last executing test programs:

12m34.774879468s ago: executing program 2 (id=2426):
openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f00000000c0), 0x42ca82, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0xfffffffffffffffc, 0x400008, 0x7, 0x1b72, 0x2, 0x8000)
bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x2, {0x40, 0x0, 0x2}}, 0x66)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setresgid$auto(0x0, 0xee01, 0xffffffffffffffff)
getegid()
mmap$auto(0x400, 0x9, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8002)
semctl$auto(0x7, 0x2, 0x13, 0x1)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/ipsec\x00', 0xc2040, 0x0)
ioctl$auto(r0, 0x4b72, 0xffffffffffffffff)

12m34.527283737s ago: executing program 2 (id=2419):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0)
getdents64$auto(r0, 0x0, 0x400)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x200200, 0x0)
r2 = openat$auto_userfaultfd_dev_fops_userfaultfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x81, 0x0)
ioctl$auto(0x3, 0x40a0ae49, r2)

12m33.375736421s ago: executing program 2 (id=2421):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/usb1-port1/quirks\x00', 0x103a42, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
pread64$auto(0xffffffffffffffff, 0x0, 0x59, 0x7)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f682, 0x0)
ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={"2252f65ca1b92f72a92538725b0694521629e8c3e6ba91c62e2e9d42cf4aef15", 0x4, 0x3, 0x0, 0x6, 0xff})
listen$auto(0xffffffffffffffff, 0x14)
mmap$auto(0x8000000000000001, 0x2020008, 0x8, 0x16, 0xfffffffffffffffa, 0x8004)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0)
r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x980800, 0x0)
read$auto(r2, 0x0, 0x3a8)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/ext4/sda1/trigger_fs_error\x00', 0xa801, 0x0)
write$auto(r3, &(0x7f0000000500)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\b\x86\xc6\xd7L\xc6\xd1\xf4h\xf2\xc4\xaf\x19Q\x04\xfb\x17\xef\xea;}\x04\x91K\xcc\xe5\xe2\x9aZ\x14\x83\f\x17\xf6\xb1u!\xbc\xbc8H\x94,3\xba\x8a\'\xef\b\x942W\xb5:\xb4\xe3[\x9d\xc1s\x13\xf9\xd5X\xe0\xfd\x7f\x95\xf8\xc9\x85\xe7\xd9u3\xc3\xcd\x1dJX\xcd\xab\xf5\xdf\xf1\xad\xa4\xf1\x9b\xc4\xf9\xac\xa2\x8f@W\x9d\xf4 \xd3di\x84\xff\xe2`\x9c7\xbc\xe7\xe1\x84\xcb\bt\xa0\x93]\xba\t\x92\xca\x1f\xc3\x00\x00\x00\x00\xf8\xeb\xc65\xd3\xd1\xc5\xbbi\x15\x00\xe0\\y\xa9Em\xd5\x19\xef\xf8\xac!\xff@K\x1d\xeaE\xce=\x90\xe6O\x82X\xc1\xbfI:5\xac\xb0\x98\xbf\xf1\xbaV\xa3\xb2\x87H!\xa4+{\xe6\x02\xb8\x88\xea66$!v\xef\xce\x19eM\xae\xe3\xd9jc\x10\xa7\xf1\xce&\xd7\xb6\x06\xf3\xeb\xe8\x87[f\xe7\xdf\x8c\x0f\x90\xed\x04Z!\x89R\x8b-\xbcI\t:\xcf\x9b\xd5a\v\xf0^d$\xb6\x06\xbb\xdf\xa5\x88\x96\xd2V{\xb7n\x1b5N\xb9\xdc\x97\x16\x9e\aag\x1b\xf0K\xebtw\xe3\xca\xfdB\xa5\x82nlV\xac\xe6bK\xec\xa3.\xe7qeOd\x19\xeaX\x94N\x84\xa51\xec7:\xef\xd1\x81\xd4JP\x81\xc3\xa3/Mz\x91f\xcf\xdaO\xe1l\xcc\x8b\xb0\xe5\xc9n\x95\x9a\xa6\xf3Tk\xdf\xf5m\x7fbC\x8a\x97\xdcM\x06\x8a\xd3g\xe5\'\xf2\x8c\x1a\xd00Z\x06\xf2\xacL\xe0\xab\x1d\x1e\x94A\b&\xe8\xc8\xa1\xebpU\x8a\xc9\x98Wj ?\vd\xa3\x9e\xc4\xc8_\"^Q\xa5\xd6\v\xbe\x95gz\x9ev3\f\xf82\xd3m)\xd2a\xb1\x8e\xb8\xd0\xb4\x12\x91\x88>\xc2\xcc\x0e\x1e}o\xa9a', 0x81)
sendfile$auto(r0, r1, 0x0, 0x3)
r4 = socket(0x11, 0x3, 0x8)
setsockopt$auto_SO_SNDBUF(r0, 0x8, 0x7, &(0x7f0000000040)='#@[%\x00', 0x2)
sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1a7, &(0x7f0000000100)={&(0x7f00000003c0), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100)
sendmsg$auto_VDPA_CMD_DEV_NEW(r4, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYBLOB="a0000000c7710133e089ee5d82e46c0e163e0fee3f3bc5ecfa67644dd030fc29a8e088090000003c32829505ff9faf1e2f830c000000676ffe243bf74a071b93d6af34721227bc3d6b1a130c924cde1ba80042d7233bdf88cbe121626ad158d031f089f84ab643a05199c3605ece954481bdee7908c48b891288c159ce398e880f8450b1d2d34cf0da6d9c07023afae862e399cab5c987b0a353cd32c2f718662e51e70957d950217220781bd51e30e6ab9af1fcd2431107aa86852cb14179b2fa0fd69fada008aeb2052ce787e7c4721ff0b861eeb322a8ceda794140981d25d54b", @ANYRES16=0x0, @ANYBLOB="00012cbd7000fddbdf250300000039000a00d9679a4ee6f4069fd08d42f0849ddd03d9fe92dff24c02fdb0ff0b2713381b815df0e7b9bb8fca19862ca99e93b9e09eb60554428e000000140002007465616d3000000000000000000000001400040076657468315f746f5f7465616d0000000c001400000000000000000006000c000300000014000400766c616e3000"/154], 0xa0}, 0x1, 0x0, 0x0, 0x1}, 0x24000090)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(0xffffffffffffffff, 0xc2604110, &(0x7f00000009c0)={0x0, [{[0x2, 0x484, 0x5, 0x7, 0x3ff, 0x9, 0x0, 0x2]}, {[0x2, 0x401, 0xdc, 0xfffffff2, 0x1, 0x4, 0x47, 0x9]}, {[0x2, 0x3, 0x10, 0x6, 0x0, 0xbc, 0x101, 0xfffffff7]}], [{[0x10000, 0x4b3f5176, 0x1ff, 0x8, 0x4, 0xf9bae78, 0x5, 0x8]}, {[0x101, 0x2, 0x5, 0x9, 0x3, 0x4, 0x6]}, {[0x0, 0x5, 0x6ef1, 0x9ed, 0x9, 0x6, 0x51, 0x5]}, {[0x8, 0x4, 0x2, 0x2, 0x9, 0x8, 0x327a000, 0x7]}, {[0x1, 0x0, 0x101, 0x7, 0xfbc, 0x400, 0x80000001, 0x87]}], [{0xa9, 0x7b0, 0x0, 0x1}, {0xd1, 0xfffffffd, 0x1, 0x0, 0x1}, {0x2, 0x7, 0x0, 0x1, 0x1, 0x1}, {0x8, 0x1, 0x0, 0x1}, {0xfffffffe, 0x75, 0x1, 0x1, 0x1, 0x1}, {0x1000, 0x4, 0x1, 0x0, 0x1}, {0x7, 0x4, 0x1, 0x1, 0x1, 0x1}, {0x800, 0x2, 0x0, 0x0, 0x1, 0x1}, {0x7, 0x6, 0x1, 0x1, 0x1}, {0x80, 0x8, 0x1, 0x1}, {0x5, 0xfff, 0x1, 0x0, 0x0, 0x1}, {0x100, 0x4, 0x0, 0x0, 0x0, 0x1}], [{0x2, 0x3, 0x1, 0x0, 0x1}, {0x1000, 0x5, 0x0, 0x0, 0x1, 0x1}, {0x6, 0x100, 0x1, 0x1, 0x0, 0x1}, {0xffffffff, 0x6, 0x0, 0x1, 0x1, 0x1}, {0x1, 0x89, 0x1, 0x1, 0x1, 0x1}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x5, 0xf3, 0x0, 0x1, 0x0, 0x1}, {0x1, 0x7f, 0x0, 0x1}, {0x200, 0x3, 0x1, 0x0, 0x1, 0x1}], 0x2, 0x4, 0x9f, 0x10001, 0x7ff, 0x90, 0x4, "8db2758342284256397dd514a5914911", "f230affd899c105d3713a9ad65e41c932f3ab17ec90e4ec10408cede7fab7e4238fbffb0953d7c7bc67fb2610fcb0699"})
write$auto_sg_fops_sg(r5, &(0x7f0000001380)="4a0200000000000000899edb615550fd8c7c924d87f003", 0x17)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000000)="42bf", 0x2)

12m31.180571857s ago: executing program 2 (id=2425):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async, rerun: 32)
socket(0xa, 0x3, 0x6) (async)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async, rerun: 32)
r0 = socket(0x15, 0x5, 0x0) (rerun: 32)
setsockopt$auto(r0, 0x114, 0x8, 0x0, 0x4) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 64)
r1 = socket(0xa, 0x801, 0x84) (rerun: 64)
getsockopt$auto(r1, 0x84, 0x21, 0x0, 0x0)

12m29.21520327s ago: executing program 2 (id=2429):
madvise$auto(0x0, 0xffffffffffff0006, 0x55)
r0 = socket(0x2, 0x1, 0x106)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0)
ioctl$auto(0x3, 0x5420, 0x38)
ioctl$auto(0x3, 0x402c542c, 0x38)
ioctl$auto(0x3, 0x402c542b, 0x38)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x20000810)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
io_uring_setup$auto(0x12, 0x0)
acct$auto(&(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_\xf6\r\x00\x00default_nu_gp/lu_gp_id\x1f\xd7\xba(-\xc4*e\xff\xad\xbae\xd9.\xff\x19\x9fx\xa4f\xb7U9\xae7\xf6n\x17f\xe9nt\a\x1aD\xdeo\vT\x8b\xb2D1\xd1\xf7#\xe2\xb5\'U}W\xbb\xa6\x9d\xaeD\xb2\xa8t\xff\xa3\xa5\x93p\xb3\xee~\xd3\xaca\"\x956#\xf6\xc2\x92p\x83\x8fT\xaa\xeby\x89\a\x81\x97A\x98&\x86\x11$\xf94\xb4\xaf\xc9\x81Qb\x14F.E\xde\xd6\x10\x8b\xa7\vve|\xe9\xa3d\x13\xd8J\xfc\xeap\xba\xe7VMk\xe9\x9c\xdf\xbf\xc2\xa05\x9f\xdcI\xa2/\xc1W\xf9\xfc\x86n\x8e\x9a:\x92\xb4d\x8d\t\x859\n\x8f\xab\xed\xfd\x81\xad\xc1\xc2\x0f_Ic')
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/phram/parameters/phram\x00', 0x4a481, 0x0)
write$auto(r1, 0x0, 0x81)
connect$auto(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0xd}}, 0x54)
write$auto(0x3, 0x0, 0xfffffdef)
shutdown$auto(0x200000003, 0x2)
prctl$auto(0x5, 0x2000000001, 0x0, 0x1, 0x0)
r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000001000)='/dev/cec6\x00', 0x100000, 0x0)
ioctl$auto_CEC_ADAP_G_CONNECTOR_INFO(r2, 0x8044610a, 0x0)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)

12m25.963925626s ago: executing program 2 (id=2438):
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000)
madvise$auto(0x3, 0xffffffffffff0006, 0x17)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x50d401, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
write$auto(r0, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9)
socket$nl_generic(0x10, 0x3, 0x10)
select$auto(0x13, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x84, 0x948b, 0xfffffffffffffffc, 0x15f4da07, 0x1, 0x4da, 0x62, 0x2, 0x40004, 0x6d3e, 0x9, 0x2, 0x1]}, 0x0)
msync$auto(0x800000000000000, 0x200, 0x2)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xc8})
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
write$auto(0x3, 0x0, 0xfffffdef)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x20, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
write$auto(0x3, 0x0, 0xfdef)
ioctl$auto(0x3, 0x5402, 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto(0x3, 0x541b, 0x38)
io_uring_setup$auto(0x6, 0x0)

12m10.358153513s ago: executing program 32 (id=2438):
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000)
madvise$auto(0x3, 0xffffffffffff0006, 0x17)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x50d401, 0x0)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_ETHTOOL_MSG_PSE_SET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0)
write$auto(r0, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9)
socket$nl_generic(0x10, 0x3, 0x10)
select$auto(0x13, 0x0, 0x0, &(0x7f00000002c0)={[0x7, 0x7, 0xd, 0x84, 0x948b, 0xfffffffffffffffc, 0x15f4da07, 0x1, 0x4da, 0x62, 0x2, 0x40004, 0x6d3e, 0x9, 0x2, 0x1]}, 0x0)
msync$auto(0x800000000000000, 0x200, 0x2)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xc8})
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
write$auto(0x3, 0x0, 0xfffffdef)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x20, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
write$auto(0x3, 0x0, 0xfdef)
ioctl$auto(0x3, 0x5402, 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto(0x3, 0x541b, 0x38)
io_uring_setup$auto(0x6, 0x0)

