda767b3f1659093bd3787c596ebb214cedb3ce2d0cfb4232b854bb5a47fb02285c17f762410a87bdd167e11ebcfd87f1d8de554c5538aa3189220d2e8b477dc588d2806dd4481da035863f0f7a2e7b4131ad6257875e64d6e086b62ef1", 0xd0)
close_range$auto(0x2, 0x8, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x5, 0x200000000000002, 0x9, 0x3, 0x6, 0x4, 0x2000000b4, 0x9, 0x4000000000002, 0x7fffffff, 0x80, 0x7, 0x0, 0x7, 0x2004, 0x200, 0x0, 0x84, 0xfffffffffffffffd, 0x0, 0x0, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x9]}, 0x1fe, 0x200d)
r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0)
socket(0x18, 0x4, 0x3)
write$auto(r3, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
ioctl$auto_SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1, 0x0)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x0, 0x0)
r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/nbd10/state\x00', 0x189e42, 0x0)
write$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r4, 0x0, 0x0)

7.537367369s ago: executing program 3 (id=725):
ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000000)={0x0, 0x0, 0x13d, 0x7, 0x9, <r0=>0x0})
prctl$auto(0x7, 0x41, r0, 0x5, 0x7)
mmap$auto(0x0, 0x8, 0xb933, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(0xffffffffffffffff, 0x0, 0x20050)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r2)
ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f0000000040)={0x2})
unshare$auto(0x40000080)
io_uring_setup$auto(0x6, 0x0)
r3 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/5u\x00', 0x80342, 0x0)
pread64$auto(r3, 0x0, 0x0, 0x40000000009)
read$auto_mon_fops_text_t_mon_text(r3, 0x0, 0x0)
close_range$auto(0x2, 0x5, 0x0)
capget$auto(0x0, 0xfffffffffffffffe)
rt_tgsigqueueinfo$auto(0x0, 0x0, 0x21, 0x0)
mmap$auto(0x0, 0x2, 0xffb, 0x200000000000019, r2, 0x8)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
fstat$auto(0xffffffffffffffff, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x80)
sendmmsg$auto(0x3, 0x0, 0x3, 0x0)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0)

6.536269094s ago: executing program 2 (id=726):
mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
r1 = socket(0xa, 0x801, 0x84)
bind$auto(r0, 0x0, 0x6a)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x14)
mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
connect$auto(0xffffffffffffffff, &(0x7f0000000200)=@generic={0x2, "a7d7363b4fd495c01bdb1a0f9518"}, 0x7ff)
socket(0xf, 0x3, 0x2)
write$auto(0xca, &(0x7f00000001c0)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9)
r3 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SET_TUNSRC(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x28, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @rand_addr=' \x01\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x814}, 0x4)
sendmsg$auto_SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000600)={0x204, r3, 0x10, 0x70bd29, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @remote}, @SEG6_ATTR_SECRET={0xfc, 0x4, "9efdb2fb71b930c242a071136e5d9693e5e49664545284ba1d74bfd63ca060c01539e6e8d88def89fb50dda2171f599d590a2afbcd924a0d461f73d29017f5022e78345dd100fb180e1b9a2a8095b8007c5c39549878b48f8c6636012e0a44e60708b629d6f1181dbffabf9cd6f236c5f3881c24001b82dfcce546f445dac3dabadce3beb3c2c9e40a14e69d8c64a3adcbfd20376e25bfa0274fe40d41ea25b14cf6e69d1c15b9387ac8412e17aa32ba87662314a702a66bfd75159e2185116bc66d02d5917d7687f4aec817f85f1fa2b42506f7c05125f59c6be2cc456d364850ff7e7fdb3d812dc41dbb4d2a11fcbfe95ae9262bbcbc14"}, @SEG6_ATTR_HMACINFO={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0xe0, 0x0, 0x0, @fd=r1}]}, @SEG6_ATTR_HMACINFO={0xd1, 0x7, 0x0, 0x1, [@generic="7ac6bd777d38739cc32b2141765ccd958be9f745ea93e2b382c194407d80b7d2cbd608c32f", @generic="7a8963d1dc1718a824fb9f1426434226c6b067f62600e6c2ae8368e425c8663c99f1a5fa8c7fa24f724e46b58ec01d87e8f0e8307128bedd900ab64cc1c29a7ec834508028", @generic="9cc5927cbac3de22808429e82dd087b3f8c6bca8bd8e2f9eeca489bf577fcb707418768ad832edac6fe5bd850c8684f5ebdb0fb605f369accedaeda191b95dfe54a8fa63d16af4bd43ff404d7a73be67fdaa96ae0f4e3b27d3efcf0d0b075282e155c1"]}]}, 0x204}, 0x1, 0x0, 0x0, 0x44001}, 0x20000040)
getsockopt$auto(r1, 0x84, 0x6c, 0x0, &(0x7f0000000280)=0x1000c0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r5)
ioctl$auto_KVM_CREATE_VM(r4, 0x4048aecb, 0x0)

6.436824501s ago: executing program 3 (id=727):
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0xa, 0x1, 0x100)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1e2142, 0x0)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0)
sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000400)="554ae44a7d4987918c09937d09e9a38b1a0400a76365bd775b80b928eef63a4c9692537d2547ab9845f6733f7f389da21c9b7335def9a1e06c7211bc1d5406f760fb6ec2c40e12cc75b4cc40a4607993d4a772b27a3fa10548", 0x100, 0x8}, 0x8}, 0x3, 0x6)
write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9)
sendfile$auto(r1, r1, 0x0, 0x7fff)
unshare$auto(0xa4)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0)
ioperm$auto(0x7, 0x6, 0x2)
arch_prctl$auto_ARCH_GET_CPUID(0x1011, 0xa445)
ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0)
r4 = socket(0x0, 0x3, 0x3c)
unshare$auto(0x40000080)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16, @ANYBLOB="4cb245184f86db"], 0xf8}}, 0x10004010)
sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x64f4040a6ccda016}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="ffffff", @ANYRES16, @ANYBLOB="00012cbd7000fcdbdf250a00000005000200000000000600010061c5000008000a000c000000060001005d00000008000a001803000006000100b438000008000a000100010008000a000200000008000a0006000000"], 0x5c}, 0x1, 0x0, 0x0, 0x220088c0}, 0x40)
close_range$auto(0x2, 0x8, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlockall$auto(0x7)

5.601846987s ago: executing program 2 (id=728):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/irq/2/name\x00', 0x800, 0x0)
read$auto(r0, 0x0, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x1, 0x5, 0x106)
rseq$auto(&(0x7f0000000340)={0x10, 0x401, 0x0, 0x803, 0x7, 0x2}, 0x8000, 0x0, 0x8000006)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r2)
sendmsg$auto_NL80211_CMD_REQ_SET_REG(r2, &(0x7f000000a5c0)={0x0, 0x0, &(0x7f000000a580)={&(0x7f0000000080)={0x1c, r3, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x20002}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x24008080)
fanotify_init$auto(0x65, 0x2)
sendmsg$auto_NFC_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000826bd7000fddbdf250100000005020a0005"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x10004081)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(r1, 0x8, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
migrate_pages$auto(0x0, 0x3, 0x0, 0x0)
openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_percent\x00', 0x80400, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x201, 0x0)
openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/kvm/irq_exits\x00', 0x22002, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
r4 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
ioctl$auto_SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000180))
r5 = socket(0x10, 0x80002, 0x8)
close_range$auto(r5, r5, 0x0)
pipe$auto(0x0)
splice$auto(r5, 0x0, 0x2, 0x0, 0x3fb, 0x9)
write$auto(0x6, 0x0, 0x100000001)

