last executing test programs: 14.233768039s ago: executing program 0 (id=2373): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x284000, 0x0) r0 = socket(0x200000000000011, 0x2, 0x24) ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'}) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nbd10\x00', 0x2800, 0x0) ioctl$auto_BLKALIGNOFF(r1, 0x127a, 0x0) socket(0x15, 0x5, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x20401, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r3, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000140)=""/12, 0xc) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x9) fcntl$auto(r1, 0x5, 0xffffffffffffffff) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f00000001c0)={{@raw=0xfff, 0x100110d, 0xfffd, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x6, 0x0, 0x4, @raw=0x404, @enumerated={0x55d3, 0x7, "bf154d70dcfcea02faacb07c4222db1f207fdb681dc9b0bf2c6c9ce16d51ebc73df6a7aa16659cd5e4dc8374caf945548e604179f1f87c3bd8701d3d5c3d998c", 0xffffffffffffffff, 0x91e0}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)='-7', 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/blank\x00', 0xa001, 0x0) write$auto(r5, &(0x7f0000000140)='7\x00\xb1\x9a\xc0\xf9\xc0e\xd2T\xbe\xb6I\x9d\xd9\x18\xf5\x91\xbfq\xfe\xf2\x9a\x02\x9fC0xb\xccW(\xc1n+\n|5\xa5\x9c=^\xf1\x11H\x1c\xf73\x16\xd2\a\xfaw\xcc\xf1\xff7\xab\xa1\xeaF\x04\x17\x99\xd3\xd1\x83\xccG^\xbbdC\x8a\n\x88\xbcW@+\xafD\xd1\x8a\xc13W\xf66\x86\xe5\xee\xa7\x1d\x0f\x90\x00\xcf\xdb\xf5\xbf\xd4\xc8\x84\xb3\xeeb\xb0\xc7kN\x80\x93\xfd\x89\xe1\xc9tp\xd4jm\x7f\xf0a\xc3\x02\x14\xcf\xcf\\e!\a\x82\t,\xa7\x00\xbd&\xcax\xf8P\xc1\x8f\x87\x83\x0f\x93z', 0x1) 13.170109144s ago: executing program 0 (id=2377): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = gettid() process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) r4 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) ioctl$auto_TUNSETDEBUG(r4, 0x400454c9, &(0x7f00000001c0)=0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 11.457925545s ago: executing program 0 (id=2378): socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r1 = gettid() process_vm_writev$auto(r1, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 10.366817295s ago: executing program 0 (id=2382): mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x101142, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, &(0x7f0000000240)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0x5, 0x8, 0x5}, 0x0, 0x0, 0x1, 0xfff, 0x0, 0x7, 0x9, 0x4, 0x9, 0xf}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x109401, 0x0) ioctl$auto(r2, 0x540a, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) mincore$auto(0x1000, 0x8001, 0x0) madvise$auto(0x2, 0x5c61fa2c, 0xf) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x40010}, 0x800) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) write$auto(0x4, 0x0, 0x100082) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r4, 0x5408, r4) setsockopt$auto(0xffffffffffffffff, 0x11, 0x66, 0x0, 0x8) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r5, &(0x7f0000000240)="1c520b214b197e", 0x7) unshare$auto(0x40000080) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) 7.874219176s ago: executing program 0 (id=2388): r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') socket(0xa, 0x1, 0x100) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x1000005, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101002, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x11a001, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioprio_set$auto(0x3, 0x0, 0x4b34) madvise$auto(0x16, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x204}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x9}, @HSR_A_IF2_AGE={0x8, 0x4, 0x973}]}, 0x60}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) 7.226968528s ago: executing program 2 (id=2389): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = gettid() process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) pread64$auto(r4, 0x0, 0x8, 0xffff) r5 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) ioctl$auto_TUNSETDEBUG(r5, 0x400454c9, &(0x7f00000001c0)=0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) 6.752894615s ago: executing program 3 (id=2391): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = gettid() process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) pread64$auto(r3, 0x0, 0x8, 0xffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) 5.771696779s ago: executing program 3 (id=2393): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x284000, 0x0) r0 = socket(0x200000000000011, 0x2, 0x24) ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'}) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nbd10\x00', 0x2800, 0x0) ioctl$auto_BLKALIGNOFF(r1, 0x127a, 0x0) socket(0x15, 0x5, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x20401, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), r2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r3, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip6_mr_vif\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000140)=""/12, 0xc) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iosched/write_expire\x00', 0x20681, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x9) fcntl$auto(r1, 0x5, 0xffffffffffffffff) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f00000001c0)={{@raw=0xfff, 0x100110d, 0xfffd, 0x6, "e927783f468fa2e92fe8ec7a46cbb766439daa1ee1aa0000000000040000660e0701000000000000008000"}, 0x6, 0x0, 0x4, @raw=0x404, @enumerated={0x55d3, 0x7, "bf154d70dcfcea02faacb07c4222db1f207fdb681dc9b0bf2c6c9ce16d51ebc73df6a7aa16659cd5e4dc8374caf945548e604179f1f87c3bd8701d3d5c3d998c", 0xffffffffffffffff, 0x91e0}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)='-7', 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/blank\x00', 0xa001, 0x0) write$auto(r5, &(0x7f0000000140)='7\x00\xb1\x9a\xc0\xf9\xc0e\xd2T\xbe\xb6I\x9d\xd9\x18\xf5\x91\xbfq\xfe\xf2\x9a\x02\x9fC0xb\xccW(\xc1n+\n|5\xa5\x9c=^\xf1\x11H\x1c\xf73\x16\xd2\a\xfaw\xcc\xf1\xff7\xab\xa1\xeaF\x04\x17\x99\xd3\xd1\x83\xccG^\xbbdC\x8a\n\x88\xbcW@+\xafD\xd1\x8a\xc13W\xf66\x86\xe5\xee\xa7\x1d\x0f\x90\x00\xcf\xdb\xf5\xbf\xd4\xc8\x84\xb3\xeeb\xb0\xc7kN\x80\x93\xfd\x89\xe1\xc9tp\xd4jm\x7f\xf0a\xc3\x02\x14\xcf\xcf\\e!\a\x82\t,\xa7\x00\xbd&\xcax\xf8P\xc1\x8f\x87\x83\x0f\x93z', 0x1) 5.75667613s ago: executing program 2 (id=2394): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = gettid() process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) pread64$auto(r4, 0x0, 0x8, 0xffff) r5 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) ioctl$auto_TUNSETDEBUG(r5, 0x400454c9, &(0x7f00000001c0)=0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) 5.654279454s ago: executing program 1 (id=2395): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) gettid() close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) pread64$auto(r3, 0x0, 0x8, 0xffff) io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) 4.760612882s ago: executing program 3 (id=2396): madvise$auto(0x0, 0xffffffffffff0006, 0x55) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000200)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) ioctl$auto(0x3, 0x402c542c, 0x38) ioctl$auto(0x3, 0x402c542b, 0x38) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x20000810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0x12, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) acct$auto(&(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_\xf6\r\x00\x00default_nu_gp/lu_gp_id\x1f\xd7\xba(-\xc4*e\xff\xad\xbae\xd9.\xff\x19\x9fx\xa4f\xb7U9\xae7\xf6n\x17f\xe9nt\a\x1aD\xdeo\vT\x8b\xb2D1\xd1\xf7#\xe2\xb5\'U}W\xbb\xa6\x9d\xaeD\xb2\xa8t\xff\xa3\xa5\x93p\xb3\xee~\xd3\xaca\"\x956#\xf6\xc2\x92p\x83\x8fT\xaa\xeby\x89\a\x81\x97A\x98&\x86\x11$\xf94\xb4\xaf\xc9\x81Qb\x14F.E\xde\xd6\x10\x8b\xa7\vve|\xe9\xa3d\x13\xd8J\xfc\xeap\xba\xe7VMk\xe9\x9c\xdf\xbf\xc2\xa05\x9f\xdcI\xa2/\xc1W\xf9\xfc\x86n\x8e\x9a:\x92\xb4d\x8d\t\x859\n\x8f\xab\xed\xfd\x81\xad\xc1\xc2\x0f_Ic') r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/phram/parameters/phram\x00', 0x4a481, 0x0) write$auto(r1, 0x0, 0x81) connect$auto(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0xd}}, 0x54) write$auto(0x3, 0x0, 0xfffffdef) prctl$auto(0x5, 0x2000000001, 0x0, 0x1, 0x0) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000001000)='/dev/cec6\x00', 0x100000, 0x0) ioctl$auto_CEC_ADAP_G_CONNECTOR_INFO(r2, 0x8044610a, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 4.756729142s ago: executing program 2 (id=2397): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) process_vm_writev$auto(0x0, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 3.996899781s ago: executing program 1 (id=2398): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000011c0)='./cgroup.cpu/hugetlb.1GB.rsvd.failcnt\x00', 0x40300, 0x0) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x104) read$auto(r0, 0x0, 0x35cb) socket$nl_generic(0x10, 0x3, 0x10) socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x2, 0x2, 0x0) bind$auto(0xffffffffffffffff, 0x0, 0x67) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x9, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x8000001f, 0x2, 0x6d3c, 0x9, 0x2, 0x6]}, 0x0) 