7.919759101s ago: executing program 0 (id=4731):
mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000001000)='/dev/loop5\x00', 0x40, 0x0)
ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000)
r1 = open(0x0, 0x22240, 0x55)
statx$auto(r1, 0x0, 0x2001003, 0x4005, 0x0)
ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000300)={0xf27, &(0x7f00000002c0)={0xaa, 0x1, 0x0, @raw=0x5}})
r2 = ioctl$auto_TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000040)={0x1, 0x9, 0x5, @raw=0xffffffff}})
ioctl$auto(0xffffffffffffffff, 0xe437, r2)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x181280, 0x0)
ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000001c0)="3b32891c57a3f0aa8f9b1aea6a21f5a9ebcf9047c415c58b2fea544a63453b902e980153872ad593e631465ced71be68da29ee1699d36d6aa2b946bdc024c3dfc8f0dc6c45845219db3efe403488b4c3e78429c1e268190df0537ba0569971a39fe3584bf9e79a33d024db80d5cfe4c7c2c5662e4ca89b7438fb7ecd828503c0c6096fb671aadcfe68c77e7bf987383a2dee847a65ab478fab569a99c4f22a4336da6481267d0a44aefe69a7da14d78f219b290513f6dd1f2c314b99a220d693a55104b9c09f9c32be060524166d328c237dc4e076690c66799f3141aae0300cea")
write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000007c0)="97544df29404e114be73f7b0544b102020", 0x11)
r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000040))
socket(0x23, 0x80805, 0x0)
listen$auto(0x3, 0x83)
listen$auto(0x3, 0x81)
ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000440)="0db1eb")
mmap$auto(0x0, 0x4020009, 0xe4, 0x1e, r1, 0xffffffffffffffff)
name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1c_\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9wj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xee\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', 0x0, 0x0, 0x1001)
r5 = epoll_create$auto(0x8)
epoll_ctl$auto(r5, 0x1, 0x8000000000000000, 0x0)
socket(0x1e, 0x805, 0x0)
ioctl$auto_MON_IOCX_GETX(r1, 0x4018920a, &(0x7f00000003c0)={&(0x7f0000000340)={0x8, 0xde, 0x7, 0x6, 0x5, 0x2, 0x7f, 0x6, 0x6, 0x4, 0x6, 0xe00, 0x5, @iso={0x4, 0x8001}, 0x40, 0x3, 0x8, 0x5be}, &(0x7f0000000380)="a91a749248ed3a7cf67dddf321a9fc71f1e31fb669b75ccce6", 0xffffffffffffffc0})
bind$auto(0x3, &(0x7f0000000040)=@generic={0x1e, "4dbd9b9034ec168d2be6400500"}, 0xf105)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
preadv2$auto(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x80000000}, 0x6, 0xe, 0x4, 0x80000000)
sysfs$auto(0xc, 0xbb, 0x3)

7.634671137s ago: executing program 0 (id=4734):
r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, 0x0)
socket(0xa, 0x1, 0x100)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x1000005, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x11a001, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioprio_set$auto(0x3, 0x0, 0x4b34)
madvise$auto(0x16, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x204}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x9}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_AGE={0x8, 0x4, 0x973}]}, 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)

6.720904609s ago: executing program 3 (id=4737):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mmap$auto(0x0, 0x7ff, 0x6, 0x80000eb0, 0x401, 0x5)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
inotify_init1$auto(0x3000000000000)
r0 = socket$nl_generic(0x11, 0x3, 0x10)
socket(0xa, 0x2, 0x88)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x2, 0x2, 0x1)
socket(0xa, 0x5, 0x84)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x11, 0x3, 0x9)
r3 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000e40), 0x80001, 0x0)
write$auto(r3, &(0x7f0000000240)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x03\x00\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xb5\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2=\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8\xe83\x90P?\xe2B\x85)\xcc\x1f\xa1\xf8\xad]J\x90\xe7E\xa5\xfc\xfc\x9c\xa5\xd1\xab\xd7@\x94V\xbd\xba\xb1 \x9d,\x1e\x03\xd7SX?\x1a\xc7Y\xc2\xddh\xc8$\x8b#\x89\xad\"P\x81^Uq2- \x92\xcd\xf8\x8cU\nSx\xf9\xdc\xe9.t]\xec\xeb)\xf3\xa6OYBHE$\x98\xac\xa58^\x0e\xf5\xd6\xa1\xc7\xf35\xf9\x929FYr\\?\x80~nI\x92\x94\xca\x8c\xaaYmI2\x9a`#r\n %\xe5\xf0\x90DI\xac^\x96@\x10sD\x987\x9a=;\x98\x81\xbb\xf4)ts\x9eO,\'\xd0UI\xab[S\x8e\x11)\x8e|0\xa4F-\x9d\xc0\xe1=I\xcf(\x14\xb2\xe4\xb4\xb2\xb7\xeb\xa7h\x1c\xf4\xb4\x1c\xd5\x9bkD\xfa-\xd6r:eh\x01\xb6y\xbfM\xad\"\x04\xd69\xadn\x81\xc0*\x92\xe8\x9b+(\x8bF\xa1\xe4t\x1a\xf1\xca\xd1\x06A\xef\xc5d;\xbe\xe3[\x7ff\xf9}f\x9bL\xd65\xba\xf1\xcb\xe7\xfc\x03j\xd4\xa7O\x8e\xba\xb3\xf1_\xf4\xa3\xea\"\x84\x105\xe1\xa5Tzk\xe9\x10\xf8\xaa\xe3\xff\xa7\x9crMP\x1a@U\xb3+\xd0\xaa\x9a\x91f\xb3ozf\r\xb1\xd4\xaf\xe4\xbee5\xb1\xc5G\xac#\x93XE\x8f\xee\xce\xb5\x86\x89\xbf\xbda\x98S\xbb\x83\xd5\xe8vr\x9f\xadr\xfd\xe34\xc61j\xe7\xd1\xe8eF\xdd\xdb_\xa2p\a\xa8\xc4T\fAQ\xe0\xc7\x9a\xd0\xca\x19\xb9\xb1(`;vz\xa5\xd4/\x19)\xde\x90C\x1b\xae\x92\xb8\xd1\v\xed\xfe\xce\x86N\xfd\x8c\xb9\xddi\xc0\xe4d\x17\xfb\x95Q\x06\xe6\x97\x1cI\x9f\x80\xaaSG\x05!\r#?\rM\x12\x1b%bPe', 0x9)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x2c8501, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r4, @ANYRES8=r4], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082)
write$auto(r5, &(0x7f0000000000)='-\x00', 0xfdef)
bpf$auto(0x0, &(0x7f0000000000)=@bpf_attr_4={0x16, r2, 0x4, r0}, 0x10)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0x3)
close_range$auto(0x0, 0x5, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0)
r7 = socketpair$auto(0x1c, 0x4000004, 0x1000004, 0x0)
ioctl$auto(r6, 0x541c, r7)

6.526600197s ago: executing program 3 (id=4738):
r0 = open(&(0x7f00000001c0)='./cgroup\x00', 0x2b8280, 0xde)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/platform/vhci_hcd.9/usb27/27-0:1.0/usb27-port1/early_stop\x00', 0x80302, 0x0)
sendfile$auto(r1, r1, 0x0, 0x2001)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000340), 0x40a40, 0x0)
set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9)
mmap$auto(0x0, 0x3, 0x3, 0xeb1, r0, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
readv$auto(r2, &(0x7f00000000c0)={0x0, 0x5}, 0x3)
ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0)
mmap$auto(0x0, 0x2420009, 0x3, 0xebe, 0xfffffffffffffffa, 0xb)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0)
madvise$auto(0x0, 0x1010001, 0x100000003)
read$auto(r3, 0x0, 0x20)
sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r2, @ANYRESHEX, @ANYBLOB="746cb551e830601e0d16aabb95291469d303f663aee02f11c85470d52aad0e1a83597ff7ee28603127a63aa61486d9def84244b955e043f80e4863109603599904e43691d52f8b8db3f762b23603e1aeea28c050892624ce04b9aa085cc103b84b27b4f6399119f1c648753803ada83ef75d2f83473afa338a9363aec6fc7e290c779f559a7721508685a053719936c59213308d23b1d3d1e8555c43793617dd0492ab7c5024ad50f8abd13c2b5ea6b33cb1b1730c67f78ba2a77fcf21948b1266"], 0x40}, 0x1, 0x0, 0x0, 0x2408c810}, 0x40418c0)
mmap$auto(0xff0f200000000000, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000a40), 0xffffffffffffffff)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x18, 0x0, 0x401, 0x70bd2a, 0x25dfdbfe, {}, [@THERMAL_GENL_ATTR_TZ_GOV_NAME={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x24004080}, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0xc844}, 0x0)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0x200006, 0x19)
shmctl$auto_IPC_STAT(0x4, 0x2, 0x0)
getsockopt$auto_SO_GET_FILTER(r0, 0x4, 0x1a, 0x0, &(0x7f0000000040)=0x81)
bpf$auto(0x8, &(0x7f00000000c0)=@info={r0, 0x2b, 0x200000007fff}, 0x8)

6.026202232s ago: executing program 0 (id=4739):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r2 = gettid()
process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
pread64$auto(r3, 0x0, 0x8, 0xffff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000)

5.965481858s ago: executing program 4 (id=4740):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = gettid()
process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
pread64$auto(r4, 0x0, 0x8, 0xffff)
r5 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
ioctl$auto_TUNSETDEBUG(r5, 0x400454c9, &(0x7f00000001c0)=0x7)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000)

5.68127567s ago: executing program 1 (id=4741):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = gettid()
process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
r4 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
ioctl$auto_TUNSETDEBUG(r4, 0x400454c9, &(0x7f00000001c0)=0x7)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

5.511073955s ago: executing program 3 (id=4742):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000011c0)='./cgroup.cpu/hugetlb.1GB.rsvd.failcnt\x00', 0x40300, 0x0)
getcwd$auto(0x0, 0xffffffffffffffff)
move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x104)
read$auto(r0, 0x0, 0x35cb)
write$auto(0x3, 0x0, 0xfdef)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xf, 0x3, 0x2)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x2, 0x2, 0x0)
bind$auto(0xffffffffffffffff, 0x0, 0x67)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x9, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3c, 0x9, 0x2, 0x6]}, 0x0)

4.43097769s ago: executing program 0 (id=4743):
r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140))
socket(0xa, 0x1, 0x100)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x1000005, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x11a001, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioprio_set$auto(0x3, 0x0, 0x4b34)
madvise$auto(0x16, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x204}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x9}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_AGE={0x8, 0x4, 0x973}]}, 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)

4.430262825s ago: executing program 4 (id=4744):
mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000001000)='/dev/loop5\x00', 0x40, 0x0)
ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000)
r1 = open(0x0, 0x22240, 0x55)
statx$auto(r1, 0x0, 0x2001003, 0x4005, 0x0)
ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000300)={0xf27, &(0x7f00000002c0)={0xaa, 0x1, 0x0, @raw=0x5}})
r2 = ioctl$auto_TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000040)={0x1, 0x9, 0x5, @raw=0xffffffff}})
ioctl$auto(0xffffffffffffffff, 0xe437, r2)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x181280, 0x0)
ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000001c0)="3b32891c57a3f0aa8f9b1aea6a21f5a9ebcf9047c415c58b2fea544a63453b902e980153872ad593e631465ced71be68da29ee1699d36d6aa2b946bdc024c3dfc8f0dc6c45845219db3efe403488b4c3e78429c1e268190df0537ba0569971a39fe3584bf9e79a33d024db80d5cfe4c7c2c5662e4ca89b7438fb7ecd828503c0c6096fb671aadcfe68c77e7bf987383a2dee847a65ab478fab569a99c4f22a4336da6481267d0a44aefe69a7da14d78f219b290513f6dd1f2c314b99a220d693a55104b9c09f9c32be060524166d328c237dc4e076690c66799f3141aae0300cea")
write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000007c0)="97544df29404e114be73f7b0544b102020", 0x11)
r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000040))
socket(0x23, 0x80805, 0x0)
listen$auto(0x3, 0x83)
listen$auto(0x3, 0x81)
ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000440)="0db1eb")
mmap$auto(0x0, 0x4020009, 0xe4, 0x1e, r1, 0xffffffffffffffff)
name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1c_\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9wj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xee\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', 0x0, 0x0, 0x1001)
r5 = epoll_create$auto(0x8)
epoll_ctl$auto(r5, 0x1, 0x8000000000000000, 0x0)
socket(0x1e, 0x805, 0x0)
ioctl$auto_MON_IOCX_GETX(r1, 0x4018920a, &(0x7f00000003c0)={&(0x7f0000000340)={0x8, 0xde, 0x7, 0x6, 0x5, 0x2, 0x7f, 0x6, 0x6, 0x4, 0x6, 0xe00, 0x5, @iso={0x4, 0x8001}, 0x40, 0x3, 0x8, 0x5be}, &(0x7f0000000380)="a91a749248ed3a7cf67dddf321a9fc71f1e31fb669b75ccce60c", 0xffffffffffffffc0})
bind$auto(0x3, 0x0, 0xf105)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
preadv2$auto(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x80000000}, 0x6, 0xe, 0x4, 0x80000000)
sysfs$auto(0xc, 0xbb, 0x3)

4.261463504s ago: executing program 3 (id=4746):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = gettid()
process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, 0x0, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
pread64$auto(r4, 0x0, 0x8, 0xffff)
r5 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
ioctl$auto_TUNSETDEBUG(r5, 0x400454c9, &(0x7f00000001c0)=0x7)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

4.211642137s ago: executing program 4 (id=4747):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r2 = gettid()
process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
pread64$auto(r3, 0x0, 0x8, 0xffff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000)

3.810394506s ago: executing program 1 (id=4748):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = gettid()
process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
pread64$auto(r4, 0x0, 0x8, 0xffff)
io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000)

3.020086585s ago: executing program 3 (id=4749):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = gettid()
process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
r4 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
ioctl$auto_TUNSETDEBUG(r4, 0x400454c9, &(0x7f00000001c0)=0x7)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

3.019357905s ago: executing program 4 (id=4750):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = gettid()
process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
r4 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
ioctl$auto_TUNSETDEBUG(r4, 0x400454c9, &(0x7f00000001c0)=0x7)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)

2.717404687s ago: executing program 0 (id=4751):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = gettid()
process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2802, 0x0)
pread64$auto(r4, 0x0, 0x8, 0xffff)
r5 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
ioctl$auto_TUNSETDEBUG(r5, 0x400454c9, &(0x7f00000001c0)=0x7)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

2.623144164s ago: executing program 1 (id=4752):
r0 = open(&(0x7f00000001c0)='./cgroup\x00', 0x2b8280, 0xde)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/platform/vhci_hcd.9/usb27/27-0:1.0/usb27-port1/early_stop\x00', 0x80302, 0x0)
sendfile$auto(r1, r1, 0x0, 0x2001)
openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000340), 0x40a40, 0x0)
set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9)
mmap$auto(0x0, 0x3, 0x3, 0xeb1, r0, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
readv$auto(r2, &(0x7f00000000c0)={0x0, 0x5}, 0x3)
ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0)
mmap$auto(0x0, 0x2420009, 0x3, 0xebe, 0xfffffffffffffffa, 0xb)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0)
madvise$auto(0x0, 0x1010001, 0x100000003)
read$auto(r3, 0x0, 0x20)
sendmsg$auto_NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r2, @ANYRESHEX, @ANYBLOB="746cb551e830601e0d16aabb95291469d303f663aee02f11c85470d52aad0e1a83597ff7ee28603127a63aa61486d9def84244b955e043f80e4863109603599904e43691d52f8b8db3f762b23603e1aeea28c050892624ce04b9aa085cc103b84b27b4f6399119f1c648753803ada83ef75d2f83473afa338a9363aec6fc7e290c779f559a7721508685a053719936c59213308d23b1d3d1e8555c43793617dd0492ab7c5024ad50f8abd13c2b5ea6b33cb1b1730c67f78ba2a77fcf21948b1266"], 0x40}, 0x1, 0x0, 0x0, 0x2408c810}, 0x40418c0)
mmap$auto(0xff0f200000000000, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000a40), 0xffffffffffffffff)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x18, 0x0, 0x401, 0x70bd2a, 0x25dfdbfe, {}, [@THERMAL_GENL_ATTR_TZ_GOV_NAME={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x24004080}, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0xc844}, 0x0)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0x200006, 0x19)
shmctl$auto_IPC_STAT(0x4, 0x2, 0x0)
getsockopt$auto_SO_GET_FILTER(r0, 0x4, 0x1a, 0x0, &(0x7f0000000040)=0x81)
bpf$auto(0x8, &(0x7f00000000c0)=@info={r0, 0x2b, 0x200000007fff}, 0x8)