5.448452016s ago: executing program 0 (id=729):
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x100)
preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e)
mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000)
r0 = socket(0x37, 0x4, 0xa)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
r2 = syz_open_procfs$namespace(0x0, 0x0)
fstat$auto(r2, 0x0)
r3 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), r0)
sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r3, @ANYRES32=r2, @ANYRESDEC=r1], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
fsconfig$auto(r4, 0x2, &(0x7f00000003c0)='\x00*\xbc\xf5\'\xde\xf1\xd2`{\x87e\xf1\x9e\xba\x10X\xe3r\x82\x81e\xaal\x8f\xcf\xed~0c\xeb\xd5|\xffB\xf1\xc0?@\x16\xed\x8a\xfbm\xbf\x00\x99\xb1\xd4:s]\xccs\xc5\xe6\x8c\x9b\x85\xdc\xd2\tIP\x90L\x9bo\xe1}u\t\xe1.C\f\xe5\x1cb\xd0|\x8f\xb1LB\xfa\xcf>N\xac\xe9\xf6\x9e\x83p\xff\xe8\x8d\xbf\xe6>\xd5sG\x8c\xdb\xe6J@\x93?z\xb36\xb8H\xd2\xc7J\x8d\x9d5\xdc\x03xS\xe4\xfc,\x11<\xb3a\xbe\x8d1\x9cu\xcdt\xe9\x7f\r\tXb\x94\xb5\xb0\x17\nT\x15\xd8\x15\xe2\xda,B\xe5)\xd4\x99e\xac\x1d\xf9\x84m{\xea_Y\x1d\xedD\a\x9f\xae\xd3\x05\x9aA\x96\x12Q+', &(0x7f0000000140), 0x0)
read$auto_ftrace_enable_fops_trace_events(r4, &(0x7f0000000200)=""/34, 0x22)
ioctl$auto(0x3, 0x40081271, 0x38)
write$auto(0x3, 0x0, 0xfdef)
mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xfffffffffff70001, 0x1)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x3f, 0x5)
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
remap_file_pages$auto(0x10000000006a28, 0x1000, 0x1, 0x3, 0xfffffffffffffffc)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5)

5.050611973s ago: executing program 1 (id=730):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), 0xffffffffffffffff)
stat$auto(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0xc, 0x100000001, 0x9452, 0xfc3, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x14bc, 0x5, 0x3, 0x0, 0x2, 0x81, 0x7fffffffffffffff, 0x6, 0x19d24000000000, 0x8})
sendmsg$auto_MACSEC_CMD_DEL_TXSA(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r1, 0x700, 0x70bd27, 0x25dfdbfc, {}, [@MACSEC_ATTR_OFFLOAD={0x10, 0x9, 0x0, 0x1, [@typed={0xc, 0xb6, 0x0, 0x0, @str='@(\x02[#/-\x00'}]}, @MACSEC_ATTR_RXSC_CONFIG={0x28, 0x2, 0x0, 0x1, [@typed={0x14, 0x109, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}}, @typed={0x8, 0xff, 0x0, 0x0, @uid=r2}, @nested={0x8, 0xd9, 0x0, 0x1, [@nested={0x4, 0x76}]}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2404c800}, 0x894)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop5/mq/0/nr_reserved_tags\x00', 0x80880, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000001d40), 0x40a40, 0x0)
set_mempolicy$auto(0x3, 0x0, 0x9)
mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
readv$auto(r3, &(0x7f00000000c0)={0x0, 0x5}, 0x3)
ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0x1010001, 0x100000003)
read$auto(r4, 0x0, 0x20)
sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYRESHEX, @ANYBLOB="746cb551e830601e0d16aabb95291469d303f663aee02f11c85470d52aad0e1a83597ff7ee28603127a63aa61486d9def84244b955e043f80e4863109603599904e43691d52f8b8db3f762b23603e1aeea28c050892624ce04b9aa085cc103b84b27b4f6399119f1c648753803ada83ef75d2f83473afa338a9363aec6fc7e290c779f559a7721508685a053719936c59213308d23b1d3d1e8555c43793617dd0492ab7c5024ad50f8abd13c2b5ea6b33cb1b1730c67f78ba2a77fcf21948b126604c380be7ebf"], 0x40}, 0x1, 0x0, 0x0, 0x2408c810}, 0x40418c0)
mmap$auto(0xff0f200000000000, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x24000040}, 0x64)
madvise$auto(0x0, 0x200006, 0x19)
shmctl$auto_IPC_STAT(0x4, 0x2, 0x0)

4.889990409s ago: executing program 3 (id=731):
r0 = socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0)
semtimedop$auto(0x9, 0x0, 0x10001, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
select$auto(0x9, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x3, 0x80, 0x8fd6, 0x948b, 0x3, 0xcff, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x100000000, 0x9, 0xffffffffffffffff, 0x7]}, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/fs/cifs/smbd_send_credit_target\x00', 0x480080, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000380), 0x1, 0x0)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000001c0), r0)
sendmsg$auto_OVS_DP_CMD_SET(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48c4}, 0x20000004)
fsopen$auto(&(0x7f0000000300)='/dev/snd/midiC2D0\x00', 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000)
msgctl$auto(0x5, 0x200, 0x0)
madvise$auto_MADV_HUGEPAGE(0x0, 0x80000001, 0xe)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/security/tomoyo/version\x00', 0x0, 0x0)
prctl$auto_PR_GET_TID_ADDRESS(0x28, 0x4f20, 0x0, 0x5, 0x7)
setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x9)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0xe0742, 0x0)
close_range$auto(0x2, 0xa, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(0x3, 0x0, 0x7fffffff)
write$auto(0x1, 0x0, 0x80000000)
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5)

3.906585394s ago: executing program 0 (id=732):
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x1, 0x0)
socket(0x2, 0x2, 0x8000084)
listen$auto(0x3, 0x81)
listen$auto(0x3, 0x0)
mmap$auto(0x0, 0xa020009, 0x9, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x15, 0x5, 0x0)
sendmsg$auto(r0, 0x0, 0x0)
madvise$auto(0x0, 0x200007, 0x19)
remap_file_pages$auto(0x3, 0x1000, 0x0, 0x3, 0x4)
futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0)
r1 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$auto_LOOP_CTL_REMOVE(r1, 0x4c81, 0xffffffffffffffff)
mmap$auto(0x0, 0x200006, 0x2, 0x40ebf, 0x602, 0x300000000000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4)
mmap$auto(0x0, 0x40009, 0x6, 0x9b72, 0x7, 0x3)
listmount$auto(&(0x7f0000000000)={0x26, @raw, 0x80000002, 0xfffffffffffffff7, 0x7}, 0x0, 0xf4240, 0x1)
r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000280)={{0x3, 0x10000, 0x0, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0)
unshare$auto(0x40000080)
getsockopt$auto(0xffffffffffffffff, 0x1, 0x40, &(0x7f00000000c0)='\x05/\xc3:\x00', &(0x7f0000000100)=0x7)
r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r3, &(0x7f0000000e00)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde4727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e28782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d5574bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f", 0xc83)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x48400, 0x0)

3.415313266s ago: executing program 2 (id=733):
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0x20000000000000d4, 0x1, 0x6, 0x0, 0x7, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1007fff, 0x0, 0x8, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808})
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db)
mmap$auto(0x0, 0x10000, 0xffb, 0x8000000008011, 0x3, 0x8000)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$auto(r2, 0x5453, r2)
getrandom$auto(0x0, 0x8, 0x7)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd7\x00', 0x80000, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r3, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4)
madvise$auto(0x110c230000, 0x1, 0x9)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/force_release\x00', 0xc2082, 0x0)
write$auto(r5, &(0x7f00000004c0)='N\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x7ff)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:01/status\x00', 0x80840, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000000)=""/46, 0x2e)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x4)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0)
mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(0xffffffffffffffff, 0x7a4, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket(0x10, 0x2, 0xc)
r8 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETPOLICY(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYRES16=r8, @ANYBLOB="4cb245184f86db27df250a000a"], 0xf8}}, 0x10004010)

3.212918282s ago: executing program 3 (id=734):
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0xa, 0x1, 0x100)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1e2142, 0x0)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
select$auto(0x800, 0x0, 0x0, &(0x7f0000000580)={[0xe83, 0x8, 0xfffffffffffffc01, 0x0, 0xfff9, 0x9, 0x14, 0x7fffffff, 0x8, 0x3fe, 0x4, 0x3, 0x5, 0x2, 0x5]}, 0x0)
sendmmsg$auto(r2, &(0x7f00000003c0)={{0x0, 0x8f, 0x0, 0x5, &(0x7f0000000400)="554ae44a7d4987918c09937d09e9a38b1a0400a76365bd775b80b928eef63a4c9692537d2547ab9845f6733f7f389da21c9b7335def9a1e06c7211bc1d5406f760fb6ec2c40e12cc75b4cc40a4607993d4a772b27a3fa10548", 0x100, 0x8}, 0x8}, 0x3, 0x6)
write$auto(r2, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9)
sendfile$auto(r1, r1, 0x0, 0x7fff)
unshare$auto(0xa4)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20b42, 0x0)
ioperm$auto(0x7, 0x6, 0x2)
arch_prctl$auto_ARCH_GET_CPUID(0x1011, 0xa445)
ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0)
r4 = socket(0x0, 0x3, 0x3c)
unshare$auto(0x40000080)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
sendmsg$auto_CTRL_CMD_GETPOLICY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='q\x00\x00\x00', @ANYRES16, @ANYBLOB="4cb245184f86db"], 0xf8}}, 0x10004010)
sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x64f4040a6ccda016}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="ffffff", @ANYRES16, @ANYBLOB="00012cbd7000fcdbdf250a00000005000200000000000600010061c5000008000a000c000000060001005d00000008000a001803000006000100b438000008000a000100010008000a000200000008000a0006000000"], 0x5c}, 0x1, 0x0, 0x0, 0x220088c0}, 0x40)
close_range$auto(0x2, 0x8, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlockall$auto(0x7)