3.693373744s ago: executing program 2 (id=2399): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = gettid() process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) pread64$auto(r3, 0x0, 0x8, 0xffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) 3.680389399s ago: executing program 3 (id=2400): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) r1 = gettid() process_vm_writev$auto(r1, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 3.093478795s ago: executing program 1 (id=2401): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = gettid() process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) pread64$auto(r3, 0x0, 0x8, 0xffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) 2.6583098s ago: executing program 3 (id=2402): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) process_vm_writev$auto(0x0, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 2.657301878s ago: executing program 2 (id=2409): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = gettid() process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) pread64$auto(r4, 0x0, 0x8, 0xffff) r5 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) ioctl$auto_TUNSETDEBUG(r5, 0x400454c9, &(0x7f00000001c0)=0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) 2.125814796s ago: executing program 1 (id=2403): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = gettid() process_vm_writev$auto(r0, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 1.421549137s ago: executing program 3 (id=2404): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) process_vm_writev$auto(0x0, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) pread64$auto(r3, 0x0, 0x8, 0xffff) io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) 1.384216009s ago: executing program 1 (id=2405): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = gettid() process_vm_writev$auto(r1, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 1.275251631s ago: executing program 2 (id=2406): r0 = open(&(0x7f00000001c0)='./cgroup\x00', 0x2b8280, 0xde) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/platform/vhci_hcd.9/usb27/27-0:1.0/usb27-port1/early_stop\x00', 0x80302, 0x0) sendfile$auto(r1, r1, 0x0, 0x2001) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000340), 0x40a40, 0x0) set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) mmap$auto(0x0, 0x3, 0x3, 0xeb1, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) readv$auto(r2, &(0x7f00000000c0)={0x0, 0x5}, 0x3) ioctl$auto_TIOCVHANGUP2(r2, 0x5437, 0x0) mmap$auto(0x0, 0x2420009, 0x3, 0xebe, 0xfffffffffffffffa, 0xb) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x1010001, 0x100000003) read$auto(r3, 0x0, 0x20) mmap$auto(0xff0f200000000000, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000a40), 0xffffffffffffffff) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x18, 0x0, 0x401, 0x70bd2a, 0x25dfdbfe, {}, [@THERMAL_GENL_ATTR_TZ_GOV_NAME={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x24004080}, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0xc844}, 0x0) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200006, 0x19) shmctl$auto_IPC_STAT(0x4, 0x2, 0x0) getsockopt$auto_SO_GET_FILTER(r0, 0x4, 0x1a, 0x0, &(0x7f0000000040)=0x81) bpf$auto(0x8, &(0x7f00000000c0)=@info={r0, 0x2b, 0x200000007fff}, 0x8) 84.869975ms ago: executing program 0 (id=2392): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) process_vm_writev$auto(0x0, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) 0s ago: executing program 1 (id=2407): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0xa, 0x1, 0x100) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xe2, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mtd\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, 0x0, 0x4d) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r3 = gettid() process_vm_writev$auto(r3, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/oss_mixer\x00', 0x2802, 0x0) r4 = io_uring_setup$auto(0x8, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x8, 0x8, r2, [], {0x6, 0x6, 0xf, 0x8, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) ioctl$auto_TUNSETDEBUG(r4, 0x400454c9, &(0x7f00000001c0)=0x7) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) kernel console output (not intermixed with test programs): 284543][ T8772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 303.284557][ T8772] RBP: 00007f1571e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 303.284572][ T8772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 303.284586][ T8772] R13: 0000000000000000 R14: 00007f1571fb5fa0 R15: 00007ffc2af65518 [ 303.284619][ T8772]                                                                                                                                                             syzkaller syzkaller login: [ 310.669181][ T8872] phram: not enough arguments [ 310.964033][ T8878] net_ratelimit: 21 callbacks suppressed [ 310.964048][ T8878] openvswitch: netlink: IP tunnel dst address not specified                                                 syzkaller syzkaller login: [ 317.118750][ T8970] netlink: 330 bytes leftover after parsing attributes in process `syz.1.589'. [ 317.145455][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.146453][ T1301] ieee802154 phy1 wpan1: encryption failed: -22                                                          syzkaller syzkaller login: [ 321.270262][ T9030] phram: not enough arguments                                                                                                                                                         syzkaller syzkaller login: [ 329.631865][ T9174] input input9: cannot allocate more than FF_MAX_EFFECTS effects [ 329.644544][ T9174] random: crng reseeded on system resumption [ 330.862844][ T9178] netlink: 330 bytes leftover after parsing attributes in process `syz.1.634'. [ 331.527198][ T9207] sg_write: process 671 (syz.0.641) changed security contexts after opening file descriptor, this is not allowed. [ 331.930410][ T9212] phram: not enough arguments syzkaller syzkaller login: [ 332.513903][ T9204] netlink: 330 bytes leftover after parsing attributes in process `syz.2.640'.                                                                                                                      syzkaller syzkaller login: [ 338.214058][ T9308] Setting dangerous option i915.mitigations - tainting kernel [ 339.124358][ T9304] netlink: 330 bytes leftover after parsing attributes in process `syz.3.657'.  syzkaller syzkaller login: [ 341.405717][ T9362] Setting dangerous option i915.mitigations - tainting kernel [ 341.632412][ T7308] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 343.757314][ T9389] netlink: 330 bytes leftover after parsing attributes in process `syz.0.677'. [ 344.346120][ T9404] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.2.681: 7 [ 344.550118][ T9408] netlink: 'syz.3.683': attribute type 11 has an invalid length. [ 344.582680][ T9408] netlink: 'syz.3.683': attribute type 11 has an invalid length. [ 344.583968][ T9408] netlink: 132 bytes leftover after parsing attributes in process `syz.3.683'. [ 344.585266][ T9408] netlink: 'syz.3.683': attribute type 11 has an invalid length. [ 344.654496][ T9416] FAULT_INJECTION: forcing a failure. [ 344.654496][ T9416] name failslab, interval 1, probability 0, space 0, times 0 [ 344.656335][ T9416] CPU: 1 UID: 0 PID: 9416 Comm: syz.0.685 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 344.656369][ T9416] Tainted: [U]=USER [ 344.656376][ T9416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 344.656388][ T9416] Call Trace: [ 344.656396][ T9416] [ 344.656404][ T9416] dump_stack_lvl+0x16c/0x1f0 [ 344.656442][ T9416] should_fail_ex+0x512/0x640 [ 344.656471][ T9416] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 344.656506][ T9416] should_failslab+0xc2/0x120 [ 344.656528][ T9416] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 344.656557][ T9416] ? vma_merge_new_range+0x37f/0xa00 [ 344.656585][ T9416] ? vm_area_alloc+0x1f/0x160 [ 344.656616][ T9416] vm_area_alloc+0x1f/0x160 [ 344.656642][ T9416] __mmap_region+0xf0a/0x25e0 [ 344.656676][ T9416] ? __pfx___mmap_region+0x10/0x10 [ 344.656704][ T9416] ? find_held_lock+0x2b/0x80 [ 344.656730][ T9416] ? finish_task_switch.isra.0+0x221/0xc10 [ 344.656752][ T9416] ? lockdep_hardirqs_on+0x7c/0x110 [ 344.656781][ T9416] ? finish_task_switch.isra.0+0x221/0xc10 [ 344.656803][ T9416] ? rcu_is_watching+0x12/0xc0 [ 344.656824][ T9416] ? trace_sched_exit_tp+0xde/0x130 [ 344.656848][ T9416] ? __schedule+0x1181/0x5de0 [ 344.656874][ T9416] ? kvm_sched_clock_read+0x11/0x20 [ 344.656952][ T9416] ? trace_cap_capable+0x18d/0x200 [ 344.656983][ T9416] mmap_region+0x1ab/0x3f0 [ 344.657012][ T9416] ? __get_unmapped_area+0x267/0x440 [ 344.657039][ T9416] do_mmap+0xa3e/0x1210 [ 344.657067][ T9416] ? __pfx_do_mmap+0x10/0x10 [ 344.657090][ T9416] ? __pfx_down_write_killable+0x10/0x10 [ 344.657118][ T9416] vm_mmap_pgoff+0x281/0x450 [ 344.657146][ T9416] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 344.657174][ T9416] ? __x64_sys_futex+0x1e0/0x4c0 [ 344.657198][ T9416] ? __x64_sys_futex+0x1e9/0x4c0 [ 344.657227][ T9416] ksys_mmap_pgoff+0x7d/0x5c0 [ 