1.904261432s ago: executing program 1 (id=4753):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r3 = gettid()
process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
pread64$auto(r4, 0x0, 0x8, 0xffff)
r5 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
ioctl$auto_TUNSETDEBUG(r5, 0x400454c9, &(0x7f00000001c0)=0x7)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000)

1.763361575s ago: executing program 4 (id=4754):
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r2 = gettid()
process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0)
pread64$auto(r3, 0x0, 0x8, 0xffff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000)

1.618601434s ago: executing program 3 (id=4755):
r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, 0x0)
socket(0xa, 0x1, 0x100)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82)
mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x1000005, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x11a001, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioprio_set$auto(0x3, 0x0, 0x4b34)
madvise$auto(0x16, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x204}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x9}, @HSR_A_IFINDEX={0x8}, @HSR_A_IF2_AGE={0x8, 0x4, 0x973}]}, 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB], 0x1ac}}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)

1.577116182s ago: executing program 0 (id=4756):
mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000001000)='/dev/loop5\x00', 0x40, 0x0)
ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000)
r1 = open(0x0, 0x22240, 0x55)
statx$auto(r1, 0x0, 0x2001003, 0x4005, 0x0)
ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000300)={0xf27, &(0x7f00000002c0)={0xaa, 0x1, 0x0, @raw=0x5}})
r2 = ioctl$auto_TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000040)={0x1, 0x9, 0x5, @raw=0xffffffff}})
ioctl$auto(0xffffffffffffffff, 0xe437, r2)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x181280, 0x0)
ioctl$auto_SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000001c0)="3b32891c57a3f0aa8f9b1aea6a21f5a9ebcf9047c415c58b2fea544a63453b902e980153872ad593e631465ced71be68da29ee1699d36d6aa2b946bdc024c3dfc8f0dc6c45845219db3efe403488b4c3e78429c1e268190df0537ba0569971a39fe3584bf9e79a33d024db80d5cfe4c7c2c5662e4ca89b7438fb7ecd828503c0c6096fb671aadcfe68c77e7bf987383a2dee847a65ab478fab569a99c4f22a4336da6481267d0a44aefe69a7da14d78f219b290513f6dd1f2c314b99a220d693a55104b9c09f9c32be060524166d328c237dc4e076690c66799f3141aae0300cea")
write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000007c0)="97544df29404e114be73f7b0544b102020", 0x11)
r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x20002, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000040))
socket(0x23, 0x80805, 0x0)
listen$auto(0x3, 0x83)
listen$auto(0x3, 0x81)
ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000440)="0db1eb")
mmap$auto(0x0, 0x4020009, 0xe4, 0x1e, r1, 0xffffffffffffffff)
name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000000c0)='/\x00R\xa6\x00\xc8\xda\xdc\xb1\xb4#\xe4\xeb\xe1c_\x1b/\xb9L\xc6P\x82\xba\x90@\xb8\xb5\xb1\xe8\"\x88s\xdf\x15\xaa\x18\xa9\x86\xc7\x87g>8\xae\x99\xd4~\xc6\xa7\\\xcc\xfeV\x83\f\xdc\xdc~\x8e\xd5\x18\x13\x16\xc5\x93E\x10\xcb\x1c\x02\x00\xd2\xa4_\xa3\xdcS\xe2\xe2\xc6\x85p\xfa\xc3/G\x86\xea\x9f\xb0\x9a\xcc6\x1a\x06\x91\x9f\xcfC\xedU\x00f`\x02\x04\xef\xfe\x10\xec\x17\x83%K\x04\xd5s\x86\xe4\x9d\x15\f\x8c\xd9wj\xe5t\x82o7\xc05ul\xacU\xbf\xc0\xee\xb4\xd7\t\xe0s]\xcd\xac\x87\xa5\xa6.t\xa9\xe8\xa6>\xf2\xd0\xb1\x83\x83\x91\a\xdc\xe9\xaa\x1dx\x06\xa77\xd6\xe1\xe9\x94\xb9Xi\xbbv_\x9a_bv%\xcb\xc7\xdd\xa3\xb4\tpr%\xdf\xc9\x06\xa2\xe7\xe1\xde\x16\xf7\x03x\xf8\v\v\x1a\xfcm\x87r\xc1\b\xca\x97\xb0\xeb\xd6F\x8f^\x94\xdf\x9ax\xf4\x03e[l\xa5', 0x0, 0x0, 0x1001)
r5 = epoll_create$auto(0x8)
epoll_ctl$auto(r5, 0x1, 0x8000000000000000, 0x0)
socket(0x1e, 0x805, 0x0)
ioctl$auto_MON_IOCX_GETX(r1, 0x4018920a, &(0x7f00000003c0)={&(0x7f0000000340)={0x8, 0xde, 0x7, 0x6, 0x5, 0x2, 0x7f, 0x6, 0x6, 0x4, 0x6, 0xe00, 0x5, @iso={0x4, 0x8001}, 0x40, 0x3, 0x8, 0x5be}, &(0x7f0000000380)="a91a749248ed3a7cf67dddf321a9fc71f1e31fb669b75ccce60c", 0xffffffffffffffc0})
bind$auto(0x3, 0x0, 0xf105)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
preadv2$auto(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x80000000}, 0x6, 0xe, 0x4, 0x80000000)
sysfs$auto(0xc, 0xbb, 0x3)

859.525207ms ago: executing program 1 (id=4758):
madvise$auto(0x0, 0xffffffffffff0006, 0x55)
r0 = socket(0x2, 0x1, 0x106)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0)
ioctl$auto(0x3, 0x5420, 0x38)
ioctl$auto(0x3, 0x402c542c, 0x38)
ioctl$auto(0x3, 0x402c542b, 0x38)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x20000810)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
io_uring_setup$auto(0x12, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
acct$auto(&(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_\xf6\r\x00\x00default_nu_gp/lu_gp_id\x1f\xd7\xba(-\xc4*e\xff\xad\xbae\xd9.\xff\x19\x9fx\xa4f\xb7U9\xae7\xf6n\x17f\xe9nt\a\x1aD\xdeo\vT\x8b\xb2D1\xd1\xf7#\xe2\xb5\'U}W\xbb\xa6\x9d\xaeD\xb2\xa8t\xff\xa3\xa5\x93p\xb3\xee~\xd3\xaca\"\x956#\xf6\xc2\x92p\x83\x8fT\xaa\xeby\x89\a\x81\x97A\x98&\x86\x11$\xf94\xb4\xaf\xc9\x81Qb\x14F.E\xde\xd6\x10\x8b\xa7\vve|\xe9\xa3d\x13\xd8J\xfc\xeap\xba\xe7VMk\xe9\x9c\xdf\xbf\xc2\xa05\x9f\xdcI\xa2/\xc1W\xf9\xfc\x86n\x8e\x9a:\x92\xb4d\x8d\t\x859\n\x8f\xab\xed\xfd\x81\xad\xc1\xc2\x0f_Ic')
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/phram/parameters/phram\x00', 0x4a481, 0x0)
write$auto(r1, 0x0, 0x81)
write$auto(0x3, 0x0, 0xfffffdef)
shutdown$auto(0x200000003, 0x2)
prctl$auto(0x5, 0x2000000001, 0x0, 0x1, 0x0)
r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000001000)='/dev/cec6\x00', 0x100000, 0x0)
ioctl$auto_CEC_ADAP_G_CONNECTOR_INFO(r2, 0x8044610a, 0x0)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)

667.121645ms ago: executing program 4 (id=4759):
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket(0xa, 0x1, 0x100)
openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800)
syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
r1 = gettid()
process_vm_writev$auto(r1, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)

0s ago: executing program 1 (id=4760):
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x101142, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, 0x0, 0x0, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf})
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
ioctl$auto(r2, 0x540a, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000)
mincore$auto(0x1000, 0x8001, 0x0)
madvise$auto(0x2, 0x5c61fa2c, 0xf)
syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x40010}, 0x800)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000)
write$auto(0x4, 0x0, 0x100082)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd)
r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0)
ioctl$auto(r4, 0x5408, r4)
setsockopt$auto(0xffffffffffffffff, 0x11, 0x66, 0x0, 0x8)
r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r5, &(0x7f0000000240)="1c520b214b197e", 0x7)
unshare$auto(0x40000080)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)

kernel console output (not intermixed with test programs):

[  855.249470][T16701] [U] 

syzkaller
syzkaller login: [  855.353449][T16646] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  855.360387][T16646] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  855.408702][T16646] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  855.973579][T16646] 8021q: adding VLAN 0 to HW filter on device bond0
[  855.976304][T16719] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.1.2355: 7
[  856.037301][T16717] ptrace attach of "./syz-executor exec"[16723] was attempted by "./syz-executor exec"[16717]
[  856.062687][T16646] 8021q: adding VLAN 0 to HW filter on device team0
[  856.084400][T13997] bridge0: port 1(bridge_slave_0) entered blocking state
[  856.085623][T13997] bridge0: port 1(bridge_slave_0) entered forwarding state
[  856.117594][T13997] bridge0: port 2(bridge_slave_1) entered blocking state
[  856.118741][T13997] bridge0: port 2(bridge_slave_1) entered forwarding state
[  856.517675][T16647] Bluetooth: hci4: command tx timeout
[  856.825565][T16646] 8021q: adding VLAN 0 to HW filter on device batadv0
[  857.004881][T16646] veth0_vlan: entered promiscuous mode
[  857.036971][T16646] veth1_vlan: entered promiscuous mode
[  857.101040][T16646] veth0_macvtap: entered promiscuous mode
[  857.135384][T16646] veth1_macvtap: entered promiscuous mode
[  857.160155][T16646] batman_adv: batadv0: Interface activated: batadv_slave_0
[  857.186995][T16646] batman_adv: batadv0: Interface activated: batadv_slave_1
[  857.240414][T16646] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  857.241760][T16646] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  857.243006][T16646] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  857.244257][T16646] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  857.440359][T14208] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  857.441657][T14208] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  857.481604][T16739] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2357'.
[  857.534545][T13997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  857.535852][T13997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  858.358980][T16755] FAULT_INJECTION: forcing a failure.
[  858.358980][T16755] name fail_futex, interval 1, probability 0, space 0, times 0
[  858.377712][T16755] CPU: 1 UID: 0 PID: 16755 Comm: syz.0.2361 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  858.377749][T16755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  858.377765][T16755] Call Trace:
[  858.377774][T16755]  <TASK>
[  858.377784][T16755]  dump_stack_lvl+0x16c/0x1f0
[  858.377834][T16755]  should_fail_ex+0x512/0x640
[  858.377884][T16755]  get_futex_key+0x1d0/0x1540
[  858.377917][T16755]  ? __pfx_get_futex_key+0x10/0x10
[  858.377956][T16755]  futex_wake+0xea/0x530
[  858.377989][T16755]  ? kasan_quarantine_put+0x10a/0x240
[  858.378030][T16755]  ? __pfx_futex_wake+0x10/0x10
[  858.378071][T16755]  ? getname_flags.part.0+0x1c5/0x550
[  858.378102][T16755]  do_futex+0x1e3/0x350
[  858.378132][T16755]  ? __pfx_do_futex+0x10/0x10
[  858.378161][T16755]  ? __pfx_do_sys_openat2+0x10/0x10
[  858.378194][T16755]  __x64_sys_futex+0x1e0/0x4c0
[  858.378226][T16755]  ? __x64_sys_openat+0x174/0x210
[  858.378254][T16755]  ? __pfx___x64_sys_futex+0x10/0x10
[  858.378295][T16755]  do_syscall_64+0xcd/0x490
[  858.378336][T16755]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.378361][T16755] RIP: 0033:0x7f9dcc98e929
[  858.378379][T16755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  858.378405][T16755] RSP: 002b:00007f9dcd8560e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  858.378428][T16755] RAX: ffffffffffffffda RBX: 00007f9dccbb5fa8 RCX: 00007f9dcc98e929
[  858.378446][T16755] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9dccbb5fac
[  858.378462][T16755] RBP: 00007f9dccbb5fa0 R08: 00007f9dcd857000 R09: 0000000000000000
[  858.378478][T16755] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9dccbb5fac
[  858.378493][T16755] R13: 0000000000000000 R14: 00007fff5e0f4a50 R15: 00007fff5e0f4b38
[  858.378523][T16755]  </TASK>
[  858.593550][T13995] Bluetooth: hci4: command tx timeout

syzkaller
syzkaller login: [  858.619940][T13995] Bluetooth: hci3: Malformed Event: 0x02
[  858.852104][T16647] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  858.855783][T16647] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  858.857736][T16647] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  858.859774][T16647] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  858.861648][T16647] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2

		
	




		
		

		
		


	

	

	
	
		
		

		
		


	

	

	
	


	
	


		
	
	


	
	


		
	
	
	

	
	

	
	

	
	
	
	
	
	

	
	
	
	
	
	

	
		

	




	









		









	



	
	






			
	

		

	





		



	
		

	






		









	



	
	






			
	

		

	





		



	
		

	

	

	
		






	
	
	
						
	
						
	
						
	
	
	
	

	
	
	
						
	
			

[  862.985446][T16760] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  863.013136][T16760] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  863.016967][T16760] netdevsim netdevsim1 netdevsim3: renamed from eth3

syzkaller
syzkaller login: 
	
		

	
		

		
		

		
	
	

		
		

		
	
	

	

	
	
	

	
		



	

	


	


	
	

	
		
	

	
	
	





	

	









	

	




			
	
			
	
			
	
			
	


				


			


				


			



	

	
	

	
		

	


	
	

		
	
		
	
	



			








	




	






		

		

		
		

		


		


















	









	






	







		









	

	
	
	

	
		
	
	
	

	
		
	

	
		




	
		

	


	
	

		
	
		
	
	



			








	





	

