1.896533767s ago: executing program 2 (id=735):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000400)='/dev/fb0\x00', 0x20401, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000080)='\xfddev/sequencer\x00', 0xb90)
ioctl$sock_SIOCGIFINDEX(r0, 0x4604, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/topology/cluster_id\x00', 0x400, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x280d43, 0x0)
r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000100), 0x360801, 0x0)
ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyt5\x00', 0x509080, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, &(0x7f0000000380)="96bf9c09c7f6e20b7dcbd0f5706812a7cbff461ff64f9a2a4ff873f5aba9bad321e0e5cd4cbcf7f6357ef273a1d6d5dd01cb0a8c81d62d0c62c74285619add36ea9a02945ef0178102c083f63511760a7b4c")
io_uring_setup$auto(0x9, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001380)='/sys/devices/system/clocksource/clocksource0/unbind_clocksource\x00', 0xa001, 0x0)
write$auto(0xffffffffffffffff, &(0x7f00000006c0)='7\x00\\\xa0\x04|\xfe\xca\x12\xfa\b\x1c\xc7k\xff\xfe\x8e\xaf\xeeu~\a\xc0/(d\n\x05\x13EE\xf0\xad\r\xcb\xbc\xef\xe3\xb4\x93\xfbc/\xfd<\xb7w%]\xcc\xfb\xcdm\x8f\nd\xca+Rg\xab\xf2<^\xc7\x8fG# \x06\xc8!\x177GA\x84n\x0e\xa3\xa1\xdb\x8au\xf1\xee\xb25\x04 \x16\xbd\x9d\xa1;>\x99\x8d\x1d\x83>\xf5cE\x06\xe8\xb8\xc1)\x15\xe8\x1a\xef{\xfd\x19\xa6\x84V\x7f\xf5\x9f\xf0\xa4\x1b\xf7\xa5\x91.q\xc21k\n\xca\x91L/{d\xf6#\xb5\xb4\x01\xc2/\xdf\xb4\x89y|\xc7^c,\xf3\x98\x9fo\xaa\xb1\xbf\x92\x9bX\xc8\x8f\x13\x10K+~\xde\x00gib\x8a\xebm\xc1\n\xf4\x8a\x9eQ\xea\xa4\xb4\x16?*$\x1a\b\xa7\x8e\xe7dd[\rWN\xc8<\x8a:\\\x98\xc3yX?\xfd3\x06\xaf\xb10\x11 \x836\xb7\xe1+\xe3|B\xe7\xc6H\fS\xe5Y@\xdfZ\xdf\x9e\xd0\xa6\r\x94\xf6\xe0\xe1\x98v\x8d\x06\xfa\x06$\xf9s\xdb\x9c\xfd\xf5\xa3\xa1\x1a\x96b]}\x86\xc1\x84\xe4\xfc\x17\xe4\xaa\x8dL\x11uO\xd8Y\x17\xc4FK\x8b\xcbR\xa9,\x9bJt\xe9+?`6\xa2\xeb\xablIZ\x815u)\xc5FQ\xa0|\xcfC~Eo\xe9\xc1\xb7\xa9K {\xe3\xc6\x15\xda\x94\x13\x87\x89\xd5U\tAnMZ\x16\x06\x19B\xef\xa0\xeb\xb0\xde\xc4F\x9b\x86\xde\xb4\xff!\xcb\xa2\x97`9wi\x1e[\xb7\xbc\xfc\xfe2\xdbA\x86\xbf\xd1\x90\x18\x99\xc9\x14\xf90\x97\xc8\x19\r{\x9f\x9cLG\xa6)\x95@\x94\xdf\x04f\xdd\xe4\xaf\xa4]\xa8Z\xd2f\xb6\xd8A\no>\xf6\x10L\xcc\xb8\x7f>#\xf9#`Y\rt\xcck\xcd\bS\x80-\xa6\xa5\x85\"\x98e\xfc\xe0\x9a\x0e^\xef\xc5\xaa4\xf2\x82\xe3\x82\x85*F457\xfc\xc2A\x00'/489, 0x81)
clock_nanosleep$auto(0x2, 0x9, 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffffff, &(0x7f0000000480)="7a760fae9598bdb929f93897d08aeb3dcc49b3be66585460f98aaf010fbb4c0def6a3608f4d7739d5e9ea20b5cd5c57c83cca7f6880976a8f731bbae7f1806972d944cc04f837100ec103d6e6b6ab031f38ca129182a26b169c5169f656f81e96d6fb39d0cde007bbb958cf8227556f98c6d5cda767b3f1659093bd3787c596ebb214cedb3ce2d0cfb4232b854bb5a47fb02285c17f762410a87bdd167e11ebcfd87f1d8de554c5538aa3189220d2e8b477dc588d2806dd4481da035863f0f7a2e7b4131ad6257875e64d6e086b62ef1", 0xd0)
close_range$auto(0x2, 0x8, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x5, 0x200000000000002, 0x9, 0x3, 0x6, 0x4, 0x2000000b4, 0x9, 0x4000000000002, 0x7fffffff, 0x80, 0x7, 0x0, 0x7, 0x2004, 0x200, 0x0, 0x84, 0xfffffffffffffffd, 0x0, 0x0, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x9]}, 0x1fe, 0x200d)
r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20881, 0x0)
socket(0x18, 0x4, 0x3)
write$auto(r3, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3)
ioctl$auto_SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1, 0x0)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x0, 0x0)
r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/nbd10/state\x00', 0x189e42, 0x0)
write$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r4, 0x0, 0x0)

1.701789294s ago: executing program 1 (id=736):
r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x40000, 0x0)
listen$auto(r0, 0x611e)
poll$auto(0x0, 0x6, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = open(0x0, 0x7ffd, 0x12)
pwrite64$auto(0xffffffffffffffff, 0x0, 0x6, 0x8)
mmap$auto(0x0, 0x1ff, 0xe5, 0x200000810, r1, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x9, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r2)
sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x1c, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}]}, 0x1c}}, 0x40040)
sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x14, r3, 0x300, 0x70bd25, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80004}, 0xc0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
read$auto(0x3, 0x0, 0x80)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r4 = io_uring_setup$auto(0x406, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
getrandom$auto(0x0, 0x6000000, 0x3)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
io_uring_enter$auto(r4, 0x2, 0x764, 0x20, &(0x7f0000000100)="73aa213cb38614273e2bf31ebc0b690764f9871897620d8013e8df72181eeab216693af1ef06609226d205c402ecec272079635056984e7a8821a2866b000baad83480c087c8", 0x0)
r5 = socket(0x11, 0x80003, 0x300)
io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46)
sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES64=r2, @ANYRESDEC], 0x7c}, 0x1, 0x0, 0x0, 0x4004091}, 0x40850)
io_uring_enter$auto(r4, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3)
move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2)
io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2)
mmap$auto(0xeffffffffffffffe, 0x40007, 0xffffffffffffffff, 0xffffffff80000011, r5, 0x28002)

1.495044442s ago: executing program 0 (id=737):
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/usbmon38\x00', 0x400, 0x0)
mmap$auto(0x0, 0x2000c, 0x81, 0x20eb5, 0x40000000000a5, 0x8000000000000000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9)
getrusage$auto(0xfffffffe, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000)
clone$auto(0x21, 0x8cd, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4)
mlockall$auto(0x5)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000002c40)=0xd0)
ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0)
ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0)
r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x20400, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x800, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x7, 0x3, 0x2, 0x4, 0x7, 0x6d3e, 0x9, 0x2, 0xffffffffffffffff]}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
socket$nl_generic(0x10, 0x3, 0x10)

1.19716303s ago: executing program 3 (id=738):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
ptrace$auto_PTRACE_SET_THREAD_AREA(0x1a, 0xffffffffffffffff, 0x9543, 0x1)
write$auto(0x3, 0x0, 0x7fffffff)
write$auto(0x1, 0x0, 0x80000000)
preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5)
newfstatat$auto(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x5, 0x6, 0xa9, 0x4, 0x0, 0xee01, 0x0, 0x2000000006, 0x20000000000003, 0x0, 0x3, 0x8, 0x5, 0x1000000001, 0x4, 0x1, 0x53}, 0x1)
ppoll$auto(0x0, 0x7f, 0x0, 0x0, 0x8)
socket(0x3, 0x80000, 0x6)
prctl$auto(0x21, 0x0, 0x1, 0x0, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
mmap$auto(0x0, 0x3ff, 0xb3, 0x9b72, 0xffffffffffffffff, 0x28000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
write$auto(0x3, 0x0, 0x7fffffff)
open(&(0x7f0000000000)='./file0\x00', 0xa040, 0x122)
splice$auto(0x4, 0x0, 0x2, 0x0, 0xfffffffffffffffc, 0x4)
close_range$auto(0x2, 0xa, 0x0)
r1 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x3b, 0x51b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0x4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x1}, 0x202, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/LookupCacheEnabled\x00', 0x48041, 0x0)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0)