344.657248][ T9416] ? xfd_validate_state+0x61/0x180 [ 344.657274][ T9416] ? __pfx_do_writev+0x10/0x10 [ 344.657304][ T9416] __x64_sys_mmap+0x125/0x190 [ 344.657343][ T9416] do_syscall_64+0xcd/0x490 [ 344.657378][ T9416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.657400][ T9416] RIP: 0033:0x7f1571d8e929 [ 344.657417][ T9416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.657440][ T9416] RSP: 002b:00007f1572ba5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 344.657460][ T9416] RAX: ffffffffffffffda RBX: 00007f1571fb6080 RCX: 00007f1571d8e929 [ 344.657475][ T9416] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 344.657487][ T9416] RBP: 00007f1571e10b39 R08: fffffffffffffffa R09: 0000000000008000 [ 344.657501][ T9416] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 344.657515][ T9416] R13: 0000000000000000 R14: 00007f1571fb6080 R15: 00007ffc2af65518 [ 344.657545][ T9416] [ 345.131329][ T9414] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 345.159948][ T9423] phram: not enough arguments syzkaller syzkaller login: [ 346.811926][ T9436] netlink: 330 bytes leftover after parsing attributes in process `syz.3.690'. [ 346.959829][ T9455] FAULT_INJECTION: forcing a failure. [ 346.959829][ T9455] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 346.961766][ T9455] CPU: 0 UID: 0 PID: 9455 Comm: syz.2.693 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 346.961787][ T9455] Tainted: [U]=USER [ 346.961792][ T9455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 346.961800][ T9455] Call Trace: [ 346.961806][ T9455] [ 346.961811][ T9455] dump_stack_lvl+0x16c/0x1f0 [ 346.961838][ T9455] should_fail_ex+0x512/0x640 [ 346.961861][ T9455] _copy_to_user+0x32/0xd0 [ 346.961885][ T9455] simple_read_from_buffer+0xcb/0x170 [ 346.961905][ T9455] proc_fail_nth_read+0x197/0x270 [ 346.961922][ T9455] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 346.961940][ T9455] ? rw_verify_area+0xcf/0x680 [ 346.961958][ T9455] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 346.961974][ T9455] vfs_read+0x1e1/0xc60 [ 346.961996][ T9455] ? __pfx___mutex_lock+0x10/0x10 [ 346.962018][ T9455] ? __pfx_vfs_read+0x10/0x10 [ 346.962043][ T9455] ? __fget_files+0x20e/0x3c0 [ 346.962067][ T9455] ksys_read+0x12a/0x250 [ 346.962087][ T9455] ? __pfx_ksys_read+0x10/0x10 [ 346.962118][ T9455] do_syscall_64+0xcd/0x490 [ 346.962142][ T9455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.962157][ T9455] RIP: 0033:0x7fe141b8d33c [ 346.962168][ T9455] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 346.962181][ T9455] RSP: 002b:00007fe14299b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 346.962194][ T9455] RAX: ffffffffffffffda RBX: 00007fe141db5fa0 RCX: 00007fe141b8d33c [ 346.962204][ T9455] RDX: 000000000000000f RSI: 00007fe14299b0a0 RDI: 0000000000000004 [ 346.962212][ T9455] RBP: 00007fe14299b090 R08: 0000000000000000 R09: 0000000000000000 [ 346.962220][ T9455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 346.962228][ T9455] R13: 0000000000000000 R14: 00007fe141db5fa0 R15: 00007ffcef08c048 [ 346.962246][ T9455] [ 347.770474][ T9464] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.3.696: 7 [ 348.017319][ T9468] syz.1.697 (9468): attempted to duplicate a private mapping with mremap. This is not supported. [ 348.260625][ T9458] netlink: 330 bytes leftover after parsing attributes in process `syz.2.694'.                                                                                                                                                                                                                                                                                                                       syzkaller syzkaller login: [ 350.494938][ T9511] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.3.707: 7 [ 351.208828][ T9509] netlink: 330 bytes leftover after parsing attributes in process `syz.2.706'. [ 351.434293][ T9525] sysfs_service_op_show: Client not running :-5: [ 351.868695][ T9520] netlink: 330 bytes leftover after parsing attributes in process `syz.1.708'. [ 353.538634][ T9567] input input11: cannot allocate more than FF_MAX_EFFECTS effects [ 353.568545][ T9567] random: crng reseeded on system resumption syzkaller syzkaller login: [ 354.020680][ T9573] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.0.720: 7                                                                                                                   syzkaller syzkaller login: [ 357.569931][ T9625] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.3.730: 7 [ 357.624484][ T9627] phram: not enough arguments [ 358.118653][ T9632] phram: not enough arguments [ 358.145287][ T9632] FAULT_INJECTION: forcing a failure. [ 358.145287][ T9632] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 358.147137][ T9632] CPU: 1 UID: 0 PID: 9632 Comm: syz.0.732 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 358.147173][ T9632] Tainted: [U]=USER [ 358.147181][ T9632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 358.147194][ T9632] Call Trace: [ 358.147203][ T9632] [ 358.147212][ T9632] dump_stack_lvl+0x16c/0x1f0 [ 358.147250][ T9632] should_fail_ex+0x512/0x640 [ 358.147288][ T9632] _copy_to_iter+0x29f/0x16f0 [ 358.147333][ T9632] ? __pfx__copy_to_iter+0x10/0x10 [ 358.147368][ T9632] ? __lock_acquire+0xb8a/0x1c90 [ 358.147405][ T9632] ? kernel_text_address+0x8d/0x100 [ 358.147445][ T9632] simple_copy_to_iter+0x46/0x90 [ 358.147476][ T9632] __skb_datagram_iter+0x5af/0x900 [ 358.147504][ T9632] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 358.147544][ T9632] skb_copy_datagram_iter+0x40/0x50 [ 358.147577][ T9632] mptcp_recvmsg+0x5ac/0x2230 [ 358.147629][ T9632] ? __pfx_mptcp_recvmsg+0x10/0x10 [ 358.147666][ T9632] ? __pfx___might_resched+0x10/0x10 [ 358.147699][ T9632] ? aa_sk_perm+0x2f4/0xb10 [ 358.147729][ T9632] ? __pfx_mptcp_recvmsg+0x10/0x10 [ 358.147759][ T9632] inet_recvmsg+0x472/0x6a0 [ 358.147788][ T9632] ? __fget_files+0x204/0x3c0 [ 358.147819][ T9632] ? __pfx_inet_recvmsg+0x10/0x10 [ 358.147862][ T9632] sock_recvmsg+0x1b2/0x250 [ 358.147891][ T9632] __sys_recvfrom+0x203/0x310 [ 358.147923][ T9632] ? 0xffffffff81000000 [ 358.147942][ T9632] ? __pfx___sys_recvfrom+0x10/0x10 [ 358.148009][ T9632] ? ksys_write+0x1ac/0x250 [ 358.148042][ T9632] ? __pfx_ksys_write+0x10/0x10 [ 358.148087][ T9632] __x64_sys_recvfrom+0xe0/0x1c0 [ 358.148119][ T9632] ? do_syscall_64+0x91/0x490 [ 358.148152][ T9632] ? lockdep_hardirqs_on+0x7c/0x110 [ 358.148185][ T9632] do_syscall_64+0xcd/0x490 [ 358.148222][ T9632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.148247][ T9632] RIP: 0033:0x7f1571d8e929 [ 358.148266][ T9632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.148289][ T9632] RSP: 002b:00007f1572bc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 358.148311][ T9632] RAX: ffffffffffffffda RBX: 00007f1571fb5fa0 RCX: 00007f1571d8e929 [ 358.148327][ T9632] RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 358.148342][ T9632] RBP: 00007f1572bc6090 R08: 0000000000000000 R09: ffffffff81000000 [ 358.148358][ T9632] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 358.148372][ T9632] R13: 0000000000000000 R14: 00007f1571fb5fa0 R15: 00007ffc2af65518 [ 358.148395][ T9632] ? 0xffffffff81000000 [ 358.148422][ T9632] [ 358.656493][ T9645] phram: not enough arguments [ 359.454952][ T9650] netlink: 330 bytes leftover after parsing attributes in process `syz.3.738'. syzkaller syzkaller login: [ 361.399646][ T9690] bridge0: port 3(team0) entered blocking state [ 361.401117][ T9690] bridge0: port 3(team0) entered disabled state [ 361.402218][ T9690] team0: entered allmulticast mode [ 361.403686][ T9690] team_slave_0: entered allmulticast mode [ 361.404539][ T9690] team_slave_1: entered allmulticast mode [ 361.408891][ T9690] team0: entered promiscuous mode [ 361.409863][ T9690] team_slave_0: entered promiscuous mode [ 361.415075][ T9690] team_slave_1: entered promiscuous mode [ 361.421370][ T9690] bridge0: port 3(team0) entered blocking state [ 361.422452][ T9690] bridge0: port 3(team0) entered forwarding state syzkaller syzkaller login: [ 364.932624][ T9744] sysfs_service_op_show: Client not running :-5: [ 365.051825][ T9742] phram: not enough arguments [ 365.375370][ T9751] FAULT_INJECTION: forcing a failure. [ 365.375370][ T9751] name failslab, interval 1, probability 0, space 0, times 0 [ 365.377971][ T9751] CPU: 0 UID: 0 PID: 9751 Comm: syz.3.758 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 365.378010][ T9751] Tainted: [U]=USER [ 365.378018][ T9751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 365.378032][ T9751] Call Trace: [ 365.378040][ T9751] [ 365.378049][ T9751] dump_stack_lvl+0x16c/0x1f0 [ 365.378092][ T9751] should_fail_ex+0x512/0x640 [ 365.378124][ T9751] ? __kvmalloc_node_noprof+0x124/0x620 [ 365.378163][ T9751] should_failslab+0xc2/0x120 [ 365.378185][ T9751] __kvmalloc_node_noprof+0x137/0x620 [ 365.378215][ T9751] ? do_setup+0x2bd/0x3a0 [ 365.378240][ T9751] ? alloc_netdev_mqs+0xb5b/0x1570 [ 365.378288][ T9751] ? alloc_netdev_mqs+0xb5b/0x1570 [ 365.378326][ T9751] alloc_netdev_mqs+0xb5b/0x1570 [ 365.378358][ T9751] ? ovs_vport_alloc+0x2a0/0x3d0 [ 365.378386][ T9751] internal_dev_create+0x8a/0x520 [ 