	


	
	






	






















	





		






	
	










	






	







	
	









	
	
	
	
	
	
	
		



	

	
		













			



	


	



	











		



				



	
	


	



		





	


		







	

	

	
		






	
		







syzkaller
syzkaller login: [  884.130798][T17129] FAULT_INJECTION: forcing a failure.
[  884.130798][T17129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  884.133234][T17129] CPU: 0 UID: 0 PID: 17129 Comm: syz.1.2428 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  884.133273][T17129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  884.133292][T17129] Call Trace:
[  884.133301][T17129]  <TASK>
[  884.133314][T17129]  dump_stack_lvl+0x16c/0x1f0
[  884.133370][T17129]  should_fail_ex+0x512/0x640
[  884.133448][T17129]  core_sys_select+0x4c5/0xc10
[  884.133504][T17129]  ? __pfx_core_sys_select+0x10/0x10
[  884.133557][T17129]  ? proc_fail_nth_write+0x9f/0x250
[  884.133629][T17129]  ? do_sys_openat2+0x157/0x1d0
[  884.133665][T17129]  ? __pfx_do_sys_openat2+0x10/0x10
[  884.133710][T17129]  kern_select+0x15d/0x1e0
[  884.133754][T17129]  ? __pfx_kern_select+0x10/0x10
[  884.133804][T17129]  ? __pfx_ksys_write+0x10/0x10
[  884.133856][T17129]  __x64_sys_select+0xbd/0x160
[  884.133899][T17129]  ? do_syscall_64+0x91/0x490
[  884.133948][T17129]  ? lockdep_hardirqs_on+0x7c/0x110
[  884.133996][T17129]  do_syscall_64+0xcd/0x490
[  884.134049][T17129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  884.134081][T17129] RIP: 0033:0x7f2a72d8e929
[  884.134107][T17129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  884.134139][T17129] RSP: 002b:00007f2a73cc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017
[  884.134170][T17129] RAX: ffffffffffffffda RBX: 00007f2a72fb5fa0 RCX: 00007f2a72d8e929
[  884.134191][T17129] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e
[  884.134209][T17129] RBP: 00007f2a73cc6090 R08: 0000000000000000 R09: 0000000000000000
[  884.134228][T17129] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  884.134246][T17129] R13: 0000000000000000 R14: 00007f2a72fb5fa0 R15: 00007fff57a8cb88
[  884.134295][T17129]  </TASK>
[  884.887271][T16647] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  884.898897][T16647] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  884.901796][T16647] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  884.912389][T16647] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  884.917724][T16647] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  885.266539][T17135] chnl_net:caif_netlink_parms(): no params data found
[  885.270771][T16647] Bluetooth: hci1: unexpected event 0x3e length: 728 > 260
[  886.464848][T17153] phram: not enough arguments
[  886.987725][T16647] Bluetooth: hci0: command tx timeout
[  888.591250][T17135] bridge0: port 1(bridge_slave_0) entered blocking state
[  888.592709][T17135] bridge0: port 1(bridge_slave_0) entered disabled state
[  888.594271][T17135] bridge_slave_0: entered allmulticast mode
[  888.597200][T17135] bridge_slave_0: entered promiscuous mode
[  888.602132][T17135] bridge0: port 2(bridge_slave_1) entered blocking state
[  888.603595][T17135] bridge0: port 2(bridge_slave_1) entered disabled state
[  888.604973][T17135] bridge_slave_1: entered allmulticast mode
[  888.608106][T17135] bridge_slave_1: entered promiscuous mode

syzkaller
syzkaller login: [  888.732285][T17135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  888.747394][T17135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  888.812854][T17135] team0: Port device team_slave_0 added
[  888.821088][T17135] team0: Port device team_slave_1 added
[  888.895904][T17135] batman_adv: batadv0: Adding interface: batadv_slave_0
[  888.899148][T17135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  888.903896][T17135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  888.917699][T17135] batman_adv: batadv0: Adding interface: batadv_slave_1
[  888.919052][T17135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  888.923423][T17135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  889.045209][T17135] hsr_slave_0: entered promiscuous mode
[  889.048805][T17135] hsr_slave_1: entered promiscuous mode
[  889.050633][T17135] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  889.051986][T17135] Cannot create hsr debugfs directory
[  889.070566][T16647] Bluetooth: hci0: command tx timeout
[  890.148526][T17135] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

syzkaller
syzkaller login: [  891.099656][T17135] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.150475][T16647] Bluetooth: hci0: command tx timeout
[  891.606775][T17135] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.993091][T17190] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2448'.
[  892.575256][T17135] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  892.587116][T17135] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  892.592146][T17135] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  892.596116][T17135] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  892.890592][T17135] 8021q: adding VLAN 0 to HW filter on device bond0
[  892.941172][T17135] 8021q: adding VLAN 0 to HW filter on device team0
[  892.960889][T14013] bridge0: port 1(bridge_slave_0) entered blocking state
[  892.962201][T14013] bridge0: port 1(bridge_slave_0) entered forwarding state
[  892.973787][T14013] bridge0: port 2(bridge_slave_1) entered blocking state
[  892.975305][T14013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  893.245210][T16647] Bluetooth: hci0: command tx timeout
[  893.593374][T17135] 8021q: adding VLAN 0 to HW filter on device batadv0
[  893.673000][T17135] veth0_vlan: entered promiscuous mode
[  893.684083][T17135] veth1_vlan: entered promiscuous mode
[  893.753128][T17135] veth0_macvtap: entered promiscuous mode
[  893.803097][T17135] veth1_macvtap: entered promiscuous mode
[  893.822223][T17135] batman_adv: batadv0: Interface activated: batadv_slave_0
[  893.830217][T17135] batman_adv: batadv0: Interface activated: batadv_slave_1
[  893.839661][T17135] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  893.841110][T17135] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  893.842358][T17135] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  893.843592][T17135] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  894.106637][T14208] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  894.117566][T14208] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  894.392378][T17227] FAULT_INJECTION: forcing a failure.
[  894.392378][T17227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  894.394410][T17227] CPU: 0 UID: 0 PID: 17227 Comm: syz.1.2443 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  894.394442][T17227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  894.394458][T17227] Call Trace:
[  894.394467][T17227]  <TASK>
[  894.394476][T17227]  dump_stack_lvl+0x16c/0x1f0
[  894.394522][T17227]  should_fail_ex+0x512/0x640
[  894.394565][T17227]  _copy_from_user+0x2e/0xd0
[  894.394610][T17227]  copy_msghdr_from_user+0x98/0x160
[  894.394653][T17227]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  894.394702][T17227]  ? kfree+0x24f/0x4d0
[  894.394737][T17227]  ? __pfx___schedule+0x10/0x10
[  894.394779][T17227]  ___sys_recvmsg+0xdb/0x1a0
[  894.394820][T17227]  ? __pfx____sys_recvmsg+0x10/0x10
[  894.394883][T17227]  ? __pfx___might_resched+0x10/0x10
[  894.394919][T17227]  do_recvmmsg+0x2fe/0x750
[  894.394967][T17227]  ? __pfx_do_recvmmsg+0x10/0x10
[  894.395017][T17227]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  894.395079][T17227]  ? __fget_files+0x20e/0x3c0
[  894.395125][T17227]  __x64_sys_recvmmsg+0x22a/0x280
[  894.395170][T17227]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  894.395228][T17227]  do_syscall_64+0xcd/0x490
[  894.395273][T17227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.395301][T17227] RIP: 0033:0x7f2a72d8e929
[  894.395323][T17227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  894.395352][T17227] RSP: 002b:00007f2a73c84038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  894.395384][T17227] RAX: ffffffffffffffda RBX: 00007f2a72fb6160 RCX: 00007f2a72d8e929
[  894.395402][T17227] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003
[  894.395418][T17227] RBP: 00007f2a73c84090 R08: 0000000000000000 R09: 0000000000000000
[  894.395434][T17227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  894.395450][T17227] R13: 0000000000000000 R14: 00007f2a72fb6160 R15: 00007fff57a8cb88
[  894.395485][T17227]  </TASK>
[  894.861296][T13997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  894.862600][T13997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  895.202684][T17222] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2444'.
[  895.303146][T17234] sysfs_service_op_store: Client not running :-5:
[  896.194125][T17243] ptrace attach of "./syz-executor exec"[17246] was attempted by "./syz-executor exec"[17243]
[  897.090715][T17254] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.1.2450: 7