864.435545ms ago: executing program 2 (id=739):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
sendmsg$auto_NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="e7550000", @ANYRES16=0x0, @ANYBLOB="000225bd7000fddbdf25680000000600fb000900000005008900060000000800a000040000001e0094004c05da993507a507192210bd4a5780f1019236bec0dd389ddca600005900be001d868f7225ad88aa25b8511fd455f1cb183fbdff52925ebb882d4de9015bc6bc695697ae97e70eb1af4805d6fd17aaa9659b86ed933e7e40e51f5108a036c5a6c2f8b3bea27e467734b6bb7bfe329f5943ab6f2277000000"], 0xa8}, 0x1, 0x0, 0x0, 0x4}, 0x40810)
mmap$auto(0x0, 0xe981, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="08009e00"], 0x24}}, 0x4000000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/dummy_hcd.1/usb2/2-0:1.0/ep_81/bLength\x00', 0x100800, 0x0)
read$auto(r3, 0x0, 0x20)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0xfffffff7fffffffe, 0x20009, 0x100000000, 0x10, 0x401, 0x8000)
r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20b42, 0x0)
write$auto(r4, 0x0, 0x40000001)
ioctl$auto_SNDCTL_DSP_GETOSPACE(r4, 0x8010500c, &(0x7f0000000040))
openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000180), 0xa80, 0x0)
openat$auto_proc_mountstats_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000), 0x84203, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r5 = openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f00000001c0), 0x402, 0x0)
write$auto(r5, 0x0, 0xfffffdf2)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)
sendfile$auto(r6, r6, 0x0, 0x3)
socket(0x10, 0x2, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r6, 0x4b45, r4)
openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
readv$auto(0x3, 0x0, 0x7)

120.287735ms ago: executing program 0 (id=740):
fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff)
mmap$auto(0xfffffffffffffffe, 0x2020009, 0x3, 0x18, 0xfffffffffffffffa, 0x109000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/loop8/integrity/device_is_integrity_capable\x00', 0x4941, 0x0)
read$auto(r0, 0x0, 0x20)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x101001, 0x0)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x8000, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x6a742, 0x0)
openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/block/nbd3/state\x00', 0x301802, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88000, 0x0)
read$auto(r2, 0x0, 0x20)
sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x24008804)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x40080, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x7}, 0x1fe, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/user\x00')
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
sysfs$auto(0xfffffffe, 0x60000, 0x0)
execveat$auto(r3, &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000880)=0x0, 0x39)
keyctl$auto(0x1d, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8)
r4 = socket(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$auto_nfsd(0x0, r4)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x0)
chmod$auto(&(0x7f00000000c0)='./file0\x00', 0xf4ba)
execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)

0s ago: executing program 3 (id=741):
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram4\x00', 0xdd01, 0x0)
mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001)
mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06', &(0x7f0000000140)='nfsd\x00', 0x10000, 0x0)
r2 = socket(0x18, 0x805, 0x2)
ioctl$sock_SIOCGIFINDEX(r2, 0x40047452, 0x0)
mount$auto(0x0, &(0x7f0000000740)='}[,&*}\x00', 0x0, 0xfffe, 0x0)
ioctl$auto_BLKRRPART(r1, 0x125f, 0x0)
open(0x0, 0x161342, 0x100)
msync$auto(0x200000000000000, 0x1800000ff010000, 0x1)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0)
msgctl$auto(0x8000, 0x6, 0x0)
socket(0x21, 0x2, 0x2)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x34000, 0x948b, 0x3, 0x15f4da06, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
socket(0xa, 0x1, 0x84)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x8}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, &(0x7f00000002c0)={0x7fe3, 0x6, "b908674cfda2f7f351c66f681b0cf4a6f675fcee96065fdca6f219ea386de55097e14dbb38e0462dd9d44d7c6c55e2a5937efe361800", "3b6e33d493a9c79b3387938d612ceab5a4a20e605cd0842aa149397ff8063b45d44f8ce95fa39df1e5e1fc5e51f00fa2dfcc38c9b1ef6596b9e746f5e48ac07048156ea6be1e1ca5d281c7bb11333d0f", 0x397, 0x3, "d3bc655e384df871894a5771758ff164f2cd8098ac193333046911421bc3f1a0cf5d0300000000000000a9001fa7efb0600cc93b5b84a000"})
open(&(0x7f0000000000)='./file0\x00', 0x10ba00, 0x114)

kernel console output (not intermixed with test programs):

 > 260
[  123.656840][ T5831] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  123.672080][ T5831] Bluetooth: hci1: Malformed LE Event: 0x0d
[  123.826581][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  125.025165][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  125.105414][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout
[  125.585243][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[  125.906869][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  127.114360][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  127.197774][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout
[  127.665486][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[  127.986954][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  128.563694][ T5831] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  128.563737][ T5831] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260
[  128.578742][ T5831] bt_err_ratelimited: 5 callbacks suppressed
[  128.578763][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[  128.584980][ T5831] Bluetooth: hci2: adv larger than maximum supported
[  128.592195][ T5831] Bluetooth: hci2: adv larger than maximum supported
[  128.598979][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x72
[  128.605704][ T5831] Bluetooth: hci2: adv larger than maximum supported
[  128.612730][ T5831] Bluetooth: hci2: Malformed LE Event: 0x0d
[  130.618666][ T6218] netlink: 4 bytes leftover after parsing attributes in process `syz.1.49'.
[  131.369561][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  131.369608][ T5831] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  131.384788][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  131.384821][ T5831] Bluetooth: hci0: adv larger than maximum supported
[  131.392834][ T5831] Bluetooth: hci0: adv larger than maximum supported
[  131.399708][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x72
[  131.406539][ T5831] Bluetooth: hci0: adv larger than maximum supported
[  131.413642][ T5831] Bluetooth: hci0: Malformed LE Event: 0x0d
[  135.562341][ T5831] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  135.562383][ T5831] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  135.577430][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  135.577464][ T5831] Bluetooth: hci0: adv larger than maximum supported
[  135.584531][ T5831] Bluetooth: hci0: adv larger than maximum supported
[  135.592103][ T5831] Bluetooth: hci0: Unknown advertising packet type: 0x72
[  135.599237][ T5831] Bluetooth: hci0: adv larger than maximum supported
[  135.606476][ T5831] Bluetooth: hci0: Malformed LE Event: 0x0d
[  136.325227][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  136.325277][ T5831] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  136.340273][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  136.340306][ T5831] Bluetooth: hci3: adv larger than maximum supported
[  136.347442][ T5831] Bluetooth: hci3: adv larger than maximum supported
[  136.355227][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x72
[  136.361985][ T5831] Bluetooth: hci3: adv larger than maximum supported
[  136.369191][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d
[  140.156880][ T5831] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  140.156929][ T5831] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  140.171931][ T5831] Bluetooth: hci1: Malformed LE Event: 0x0d
[  141.424741][ T5831] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  141.424790][ T5831] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  141.446145][ T5831] bt_err_ratelimited: 5 callbacks suppressed
[  141.446164][ T5831] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  141.452245][ T5831] Bluetooth: hci1: adv larger than maximum supported
[  141.459465][ T5831] Bluetooth: hci1: adv larger than maximum supported
[  141.472001][ T5831] Bluetooth: hci1: Unknown advertising packet type: 0x72
[  141.485220][ T5831] Bluetooth: hci1: adv larger than maximum supported
[  141.492291][ T5831] Bluetooth: hci1: Malformed LE Event: 0x0d
[  143.148600][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  143.175174][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  144.010184][ T6374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.71'.
[  144.048878][ T6374] netlink: 13 bytes leftover after parsing attributes in process `syz.0.71'.
[  144.878881][ T5831] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  144.878927][ T5831] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  144.894050][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  144.894085][ T5831] Bluetooth: hci3: adv larger than maximum supported
[  144.901392][ T5831] Bluetooth: hci3: adv larger than maximum supported
[  144.909055][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x72
[  144.915995][ T5831] Bluetooth: hci3: adv larger than maximum supported
[  144.923071][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d
[  145.141031][ T5831] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  145.141142][ T5831] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  145.159725][ T5831] Bluetooth: hci1: Malformed LE Event: 0x0d
[  146.176069][ T6415] ubi: mtd0 is already attached to ubi0
[  147.146038][ T5831] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  147.146081][ T5831] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  147.165340][ T5831] bt_err_ratelimited: 5 callbacks suppressed
[  147.165367][ T5831] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  147.171422][ T5831] Bluetooth: hci1: adv larger than maximum supported
[  147.178900][ T5831] Bluetooth: hci1: adv larger than maximum supported
[  147.185725][ T5831] Bluetooth: hci1: Unknown advertising packet type: 0x72
[  147.192463][ T5831] Bluetooth: hci1: adv larger than maximum supported
[  147.199599][ T5831] Bluetooth: hci1: Malformed LE Event: 0x0d
[  150.664815][ T5831] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  150.664861][ T5831] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260
[  150.679898][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[  150.679931][ T5831] Bluetooth: hci2: adv larger than maximum supported
[  150.687038][ T5831] Bluetooth: hci2: adv larger than maximum supported
[  150.694454][ T5831] Bluetooth: hci2: Unknown advertising packet type: 0x72
[  150.701320][ T5831] Bluetooth: hci2: adv larger than maximum supported
[  150.708918][ T5831] Bluetooth: hci2: Malformed LE Event: 0x0d
	