365.378423][ T9751] ovs_vport_add+0x144/0x4d0 [ 365.378451][ T9751] new_vport+0x16/0x1d0 [ 365.378482][ T9751] ovs_dp_cmd_new+0x6ba/0xe60 [ 365.378523][ T9751] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 365.378566][ T9751] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 365.378598][ T9751] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 365.378637][ T9751] genl_family_rcv_msg_doit+0x206/0x2f0 [ 365.378668][ T9751] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 365.378697][ T9751] ? trace_cap_capable+0x18d/0x200 [ 365.378727][ T9751] ? bpf_lsm_capable+0x9/0x10 [ 365.378754][ T9751] ? security_capable+0x7e/0x260 [ 365.378793][ T9751] ? ns_capable+0xd7/0x110 [ 365.378820][ T9751] genl_rcv_msg+0x55c/0x800 [ 365.378853][ T9751] ? __pfx_genl_rcv_msg+0x10/0x10 [ 365.378883][ T9751] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 365.378935][ T9751] netlink_rcv_skb+0x155/0x420 [ 365.378960][ T9751] ? __pfx_genl_rcv_msg+0x10/0x10 [ 365.378994][ T9751] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 365.379033][ T9751] ? netlink_deliver_tap+0x1ae/0xd30 [ 365.379063][ T9751] genl_rcv+0x28/0x40 [ 365.379088][ T9751] netlink_unicast+0x53a/0x7f0 [ 365.379120][ T9751] ? __pfx_netlink_unicast+0x10/0x10 [ 365.379156][ T9751] netlink_sendmsg+0x8d1/0xdd0 [ 365.379188][ T9751] ? __pfx_netlink_sendmsg+0x10/0x10 [ 365.379228][ T9751] ____sys_sendmsg+0xa95/0xc70 [ 365.379255][ T9751] ? copy_msghdr_from_user+0x10a/0x160 [ 365.379291][ T9751] ? __pfx_____sys_sendmsg+0x10/0x10 [ 365.379327][ T9751] ? __pfx_futex_wake_mark+0x10/0x10 [ 365.379364][ T9751] ___sys_sendmsg+0x134/0x1d0 [ 365.379404][ T9751] ? __pfx____sys_sendmsg+0x10/0x10 [ 365.379452][ T9751] ? __lock_acquire+0x622/0x1c90 [ 365.379529][ T9751] __sys_sendmsg+0x16d/0x220 [ 365.379565][ T9751] ? __pfx___sys_sendmsg+0x10/0x10 [ 365.379599][ T9751] ? __x64_sys_futex+0x1e0/0x4c0 [ 365.379650][ T9751] do_syscall_64+0xcd/0x490 [ 365.379690][ T9751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.379716][ T9751] RIP: 0033:0x7f300398e929 [ 365.379736][ T9751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.379760][ T9751] RSP: 002b:00007f30017f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 365.379784][ T9751] RAX: ffffffffffffffda RBX: 00007f3003bb5fa0 RCX: 00007f300398e929 [ 365.379800][ T9751] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000007 [ 365.379816][ T9751] RBP: 00007f3003a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 365.379832][ T9751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 365.379847][ T9751] R13: 0000000000000000 R14: 00007f3003bb5fa0 R15: 00007fff98e27b08 [ 365.379881][ T9751] [ 365.729338][ T9739] netlink: 330 bytes leftover after parsing attributes in process `syz.1.754'. [ 365.755070][ T9761] FAULT_INJECTION: forcing a failure. [ 365.755070][ T9761] name failslab, interval 1, probability 0, space 0, times 0 [ 365.756950][ T9761] CPU: 1 UID: 0 PID: 9761 Comm: syz.0.761 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 365.756972][ T9761] Tainted: [U]=USER [ 365.756977][ T9761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 365.756986][ T9761] Call Trace: [ 365.756991][ T9761] [ 365.756996][ T9761] dump_stack_lvl+0x16c/0x1f0 [ 365.757022][ T9761] should_fail_ex+0x512/0x640 [ 365.757046][ T9761] should_failslab+0xc2/0x120 [ 365.757060][ T9761] __kmalloc_cache_noprof+0x6a/0x3e0 [ 365.757080][ T9761] ? sctp_add_bind_addr+0xae/0x3f0 [ 365.757105][ T9761] sctp_add_bind_addr+0xae/0x3f0 [ 365.757128][ T9761] sctp_copy_local_addr_list+0x39d/0x5a0 [ 365.757147][ T9761] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 365.757165][ T9761] ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360 [ 365.757183][ T9761] ? sctp_bind_addr_copy+0xe0/0x530 [ 365.757205][ T9761] sctp_bind_addr_copy+0xe0/0x530 [ 365.757230][ T9761] sctp_connect_new_asoc+0x1d7/0x790 [ 365.757250][ T9761] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 365.757273][ T9761] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 365.757291][ T9761] sctp_sendmsg+0x15f9/0x1ee0 [ 365.757308][ T9761] ? __lock_acquire+0x622/0x1c90 [ 365.757332][ T9761] ? __pfx_sctp_sendmsg+0x10/0x10 [ 365.757351][ T9761] ? __pfx___might_resched+0x10/0x10 [ 365.757384][ T9761] ? __pfx_aa_sk_perm+0x10/0x10 [ 365.757404][ T9761] ? __pfx_sctp_sendmsg+0x10/0x10 [ 365.757422][ T9761] inet_sendmsg+0x119/0x140 [ 365.757443][ T9761] ____sys_sendmsg+0x973/0xc70 [ 365.757463][ T9761] ? __pfx_____sys_sendmsg+0x10/0x10 [ 365.757482][ T9761] ? __pfx__kstrtoull+0x10/0x10 [ 365.757503][ T9761] ___sys_sendmsg+0x134/0x1d0 [ 365.757526][ T9761] ? __pfx____sys_sendmsg+0x10/0x10 [ 365.757557][ T9761] ? find_held_lock+0x2b/0x80 [ 365.757582][ T9761] __sys_sendmmsg+0x200/0x420 [ 365.757607][ T9761] ? __pfx___sys_sendmmsg+0x10/0x10 [ 365.757639][ T9761] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 365.757670][ T9761] ? fput+0x70/0xf0 [ 365.757683][ T9761] ? ksys_write+0x1ac/0x250 [ 365.757703][ T9761] ? __pfx_ksys_write+0x10/0x10 [ 365.757727][ T9761] __x64_sys_sendmmsg+0x9c/0x100 [ 365.757748][ T9761] ? lockdep_hardirqs_on+0x7c/0x110 [ 365.757769][ T9761] do_syscall_64+0xcd/0x490 [ 365.757793][ T9761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.757807][ T9761] RIP: 0033:0x7f1571d8e929 [ 365.757819][ T9761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.757833][ T9761] RSP: 002b:00007f1572ba5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 365.757846][ T9761] RAX: ffffffffffffffda RBX: 00007f1571fb6080 RCX: 00007f1571d8e929 [ 365.757856][ T9761] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000004 [ 365.757864][ T9761] RBP: 00007f1572ba5090 R08: 0000000000000000 R09: 0000000000000000 [ 365.757873][ T9761] R10: 0000000000000311 R11: 0000000000000246 R12: 0000000000000002 [ 365.757881][ T9761] R13: 0000000000000000 R14: 00007f1571fb6080 R15: 00007ffc2af65518 [ 365.757900][ T9761] syzkaller syzkaller login: [ 367.418071][ T9785] FAULT_INJECTION: forcing a failure. [ 367.418071][ T9785] name failslab, interval 1, probability 0, space 0, times 0 [ 367.421048][ T9785] CPU: 0 UID: 0 PID: 9785 Comm: syz.0.765 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 367.421085][ T9785] Tainted: [U]=USER [ 367.421093][ T9785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 367.421107][ T9785] Call Trace: [ 367.421116][ T9785] [ 367.421125][ T9785] dump_stack_lvl+0x16c/0x1f0 [ 367.421166][ T9785] should_fail_ex+0x512/0x640 [ 367.421198][ T9785] ? __kvmalloc_node_noprof+0x124/0x620 [ 367.421242][ T9785] should_failslab+0xc2/0x120 [ 367.421266][ T9785] __kvmalloc_node_noprof+0x137/0x620 [ 367.421300][ T9785] ? __pfx_net_ctl_permissions+0x10/0x10 [ 367.421324][ T9785] ? proc_sys_call_handler+0x2a6/0x5c0 [ 367.421357][ T9785] ? ns_capable_noaudit+0xda/0x110 [ 367.421389][ T9785] ? proc_sys_call_handler+0x2a6/0x5c0 [ 367.421422][ T9785] proc_sys_call_handler+0x2a6/0x5c0 [ 367.421459][ T9785] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 367.421496][ T9785] ? trace_kmalloc+0x2b/0xd0 [ 367.421529][ T9785] copy_splice_read+0x615/0xba0 [ 367.421571][ T9785] ? __pfx_copy_splice_read+0x10/0x10 [ 367.421603][ T9785] ? look_up_lock_class+0x6b/0x150 [ 367.421640][ T9785] ? lockdep_init_map_type+0x5c/0x280 [ 367.421672][ T9785] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 367.421705][ T9785] ? __pfx_copy_splice_read+0x10/0x10 [ 367.421732][ T9785] do_splice_read+0x285/0x370 [ 367.421764][ T9785] splice_direct_to_actor+0x2a1/0xa30 [ 367.421796][ T9785] ? __pfx_direct_splice_actor+0x10/0x10 [ 367.421832][ T9785] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 367.421859][ T9785] ? get_pid_task+0xfc/0x250 [ 367.421898][ T9785] do_splice_direct+0x174/0x240 [ 367.421927][ T9785] ? __pfx_do_splice_direct+0x10/0x10 [ 367.421956][ T9785] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 367.421990][ T9785] ? rw_verify_area+0xcf/0x680 [ 367.422023][ T9785] do_sendfile+0xb06/0xe50 [ 367.422059][ T9785] ? __pfx_do_sendfile+0x10/0x10 [ 367.422090][ T9785] ? __fget_files+0x20e/0x3c0 [ 367.422129][ T9785] __x64_sys_sendfile64+0x1d8/0x220 [ 367.422151][ T9785] ? ksys_write+0x1ac/0x250 [ 367.422181][ T9785] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 367.422216][ T9785] do_syscall_64+0xcd/0x490 [ 367.422259][ T9785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.422283][ T9785] RIP: 0033:0x7f1571d8e929 [ 367.422303][ T9785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.422326][ T9785] RSP: 002b:00007f1572bc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 367.422349][ T9785] RAX: ffffffffffffffda RBX: 00007f1571fb5fa0 RCX: 00007f1571d8e929 [ 367.422364][ T9785] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 367.422379][ T9785] RBP: 00007f1572bc6090 R08: 0000000000000000 R09: 0000000000000000 [ 367.422394][ T9785] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 367.422408][ T9785] R13: 0000000000000000 R14: 00007f1571fb5fa0 R15: 00007ffc2af65518 [ 367.422440][ T9785] [ 367.674208][ T9789] FAULT_INJECTION: forcing a failure. [ 367.674208][ T9789] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 367.676249][ T9789] CPU: 0 UID: 0 PID: 9789 Comm: syz.3.766 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 367.676284][ T9789] Tainted: [U]=USER [ 367.676291][ T9789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 367.676305][ T9789] Call Trace: [ 367.676313][ T9789] [ 367.676322][ T9789] dump_stack_lvl+0x16c/0x1f0 [ 367.676360][ T9789] should_fail_ex+0x512/0x640 [ 367.676397][ T9789] _copy_to_iter+0x29f/0x16f0 [ 367.676436][ T9789] ? chacha_block_generic+0x211/0x330 [ 367.676468][ T9789] ? __pfx__copy_to_iter+0x10/0x10 [ 367.676512][ T9789] ? lockdep_hardirqs_on+0x7c/0x110 [ 367.676545][ T9789] ? crng_make_state+0x48e/0x6d0 [ 367.676576][ T9789] get_random_bytes_user+0x17f/0x3c0 [ 367.676604][ T9789] ? __pfx_get_random_bytes_user+0x10/0x10 [ 367.676637][ T9789] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 367.676682][ T9789] ? import_ubuf+0x1b6/0x220 [ 367.676717][ T9789] __x64_sys_getrandom+0x183/0x290 [ 367.676744][ T9789] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 367.676770][ T9789] ? fput+0x70/0xf0 [ 367.676807][ T9789] do_syscall_64+0xcd/0x490 [ 367.676843][ T9789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.676867][ T9789] RIP: 0033:0x7f300398e929 [ 367.676886][ T9789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.676908][ T9789] RSP: 002b:00007f30017d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 367.676931][ T9789] RAX: ffffffffffffffda RBX: 00007f3003bb6080 RCX: 00007f300398e929 [ 367.676948][ T9789] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 367.676962][ T9789] RBP: 00007f30017d5090 R08: 0000000000000000 R09: 0000000000000000 [ 367.676977][ T9789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 367.676991][ T9789] R13: 0000000000000001 R14: 00007f3003bb6080 R15: 00007fff98e27b08 [ 367.677023][ T9789]                           syzkaller syzkaller login:                                                                                                                                                        [ 378.391514][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.392532][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 syzkaller syzkaller login:                                                                                                     syzkaller syzkaller login: [ 381.978616][ T7308] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 382.372594][T10007] netlink: 330 bytes leftover after parsing attributes in process `syz.2.812'. [ 382.710065][T10025] netlink: 25 bytes leftover after parsing attributes in process `syz.0.814'. syzkaller syzkaller login: [ 385.185020][ T30] audit: type=1804 audit(4294971485.057:5): pid=10075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.827" name="/newroot/203/file0" dev="tmpfs" ino=1061 res=1 errno=0                                          syzkaller syzkaller login: [ 392.296760][T10163] netlink: 330 bytes leftover after parsing attributes in process `syz.1.848'. [ 393.008304][T10183] phram: not enough arguments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                syzkaller syzkaller login: [ 408.776161][T10447] netlink: 25 bytes leftover after parsing attributes in process `syz.0.918'.                                                                                                                                                                                                      [ 418.767905][T10613] phram: not enough arguments syzkaller syzkaller login: [ 419.268760][T10620] netlink: 330 bytes leftover after parsing attributes in process `syz.1.959'. [ 420.341777][T10632] netlink: 25 bytes leftover after parsing attributes in process `syz.2.962'.      syzkaller syzkaller login: [ 421.902687][T10667] phram: not enough arguments [ 422.008663][T10657] netlink: 330 bytes leftover after parsing attributes in process `syz.0.970'. [ 422.123051][T10675] netlink: 25 bytes leftover after parsing attributes in process `syz.2.974'. [ 423.217057][T10693] phram: not enough arguments [ 423.431650][T10698] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.3.980: 7                                                                                              syzkaller syzkaller login: [ 436.170612][T10917] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1036'. [ 436.734487][T10929] phram: not enough arguments [ 438.223887][T10957] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.2.1045: 7 syzkaller syzkaller login: [ 439.510892][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.511988][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.652799][T10970] phram: not enough arguments         syzkaller syzkaller login: [ 440.844299][T11002] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.3.1056: 7 [ 440.880633][T11001] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1057'. [ 441.029829][T11006] FAULT_INJECTION: forcing a failure. [ 441.029829][T11006] name failslab, interval 1, probability 0, space 0, times 0 [ 441.098387][T11006] CPU: 1 UID: 0 PID: 11006 Comm: syz.0.1058 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 441.098428][T11006] Tainted: [U]=USER [ 441.098439][T11006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 441.098452][T11006] Call Trace: [ 441.098459][T11006] [ 441.098468][T11006] dump_stack_lvl+0x16c/0x1f0 [ 441.098507][T11006] should_fail_ex+0x512/0x640 [ 441.098537][T11006] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 441.098570][T11006] should_failslab+0xc2/0x120 [ 441.098594][T11006] __kmalloc_cache_noprof+0x6a/0x3e0 [ 441.098622][T11006] ? cgroup_show_path+0xb2/0x740 [ 441.098650][T11006] ? __pfx_cgroup_show_path+0x10/0x10 [ 441.098676][T11006] cgroup_show_path+0xb2/0x740 [ 441.098704][T11006] ? __pfx_cgroup_show_path+0x10/0x10 [ 441.098728][T11006] kernfs_sop_show_path+0xe9/0x160 [ 441.098758][T11006] ? __pfx_kernfs_sop_show_path+0x10/0x10 [ 441.098786][T11006] show_path+0x9e/0x100 [ 441.098809][T11006] show_mountinfo+0x1c6/0x810 [ 441.098838][T11006] ? __pfx_show_mountinfo+0x10/0x10 [ 441.098882][T11006] seq_read_iter+0xb1b/0x12c0 [ 441.098927][T11006] vfs_read+0x8bf/0xc60 [ 441.098965][T11006] ? __pfx___mutex_lock+0x10/0x10 [ 441.099000][T11006] ? __pfx_vfs_read+0x10/0x10 [ 441.099057][T11006] ksys_read+0x12a/0x250 [ 441.099088][T11006] ? __pfx_ksys_read+0x10/0x10 [ 441.099131][T11006] do_syscall_64+0xcd/0x490 [ 441.099168][T11006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.099193][T11006] RIP: 0033:0x7f1571d8e929 [ 441.099214][T11006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.099237][T11006] RSP: 002b:00007f1572bc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 441.099260][T11006] RAX: ffffffffffffffda RBX: 00007f1571fb5fa0 RCX: 00007f1571d8e929 [ 441.099277][T11006] RDX: 0000000000001000 RSI: 0000200000001100 RDI: 0000000000000003 [ 441.099292][T11006] RBP: 00007f1572bc6090 R08: 0000000000000000 R09: 0000000000000000 [ 441.099307][T11006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.099321][T11006] R13: 0000000000000000 R14: 00007f1571fb5fa0 R15: 00007ffc2af65518 [ 441.099357][T11006] [ 441.948816][T11009] phram: not enough arguments [ 442.269325][T11022] phram: not enough arguments [ 442.479214][T11027] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1065'. [ 443.363069][T11041] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1068'. [ 443.521516][T11042] phram: not enough arguments syzkaller syzkaller login: [ 444.014609][T11050] phram: not enough arguments [ 445.060121][T11065] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.0.1075: 7                                                                                                                                                                                       syzkaller syzkaller login: syzkaller syzkaller login: [ 450.544750][T11138] phram: not enough arguments syzkaller syzkaller login: [ 452.314934][T11148] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1090'. [ 452.887454][T11171] EXT4-fs error (device sda1): trigger_test_error:129: comm syz.2.1096: 7 syzkaller syzkaller login: [ 453.894062][T11185] vhci_hcd: invalid port number 21 [ 454.375088][T11189] phram: not enough arguments         syzkaller syzkaller login: [ 457.278178][T11235] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1113'. [ 457.535465][T11243] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1114'.  syzkaller syzkaller login:                                 syzkaller syzkaller login:        [ 468.909444][T11431] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1161'. syzkaller syzkaller login: [ 469.223640][T11429] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1159'. [ 469.804514][T11441] netlink: 'syz.0.1165': attribute type 64 has an invalid length. [ 469.805669][T11441] netlink: 74 bytes leftover after parsing attributes in process `syz.0.1165'. [ 470.397201][T11446] netlink: 396 bytes leftover after parsing attributes in process `syz.0.1166'.           