syzkaller
syzkaller login: [  898.735215][T17272] phram: not enough arguments

syzkaller
syzkaller login: [  900.113733][T17115] syz.2.2425 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  900.129188][T17115] CPU: 0 UID: 0 PID: 17115 Comm: syz.2.2425 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  900.129222][T17115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  900.129237][T17115] Call Trace:
[  900.129246][T17115]  <TASK>
[  900.129256][T17115]  dump_stack_lvl+0x16c/0x1f0
[  900.129303][T17115]  dump_header+0x101/0x930
[  900.129352][T17115]  oom_kill_process+0x270/0xa60
[  900.129398][T17115]  out_of_memory+0x350/0x1700
[  900.129449][T17115]  ? __pfx_out_of_memory+0x10/0x10
[  900.129502][T17115]  mem_cgroup_out_of_memory+0x118/0x130
[  900.129537][T17115]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  900.129582][T17115]  ? do_raw_spin_unlock+0x172/0x230
[  900.129631][T17115]  try_charge_memcg+0x72b/0xd50
[  900.129664][T17115]  ? __pfx_try_charge_memcg+0x10/0x10
[  900.129692][T17115]  ? __print_lock_name+0xb1/0xe0
[  900.129726][T17115]  ? rcu_read_unlock+0x17/0x60
[  900.129764][T17115]  charge_memcg+0x8a/0x230
[  900.129791][T17115]  __mem_cgroup_charge+0x2b/0x1e0
[  900.129824][T17115]  shmem_alloc_and_add_folio+0x514/0xc20
[  900.129873][T17115]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  900.129917][T17115]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[  900.129965][T17115]  shmem_get_folio_gfp+0x67f/0x1600
[  900.130013][T17115]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  900.130055][T17115]  ? __pte_offset_map_lock+0x174/0x310
[  900.130092][T17115]  shmem_write_begin+0x160/0x300
[  900.130151][T17115]  ? find_held_lock+0x2b/0x80
[  900.130182][T17115]  ? __pfx_shmem_write_begin+0x10/0x10
[  900.130232][T17115]  ? balance_dirty_pages_ratelimited_flags+0x92/0x1260
[  900.130272][T17115]  ? __pfx_timestamp_truncate+0x10/0x10
[  900.130328][T17115]  generic_perform_write+0x3d0/0x930
[  900.130391][T17115]  ? __pfx_generic_perform_write+0x10/0x10
[  900.130440][T17115]  ? inode_needs_update_time.part.0+0x191/0x270
[  900.130504][T17115]  shmem_file_write_iter+0x10e/0x140
[  900.130540][T17115]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  900.130570][T17115]  __kernel_write_iter+0x31a/0xa90
[  900.130621][T17115]  ? __pfx___kernel_write_iter+0x10/0x10
[  900.130666][T17115]  ? __up_read+0x1f8/0x750
[  900.130725][T17115]  ? dump_user_range+0x745/0xb60
[  900.130761][T17115]  ? dump_user_range+0x59f/0xb60
[  900.130804][T17115]  dump_user_range+0x41f/0xb60
[  900.130850][T17115]  ? __pfx_dump_user_range+0x10/0x10
[  900.130892][T17115]  ? elf_coredump_extra_notes_write+0xbd/0x4f0
[  900.130948][T17115]  ? __pfx_writenote+0x10/0x10
[  900.130999][T17115]  elf_core_dump+0x288a/0x3a90
[  900.131061][T17115]  ? __pfx_elf_core_dump+0x10/0x10
[  900.131116][T17115]  ? find_held_lock+0x2b/0x80
[  900.131146][T17115]  ? 0xffffffffff600000
[  900.131173][T17115]  ? rcu_is_watching+0x12/0xc0
[  900.131203][T17115]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  900.131250][T17115]  ? lockdep_hardirqs_on+0x7c/0x110
[  900.131379][T17115]  ? do_coredump+0x399c/0x4f10
[  900.131408][T17115]  do_coredump+0x399c/0x4f10
[  900.131453][T17115]  ? __pfx_do_coredump+0x10/0x10
[  900.131485][T17115]  ? find_held_lock+0x2b/0x80
[  900.131511][T17115]  ? is_bpf_text_address+0x8a/0x1a0
[  900.131556][T17115]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  900.131589][T17115]  ? is_bpf_text_address+0x94/0x1a0
[  900.131628][T17115]  ? kernel_text_address+0x8d/0x100
[  900.131672][T17115]  ? __kernel_text_address+0xd/0x40
[  900.131713][T17115]  ? unwind_get_return_address+0x59/0xa0
[  900.131784][T17115]  ? stack_depot_save_flags+0x28/0xa40
[  900.131831][T17115]  ? __lock_acquire+0xb8a/0x1c90
[  900.131870][T17115]  ? kasan_save_stack+0x42/0x60
[  900.131909][T17115]  ? kasan_save_stack+0x33/0x60
[  900.131949][T17115]  ? kasan_save_track+0x14/0x30
[  900.131989][T17115]  ? kasan_save_free_info+0x3b/0x60
[  900.132023][T17115]  ? __kasan_slab_free+0x51/0x70
[  900.132065][T17115]  ? kmem_cache_free+0x2d1/0x4d0
[  900.132103][T17115]  ? __sigqueue_free+0xba/0x2a0
[  900.132141][T17115]  ? get_signal+0xcba/0x26d0
[  900.132168][T17115]  ? arch_do_signal_or_restart+0x8f/0x790
[  900.132254][T17115]  ? proc_coredump_connector+0x2d1/0x4f0
[  900.132290][T17115]  ? __pfx_proc_coredump_connector+0x10/0x10
[  900.132334][T17115]  ? rcu_is_watching+0x12/0xc0
[  900.132368][T17115]  get_signal+0x22e3/0x26d0
[  900.132408][T17115]  ? force_sig_fault+0xc4/0x100
[  900.132440][T17115]  ? __pfx_get_signal+0x10/0x10
[  900.132495][T17115]  arch_do_signal_or_restart+0x8f/0x790
[  900.132523][T17115]  ? trace_irq_disable.constprop.0+0xd4/0x120
[  900.132565][T17115]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  900.132617][T17115]  irqentry_exit_to_user_mode+0x12a/0x270
[  900.132662][T17115]  asm_exc_page_fault+0x26/0x30
[  900.132688][T17115] RIP: 0033:0x401000
[  900.132711][T17115] Code: Unable to access opcode bytes at 0x400fd6.
[  900.132727][T17115] RSP: 002b:000000000000000a EFLAGS: 00010246
[  900.132745][T17115] RAX: 0000000000000000 RBX: 00007fd4643b6080 RCX: 00007fd46418e929
[  900.132760][T17115] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46
[  900.132774][T17115] RBP: 00007fd464210b39 R08: 0000000000000002 R09: 0000000000000000
[  900.132788][T17115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  900.132802][T17115] R13: 0000000000000000 R14: 00007fd4643b6080 R15: 00007ffeb92e1a68
[  900.132833][T17115]  </TASK>
[  900.132881][T17115] memory: usage 307200kB, limit 307200kB, failcnt 22361
[  900.715319][T17115] memory+swap: usage 423584kB, limit 9007199254740988kB, failcnt 0
[  900.723609][T17115] kmem: usage 3224kB, limit 9007199254740988kB, failcnt 0
[  900.737610][T17115] Memory cgroup stats for /syz2:
[  900.737828][T17115] cache 312762368
[  901.009015][T17115] rss 307200
[  901.012283][T17115] rss_huge 0
[  901.015510][T17115] shmem 312762368
[  901.202557][T17289] FAULT_INJECTION: forcing a failure.
[  901.202557][T17289] name failslab, interval 1, probability 0, space 0, times 0
[  901.215330][T17289] CPU: 0 UID: 0 PID: 17289 Comm: syz.0.2457 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  901.215367][T17289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  901.215382][T17289] Call Trace:
[  901.215391][T17289]  <TASK>
[  901.215400][T17289]  dump_stack_lvl+0x16c/0x1f0
[  901.215442][T17289]  should_fail_ex+0x512/0x640
[  901.215476][T17289]  ? __kmalloc_noprof+0xbf/0x510
[  901.215515][T17289]  ? lsm_blob_alloc+0x68/0x90
[  901.215550][T17289]  should_failslab+0xc2/0x120
[  901.215574][T17289]  __kmalloc_noprof+0xd2/0x510
[  901.215617][T17289]  lsm_blob_alloc+0x68/0x90
[  901.215654][T17289]  security_prepare_creds+0x30/0x270
[  901.215690][T17289]  prepare_creds+0x56f/0x7d0
[  901.215728][T17289]  __sys_setuid+0x9a/0x440
[  901.215753][T17289]  do_syscall_64+0xcd/0x490
[  901.215794][T17289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.215818][T17289] RIP: 0033:0x7f7c9318e929
[  901.215837][T17289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  901.215862][T17289] RSP: 002b:00007f7c940e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000069
[  901.215885][T17289] RAX: ffffffffffffffda RBX: 00007f7c933b5fa0 RCX: 00007f7c9318e929
[  901.215901][T17289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e
[  901.215916][T17289] RBP: 00007f7c93210b39 R08: 0000000000000000 R09: 0000000000000000
[  901.215931][T17289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  901.215944][T17289] R13: 0000000000000000 R14: 00007f7c933b5fa0 R15: 00007ffdb39f9bb8
[  901.215974][T17289]  </TASK>
[  901.238627][T17115] mapped_file 0
[  901.446218][T17115] dirty 0
[  901.597693][T17115] writeback 0
[  901.601045][T17115] workingset_refault_anon 16278
[  901.605927][T17115] workingset_refault_file 239
[  901.790938][T17115] swap 119193600
[  901.794521][T17115] swapcached 278528
[  901.828798][T17115] pgpgin 1148521
[  901.832391][T17115] pgpgout 1106334
[  901.836808][T17115] pgfault 1109720
[  901.851657][T17115] pgmajfault 865
[  901.867864][T17115] inactive_anon 268005376
[  901.872241][T17115] active_anon 41275392
[  901.876344][T17115] inactive_file 0
[  901.880585][T17115] active_file 0
[  901.884094][T17115] unevictable 0
[  901.887616][T17115] hierarchical_memory_limit 314572800
[  901.896751][T17115] hierarchical_memsw_limit 9223372036854771712
[  901.905908][T17115] total_cache 312762368
[  901.910294][T17115] total_rss 307200
[  901.914050][T17115] total_rss_huge 0
[  901.919821][T17115] total_shmem 312762368
[  901.924044][T17115] total_mapped_file 0
[  901.928357][T17115] total_dirty 0
[  901.932005][T17115] total_writeback 0
[  901.935861][T17115] total_workingset_refault_anon 16278
[  901.983186][T17115] total_workingset_refault_file 239
[  901.988510][T17115] total_swap 119193600
[  901.992601][T17115] total_swapcached 278528
[  901.996925][T17115] total_pgpgin 1148521
[  902.102282][T17115] total_pgpgout 1106334
[  902.211056][T17115] total_pgfault 1109720
[  902.215264][T17115] total_pgmajfault 865
[  902.398848][T17115] total_inactive_anon 268005376
[  902.588431][T17115] total_active_anon 41275392
[  902.641834][T17115] total_inactive_file 0
[  902.707653][T17115] total_active_file 0
[  902.711682][T17115] total_unevictable 0
[  902.786067][T17115] anon_cost 12863
[  902.824122][T17115] file_cost 16
[  902.887596][T17115] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2425,pid=17122,uid=0
[  902.988095][T17115] Memory cgroup out of memory: Killed process 17122 (syz.2.2425) total-vm:102532kB, anon-rss:1080kB, file-rss:43540kB, shmem-rss:0kB, UID:0 pgtables:172kB oom_score_adj:1000
[  904.004057][T17317] phram: not enough arguments
[  904.166142][T13995] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  904.175309][T13995] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  904.185495][T13995] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  904.194966][T13995] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  904.203499][T13995] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  905.079900][   T32] oom_reaper: reaped process 17122 (syz.2.2425), now anon-rss:92kB, file-rss:42508kB, shmem-rss:0kB
[  905.423603][T17320] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2464'.
[  905.524625][T17318] chnl_net:caif_netlink_parms(): no params data found
[  906.228811][T17338] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.0.2466: 7
[  906.267704][T13995] Bluetooth: hci3: command tx timeout
[  907.415089][T17318] bridge0: port 1(bridge_slave_0) entered blocking state
[  907.423065][T17318] bridge0: port 1(bridge_slave_0) entered disabled state
[  907.436101][T17318] bridge_slave_0: entered allmulticast mode
[  907.444308][T17318] bridge_slave_0: entered promiscuous mode
[  907.466807][T17318] bridge0: port 2(bridge_slave_1) entered blocking state
[  907.475595][T17318] bridge0: port 2(bridge_slave_1) entered disabled state
[  907.483220][T17318] bridge_slave_1: entered allmulticast mode
[  907.492278][T17318] bridge_slave_1: entered promiscuous mode
[  907.616012][T17318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  907.749442][T17318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  907.822532][T17318] team0: Port device team_slave_0 added
[  907.832909][T17318] team0: Port device team_slave_1 added
[  907.872605][T17318] batman_adv: batadv0: Adding interface: batadv_slave_0
[  907.880740][T17318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  907.907942][T17318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  907.930529][T17318] batman_adv: batadv0: Adding interface: batadv_slave_1
[  907.937949][T17318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  907.966064][T17318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  908.080313][T17351] ptrace attach of "./syz-executor exec"[17355] was attempted by "./syz-executor exec"[17351]
[  908.240563][T17318] hsr_slave_0: entered promiscuous mode
[  908.247645][T17318] hsr_slave_1: entered promiscuous mode
[  908.254064][T17318] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  908.263022][T17318] Cannot create hsr debugfs directory
[  908.351385][T13995] Bluetooth: hci3: command tx timeout
[  909.283681][T17318] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  909.295419][T17318] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  909.322266][T17318] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  909.345777][T17318] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  909.859351][T17318] 8021q: adding VLAN 0 to HW filter on device bond0
[  909.893102][T17318] 8021q: adding VLAN 0 to HW filter on device team0
[  909.950645][T15099] bridge0: port 1(bridge_slave_0) entered blocking state
[  909.957866][T15099] bridge0: port 1(bridge_slave_0) entered forwarding state
[  910.029640][T15099] bridge0: port 2(bridge_slave_1) entered blocking state
[  910.036822][T15099] bridge0: port 2(bridge_slave_1) entered forwarding state
[  910.056889][T17368] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2472'.

syzkaller
syzkaller login: [  910.324405][T17318] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  910.428335][T13995] Bluetooth: hci3: command tx timeout
[  910.951699][T17318] 8021q: adding VLAN 0 to HW filter on device batadv0
[  911.338011][T17405] net_ratelimit: 1287 callbacks suppressed
[  911.338027][T17405] netlink: zone id is out of range
[  911.387839][T17405] netlink: zone id is out of range
[  911.394211][T17405] netlink: zone id is out of range
[  911.399696][T17405] netlink: zone id is out of range
[  911.404988][T17405] netlink: zone id is out of range
[  911.410229][T17405] netlink: zone id is out of range
[  911.415494][T17405] netlink: zone id is out of range
[  911.420786][T17405] netlink: zone id is out of range
[  911.426087][T17405] netlink: zone id is out of range
[  911.431296][T17405] netlink: zone id is out of range

	

	


	


	





	

	









	

	




			
	
			
	
			
	
			
	
	
	


				


			


				


			
	

	
		
	

	
		
	
	
	
	
	




		
	




	

	
		
		
		

		
		


	

	

	
	
		
		

		
		


	

	

	
	


	
	


		
	
	


	
	


		
	
	

	




	









		









	



	
	






			
	

		

	





		



	
		

	






		









	



	
	






			
	

		

	





		



	
		

	

	

	
		






	
	
	

syzkaller
syzkaller login: [  918.380591][T17452] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  918.482860][T17491] phram: not enough arguments
[  918.526608][T17452] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  918.679864][T17452] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  918.868702][T17452] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  918.904275][T17500] phram: not enough arguments
[  919.171620][T17452] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  919.201958][T17452] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  919.217216][T17452] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  919.233923][T17452] netdevsim netdevsim3 netdevsim3: renamed from eth3
	
	

	
		

	
		

		
		

		
	
	

		
		

		
	
	




		
		
	


		
		
	

	
		



	

	


	


	





	

	









	

	




			
	
			
	
			
	
			
	
[  921.027305][T13997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  921.028735][T13997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50

syzkaller
syzkaller login: [  921.178122][T14013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  921.179333][T14013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  921.468614][T16647] Bluetooth: hci2: command tx timeout
[  923.583174][T16647] Bluetooth: hci2: command tx timeout
[  924.390408][T17561] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2501'.
[  924.518258][T17568] phram: not enough arguments
[  925.743873][T17577] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2504'.
[  925.858398][T17585] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2503'.


	
	





	
	



	

	
		
	
	

	
		





	
	


	
	



	
				
	
		
	
		
	
	
	
	
	
	
		





	

	
		

	
	
				
	
	
	
			




		
	
				
	
	
	
			




		
	
				
	
	
	
			



		
	
				
	
	
				
	
	
	
			



		
	
	
			



		
	
				
	
	
				
	
	
	
			



		
	
	
			


		
	
				
	
	
			



		
	
	
			


		
	
	
	




	
			



		
	
	
	








	
		

	


	
	

		
	
		
	
	

	



			








	




	





	

		
	

		













	





	




		






	
		




syzkaller
syzkaller login: [  950.357944][T17826] phram: not enough arguments

syzkaller
syzkaller login: [  956.006834][T17898] phram: not enough arguments
[  957.347277][T17925] sysfs_service_op_show: Client not running :-5:

	


	
	

	

		
		
	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	




	










	


	










	





	



		

		








	








	

	
		



		


		

	
	












	









	





	





		








syzkaller
syzkaller login: [  965.322020][T18013] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.4.2596: 7
[  965.346860][T18017] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.1.2589: 7
[  965.620306][T18023] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.0.2590: 7
[  966.766681][T18035] phram: not enough arguments

syzkaller
syzkaller login: [  967.567149][T18042] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2594'.
	
		
	

	
		
	
		
	
		
	
		
			




syzkaller
syzkaller login: [  972.634153][T18121] phram: not enough arguments
	
		
	
		
	

	
		

syzkaller
syzkaller login: [  976.833149][T18181] phram: not enough arguments
	

	
		
	

	
		
	
		


	
	
	
				

					

	
	
	
		


	
	
	
				

					

	
	
	

	
		



	

	
		


		


	


	

	
		
	

	
		
				
	
	

	
		
	

	
		
	
	

	

	
				
	
		


	

syzkaller
syzkaller login: [  990.841191][T18392] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.4.2667: 7
[  992.373367][T18401] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2666'.

	
				
	
		
	
	
		
	
		
	
		
	

	
		
	
	
	
	
	
	



	

	
		



	

	
		
	

	
		
	
		
	

	
		
	

	
		



	
	

	

	
		
	
		
	

	
		

syzkaller
syzkaller login: [ 1010.015318][T16647] Bluetooth: hci0: command 0x0406 tx timeout

syzkaller
syzkaller login: [ 1012.033214][T18690] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.1.2729: 7
[ 1013.017500][T18689] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2728'.
[ 1013.319528][T18709] phram: not enough arguments
[ 1013.552714][T18718] random: crng reseeded on system resumption
[ 1013.603251][T16850] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm kworker/u10:8: iget: checksum invalid
[ 1013.622400][T18716] can: request_module (can-proto-0) failed.
[ 1013.678411][T16850] (NULL device *): loading /lib/firmware/updates/6.16.0-rc3-syzkaller/regulatory.db failed with error -74
[ 1013.689897][T13996] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm kworker/u10:1: iget: checksum invalid
[ 1013.724875][T13996] (NULL device *): loading /lib/firmware/updates/6.16.0-rc3-syzkaller/regulatory.db.p7s failed with error -74
[ 1013.748975][T16850] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm kworker/u10:8: iget: checksum invalid
[ 1013.801941][T16850] (NULL device *): loading /lib/firmware/updates/regulatory.db failed with error -74
[ 1013.829028][T13996] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm kworker/u10:1: iget: checksum invalid
[ 1013.894557][T13996] (NULL device *): loading /lib/firmware/updates/regulatory.db.p7s failed with error -74
[ 1013.904693][T16850] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm kworker/u10:8: iget: checksum invalid
[ 1013.943504][T16850] (NULL device *): loading /lib/firmware/6.16.0-rc3-syzkaller/regulatory.db failed with error -74
[ 1013.976225][T13996] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm kworker/u10:1: iget: checksum invalid
[ 1014.045726][T13996] (NULL device *): loading /lib/firmware/6.16.0-rc3-syzkaller/regulatory.db.p7s failed with error -74
[ 1014.057446][T16850] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm kworker/u10:8: iget: checksum invalid
[ 1014.075414][T16850] (NULL device *): loading /lib/firmware/regulatory.db failed with error -74
[ 1014.088559][T13996] EXT4-fs error (device sda1): ext4_lookup:1787: inode #274: comm kworker/u10:1: iget: checksum invalid
[ 1014.103845][T16850] (NULL device *): Direct firmware load for regulatory.db failed with error -74
[ 1014.116521][T13996] (NULL device *): loading /lib/firmware/regulatory.db.p7s failed with error -74
[ 1014.126893][T16850] (NULL device *): Falling back to sysfs fallback for: regulatory.db
[ 1014.169552][T13996] (NULL device *): Direct firmware load for regulatory.db.p7s failed with error -74
[ 1014.186964][T13996] (NULL device *): Falling back to sysfs fallback for: regulatory.db.p7s

syzkaller
syzkaller login: 	

	
		
	
		






	
		




syzkaller
syzkaller login: [ 1029.465960][T18847] phram: not enough arguments



	
	
	

	
		
	

	
		
	
		

syzkaller
syzkaller login: 	

	
		




syzkaller
syzkaller login: [ 1037.333544][T18952] phram: not enough arguments
[ 1037.821263][T18947] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2780'.
	