	
	

	

	
		
	
	
	
	

	


	
		

	


	
	

		
	
		
	

	



			








	





	







	




	

	

	
	


	

		

		
	



	






	












	
	

	










	






	







		









	

	
		
	


	
	
	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	

	
		
	
	
	
	
	
	

	

	
	
	

	
	
	



	
	


	
	
	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	

	
	

	

		



	
	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	

	
	

	

	
	
	


	
	

	
	

		


	
		

	



	
	



	
	
		

	



	
	

	

	
		
	
	



	




	
				
	




	
				
	
	
	
		

	



	
	



	
	
		

	



	
	


	


	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
	

	

	
		

								


	
	

	

	

	
		
	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	

	
		
	

		

	

	
		

	


	

	

		
	
		
	

	



			








	

	






	
	


































	











		
	

		
	
	













	








		





	

	




	

		











	

	
	
















	






	







		









	
	

	

	
	
	
	
	
	
	
	
	

	
	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
		
	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
	
	

	
	
	

	
	
	

	
	
	
	
	
	
	
	
	
	
	
	
	
	
	

	
	
	
	
	
	
	
	
	
	
	
	
	

	
		

	
		

	


	
	

		
	
		
	

	



			








	




	





		



		






		




	


	



	
	
	
	
	
	






	






	







		









	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	

	

	
		
			

	


			
	
	

		


	
		

	



	
	



	
	
		

	



	
	



	
	
	




	
				
	
	
	
		

	



	
	



	
	
		

	



	
	

	




	
				


	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	

	
	

	

		



	
	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	

	
	

		


	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	

	
	
	
		

	




		

		
	
	
	

	
	
	

	
	

	

	
				
	
		


	
	




	
				
	




	
				
		



	



		

		
	
	

		


	
		

	



	
	

	
	
	
		

	



	
	


	
	
	
	
		

	



	
	



	
	
		

	



	
	


		

		
		
		

	



	

	
		
		


			
	
	
	
		

	



	
	

	
	
	
		

	



	
	

	

	
		
	
	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	

	

	
		

		
	
	

		


	
		

	



	
	

	
	
	
		

	



	
	

	
	
	
	
	
	
	
	
	
		

	



	
	

				
	
	



	
		

	


	
	

		
	
		
	

	



			








	




	




	

	

	

	

	
	
	
	
		
	

	

		
	

	

	
	
	
	


		






	






	







		









	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
			
	

	

		
		
	
	
	

	
	

		


	
		

	



	
	

	
	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	

	
		

	
		

	


	
	

		
	
		
	

	



			








	


	



	



	

	


	




		
	
	












	

















	










	






	







		









	
	
	
	
		

	



	
	



	
	




			

			
	

	




	
				
	




	
				



		

		
	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	

	
	

		


	
		

	



	
	




		

		
	
	
	
		

	



	
	



	
	
		

	



	
	



	
	
	
	
	
		

	



	
	



	
	

	
	
	

	
	
	

	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	

	
	

		


	
		

	



	
	



	
	
		

	



	
	

	



		

		
	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	

	
	
	

	
	

	



	
	



		

		
	
	

		


	
		

	



	
	



	
	
		

	



	
	



	
	
	
	
	
		

	



	
	



	
	
		

	



	
	

	

	
		

		

	

	
	
	


	
		

	


	
	

		
	
		
	

	



			








	





	







	




	

	
	


	



	
	


	


	

		

		
	



	






	












	
	

	










	




	





		







	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	

	
	
	



	
	


	
	
	

	
		





	

	









		









	

	









		




	
	

	

	
	
	

		


	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	




		

		
	
	
	


	

	
		

	


	

	

		
	
	
	
	

		
	

	



			








	

	






	
	


































	











		
	

		
	
	













	








		





	

	




	

		











	

	
	
















	






	







		









	
	
	
	
	
	
	
	

	

	




	
				
	




	
				
	
	

		


	
		

	



	
	



	
	
		

	



	
	



	
	
	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	

	
	
	

	
	

	

	




	
				
	




	
				

	
		

	


	
	

		
	
		
	

	



			








	




	












		




	


	



	
	
	
	
	
	






	




	





		









	
	
	
	

	




		

		
	
	

	




		

		
	




	
				
	




	
				
	




	
				
	




	
				
	
	

	




		

		



		

		
	
	

		


	
		

	



	
	



	
	
		

	



	
	

	




	
				



		

		


	
	
	




	
				



		

		
	
	
			
	
	
	
		

	



	
	



	
	
		

	



	
	

	

	

		
		


	
	



		

		



		

		
	
								
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		



	
	
	
	
		

	



	
	



	
	
		

	



	
	




		

		



		

		
	




	
				

		

		
		
		

	



	




	
				
	
	
	
		

	



	
	



	
	
		

	



	
	

			

			

			

			

			

			

			

			

			

			

	
	
	
		

	



	
	



	
	
		

	



	
	

	
	
	
		

	



	
	



	
	
		

	



	
	


		

		
		
		

	



	




	
				
	




	
				



		

		
	




	
				

	
		

	


	

	

		
	
		
	

	



			








	

	






	
	



	
	

	







	

	

		
	
	








	



	


	
	












	
	






	













	
		






	




	





	










	






	







		










	

	



		

		
	




	
				
	
	
	
		

	



	
	



	
	
		

	



	
	

	




	
				
	
	
	
		

	



	
	



	
	
		

	



	
	

	




	
				

		


			

			

			

			

			

			

			

			

			

			

			
	




	
				
	
	
	
		

	



	
	



	
	
		

	



	
	

	




	
				
	
	
	
	
	
	



		

		
	
	
	
		

	



	
	



	
	
		

	



	
	




		

		

	
		

	


	
	

		
	
		
	

	



			








	


	


	



	

	
	



	

		



		
	
	












	

















	










	






	







		












		

		



		

		

	
		

	


	
	

		
	
		
	

	



			








	





	





		

		
	
	












	

















	










	




	





		








	
	

	
	
	
	
	
		

	



	
	



	
	
		

	



	
	

	




	
				



		

		
	




	
				
	
	
	
		

	



	
	

	
		

	
		

	


	
	

		
	
		
	

	



			








	




	





		
		
		









	





	





		






						
	
	

	
		
	

	
		
	

	
		
	
	
	
		

	



	
	



	
	

	
	

		


	
		

	



	
	



	
	
		

	



	
	

	




	
				
	




	
				



		

		
	
	
	
		

	



	
	



	
	
		

	



	
	

		
	




	
				

	
				
	
		
	


	




	
	
	




	
				
	

	
	
	
	

	
		
	

	
	
	
	

	
	
	
	

	
	
	
	
	
	
	
	




		

		
	

				
		
	
	
	

		


	
		

	



	
	



	
	
		

	



	
	


	
		

	


	
	

		
	
		
	

	



			








	




	






		

	




	








	


	






	




	





		







	

	
	




	
				
	

	
	

	
	

	
	

	
		



		

		
	

	
		
	

	
		
	




	
				
	

	
	

	
	

	
	