syzkaller syzkaller login: syzkaller syzkaller login:                                            syzkaller syzkaller login: [ 478.704049][T11554] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1190'. [ 478.974643][T11572] FAULT_INJECTION: forcing a failure. [ 478.974643][T11572] name failslab, interval 1, probability 0, space 0, times 0 [ 479.021572][T11572] CPU: 1 UID: 0 PID: 11572 Comm: syz.3.1193 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 479.021599][T11572] Tainted: [U]=USER [ 479.021604][T11572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 479.021613][T11572] Call Trace: [ 479.021618][T11572] [ 479.021624][T11572] dump_stack_lvl+0x16c/0x1f0 [ 479.021653][T11572] should_fail_ex+0x512/0x640 [ 479.021674][T11572] ? __kmalloc_noprof+0xbf/0x510 [ 479.021697][T11572] ? unregister_netdevice_many_notify+0x63b/0x2700 [ 479.021712][T11572] should_failslab+0xc2/0x120 [ 479.021726][T11572] __kmalloc_noprof+0xd2/0x510 [ 479.021751][T11572] unregister_netdevice_many_notify+0x63b/0x2700 [ 479.021772][T11572] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 479.021789][T11572] ? skb_queue_purge_reason+0x2c8/0x420 [ 479.021803][T11572] ? schedule+0x2d7/0x3a0 [ 479.021823][T11572] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 479.021841][T11572] ? skb_queue_purge_reason+0x2c8/0x420 [ 479.021857][T11572] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 479.021874][T11572] unregister_netdevice_queue+0x305/0x3f0 [ 479.021890][T11572] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 479.021910][T11572] __tun_detach+0x1249/0x1540 [ 479.021937][T11572] ? __pfx_tun_chr_close+0x10/0x10 [ 479.021957][T11572] ? __pfx_tun_chr_fasync+0x10/0x10 [ 479.021974][T11572] tun_chr_close+0xc2/0x230 [ 479.021995][T11572] __fput+0x3ff/0xb70 [ 479.022013][T11572] task_work_run+0x14d/0x240 [ 479.022036][T11572] ? __pfx_task_work_run+0x10/0x10 [ 479.022063][T11572] get_signal+0x1d1/0x26d0 [ 479.022078][T11572] ? kick_process+0xf6/0x1b0 [ 479.022100][T11572] ? task_work_add+0x1d5/0x360 [ 479.022121][T11572] ? __pfx_task_work_add+0x10/0x10 [ 479.022143][T11572] ? __pfx_get_signal+0x10/0x10 [ 479.022164][T11572] arch_do_signal_or_restart+0x8f/0x790 [ 479.022180][T11572] ? __fget_files+0x1a0/0x3c0 [ 479.022199][T11572] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 479.022224][T11572] ? __pfx_do_readv+0x10/0x10 [ 479.022246][T11572] exit_to_user_mode_loop+0x84/0x110 [ 479.022269][T11572] do_syscall_64+0x3f6/0x490 [ 479.022294][T11572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.022309][T11572] RIP: 0033:0x7f300398e929 [ 479.022321][T11572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.022335][T11572] RSP: 002b:00007f30017f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 479.022349][T11572] RAX: fffffffffffffe00 RBX: 00007f3003bb5fa0 RCX: 00007f300398e929 [ 479.022359][T11572] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000003 [ 479.022367][T11572] RBP: 00007f30017f6090 R08: 0000000000000000 R09: 0000000000000000 [ 479.022376][T11572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 479.022384][T11572] R13: 0000000000000000 R14: 00007f3003bb5fa0 R15: 00007fff98e27b08 [ 479.022402][T11572] [ 479.947244][T11592] Console: switching to colour frame buffer device 128x48 [ 480.094972][T11598] phram: not enough arguments [ 480.903406][T11589] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1196'. [ 480.982677][T11601] phram: not enough arguments syzkaller syzkaller login: [ 483.572788][T11634] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1209'.                                                                                                                                                                                                                                         syzkaller syzkaller login: [ 489.590133][T11762] FAULT_INJECTION: forcing a failure. [ 489.590133][T11762] name failslab, interval 1, probability 0, space 0, times 0 [ 489.646648][T11762] CPU: 0 UID: 0 PID: 11762 Comm: syz.2.1230 Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 489.646689][T11762] Tainted: [U]=USER [ 489.646697][T11762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 489.646711][T11762] Call Trace: [ 489.646719][T11762] [ 489.646728][T11762] dump_stack_lvl+0x16c/0x1f0 [ 489.646767][T11762] should_fail_ex+0x512/0x640 [ 489.646799][T11762] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 489.646837][T11762] should_failslab+0xc2/0x120 [ 489.646861][T11762] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 489.646896][T11762] ? __d_alloc+0x31/0xaa0 [ 489.646934][T11762] __d_alloc+0x31/0xaa0 [ 489.646964][T11762] ? trace_kmem_cache_alloc+0x28/0xc0 [ 489.646986][T11762] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 489.647022][T11762] d_alloc_pseudo+0x1c/0xc0 [ 489.647047][T11762] alloc_file_pseudo+0xcf/0x230 [ 489.647075][T11762] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 489.647111][T11762] sock_alloc_file+0x50/0x210 [ 489.647136][T11762] do_accept+0x240/0x530 [ 489.647166][T11762] ? do_raw_spin_lock+0x12c/0x2b0 [ 489.647200][T11762] ? __pfx_do_accept+0x10/0x10 [ 489.647252][T11762] __sys_accept4+0x100/0x1c0 [ 489.647282][T11762] ? __pfx___sys_accept4+0x10/0x10 [ 489.647309][T11762] ? ksys_write+0x1ac/0x250 [ 489.647340][T11762] ? __pfx_ksys_write+0x10/0x10 [ 489.647379][T11762] __x64_sys_accept+0x74/0xb0 [ 489.647407][T11762] ? lockdep_hardirqs_on+0x7c/0x110 [ 489.647440][T11762] do_syscall_64+0xcd/0x490 [ 489.647482][T11762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.647507][T11762] RIP: 0033:0x7fe141b8e929 [ 489.647525][T11762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 489.647548][T11762] RSP: 002b:00007fe14297a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 489.647571][T11762] RAX: ffffffffffffffda RBX: 00007fe141db6080 RCX: 00007fe141b8e929 [ 489.647588][T11762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 489.647602][T11762] RBP: 00007fe14297a090 R08: 0000000000000000 R09: 0000000000000000 [ 489.647616][T11762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.647630][T11762] R13: 0000000000000001 R14: 00007fe141db6080 R15: 00007ffcef08c048 [ 489.647662][T11762]                                                                                                                                                                                                                                                                                                                                    syzkaller syzkaller login: [ 505.567238][T12003] sd 0:0:1:0: PR command failed: 1026 [ 505.572715][T12003] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 505.913067][T12003] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 506.180559][T12012] ptrace attach of "./syz-executor exec"[12013] was attempted by "./syz-executor exec"[12012]                                                                                                                                                                                                        syzkaller syzkaller login: [ 517.599332][T12159] phram: not enough arguments [ 517.997054][T12170] phram: not enough arguments [ 518.907972][T12161] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1325'.         syzkaller syzkaller login: [ 523.088548][T12245] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1346'. [ 523.273469][T12242] .SR: entered promiscuous mode [ 523.335938][T12242] Invalid ELF header magic: != ELF [ 523.793090][T12244] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1344'.                                                        syzkaller syzkaller login: [ 534.787257][T12450] phram: not enough arguments [ 535.495533][T12468] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1394'. [ 535.803470][T12449] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1391'. syzkaller syzkaller login: [ 536.819238][T12482] phram: not enough arguments  syzkaller syzkaller login: syzkaller syzkaller login: [ 540.652447][T12552] phram: not enough arguments                                                 syzkaller syzkaller login:         syzkaller syzkaller login: [ 557.238460][T12798] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1463'. [ 557.320741][T12802] phram: not enough arguments [ 558.002391][T12819] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1468'. [ 558.154236][T12823] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 558.336942][T12826] phram: not enough arguments [ 559.188832][T12841] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1473'.                       syzkaller syzkaller login: [ 562.072866][T12878] phram: not enough arguments [ 562.361833][T12884] phram: not enough arguments [ 562.725192][T12895] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1484'. syzkaller syzkaller login: [ 566.599398][T12952] phram: not enough arguments syzkaller syzkaller login: [ 569.528520][T13007] phram: not enough arguments [ 569.556820][T13003] phram: not enough arguments syzkaller syzkaller login: [ 573.323681][T13061] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1517'. [ 574.321764][T13092] phram: not enough arguments [ 574.758332][T13101] phram: not enough arguments [ 575.660521][T13119] phram: not enough arguments [ 576.383436][T13125] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1531'. [ 577.643931][T13148] phram: not enough arguments syzkaller syzkaller login: [ 580.360660][T13188] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1545'. [ 580.846591][T13177] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1543'.                           