	
		
	

	
		
	
	
	

	
		
	

	
		




	: 

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1047.072489][T19053] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2802'.




syzkaller
syzkaller login: [ 1049.113560][T19072] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2807'.

syzkaller
syzkaller login: [ 1052.089479][T19112] phram: not enough arguments
	

	
		
[ 1054.151933][T19141] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.0.2820: 7

syzkaller
syzkaller login: [ 1054.801010][T19145] phram: not enough arguments
[ 1054.945082][T19134] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2819'.
[ 1055.903430][T19170] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2828'.
[ 1057.336878][T19186] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.3.2832: 7




	
[ 1058.860687][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1058.861767][ T1303] ieee802154 phy1 wpan1: encryption failed: -22

syzkaller
syzkaller login: [ 1060.157713][T19208] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2835'.
	

	
		
	

	
		
	

	
		
	
		
	

	
		
	

	
		

	
		

	


	
	

		
	
		
	
	

	



			








	



	



	




	



		

		
	
	



	




	
	

	
		



		


		

	
	








	








	






	







		










syzkaller
syzkaller login: [ 1067.751580][T19313] netlink: 13 bytes leftover after parsing attributes in process `syz.1.2860'.
[ 1068.483603][T19324] phram: not enough arguments
[ 1068.841856][T19328] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.1.2864: 7
[ 1070.056329][T19342] phram: not enough arguments

syzkaller
syzkaller login: 	

	
		

syzkaller
syzkaller login: [ 1075.173712][T19412] phram: not enough arguments

syzkaller
syzkaller login: [ 1076.340581][T19410] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2884'.
[ 1077.930029][T19435] netlink: 'syz.1.2892': attribute type 64 has an invalid length.
[ 1077.933445][T19435] netlink: 74 bytes leftover after parsing attributes in process `syz.1.2892'.
[ 1078.517837][T19429] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2891'.

syzkaller
syzkaller login: [ 1079.805198][T19453] phram: not enough arguments
	

	
		

syzkaller
syzkaller login: [ 1083.573462][T19505] phram: not enough arguments
[ 1083.838049][T19507] netlink: 396 bytes leftover after parsing attributes in process `syz.0.2909'.
	

	
		

syzkaller
syzkaller login: [ 1085.928053][T19536] Console: switching to colour frame buffer device 128x48
[ 1086.230240][T19534] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2913'.
[ 1086.414495][T19543] program syz.4.2916 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1086.808424][T19557] phram: not enough arguments
[ 1086.883697][T19553] bridge0: port 3(vlan1) entered blocking state
[ 1086.885447][T19553] bridge0: port 3(vlan1) entered disabled state
[ 1086.897024][T19553] vlan1: entered allmulticast mode
[ 1086.897991][T19553] veth0_vlan: entered allmulticast mode
[ 1086.907246][T19553] vlan1: entered promiscuous mode
[ 1086.909497][T19553] bridge0: port 3(vlan1) entered blocking state
[ 1086.910648][T19553] bridge0: port 3(vlan1) entered forwarding state
[ 1087.335150][T19559] phram: not enough arguments
[ 1087.421727][T19545] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2917'.
[ 1088.117649][T19570] phram: not enough arguments
[ 1088.164837][T19572] phram: not enough arguments

syzkaller
syzkaller login: [ 1089.917973][T19587] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2928'.
[ 1089.925001][T19610] bridge0: port 3(vlan1) entered blocking state
[ 1089.965438][T19610] bridge0: port 3(vlan1) entered disabled state
[ 1089.966569][T19610] vlan1: entered allmulticast mode
[ 1089.967340][T19610] veth0_vlan: entered allmulticast mode
[ 1089.979318][T19610] vlan1: entered promiscuous mode
[ 1090.037650][T19610] bridge0: port 3(vlan1) entered blocking state
[ 1090.038784][T19610] bridge0: port 3(vlan1) entered forwarding state
[ 1090.237960][T19619] snd_aloop snd_aloop.0: control 1:6:-2147483647:���_�he�R��:6 is already present
[ 1090.841960][T19623] phram: not enough arguments
[ 1090.958662][T19627] phram: not enough arguments
[ 1091.204272][T19643] FAULT_INJECTION: forcing a failure.
[ 1091.204272][T19643] name failslab, interval 1, probability 0, space 0, times 0
[ 1091.208956][T19643] CPU: 0 UID: 0 PID: 19643 Comm: syz.4.2939 Tainted: G     U              6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[ 1091.209002][T19643] Tainted: [U]=USER
[ 1091.209013][T19643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1091.209031][T19643] Call Trace:
[ 1091.209041][T19643]  <TASK>
[ 1091.209053][T19643]  dump_stack_lvl+0x16c/0x1f0
[ 1091.209104][T19643]  should_fail_ex+0x512/0x640
[ 1091.209147][T19643]  ? fs_reclaim_acquire+0xae/0x150
[ 1091.209187][T19643]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1091.209231][T19643]  should_failslab+0xc2/0x120
[ 1091.209260][T19643]  __kmalloc_noprof+0xd2/0x510
[ 1091.209316][T19643]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1091.209391][T19643]  tomoyo_check_open_permission+0x2ab/0x3c0
[ 1091.209432][T19643]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 1091.209510][T19643]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1091.209590][T19643]  tomoyo_file_open+0x6b/0x90
[ 1091.209644][T19643]  security_file_open+0x84/0x1e0
[ 1091.209686][T19643]  do_dentry_open+0x596/0x1c10
[ 1091.209750][T19643]  vfs_open+0x82/0x3f0
[ 1091.209809][T19643]  path_openat+0x1de4/0x2cb0
[ 1091.209874][T19643]  ? __pfx_path_openat+0x10/0x10
[ 1091.209926][T19643]  ? __lock_acquire+0xb8a/0x1c90
[ 1091.209976][T19643]  do_filp_open+0x20b/0x470
[ 1091.210027][T19643]  ? __pfx_do_filp_open+0x10/0x10
[ 1091.210109][T19643]  ? alloc_fd+0x471/0x7d0
[ 1091.210166][T19643]  do_sys_openat2+0x11b/0x1d0
[ 1091.210207][T19643]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1091.210267][T19643]  __x64_sys_openat+0x174/0x210
[ 1091.210306][T19643]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1091.210364][T19643]  do_syscall_64+0xcd/0x490
[ 1091.210430][T19643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1091.210466][T19643] RIP: 0033:0x7f2b36b8e929
[ 1091.210496][T19643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1091.210533][T19643] RSP: 002b:00007f2b37a54038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1091.210568][T19643] RAX: ffffffffffffffda RBX: 00007f2b36db6160 RCX: 00007f2b36b8e929
[ 1091.210592][T19643] RDX: 0000000000040001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1091.210615][T19643] RBP: 00007f2b36c10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1091.210637][T19643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1091.210658][T19643] R13: 0000000000000000 R14: 00007f2b36db6160 R15: 00007ffeab161318
[ 1091.210702][T19643]  </TASK>
[ 1091.210716][T19643] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1092.597205][T19666] FAULT_INJECTION: forcing a failure.
[ 1092.597205][T19666] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1092.599355][T19666] CPU: 0 UID: 0 PID: 19666 Comm: syz.4.2943 Tainted: G     U              6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[ 1092.599394][T19666] Tainted: [U]=USER
[ 1092.599403][T19666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1092.599418][T19666] Call Trace:
[ 1092.599427][T19666]  <TASK>
[ 1092.599437][T19666]  dump_stack_lvl+0x16c/0x1f0
[ 1092.599482][T19666]  should_fail_ex+0x512/0x640
[ 1092.599523][T19666]  should_fail_alloc_page+0xe7/0x130
[ 1092.599550][T19666]  prepare_alloc_pages+0x3c2/0x610
[ 1092.599584][T19666]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 1092.599627][T19666]  ? find_held_lock+0x2b/0x80
[ 1092.599653][T19666]  ? page_table_check_set+0x627/0x750
[ 1092.599696][T19666]  ? page_table_check_set+0x631/0x750
[ 1092.599736][T19666]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1092.599777][T19666]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1092.599814][T19666]  ? const_folio_flags+0x5b/0x100
[ 1092.599841][T19666]  ? const_folio_flags+0x5b/0x100
[ 1092.599873][T19666]  ? folio_remove_rmap_pmd+0x2eb/0x7d0
[ 1092.599911][T19666]  ? split_huge_pmd_locked+0x731/0x3b20
[ 1092.599946][T19666]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1092.599992][T19666]  ? policy_nodemask+0xea/0x4e0
[ 1092.600023][T19666]  alloc_pages_mpol+0x1fb/0x550
[ 1092.600052][T19666]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1092.600080][T19666]  ? __split_huge_pmd+0x203/0x350
[ 1092.600124][T19666]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1092.600174][T19666]  vma_alloc_folio_noprof+0xed/0x1e0
[ 1092.600210][T19666]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1092.600265][T19666]  ? rcu_read_unlock+0x2d/0xb0
[ 1092.600321][T19666]  do_wp_page+0x1e5b/0x4f20
[ 1092.600371][T19666]  ? __pfx_do_wp_page+0x10/0x10
[ 1092.600413][T19666]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1092.600475][T19666]  __handle_mm_fault+0x2223/0x5490
[ 1092.600531][T19666]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1092.600575][T19666]  ? kernel_text_address+0x8d/0x100
[ 1092.600632][T19666]  ? __lock_acquire+0xb8a/0x1c90
[ 1092.600702][T19666]  handle_mm_fault+0x589/0xd10
[ 1092.600755][T19666]  __get_user_pages+0x589/0x3b80
[ 1092.600810][T19666]  ? __pfx___get_user_pages+0x10/0x10
[ 1092.600849][T19666]  ? __pfx_down_read_killable+0x10/0x10
[ 1092.600898][T19666]  __gup_longterm_locked+0x20d/0x1850
[ 1092.600950][T19666]  ? __pfx___gup_longterm_locked+0x10/0x10
[ 1092.600996][T19666]  ? find_held_lock+0x2b/0x80
[ 1092.601039][T19666]  gup_fast_fallback+0x1ab3/0x29e0
[ 1092.601106][T19666]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 1092.601139][T19666]  ? __kasan_kmalloc+0xaa/0xb0
[ 1092.601187][T19666]  ? refill_pi_state_cache+0x89/0x250
[ 1092.601227][T19666]  ? futex_lock_pi+0x175/0x7c0
[ 1092.601265][T19666]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1092.601299][T19666]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1092.601345][T19666]  get_user_pages_fast+0xa7/0xf0
[ 1092.601378][T19666]  ? __pfx_get_user_pages_fast+0x10/0x10
[ 1092.601445][T19666]  get_futex_key+0x2c6/0x1540
[ 1092.601496][T19666]  ? __pfx_get_futex_key+0x10/0x10
[ 1092.601533][T19666]  ? kasan_save_track+0x14/0x30
[ 1092.601570][T19666]  ? __kasan_kmalloc+0xaa/0xb0
[ 1092.601609][T19666]  futex_lock_pi+0x1cc/0x7c0
[ 1092.601647][T19666]  ? __pfx_futex_lock_pi+0x10/0x10
[ 1092.601680][T19666]  ? __futex_wait+0x24c/0x2f0
[ 1092.601718][T19666]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1092.601782][T19666]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1092.601826][T19666]  ? do_writev+0x218/0x340
[ 1092.601864][T19666]  do_futex+0x11a/0x350
[ 1092.601894][T19666]  ? __pfx_do_futex+0x10/0x10
[ 1092.601922][T19666]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1092.601970][T19666]  __x64_sys_futex+0x1e0/0x4c0
[ 1092.602002][T19666]  ? fput+0x70/0xf0
[ 1092.602024][T19666]  ? __pfx___x64_sys_futex+0x10/0x10
[ 1092.602055][T19666]  ? xfd_validate_state+0x61/0x180
[ 1092.602086][T19666]  ? __pfx_do_writev+0x10/0x10
[ 1092.602129][T19666]  do_syscall_64+0xcd/0x490
[ 1092.602203][T19666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1092.602230][T19666] RIP: 0033:0x7f2b36b8e929
[ 1092.602250][T19666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1092.602275][T19666] RSP: 002b:00007f2b37a96038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1092.602299][T19666] RAX: ffffffffffffffda RBX: 00007f2b36db5fa0 RCX: 00007f2b36b8e929
[ 1092.602317][T19666] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000
[ 1092.602333][T19666] RBP: 00007f2b36c10b39 R08: 0000000000000000 R09: 0000000000000006
[ 1092.602348][T19666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1092.602371][T19666] R13: 0000000000000000 R14: 00007f2b36db5fa0 R15: 00007ffeab161318
[ 1092.602404][T19666]  </TASK>
[ 1093.343282][T19678] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2944'.
[ 1093.420195][T19701] FAULT_INJECTION: forcing a failure.
[ 1093.420195][T19701] name failslab, interval 1, probability 0, space 0, times 0
[ 1093.425697][T19701] CPU: 1 UID: 0 PID: 19701 Comm: syz.3.2947 Tainted: G     U              6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[ 1093.425727][T19701] Tainted: [U]=USER
[ 1093.425733][T19701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1093.425745][T19701] Call Trace:
[ 1093.425752][T19701]  <TASK>
[ 1093.425760][T19701]  dump_stack_lvl+0x16c/0x1f0
[ 1093.425796][T19701]  should_fail_ex+0x512/0x640
[ 1093.425824][T19701]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1093.425858][T19701]  should_failslab+0xc2/0x120
[ 1093.425876][T19701]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1093.425907][T19701]  ? __alloc_skb+0x2b2/0x380
[ 1093.425940][T19701]  __alloc_skb+0x2b2/0x380
[ 1093.425968][T19701]  ? __pfx___alloc_skb+0x10/0x10
[ 1093.426001][T19701]  ? __lock_acquire+0xb8a/0x1c90
[ 1093.426030][T19701]  netlink_alloc_large_skb+0x69/0x130
[ 1093.426054][T19701]  netlink_sendmsg+0x6a1/0xdd0
[ 1093.426088][T19701]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1093.426119][T19701]  ____sys_sendmsg+0xa95/0xc70
[ 1093.426144][T19701]  ? copy_msghdr_from_user+0x10a/0x160
[ 1093.426175][T19701]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1093.426209][T19701]  ___sys_sendmsg+0x134/0x1d0
[ 1093.426241][T19701]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1093.426270][T19701]  ? __lock_acquire+0x622/0x1c90
[ 1093.426327][T19701]  __sys_sendmsg+0x16d/0x220
[ 1093.426359][T19701]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1093.426409][T19701]  do_syscall_64+0xcd/0x490
[ 1093.426443][T19701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1093.426463][T19701] RIP: 0033:0x7f724838e929
[ 1093.426479][T19701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1093.426499][T19701] RSP: 002b:00007f72461d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1093.426517][T19701] RAX: ffffffffffffffda RBX: 00007f72485b6080 RCX: 00007f724838e929
[ 1093.426531][T19701] RDX: 0000000000000038 RSI: 0000200000000b00 RDI: 0000000000000005
[ 1093.426544][T19701] RBP: 00007f72461d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1093.426556][T19701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1093.426568][T19701] R13: 0000000000000000 R14: 00007f72485b6080 R15: 00007ffc8f13ce68
[ 1093.426594][T19701]  </TASK>
[ 1094.064640][T19682] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2945'.
[ 1094.341828][T19711] phram: not enough arguments
[ 1094.579991][T19712] bridge0: port 3(vlan1) entered blocking state
[ 1094.582075][T19712] bridge0: port 3(vlan1) entered disabled state
[ 1094.590325][T19712] vlan1: entered allmulticast mode
[ 1094.600470][T19712] veth0_vlan: entered allmulticast mode
[ 1094.615867][T19712] vlan1: entered promiscuous mode
[ 1094.617119][T19712] bridge0: port 3(vlan1) entered blocking state
[ 1094.618058][T19712] bridge0: port 3(vlan1) entered forwarding state