	

syzkaller
syzkaller login: [  418.946489][ T9877] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  418.946535][ T9877] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  418.967869][ T9877] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  418.967909][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  418.979176][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  418.987972][ T9877] Bluetooth: hci0: Unknown advertising packet type: 0x72
[  418.996511][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  419.005915][ T9877] Bluetooth: hci0: Malformed LE Event: 0x0d
[  419.799423][T10071] netlink: 28 bytes leftover after parsing attributes in process `syz.2.646'.
[  420.191159][T10074] FAULT_INJECTION: forcing a failure.
[  420.191159][T10074] name fail_futex, interval 1, probability 0, space 0, times 1
[  420.261186][T10074] CPU: 0 UID: 0 PID: 10074 Comm: syz.1.647 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) 
[  420.261231][T10074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  420.261249][T10074] Call Trace:
[  420.261259][T10074]  <TASK>
[  420.261271][T10074]  dump_stack_lvl+0x16c/0x1f0
[  420.261312][T10074]  should_fail_ex+0x512/0x640
[  420.261361][T10074]  get_futex_key+0x1d0/0x1540
[  420.261421][T10074]  ? __pfx_get_futex_key+0x10/0x10
[  420.261467][T10074]  ? css_rstat_updated+0x9d/0xd30
[  420.261515][T10074]  ? __lock_acquire+0x622/0x1c90
[  420.261551][T10074]  futex_wake+0xea/0x530
[  420.261582][T10074]  ? __up_read+0x1f8/0x750
[  420.261620][T10074]  ? __pfx_futex_wake+0x10/0x10
[  420.261663][T10074]  ? task_mm_cid_work+0x6b9/0x910
[  420.261711][T10074]  do_futex+0x1e3/0x350
[  420.261741][T10074]  ? __pfx_do_futex+0x10/0x10
[  420.261790][T10074]  ? __pfx_task_mm_cid_work+0x10/0x10
[  420.261831][T10074]  ? __pfx___might_resched+0x10/0x10
[  420.261879][T10074]  __x64_sys_futex+0x1e0/0x4c0
[  420.261910][T10074]  ? __pfx_blkcg_maybe_throttle_current+0x10/0x10
[  420.261952][T10074]  ? __pfx___x64_sys_futex+0x10/0x10
[  420.261980][T10074]  ? _copy_to_user+0x48/0xd0
[  420.262038][T10074]  do_syscall_64+0xcd/0x490
[  420.262077][T10074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.262108][T10074] RIP: 0033:0x7f5af318e969
[  420.262132][T10074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.262164][T10074] RSP: 002b:00007f5af0fd50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  420.262194][T10074] RAX: ffffffffffffffda RBX: 00007f5af33b6088 RCX: 00007f5af318e969
[  420.262215][T10074] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5af33b608c
[  420.262234][T10074] RBP: 00007f5af33b6080 R08: 00007f5af3ef0000 R09: 0000000000000000
[  420.262255][T10074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5af33b608c
[  420.262275][T10074] R13: 0000000000000000 R14: 00007ffd02dd0af0 R15: 00007ffd02dd0bd8
[  420.262315][T10074]  </TASK>
[  421.629158][ T9877] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  421.629204][ T9877] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  421.645707][ T9877] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  421.645741][ T9877] Bluetooth: hci3: adv larger than maximum supported
[  421.654449][ T9877] Bluetooth: hci3: adv larger than maximum supported
[  421.662034][ T9877] Bluetooth: hci3: Unknown advertising packet type: 0x72
[  421.669427][ T9877] Bluetooth: hci3: adv larger than maximum supported
[  421.677329][ T9877] Bluetooth: hci3: Malformed LE Event: 0x0d
[  421.900914][ T9877] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  421.900967][ T9877] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  421.917730][ T9877] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  421.917764][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  421.928109][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  421.939186][ T9877] Bluetooth: hci0: Unknown advertising packet type: 0x72
[  421.946731][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  421.955318][ T9877] Bluetooth: hci0: Malformed LE Event: 0x0d
[  422.352213][T10113] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input49
[  422.573995][T10112] Invalid ELF header magic: != ELF
[  422.877294][T10115] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50
[  424.813786][ T9877] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  424.813829][ T9877] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  424.830537][ T9877] Bluetooth: hci0: Malformed LE Event: 0x0d

syzkaller
syzkaller login: [  425.867323][T10156] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  426.555250][T10165] FAULT_INJECTION: forcing a failure.
[  426.555250][T10165] name failslab, interval 1, probability 0, space 0, times 0
[  426.575595][T10165] CPU: 0 UID: 0 PID: 10165 Comm: syz.2.664 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) 
[  426.575643][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  426.575662][T10165] Call Trace:
[  426.575674][T10165]  <TASK>
[  426.575686][T10165]  dump_stack_lvl+0x16c/0x1f0
[  426.575728][T10165]  should_fail_ex+0x512/0x640
[  426.575775][T10165]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  426.575816][T10165]  should_failslab+0xc2/0x120
[  426.575855][T10165]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  426.575891][T10165]  ? __pfx___might_resched+0x10/0x10
[  426.575935][T10165]  ? __anon_vma_prepare+0x344/0x5e0
[  426.575975][T10165]  __anon_vma_prepare+0x344/0x5e0
[  426.576007][T10165]  ? __pfx___pte_alloc+0x10/0x10
[  426.576054][T10165]  __vmf_anon_prepare+0x11c/0x240
[  426.576103][T10165]  __handle_mm_fault+0x2881/0x5450
[  426.576167][T10165]  ? __pfx___handle_mm_fault+0x10/0x10
[  426.576224][T10165]  ? find_vma+0xbf/0x140
[  426.576270][T10165]  ? __pfx_find_vma+0x10/0x10
[  426.576312][T10165]  ? rep_movs_alternative+0x11/0x90
[  426.576368][T10165]  handle_mm_fault+0x3fe/0xad0
[  426.576416][T10165]  do_user_addr_fault+0x7a6/0x1370
[  426.576456][T10165]  ? rcu_is_watching+0x12/0xc0
[  426.576505][T10165]  exc_page_fault+0x5c/0xb0
[  426.576541][T10165]  asm_exc_page_fault+0x26/0x30
[  426.576573][T10165] RIP: 0010:rep_movs_alternative+0x11/0x90
[  426.576621][T10165] Code: e9 14 11 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f
[  426.576664][T10165] RSP: 0018:ffffc9000f3f7e98 EFLAGS: 00050206
[  426.576690][T10165] RAX: 0000000000000062 RBX: 0000000000000006 RCX: 0000000000000006
[  426.576709][T10165] RDX: fffffbfff17b3248 RSI: ffffffff8bd99240 RDI: 0000000000000000
[  426.576730][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff17b3248
[  426.576749][T10165] R10: 0000000000000005 R11: 0000000000000001 R12: ffffffff8bd99240
[  426.576767][T10165] R13: 0000000000000006 R14: 00007ffffffff000 R15: 0000000000000000
[  426.576809][T10165]  _copy_to_user+0xbb/0xd0
[  426.576860][T10165]  fs_name+0x172/0x220
[  426.576899][T10165]  __x64_sys_sysfs+0xbf/0x1a0
[  426.576938][T10165]  do_syscall_64+0xcd/0x490
[  426.576979][T10165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.577009][T10165] RIP: 0033:0x7fd8a158e969
[  426.577034][T10165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  426.577065][T10165] RSP: 002b:00007fd8a249b038 EFLAGS: 00000246 ORIG_RAX: 000000000000008b
[  426.577093][T10165] RAX: ffffffffffffffda RBX: 00007fd8a17b6080 RCX: 00007fd8a158e969
[  426.577114][T10165] RDX: 0000000000000000 RSI: 000000000000004d RDI: 0000000000000002