syzkaller syzkaller login: syzkaller syzkaller login:        syzkaller syzkaller login: [ 592.186843][T13345] phram: not enough arguments syzkaller syzkaller login: [ 595.346860][T13381] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1585'. [ 597.592495][T13430] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 598.176486][T13439] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1598'.                                               syzkaller syzkaller login: [ 604.285472][T13534] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 604.601203][T13540] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1621'. [ 605.948371][T13538] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1619'. [ 607.131431][T13572] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 608.103123][T13590] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1631'. syzkaller syzkaller login: [ 609.317555][T13612] phram: not enough arguments [ 611.087569][T13638] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present               syzkaller syzkaller login: [ 616.635139][T13757] phram: not enough arguments [ 617.251609][T13761] phram: not enough arguments [ 617.291274][T13763] phram: not enough arguments syzkaller syzkaller login: [ 619.440424][T13794] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present syzkaller syzkaller login:                                                        syzkaller syzkaller login:         syzkaller syzkaller login:                    syzkaller syzkaller login: [ 645.200127][T14190] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 646.093667][T14207] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1756'. [ 646.801005][T14218] phram: not enough arguments [ 648.730265][T14247] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present         syzkaller syzkaller login: [ 653.858003][T14337] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1784'. syzkaller syzkaller login: [ 657.253174][T14391] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present                                       syzkaller syzkaller login: [ 666.277155][T14565] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1829'. [ 667.676688][T14583] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1835'. syzkaller syzkaller login: [ 671.329422][T14648] phram: not enough arguments         syzkaller syzkaller login: [ 678.498084][T14776] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1874'. [ 678.820728][T14790] phram: not enough arguments [ 679.966699][T14817] phram: not enough arguments        syzkaller syzkaller login: [ 683.924805][T14882] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 683.998647][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 683.999635][ T1301] ieee802154 phy1 wpan1: encryption failed: -22                                                                   syzkaller syzkaller login: [ 716.409656][T15455] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2008'. [ 717.417604][T15484] phram: not enough arguments [ 718.403624][T15493] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 718.438490][T15500] phram: not enough arguments [ 718.480244][T15503] phram: not enough arguments [ 719.666516][T15530] phram: not enough arguments [ 721.611808][T15556] phram: not enough arguments [ 722.054759][T15562] phram: not enough arguments [ 722.416784][T15565] phram: not enough arguments [ 723.186332][T15583] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 723.207319][T15581] phram: not enough arguments [ 724.699092][T15622] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 727.541632][T15668] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present                                                                                                                      syzkaller syzkaller login: [ 754.433582][T16182] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present syzkaller syzkaller login: syzkaller syzkaller login: [ 757.612884][T16244] phram: not enough arguments [ 757.947611][T16242] phram: not enough arguments syzkaller syzkaller login: syzkaller syzkaller login:             syzkaller syzkaller login: [ 771.262017][T16481] phram: not enough arguments syzkaller syzkaller login: syzkaller syzkaller login: [ 779.131662][T16616] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2236'. [ 780.386788][T16645] phram: not enough arguments [ 780.854024][T16650] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 784.889735][T16734] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 784.927998][T16735] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 785.670579][T16751] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2261'. syzkaller syzkaller login: [ 787.994794][T16794] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2269'. [ 788.607581][T16805] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present syzkaller syzkaller login: syzkaller syzkaller login: [ 794.720322][T16906] phram: not enough arguments syzkaller syzkaller login: [ 797.981915][T16963] phram: not enough arguments [ 800.315846][T17008] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2312'. [ 800.402163][T17012] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2313'. syzkaller syzkaller login: [ 801.834063][T17030] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2318'. [ 803.333977][T17064] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 806.103222][T17121] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2337'. [ 806.242586][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 806.243790][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.546727][T17184] phram: not enough arguments syzkaller syzkaller login: [ 812.776335][T17227] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present syzkaller syzkaller login: [ 818.454556][T17311] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 818.460021][T17311] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 818.464586][T17311] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 818.472000][T17311] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 818.478911][T17311] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 818.857604][T17318] snd_aloop snd_aloop.0: control 16781581:65533:6:'x?F/zF˷fC:0 is already present [ 819.275221][T17309] chnl_net:caif_netlink_parms(): no params data found [ 819.544449][T17309] bridge0: port 1(bridge_slave_0) entered blocking state [ 819.547705][T17309] bridge0: port 1(bridge_slave_0) entered disabled state [ 819.548857][T17309] bridge_slave_0: entered allmulticast mode [ 819.554662][T17309] bridge_slave_0: entered promiscuous mode [ 819.558796][T17309] bridge0: port 2(bridge_slave_1) entered blocking state [ 819.560306][T17309] bridge0: port 2(bridge_slave_1) entered disabled state [ 819.565411][T17309] bridge_slave_1: entered allmulticast mode [ 819.567777][T17309] bridge_slave_1: entered promiscuous mode [ 819.628981][T17309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 819.639430][T17309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 819.687189][T17309] team0: Port device team_slave_0 added [ 819.702901][T17309] team0: Port device team_slave_1 added [ 819.786049][T17309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 819.787116][T17309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 819.794114][T17309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 819.911195][T17309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 819.913173][T17309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 819.925286][T17309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 820.111800][T17309] hsr_slave_0: entered promiscuous mode [ 820.113668][T17309] hsr_slave_1: entered promiscuous mode [ 820.120840][T17309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 820.121893][T17309] Cannot create hsr debugfs directory [ 820.569200][T17311] Bluetooth: hci4: command tx timeout [ 821.397876][T17309] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.535265][T17309] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.865228][T17309] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 822.129408][T17309] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 822.502999][T17309] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 822.518451][T17309] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 822.527250][T17309] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 822.534553][T17309] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 822.634647][T17311] Bluetooth: hci4: command tx timeout syzkaller syzkaller login: [ 823.066075][T17309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 823.154852][T17309] 8021q: adding VLAN 0 to HW filter on device team0 [ 823.179582][ T7761] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.180649][ T7761] bridge0: port 1(bridge_slave_0) entered forwarding state [ 823.202349][ T7761] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.203445][ T7761] bridge0: port 2(bridge_slave_1) entered forwarding state                                                                                                                                                                                                                                                                                                                                                                                                                                            