syzkaller
syzkaller login: [ 1096.340082][T19741] FAULT_INJECTION: forcing a failure.
[ 1096.340082][T19741] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1096.342377][T19741] CPU: 0 UID: 0 PID: 19741 Comm: syz.0.2954 Tainted: G     U              6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[ 1096.342417][T19741] Tainted: [U]=USER
[ 1096.342427][T19741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1096.342443][T19741] Call Trace:
[ 1096.342452][T19741]  <TASK>
[ 1096.342462][T19741]  dump_stack_lvl+0x16c/0x1f0
[ 1096.342509][T19741]  should_fail_ex+0x512/0x640
[ 1096.342555][T19741]  _copy_to_user+0x32/0xd0
[ 1096.342600][T19741]  simple_read_from_buffer+0xcb/0x170
[ 1096.342640][T19741]  proc_fail_nth_read+0x197/0x270
[ 1096.342674][T19741]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1096.342709][T19741]  ? rw_verify_area+0xcf/0x680
[ 1096.342744][T19741]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1096.342777][T19741]  vfs_read+0x1e1/0xc60
[ 1096.342821][T19741]  ? __pfx___mutex_lock+0x10/0x10
[ 1096.342872][T19741]  ? __pfx_vfs_read+0x10/0x10
[ 1096.342921][T19741]  ? __fget_files+0x20e/0x3c0
[ 1096.342969][T19741]  ksys_read+0x12a/0x250
[ 1096.343007][T19741]  ? __pfx_ksys_read+0x10/0x10
[ 1096.343047][T19741]  ? fput+0x70/0xf0
[ 1096.343078][T19741]  do_syscall_64+0xcd/0x490
[ 1096.343123][T19741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1096.343152][T19741] RIP: 0033:0x7f7c9318d33c
[ 1096.343173][T19741] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1096.343200][T19741] RSP: 002b:00007f7c940e1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1096.343226][T19741] RAX: ffffffffffffffda RBX: 00007f7c933b5fa0 RCX: 00007f7c9318d33c
[ 1096.343245][T19741] RDX: 000000000000000f RSI: 00007f7c940e10a0 RDI: 0000000000000004
[ 1096.343262][T19741] RBP: 00007f7c940e1090 R08: 0000000000000000 R09: 0000000000000000
[ 1096.343279][T19741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1096.343295][T19741] R13: 0000000000000000 R14: 00007f7c933b5fa0 R15: 00007ffdb39f9bb8
[ 1096.343331][T19741]  </TASK>
[ 1097.467037][T19762] phram: not enough arguments
[ 1097.893505][T19772] FAULT_INJECTION: forcing a failure.
[ 1097.893505][T19772] name failslab, interval 1, probability 0, space 0, times 0
[ 1097.895570][T19772] CPU: 1 UID: 0 PID: 19772 Comm: syz.1.2962 Tainted: G     U              6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[ 1097.895605][T19772] Tainted: [U]=USER
[ 1097.895613][T19772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1097.895627][T19772] Call Trace:
[ 1097.895635][T19772]  <TASK>
[ 1097.895643][T19772]  dump_stack_lvl+0x16c/0x1f0
[ 1097.895683][T19772]  should_fail_ex+0x512/0x640
[ 1097.895715][T19772]  ? fs_reclaim_acquire+0xae/0x150
[ 1097.895745][T19772]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1097.895777][T19772]  should_failslab+0xc2/0x120
[ 1097.895799][T19772]  __kmalloc_noprof+0xd2/0x510
[ 1097.895839][T19772]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1097.895887][T19772]  tomoyo_check_open_permission+0x2ab/0x3c0
[ 1097.895916][T19772]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 1097.895972][T19772]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1097.896017][T19772]  tomoyo_file_open+0x6b/0x90
[ 1097.896053][T19772]  security_file_open+0x84/0x1e0
[ 1097.896084][T19772]  do_dentry_open+0x596/0x1c10
[ 1097.896127][T19772]  vfs_open+0x82/0x3f0
[ 1097.896154][T19772]  path_openat+0x1de4/0x2cb0
[ 1097.896197][T19772]  ? __pfx_path_openat+0x10/0x10
[ 1097.896232][T19772]  ? __lock_acquire+0xb8a/0x1c90
[ 1097.896265][T19772]  do_filp_open+0x20b/0x470
[ 1097.896298][T19772]  ? __pfx_do_filp_open+0x10/0x10
[ 1097.896379][T19772]  ? alloc_fd+0x471/0x7d0
[ 1097.896418][T19772]  do_sys_openat2+0x11b/0x1d0
[ 1097.896443][T19772]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1097.896480][T19772]  __x64_sys_openat+0x174/0x210
[ 1097.896506][T19772]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1097.896544][T19772]  do_syscall_64+0xcd/0x490
[ 1097.896582][T19772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1097.896606][T19772] RIP: 0033:0x7f2a72d8e929
[ 1097.896624][T19772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1097.896646][T19772] RSP: 002b:00007f2a73c84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1097.896667][T19772] RAX: ffffffffffffffda RBX: 00007f2a72fb6160 RCX: 00007f2a72d8e929
[ 1097.896683][T19772] RDX: 0000000000040001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1097.896698][T19772] RBP: 00007f2a72e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1097.896713][T19772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1097.896728][T19772] R13: 0000000000000000 R14: 00007f2a72fb6160 R15: 00007fff57a8cb88
[ 1097.896757][T19772]  </TASK>
[ 1097.896766][T19772] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1098.407853][   T30] audit: type=1800 audit(4294967320.827:23): pid=19780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2973" name="lu_gp_id" dev="configfs" ino=62829 res=0 errno=0
[ 1100.681972][T19806] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2970'.
[ 1101.215763][T19789] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2965'.
[ 1102.678378][T19840] netlink: 252 bytes leftover after parsing attributes in process `syz.4.2979'.


	
	


	
	

	






	

	
		




syzkaller
syzkaller login: [ 1116.067048][T20008] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3020'.
[ 1116.458363][T20021] phram: not enough arguments
[ 1116.829919][T20037] .SR: entered promiscuous mode
[ 1116.910139][T20037] Invalid ELF header magic: != ELF


	



	




	
	
	
	
	
	

	
		

	


		

		
	
		
	
	

	



			








	
	



	


	

	

	

	


















	




	





		






	

	
		
	
	
	

	

	




	
				


	



	







	

	






				








		


			

	

	
		

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1132.439487][T20247] phram: not enough arguments
[ 1133.033747][T20259] phram: not enough arguments
[ 1133.536688][T20268] phram: not enough arguments

syzkaller
syzkaller login: [ 1134.422329][T20272] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3079'.
[ 1135.367615][T20300] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3085'.
[ 1135.730640][T20305] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1136.160456][T20313] Invalid ELF header magic: != ELF
[ 1136.956628][T20320] phram: not enough arguments






	
	

	


syzkaller
syzkaller login: 	

	
		


		


	


	
	

	

	

	
		






	

	
		



	

	
		
	

	
		
	

	
		
	

	
		


		


	



syzkaller
syzkaller login: [ 1164.092748][T20715] phram: not enough arguments
[ 1164.141255][T20721] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3167'.
[ 1165.018651][T20737] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
	

	
		
	

	
		
	

	
		

syzkaller
syzkaller login: [ 1168.802718][T20780] phram: not enough arguments
[ 1169.425595][T20792] phram: not enough arguments
	

	
		



	

	
		





		


	


	

	
		
	

	
		
	

	
		


		


	


	
	
	
	
	
	

syzkaller
syzkaller login: [ 1181.987458][T20955] phram: not enough arguments
[ 1182.490930][T20960] phram: not enough arguments







syzkaller
syzkaller login: [ 1188.027744][T21050] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3236'.
[ 1188.097773][T21045] phram: not enough arguments
[ 1188.247295][T21037] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3234'.
[ 1191.069338][T21099] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3247'.

syzkaller
syzkaller login: 	

	
		


		


	


	

	
		





		


	






syzkaller
syzkaller login: [ 1203.160956][T21294] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1203.397594][T21280] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3283'.
[ 1205.474121][T21322] phram: not enough arguments
[ 1205.761696][T21332] phram: not enough arguments
[ 1208.822658][T21396] phram: not enough arguments
[ 1209.842467][T21404] phram: not enough arguments

syzkaller
syzkaller login: [ 1211.117955][T21423] phram: not enough arguments
[ 1213.396359][T21459] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1214.049231][T21477] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3323'.

syzkaller
syzkaller login: 




		


	




		


	



syzkaller
syzkaller login: [ 1227.038000][T21674] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
	

	
		

syzkaller
syzkaller login: [ 1235.478994][T21801] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1237.236546][T21833] phram: not enough arguments
	

	
		


		


	






	
[ 1242.174274][T21897] phram: not enough arguments
[ 1242.235460][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1242.236474][ T1303] ieee802154 phy1 wpan1: encryption failed: -22

syzkaller
syzkaller login: 
syzkaller
syzkaller login: 	

	
		


		


	


	

	
		
	

	
		


		


	


	

	
		





		


	




		


	



syzkaller
syzkaller login: 	

	
		


		


	




		


	


	

	
		


		


	




		


	



syzkaller
syzkaller login: [ 1276.954015][T22440] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1276.981371][T22435] phram: not enough arguments
[ 1277.143124][T22422] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3503'.

syzkaller
syzkaller login: [ 1281.205306][T22498] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3517'.
[ 1282.620003][T22524] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3524'.
[ 1284.201373][T22549] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3528'.
[ 1284.570352][T22553] phram: not enough arguments
[ 1284.579447][T22552] phram: not enough arguments
[ 1284.981354][T22568] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3534'.
[ 1287.526666][T22617] phram: not enough arguments
[ 1287.739907][T22610] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3541'.
[ 1288.522038][T22631] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: 

		


	


	

	
		

syzkaller
syzkaller login: [ 1293.900592][T22724] phram: not enough arguments
[ 1294.156949][T22731] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3565'.
[ 1295.148995][T22755] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1297.023648][T22780] phram: not enough arguments
[ 1300.037604][T22841] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
	
	
	
	
	
	



	

	
		





		


	







		


	










		


	




		


	




		


	










		


	



syzkaller
syzkaller login: [ 1324.041253][T23251] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1328.415699][T23318] phram: not enough arguments
[ 1329.360017][T23333] phram: not enough arguments
[ 1331.505596][T23367] phram: not enough arguments




syzkaller
syzkaller login: [ 1334.903196][T23437] phram: not enough arguments


		


	



syzkaller
syzkaller login: [ 1348.117516][T23684] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present


		


	










		


	





	
	
	
	
	
	








		


	



syzkaller
syzkaller login: [ 1370.788409][T24084] phram: not enough arguments

syzkaller
syzkaller login: [ 1375.711926][T24164] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1376.219291][T24174] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3843'.
[ 1376.758071][T24180] phram: not enough arguments
[ 1377.976940][T24200] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3848'.
[ 1378.291583][T24210] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3852'.


		


	



syzkaller
syzkaller login: [ 1384.438833][T24306] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3870'.
[ 1385.937723][T24335] phram: not enough arguments

syzkaller
syzkaller login: [ 1387.489757][T24363] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3884'.
[ 1389.774978][T24390] phram: not enough arguments
[ 1390.902864][T24409] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1391.300731][T24418] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3895'.
[ 1393.942059][T24457] phram: not enough arguments
[ 1395.173218][T24483] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1395.364386][T24489] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3917'.
[ 1395.737008][T24498] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1399.537200][T24562] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
	

	
		
	

	
		
	

	
		


		


	


	

	
		

syzkaller
syzkaller login: [ 1409.337616][T24736] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present




syzkaller
syzkaller login: [ 1419.286945][T24913] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1420.778535][T24943] phram: not enough arguments








		


	


	
	
	
	
	
	
[ 1426.534646][T25034] phram: not enough arguments

syzkaller
syzkaller login: [ 1426.886470][T25046] phram: not enough arguments
[ 1427.464475][T25060] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1429.432804][T25102] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: 




		


	




		


	







		


	



syzkaller
syzkaller login: [ 1445.163525][T25364] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1445.192857][T25361] phram: not enough arguments
[ 1445.989489][T25386] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1454.375818][T25522] phram: not enough arguments

syzkaller
syzkaller login: 

		


	






syzkaller
syzkaller login: [ 1460.508656][T25644] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1467.498820][T25784] phram: not enough arguments

syzkaller
syzkaller login: [ 1471.226472][T25853] phram: not enough arguments
[ 1471.824018][T25872] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4165'.
[ 1472.407816][T25888] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1474.226474][T25910] phram: not enough arguments
[ 1474.861649][T25934] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1477.590299][T25978] phram: not enough arguments
[ 1478.513350][T26003] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1485.368077][T26139] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1486.732978][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1486.739296][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1487.722047][T26159] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4219'.
[ 1489.214779][T26209] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1489.734978][T26221] phram: not enough arguments

syzkaller
syzkaller login: [ 1492.675762][T26284] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1496.464191][T26353] phram: not enough arguments
[ 1498.497054][T26370] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4259'.
[ 1498.992709][T26395] phram: not enough arguments
[ 1501.120906][T26438] phram: not enough arguments
[ 1501.228591][T26439] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1502.882692][T26444] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4277'.

syzkaller
syzkaller login: [ 1504.524267][T26491] phram: not enough arguments

syzkaller
syzkaller login: [ 1510.589614][T26621] phram: not enough arguments
[ 1512.250267][T26650] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1513.496138][T26680] phram: not enough arguments

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1516.683435][T26748] phram: not enough arguments
[ 1519.838416][T26818] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1520.648165][T26832] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1522.894519][T26878] phram: not enough arguments
[ 1524.206542][T26904] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
[ 1525.456539][T26913] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4365'.

syzkaller
syzkaller login: [ 1526.052645][T26934] phram: not enough arguments
[ 1528.160881][T26974] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1531.583850][T27022] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4383'.