[  426.577132][T10165] RBP: 00007fd8a1610ab1 R08: 0000000000000000 R09: 0000000000000000
[  426.577151][T10165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  426.577169][T10165] R13: 0000000000000000 R14: 00007fd8a17b6080 R15: 00007ffd9f40f128
[  426.577209][T10165]  </TASK>
[  427.094089][T10172] program syz.0.667 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  427.124465][T10172] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  427.778305][T10187] block nbd7: not configured, cannot reconfigure
[  429.066764][ T9877] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  429.066810][ T9877] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  429.084213][ T9877] bt_err_ratelimited: 5 callbacks suppressed
[  429.084238][ T9877] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  429.094515][ T9877] Bluetooth: hci1: adv larger than maximum supported
[  429.104809][ T9877] Bluetooth: hci1: adv larger than maximum supported
[  429.112346][ T9877] Bluetooth: hci1: Unknown advertising packet type: 0x72
[  429.119872][ T9877] Bluetooth: hci1: adv larger than maximum supported
[  429.127733][ T9877] Bluetooth: hci1: Malformed LE Event: 0x0d
[  431.292738][ T9877] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  431.292784][ T9877] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  431.310569][ T9877] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  431.310605][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  431.318852][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  431.326249][ T9877] Bluetooth: hci0: Unknown advertising packet type: 0x72
[  431.335850][ T9877] Bluetooth: hci0: adv larger than maximum supported
[  431.343975][ T9877] Bluetooth: hci0: Malformed LE Event: 0x0d
[  432.317598][T10241] netlink: 28 bytes leftover after parsing attributes in process `syz.3.679'.
[  433.459348][ T9877] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  433.928642][T10244] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  435.952574][T10294] netlink: 12 bytes leftover after parsing attributes in process `syz.0.685'.
[  435.975092][T10294] net_ratelimit: 77 callbacks suppressed
[  435.975114][T10294] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  436.015824][T10290] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  437.006007][T10304] ubi: mtd0 is already attached to ubi0
[  440.325030][ T9752] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  440.325080][ T9752] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  440.343800][ T9752] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  440.343838][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  440.351756][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  440.361483][ T9752] Bluetooth: hci3: Unknown advertising packet type: 0x72
[  440.370590][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  440.378960][ T9752] Bluetooth: hci3: Malformed LE Event: 0x0d
[  441.404010][T10355] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  441.544376][T10354] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  441.847401][T10366] program syz.1.701 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  441.897554][T10366] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  442.224918][T10375] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  442.302534][T10374] netlink: 28 bytes leftover after parsing attributes in process `syz.1.703'.
[  442.811976][ T9752] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  442.812009][ T9752] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  442.830667][ T9752] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  442.830694][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  442.838582][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  442.846104][ T9752] Bluetooth: hci3: Unknown advertising packet type: 0x72
[  442.853547][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  442.861417][ T9752] Bluetooth: hci3: Malformed LE Event: 0x0d
[  444.614762][ T9752] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  444.614808][ T9752] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  444.632159][ T9752] Bluetooth: hci1: Malformed LE Event: 0x0d
[  445.160604][T10398] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  445.550083][T10415] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  445.695815][T10415] CIFS mount error: No usable UNC path provided in device string!
[  445.695815][T10415] 
[  445.707826][T10415] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  446.248248][T10424] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  446.815166][T10428] netlink: 'syz.0.712': attribute type 1 has an invalid length.
[  449.239786][ T9752] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  449.239832][ T9752] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  449.256662][ T9752] bt_err_ratelimited: 5 callbacks suppressed
[  449.256686][ T9752] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  449.263325][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  449.275073][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  449.283593][ T9752] Bluetooth: hci3: Unknown advertising packet type: 0x72
[  449.292528][ T9752] Bluetooth: hci3: adv larger than maximum supported
[  449.300620][ T9752] Bluetooth: hci3: Malformed LE Event: 0x0d
[  449.867945][T10453] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  449.874664][T10453] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  450.456506][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  450.463586][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  452.203617][ T9752] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[  452.203662][ T9752] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[  452.203831][T10453] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  452.211873][ T9752] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  452.236955][ T9752] Bluetooth: hci1: adv larger than maximum supported
[  452.253879][ T9752] Bluetooth: hci1: adv larger than maximum supported
[  452.276896][ T9752] Bluetooth: hci1: Unknown advertising packet type: 0x72
[  452.295586][ T9752] Bluetooth: hci1: adv larger than maximum supported
[  452.326960][ T9752] Bluetooth: hci1: Malformed LE Event: 0x0d
[  452.352386][ T9752] Bluetooth: hci1: command 0x0c1a tx timeout
[  452.945701][T10453] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  453.350114][T10453] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  453.567730][T10453] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  454.289214][ T9752] Bluetooth: hci2: command 0x0c1a tx timeout
[  454.449045][ T9752] Bluetooth: hci1: command 0x0c1a tx timeout
[  454.786347][T10512] queue_state_write: unsupported operation ''
[  454.793274][T10512] queue_state_write: use 'run', 'start' or 'kick'
[  455.409824][ T9752] Bluetooth: hci0: command 0x0c1a tx timeout
[  455.417007][ T9877] Bluetooth: hci3: command 0x0c1a tx timeout
[  455.698412][ T9752] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  455.698457][ T9752] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  455.716824][ T9752] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  455.716876][ T9752] Bluetooth: hci3: Malformed LE Event: 0x0d
[  456.371504][ T9752] Bluetooth: hci2: command 0x0c1a tx timeout
[  458.649514][T10553] deleting an unspecified loop device is not supported.