syzkaller syzkaller login: [ 833.538169][ T7308] Bluetooth: hci1: command tx timeout [ 833.660230][ T5826] ------------[ cut here ]------------ [ 833.665733][ T5826] ODEBUG: free active (active state 0) object: ffff8880352412d8 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 [ 833.728090][ T5826] WARNING: CPU: 1 PID: 5826 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 [ 833.737826][ T5826] Modules linked in: [ 833.741741][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: syz-executor Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 833.753765][ T5826] Tainted: [U]=USER [ 833.757608][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 833.767719][ T5826] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 833.773540][ T5826] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 00 75 15 8c 4c 89 e6 48 c7 c7 80 69 15 8c e8 ff 8a 9c fc 90 <0f> 0b 90 90 58 83 05 16 49 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 833.793212][ T5826] RSP: 0018:ffffc900040af768 EFLAGS: 00010286 [ 833.799301][ T5826] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8 [ 833.807991][ T5826] RDX: ffff888030af9e00 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 833.815978][ T5826] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 833.824321][ T5826] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c157020 [ 833.832339][ T5826] R13: ffffffff8bafe800 R14: ffffffff8a87a800 R15: ffffc900040af868 [ 833.840335][ T5826] FS: 0000000000000000(0000) GS:ffff88812485f000(0000) knlGS:0000000000000000 [ 833.849298][ T5826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 833.855869][ T5826] CR2: 00002000000c9000 CR3: 000000001d336000 CR4: 00000000003526f0 [ 833.864060][ T5826] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 833.872063][ T5826] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 833.880048][ T5826] Call Trace: [ 833.883315][ T5826] [ 833.886260][ T5826] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 833.891721][ T5826] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 833.897559][ T5826] debug_check_no_obj_freed+0x4b7/0x600 [ 833.903105][ T5826] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 833.909872][ T5826] ? rcu_is_watching+0x12/0xc0 [ 833.914658][ T5826] ? kmem_cache_free+0x2d1/0x4d0 [ 833.919899][ T5826] kfree+0x28f/0x4d0 [ 833.923787][ T5826] ? hci_release_dev+0x4d8/0x600 [ 833.928750][ T5826] hci_release_dev+0x4d8/0x600 [ 833.933509][ T5826] ? __pfx_hci_release_dev+0x10/0x10 [ 833.938808][ T5826] ? rcu_is_watching+0x12/0xc0 [ 833.943562][ T5826] ? kfree+0x24f/0x4d0 [ 833.947642][ T5826] bt_host_release+0x6a/0xb0 [ 833.952229][ T5826] ? __pfx_bt_host_release+0x10/0x10 [ 833.957527][ T5826] device_release+0xa1/0x240 [ 833.962108][ T5826] kobject_put+0x1e7/0x5a0 [ 833.966546][ T5826] ? __pfx_vhci_release+0x10/0x10 [ 833.971579][ T5826] put_device+0x1f/0x30 [ 833.975862][ T5826] vhci_release+0x81/0xf0 [ 833.980190][ T5826] __fput+0x3ff/0xb70 [ 833.984165][ T5826] task_work_run+0x14d/0x240 [ 833.988784][ T5826] ? __pfx_task_work_run+0x10/0x10 [ 833.993900][ T5826] do_exit+0x86c/0x2bd0 [ 833.998143][ T5826] ? __pfx_do_exit+0x10/0x10 [ 834.002737][ T5826] ? do_raw_spin_lock+0x12c/0x2b0 [ 834.007796][ T5826] ? find_held_lock+0x2b/0x80 [ 834.012847][ T5826] do_group_exit+0xd3/0x2a0 [ 834.017677][ T5826] get_signal+0x2673/0x26d0 [ 834.022183][ T5826] ? __pfx_get_signal+0x10/0x10 [ 834.027076][ T5826] arch_do_signal_or_restart+0x8f/0x790 [ 834.032621][ T5826] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 834.038810][ T5826] ? ksys_read+0x1ac/0x250 [ 834.043223][ T5826] ? __pfx_ksys_read+0x10/0x10 [ 834.048009][ T5826] exit_to_user_mode_loop+0x84/0x110 [ 834.053293][ T5826] do_syscall_64+0x3f6/0x490 [ 834.057907][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.063790][ T5826] RIP: 0033:0x7f300398d33c [ 834.068217][ T5826] Code: Unable to access opcode bytes at 0x7f300398d312. [ 834.075245][ T5826] RSP: 002b:00007fff98e27e60 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 834.083664][ T5826] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f300398d33c [ 834.091672][ T5826] RDX: 0000000000000030 RSI: 00007fff98e27f20 RDI: 00000000000000f9 [ 834.099743][ T5826] RBP: 00007fff98e27ecc R08: 0000000000000000 R09: 0079746972756365 [ 834.107750][ T5826] R10: 00007f3003b817e0 R11: 0000000000000246 R12: 0000000000000259 [ 834.116123][ T5826] R13: 00000000000927c0 R14: 00000000000cbf69 R15: 00007fff98e27f20 [ 834.124094][ T5826] [ 834.127480][ T5826] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 834.134758][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: syz-executor Tainted: G U 6.16.0-rc3-syzkaller #0 PREEMPT(full) [ 834.146814][ T5826] Tainted: [U]=USER [ 834.150597][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 834.160645][ T5826] Call Trace: [ 834.163911][ T5826] [ 834.166834][ T5826] dump_stack_lvl+0x3d/0x1f0 [ 834.171423][ T5826] panic+0x71c/0x800 [ 834.175316][ T5826] ? __pfx_panic+0x10/0x10 [ 834.179733][ T5826] ? show_trace_log_lvl+0x29b/0x3e0 [ 834.184936][ T5826] ? check_panic_on_warn+0x1f/0xb0 [ 834.190043][ T5826] ? debug_print_object+0x1a2/0x2b0 [ 834.195231][ T5826] check_panic_on_warn+0xab/0xb0 [ 834.200181][ T5826] __warn+0xf6/0x3c0 [ 834.204080][ T5826] ? debug_print_object+0x1a2/0x2b0 [ 834.209275][ T5826] report_bug+0x3c3/0x580 [ 834.213599][ T5826] ? debug_print_object+0x1a2/0x2b0 [ 834.218788][ T5826] handle_bug+0x184/0x210 [ 834.223108][ T5826] exc_invalid_op+0x17/0x50 [ 834.227604][ T5826] asm_exc_invalid_op+0x1a/0x20 [ 834.232446][ T5826] RIP: 0010:debug_print_object+0x1a2/0x2b0 [ 834.238253][ T5826] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 00 75 15 8c 4c 89 e6 48 c7 c7 80 69 15 8c e8 ff 8a 9c fc 90 <0f> 0b 90 90 58 83 05 16 49 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d [ 834.257943][ T5826] RSP: 0018:ffffc900040af768 EFLAGS: 00010286 [ 834.264001][ T5826] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8 [ 834.271971][ T5826] RDX: ffff888030af9e00 RSI: ffffffff817aa1b5 RDI: 0000000000000001 [ 834.279942][ T5826] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 834.287911][ T5826] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c157020 [ 834.295876][ T5826] R13: ffffffff8bafe800 R14: ffffffff8a87a800 R15: ffffc900040af868 [ 834.303847][ T5826] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 834.309334][ T5826] ? __warn_printk+0x198/0x350 [ 834.314099][ T5826] ? __warn_printk+0x1a5/0x350 [ 834.318864][ T5826] ? debug_print_object+0x1a1/0x2b0 [ 834.324060][ T5826] ? __pfx_hci_devcd_timeout+0x10/0x10 [ 834.329620][ T5826] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 834.335427][ T5826] debug_check_no_obj_freed+0x4b7/0x600 [ 834.340972][ T5826] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 834.347030][ T5826] ? rcu_is_watching+0x12/0xc0 [ 834.351790][ T5826] ? kmem_cache_free+0x2d1/0x4d0 [ 834.356725][ T5826] kfree+0x28f/0x4d0 [ 834.360615][ T5826] ? hci_release_dev+0x4d8/0x600 [ 834.365552][ T5826] hci_release_dev+0x4d8/0x600 [ 834.370310][ T5826] ? __pfx_hci_release_dev+0x10/0x10 [ 834.375589][ T5826] ? rcu_is_watching+0x12/0xc0 [ 834.380340][ T5826] ? kfree+0x24f/0x4d0 [ 834.384403][ T5826] bt_host_release+0x6a/0xb0 [ 834.388980][ T5826] ? __pfx_bt_host_release+0x10/0x10 [ 834.394249][ T5826] device_release+0xa1/0x240 [ 834.398837][ T5826] kobject_put+0x1e7/0x5a0 [ 834.403245][ T5826] ? __pfx_vhci_release+0x10/0x10 [ 834.408285][ T5826] put_device+0x1f/0x30 [ 834.412450][ T5826] vhci_release+0x81/0xf0 [ 834.416777][ T5826] __fput+0x3ff/0xb70 [ 834.420773][ T5826] task_work_run+0x14d/0x240 [ 834.425369][ T5826] ? __pfx_task_work_run+0x10/0x10 [ 834.430483][ T5826] do_exit+0x86c/0x2bd0 [ 834.434639][ T5826] ? __pfx_do_exit+0x10/0x10 [ 834.439220][ T5826] ? do_raw_spin_lock+0x12c/0x2b0 [ 834.444334][ T5826] ? find_held_lock+0x2b/0x80 [ 834.449007][ T5826] do_group_exit+0xd3/0x2a0 [ 834.453513][ T5826] get_signal+0x2673/0x26d0 [ 834.458018][ T5826] ? __pfx_get_signal+0x10/0x10 [ 834.462865][ T5826] arch_do_signal_or_restart+0x8f/0x790 [ 834.468417][ T5826] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 834.474576][ T5826] ? ksys_read+0x1ac/0x250 [ 834.478988][ T5826] ? __pfx_ksys_read+0x10/0x10 [ 834.483751][ T5826] exit_to_user_mode_loop+0x84/0x110 [ 834.489037][ T5826] do_syscall_64+0x3f6/0x490 [ 834.493630][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.499515][ T5826] RIP: 0033:0x7f300398d33c [ 834.503919][ T5826] Code: Unable to access opcode bytes at 0x7f300398d312. [ 834.510932][ T5826] RSP: 002b:00007fff98e27e60 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 834.519359][ T5826] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f300398d33c [ 834.527329][ T5826] RDX: 0000000000000030 RSI: 00007fff98e27f20 RDI: 00000000000000f9 [ 834.535292][ T5826] RBP: 00007fff98e27ecc R08: 0000000000000000 R09: 0079746972756365 [ 834.543252][ T5826] R10: 00007f3003b817e0 R11: 0000000000000246 R12: 0000000000000259 [ 834.551214][ T5826] R13: 00000000000927c0 R14: 00000000000cbf69 R15: 00007fff98e27f20 [ 834.559180][ T5826] [ 834.562449][ T5826] Kernel Offset: disabled [ 834.566781][ T5826] Rebooting in 86400 seconds..