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1539.114467][T27159] phram: not enough arguments
[ 1542.612235][T27229] phram: not enough arguments



	
	
	
	
	
	




syzkaller
syzkaller login: 



	: 
[ 1560.499968][T27557] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1567.520037][T27690] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1569.261309][T27720] phram: not enough arguments
[ 1571.315917][T27766] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: [ 1573.045596][T27795] phram: not enough arguments
[ 1574.489643][T27829] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present

syzkaller
syzkaller login: 
syzkaller
syzkaller login: 
syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1583.935785][T28045] phram: not enough arguments

syzkaller
syzkaller login: [ 1586.558579][T28108] phram: not enough arguments

syzkaller
syzkaller login: [ 1589.590384][T28172] phram: not enough arguments
[ 1591.963209][T28225] phram: not enough arguments

syzkaller
syzkaller login: 




		


	



syzkaller
syzkaller login: [ 1597.440218][T28350] phram: not enough arguments

syzkaller
syzkaller login: 
syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1607.431219][T28570] snd_aloop snd_aloop.0: control 16781581:65533:6:�'x?F���/��zF˷fC���:0 is already present
	
	
	
	
	
	

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1614.958072][T28716] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4694'.

syzkaller
syzkaller login: 
syzkaller
syzkaller login: 
syzkaller
syzkaller login: 
syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1626.198439][T28940] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4735'.
[ 1626.716620][T28951] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4737'.

syzkaller
syzkaller login: 
syzkaller
syzkaller login: [ 1632.957624][T29055] phram: not enough arguments
[ 1633.539560][T29067] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1633.553249][T29067] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1633.554504][T17135] ------------[ cut here ]------------
[ 1633.555315][T17135] ODEBUG: free active (active state 0) object: ffff888059c652d8 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0
[ 1633.557269][T29067] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1633.581020][T29067] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1633.582835][T17135] WARNING: CPU: 0 PID: 17135 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0
[ 1633.584222][T17135] Modules linked in:
[ 1633.584822][T17135] CPU: 0 UID: 0 PID: 17135 Comm: syz-executor Tainted: G     U              6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[ 1633.586507][T17135] Tainted: [U]=USER
[ 1633.587080][T17135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1633.588602][T17135] RIP: 0010:debug_print_object+0x1a2/0x2b0
[ 1633.589477][T17135] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 00 75 15 8c 4c 89 e6 48 c7 c7 80 69 15 8c e8 ff 8a 9c fc 90 <0f> 0b 90 90 58 83 05 16 49 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[ 1633.592344][T17135] RSP: 0018:ffffc90004a57768 EFLAGS: 00010286
[ 1633.593260][T17135] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8
[ 1633.594429][T17135] RDX: ffff888026a41e00 RSI: ffffffff817aa1b5 RDI: 0000000000000001
[ 1633.595574][T17135] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 1633.596726][T17135] R10: 0000000000000001 R11: fffffffffffcf828 R12: ffffffff8c157020
[ 1633.597867][T17135] R13: ffffffff8bafe800 R14: ffffffff8a87a800 R15: ffffc90004a57868
[ 1633.599029][T17135] FS:  0000000000000000(0000) GS:ffff88812475f000(0000) knlGS:0000000000000000
[ 1633.600430][T17135] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1633.601471][T17135] CR2: 0000001b2dbdaff8 CR3: 0000000034542000 CR4: 00000000003526f0
[ 1633.602620][T17135] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1633.603724][T17135] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1633.604825][T17135] Call Trace:
[ 1633.605303][T17135]  <TASK>
[ 1633.605763][T17135]  ? __pfx_hci_devcd_timeout+0x10/0x10
[ 1633.606567][T17135]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1633.607391][T17135]  debug_check_no_obj_freed+0x4b7/0x600
[ 1633.608352][T17135]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 1633.609269][T17135]  ? rcu_is_watching+0x12/0xc0
[ 1633.610011][T17135]  ? kmem_cache_free+0x2d1/0x4d0
[ 1633.610767][T17135]  kfree+0x28f/0x4d0
[ 1633.611375][T17135]  ? hci_release_dev+0x4d8/0x600
[ 1633.612177][T17135]  hci_release_dev+0x4d8/0x600
[ 1633.612899][T17135]  ? __pfx_hci_release_dev+0x10/0x10
[ 1633.614993][T17135]  ? rcu_is_watching+0x12/0xc0
[ 1633.615720][T17135]  ? kfree+0x24f/0x4d0
[ 1633.616365][T17135]  bt_host_release+0x6a/0xb0
[ 1633.617087][T17135]  ? __pfx_bt_host_release+0x10/0x10
[ 1633.617868][T17135]  device_release+0xa1/0x240
[ 1633.619681][T17135]  kobject_put+0x1e7/0x5a0
[ 1633.620356][T17135]  ? __pfx_vhci_release+0x10/0x10
[ 1633.621150][T17135]  put_device+0x1f/0x30
[ 1633.621805][T17135]  vhci_release+0x81/0xf0
[ 1633.622438][T17135]  __fput+0x3ff/0xb70
[ 1633.623023][T17135]  task_work_run+0x14d/0x240
[ 1633.623709][T17135]  ? __pfx_task_work_run+0x10/0x10
[ 1633.624554][T17135]  do_exit+0x86c/0x2bd0
[ 1633.625198][T17135]  ? __pfx_do_exit+0x10/0x10
[ 1633.625913][T17135]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1633.626640][T17135]  ? find_held_lock+0x2b/0x80
[ 1633.627330][T17135]  do_group_exit+0xd3/0x2a0
[ 1633.628150][T17135]  get_signal+0x2673/0x26d0
[ 1633.628829][T17135]  ? __pfx_get_signal+0x10/0x10
[ 1633.629531][T17135]  arch_do_signal_or_restart+0x8f/0x790
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1633.630353][T17135]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1633.631340][T17135]  ? ksys_read+0x1ac/0x250
[ 1633.632047][T17135]  ? __pfx_ksys_read+0x10/0x10
[ 1633.632898][T17135]  exit_to_user_mode_loop+0x84/0x110
[ 1633.633746][T17135]  do_syscall_64+0x3f6/0x490
[ 1633.634452][T17135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1633.635401][T17135] RIP: 0033:0x7f7c9318d33c
[ 1633.636080][T17135] Code: Unable to access opcode bytes at 0x7f7c9318d312.
[ 1633.637119][T17135] RSP: 002b:00007ffdb39f9f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1633.638373][T17135] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f7c9318d33c
[ 1633.639548][T17135] RDX: 0000000000000030 RSI: 00007ffdb39f9fd0 RDI: 00000000000000f9
[ 1633.640732][T17135] RBP: 00007ffdb39f9f7c R08: 0000000000000000 R09: 0079746972756365
[ 1633.641915][T17135] R10: 00007ffdb39f98d0 R11: 0000000000000246 R12: 0000000000000258
[ 1633.643037][T17135] R13: 00000000000927c0 R14: 000000000018f494 R15: 00007ffdb39f9fd0
[ 1633.644235][T17135]  </TASK>
[ 1633.644724][T17135] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1633.645794][T17135] CPU: 0 UID: 0 PID: 17135 Comm: syz-executor Tainted: G     U              6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[ 1633.647567][T17135] Tainted: [U]=USER
[ 1633.648141][T17135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1633.649641][T17135] Call Trace:
[ 1633.650124][T17135]  <TASK>
[ 1633.650641][T17135]  dump_stack_lvl+0x3d/0x1f0
[ 1633.651447][T17135]  panic+0x71c/0x800
[ 1633.652072][T17135]  ? __pfx_panic+0x10/0x10
[ 1633.652748][T17135]  ? show_trace_log_lvl+0x29b/0x3e0
[ 1633.653553][T17135]  ? check_panic_on_warn+0x1f/0xb0
[ 1633.654472][T17135]  ? debug_print_object+0x1a2/0x2b0
[ 1633.655244][T17135]  check_panic_on_warn+0xab/0xb0
[ 1633.655988][T17135]  __warn+0xf6/0x3c0
[ 1633.656574][T17135]  ? debug_print_object+0x1a2/0x2b0
[ 1633.657336][T17135]  report_bug+0x3c3/0x580
[ 1633.658020][T17135]  ? debug_print_object+0x1a2/0x2b0
[ 1633.658771][T17135]  handle_bug+0x184/0x210
[ 1633.659435][T17135]  exc_invalid_op+0x17/0x50
[ 1633.660084][T17135]  asm_exc_invalid_op+0x1a/0x20
[ 1633.660844][T17135] RIP: 0010:debug_print_object+0x1a2/0x2b0
[ 1633.661752][T17135] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 00 75 15 8c 4c 89 e6 48 c7 c7 80 69 15 8c e8 ff 8a 9c fc 90 <0f> 0b 90 90 58 83 05 16 49 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[ 1633.664455][T17135] RSP: 0018:ffffc90004a57768 EFLAGS: 00010286
[ 1633.665383][T17135] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8
[ 1633.666547][T17135] RDX: ffff888026a41e00 RSI: ffffffff817aa1b5 RDI: 0000000000000001
[ 1633.667704][T17135] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 1633.668850][T17135] R10: 0000000000000001 R11: fffffffffffcf828 R12: ffffffff8c157020
[ 1633.669995][T17135] R13: ffffffff8bafe800 R14: ffffffff8a87a800 R15: ffffc90004a57868
[ 1633.671136][T17135]  ? __pfx_hci_devcd_timeout+0x10/0x10
[ 1633.671996][T17135]  ? __warn_printk+0x198/0x350
[ 1633.672739][T17135]  ? __warn_printk+0x1a5/0x350
[ 1633.673497][T17135]  ? debug_print_object+0x1a1/0x2b0
[ 1633.674267][T17135]  ? __pfx_hci_devcd_timeout+0x10/0x10
[ 1633.675077][T17135]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1633.675961][T17135]  debug_check_no_obj_freed+0x4b7/0x600
[ 1633.676793][T17135]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 1633.677668][T17135]  ? rcu_is_watching+0x12/0xc0
[ 1633.678489][T17135]  ? kmem_cache_free+0x2d1/0x4d0
[ 1633.679250][T17135]  kfree+0x28f/0x4d0
[ 1633.679826][T17135]  ? hci_release_dev+0x4d8/0x600
[ 1633.680604][T17135]  hci_release_dev+0x4d8/0x600
[ 1633.681348][T17135]  ? __pfx_hci_release_dev+0x10/0x10
[ 1633.682180][T17135]  ? rcu_is_watching+0x12/0xc0
[ 1633.682857][T17135]  ? kfree+0x24f/0x4d0
[ 1633.683453][T17135]  bt_host_release+0x6a/0xb0
[ 1633.684110][T17135]  ? __pfx_bt_host_release+0x10/0x10
[ 1633.684874][T17135]  device_release+0xa1/0x240
[ 1633.685536][T17135]  kobject_put+0x1e7/0x5a0
[ 1633.686187][T17135]  ? __pfx_vhci_release+0x10/0x10
[ 1633.686922][T17135]  put_device+0x1f/0x30
[ 1633.687528][T17135]  vhci_release+0x81/0xf0
[ 1633.688181][T17135]  __fput+0x3ff/0xb70
[ 1633.688817][T17135]  task_work_run+0x14d/0x240
[ 1633.689538][T17135]  ? __pfx_task_work_run+0x10/0x10
[ 1633.690383][T17135]  do_exit+0x86c/0x2bd0
[ 1633.691059][T17135]  ? __pfx_do_exit+0x10/0x10
[ 1633.691774][T17135]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1633.692528][T17135]  ? find_held_lock+0x2b/0x80
[ 1633.693212][T17135]  do_group_exit+0xd3/0x2a0
[ 1633.693906][T17135]  get_signal+0x2673/0x26d0
[ 1633.694608][T17135]  ? __pfx_get_signal+0x10/0x10
[ 1633.695388][T17135]  arch_do_signal_or_restart+0x8f/0x790
[ 1633.696195][T17135]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1633.697082][T17135]  ? ksys_read+0x1ac/0x250
[ 1633.697765][T17135]  ? __pfx_ksys_read+0x10/0x10
[ 1633.698489][T17135]  exit_to_user_mode_loop+0x84/0x110
[ 1633.699289][T17135]  do_syscall_64+0x3f6/0x490
[ 1633.700027][T17135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1633.700900][T17135] RIP: 0033:0x7f7c9318d33c
[ 1633.701645][T17135] Code: Unable to access opcode bytes at 0x7f7c9318d312.
[ 1633.702654][T17135] RSP: 002b:00007ffdb39f9f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1633.703804][T17135] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f7c9318d33c
[ 1633.704928][T17135] RDX: 0000000000000030 RSI: 00007ffdb39f9fd0 RDI: 00000000000000f9
[ 1633.706013][T17135] RBP: 00007ffdb39f9f7c R08: 0000000000000000 R09: 0079746972756365
[ 1633.707132][T17135] R10: 00007ffdb39f98d0 R11: 0000000000000246 R12: 0000000000000258
[ 1633.708218][T17135] R13: 00000000000927c0 R14: 000000000018f494 R15: 00007ffdb39f9fd0
[ 1633.709347][T17135]  </TASK>
[ 1633.710182][T17135] Kernel Offset: disabled
[ 1633.710839][T17135] Rebooting in 86400 seconds..