syzkaller
syzkaller login: [  460.554297][T10575] queue_state_write: unsupported operation ''
[  460.591181][T10575] queue_state_write: use 'run', 'start' or 'kick'
[  461.072578][T10588] snd_aloop snd_aloop.0: Parsing timer source '
' failed with -22
[  461.327862][T10592] netlink: 28 bytes leftover after parsing attributes in process `syz.3.738'.
[  461.929731][T10597] netlink: 28 bytes leftover after parsing attributes in process `syz.0.740'.
[  462.113918][T10595] 
[  462.116541][T10595] ======================================================
[  462.124284][T10595] WARNING: possible circular locking dependency detected
[  462.132031][T10595] 6.15.0-syzkaller-09113-g8477ab143069 #0 Not tainted
[  462.139496][T10595] ------------------------------------------------------
[  462.147223][T10595] syz.2.739/10595 is trying to acquire lock:
[  462.153807][T10595] ffff888142bdfb40 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400
[  462.164191][T10595] 
[  462.164191][T10595] but task is already holding lock:
[  462.172301][T10595] ffff888142bdf608 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  462.184723][T10595] 
[  462.184723][T10595] which lock already depends on the new lock.
[  462.184723][T10595] 
[  462.196186][T10595] 
[  462.196186][T10595] the existing dependency chain (in reverse order) is:
[  462.206107][T10595] 
[  462.206107][T10595] -> #3 (&q->q_usage_counter(io)#55){++++}-{0:0}:
[  462.215601][T10595]        blk_alloc_queue+0x619/0x760
[  462.221453][T10595]        blk_mq_alloc_queue+0x175/0x290
[  462.227575][T10595]        __blk_mq_alloc_disk+0x29/0x120
[  462.233696][T10595]        nbd_dev_add+0x4a0/0xbc0
[  462.239156][T10595]        nbd_init+0x181/0x320
[  462.244332][T10595]        do_one_initcall+0x120/0x6e0
[  462.250155][T10595]        kernel_init_freeable+0x5c2/0x900
[  462.256460][T10595]        kernel_init+0x1c/0x2b0
[  462.261815][T10595]        ret_from_fork+0x5d4/0x6f0
[  462.267453][T10595]        ret_from_fork_asm+0x1a/0x30
[  462.273291][T10595] 
[  462.273291][T10595] -> #2 (fs_reclaim){+.+.}-{0:0}:
[  462.281297][T10595]        fs_reclaim_acquire+0x102/0x150
[  462.287418][T10595]        prepare_alloc_pages+0x162/0x610
[  462.293649][T10595]        __alloc_frozen_pages_noprof+0x18b/0x23f0
[  462.300718][T10595]        __alloc_pages_noprof+0xb/0x1b0
[  462.306851][T10595]        pcpu_populate_chunk+0x110/0xb00
[  462.313059][T10595]        pcpu_alloc_noprof+0x86a/0x1470
[  462.319177][T10595]        xt_percpu_counter_alloc+0x13e/0x1b0
[  462.325768][T10595]        find_check_entry.constprop.0+0xbf/0xa20
[  462.332759][T10595]        translate_table+0xd0b/0x17b0
[  462.338674][T10595]        ip6t_register_table+0x102/0x430
[  462.344901][T10595]        ip6table_nat_table_init+0x4b/0x250
[  462.351388][T10595]        xt_find_table_lock+0x2e1/0x520
[  462.357494][T10595]        xt_request_find_table_lock+0x28/0xf0
[  462.364268][T10595]        get_info+0x190/0x620
[  462.369455][T10595]        do_ip6t_get_ctl+0x169/0xa50
[  462.375301][T10595]        nf_getsockopt+0x7c/0xe0
[  462.380766][T10595]        ipv6_getsockopt+0x1f7/0x280
[  462.386604][T10595]        tcp_getsockopt+0xa1/0x100
[  462.392239][T10595]        do_sock_getsockopt+0x3fc/0x800
[  462.398367][T10595]        __sys_getsockopt+0x123/0x1b0
[  462.404299][T10595]        __x64_sys_getsockopt+0xbd/0x160
[  462.410509][T10595]        do_syscall_64+0xcd/0x490
[  462.416050][T10595]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.423116][T10595] 
[  462.423116][T10595] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}:
[  462.431634][T10595]        __mutex_lock+0x199/0xb90
[  462.437203][T10595]        pcpu_alloc_noprof+0xb4a/0x1470
[  462.443318][T10595]        sbitmap_init_node+0x2fd/0x770
[  462.449332][T10595]        sbitmap_queue_init_node+0x41/0x560
[  462.455823][T10595]        blk_mq_init_tags+0x12d/0x2b0
[  462.461758][T10595]        blk_mq_alloc_map_and_rqs+0x237/0xf60
[  462.468449][T10595]        blk_mq_init_sched+0x30c/0x610
[  462.474468][T10595]        elevator_switch+0x1e1/0x7f0
[  462.480291][T10595]        elevator_change+0x2ac/0x400
[  462.486117][T10595]        elevator_set_default+0x292/0x320
[  462.492426][T10595]        blk_register_queue+0x393/0x4f0
[  462.498556][T10595]        __add_disk+0x74a/0xf00
[  462.503914][T10595]        add_disk_fwnode+0x13f/0x5d0
[  462.509750][T10595]        nbd_dev_add+0x791/0xbc0
[  462.515217][T10595]        nbd_init+0x181/0x320
[  462.520374][T10595]        do_one_initcall+0x120/0x6e0
[  462.526200][T10595]        kernel_init_freeable+0x5c2/0x900
[  462.532508][T10595]        kernel_init+0x1c/0x2b0
[  462.537865][T10595]        ret_from_fork+0x5d4/0x6f0
[  462.543496][T10595]        ret_from_fork_asm+0x1a/0x30
[  462.549318][T10595] 
[  462.549318][T10595] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  462.557942][T10595]        __lock_acquire+0x126f/0x1c90
[  462.563861][T10595]        lock_acquire+0x179/0x350
[  462.569397][T10595]        __mutex_lock+0x199/0xb90
[  462.574941][T10595]        elevator_change+0x103/0x400
[  462.580765][T10595]        elv_iosched_store+0x2eb/0x3a0
[  462.586784][T10595]        queue_attr_store+0x279/0x320
[  462.592721][T10595]        sysfs_kf_write+0xef/0x150
[  462.598370][T10595]        kernfs_fop_write_iter+0x351/0x510
[  462.604800][T10595]        iter_file_splice_write+0x91f/0x1150
[  462.611388][T10595]        direct_splice_actor+0x192/0x6c0
[  462.617594][T10595]        splice_direct_to_actor+0x342/0xa30
[  462.624103][T10595]        do_splice_direct+0x174/0x240
[  462.630039][T10595]        do_sendfile+0xb06/0xe50
[  462.635478][T10595]        __x64_sys_sendfile64+0x1d8/0x220
[  462.641793][T10595]        do_syscall_64+0xcd/0x490
[  462.647349][T10595]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.654443][T10595] 
[  462.654443][T10595] other info that might help us debug this:
[  462.654443][T10595] 
[  462.665700][T10595] Chain exists of:
[  462.665700][T10595]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#55
[  462.665700][T10595] 
[  462.680841][T10595]  Possible unsafe locking scenario:
[  462.680841][T10595] 
[  462.689044][T10595]        CPU0                    CPU1
[  462.694947][T10595]        ----                    ----
[  462.700853][T10595]   lock(&q->q_usage_counter(io)#55);
[  462.706791][T10595]                                lock(fs_reclaim);
[  462.713955][T10595]                                lock(&q->q_usage_counter(io)#55);
[  462.722819][T10595]   lock(&q->elevator_lock);
[  462.727876][T10595] 
[  462.727876][T10595]  *** DEADLOCK ***
[  462.727876][T10595] 
[  462.736830][T10595] 6 locks held by syz.2.739/10595:
[  462.742450][T10595]  #0: ffff888035d60428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30
[  462.753503][T10595]  #1: ffff888013381088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  462.764255][T10595]  #2: ffff888025b7a1e8 (kn->active#138){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  462.775424][T10595]  #3: ffff8880268e4188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: elv_iosched_store+0x337/0x3a0
[  462.787135][T10595]  #4: ffff888142bdf608 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  462.800013][T10595]  #5: ffff888142bdf640 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  462.813086][T10595] 
[  462.813086][T10595] stack backtrace:
[  462.819572][T10595] CPU: 1 UID: 0 PID: 10595 Comm: syz.2.739 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) 
[  462.819607][T10595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  462.819624][T10595] Call Trace:
[  462.819632][T10595]  <TASK>
[  462.819642][T10595]  dump_stack_lvl+0x116/0x1f0
[  462.819684][T10595]  print_circular_bug+0x275/0x350
[  462.819731][T10595]  check_noncircular+0x14c/0x170
[  462.819779][T10595]  __lock_acquire+0x126f/0x1c90
[  462.819820][T10595]  lock_acquire+0x179/0x350
[  462.819845][T10595]  ? elevator_change+0x103/0x400
[  462.819876][T10595]  ? __pfx___might_resched+0x10/0x10
[  462.819918][T10595]  __mutex_lock+0x199/0xb90
[  462.819949][T10595]  ? elevator_change+0x103/0x400
[  462.819980][T10595]  ? elevator_change+0x103/0x400
[  462.820009][T10595]  ? __pfx___mutex_lock+0x10/0x10
[  462.820045][T10595]  ? blk_mq_cancel_work_sync+0xd8/0x110
[  462.820083][T10595]  ? __pfx_blk_mq_cancel_work_sync+0x10/0x10
[  462.820126][T10595]  ? elevator_change+0x103/0x400
[  462.820154][T10595]  elevator_change+0x103/0x400
[  462.820186][T10595]  elv_iosched_store+0x2eb/0x3a0
[  462.820218][T10595]  ? __pfx_elv_iosched_store+0x10/0x10
[  462.820251][T10595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.820282][T10595]  ? __mutex_trylock_common+0xe9/0x250
[  462.820310][T10595]  ? __pfx_elv_iosched_store+0x10/0x10
[  462.820342][T10595]  queue_attr_store+0x279/0x320
[  462.820384][T10595]  ? __pfx_queue_attr_store+0x10/0x10
[  462.820424][T10595]  ? __lock_acquire+0x622/0x1c90
[  462.820458][T10595]  ? find_held_lock+0x2b/0x80
[  462.820493][T10595]  ? sysfs_file_kobj+0xe4/0x290
[  462.820537][T10595]  ? __pfx_queue_attr_store+0x10/0x10
[  462.820578][T10595]  sysfs_kf_write+0xef/0x150
[  462.820621][T10595]  kernfs_fop_write_iter+0x351/0x510
[  462.820659][T10595]  ? __pfx_sysfs_kf_write+0x10/0x10
[  462.820709][T10595]  iter_file_splice_write+0x91f/0x1150
[  462.820745][T10595]  ? __pfx_iter_file_splice_write+0x10/0x10
[  462.820774][T10595]  ? __pfx_copy_splice_read+0x10/0x10
[  462.820825][T10595]  ? __pfx_iter_file_splice_write+0x10/0x10
[  462.820852][T10595]  direct_splice_actor+0x192/0x6c0
[  462.820879][T10595]  splice_direct_to_actor+0x342/0xa30
[  462.820924][T10595]  ? __pfx_direct_splice_actor+0x10/0x10
[  462.820965][T10595]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  462.821012][T10595]  do_splice_direct+0x174/0x240
[  462.821053][T10595]  ? __pfx_do_splice_direct+0x10/0x10
[  462.821095][T10595]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  462.821157][T10595]  ? rw_verify_area+0xcf/0x680
[  462.821213][T10595]  do_sendfile+0xb06/0xe50
[  462.821240][T10595]  ? __pfx_do_sendfile+0x10/0x10
[  462.821267][T10595]  ? __x64_sys_futex+0x1e0/0x4c0
[  462.821289][T10595]  ? __x64_sys_futex+0x1e9/0x4c0
[  462.821313][T10595]  __x64_sys_sendfile64+0x1d8/0x220
[  462.821347][T10595]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  462.821386][T10595]  do_syscall_64+0xcd/0x490
[  462.821419][T10595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.821445][T10595] RIP: 0033:0x7fd8a158e969
[  462.821465][T10595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.821490][T10595] RSP: 002b:00007fd8a249b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  462.821514][T10595] RAX: ffffffffffffffda RBX: 00007fd8a17b6080 RCX: 00007fd8a158e969
[  462.821532][T10595] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008
[  462.821547][T10595] RBP: 00007fd8a1610ab1 R08: 0000000000000000 R09: 0000000000000000
[  462.821563][T10595] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  462.821578][T10595] R13: 0000000000000000 R14: 00007fd8a17b6080 R15: 00007ffd9f40f128
[  462.821602][T10595]  </TASK>