last executing test programs:

2m20.46077751s ago: executing program 2 (id=1840):
mmap$auto(0x0, 0x202000c, 0x1, 0x11, 0xffffffffffffffff, 0xf)
socket(0x10, 0x2, 0x4)
sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x10000000}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xfff)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x28, 0x801, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51)
shutdown$auto(0x200000003, 0x0)
connect$auto(r1, &(0x7f00000000c0)=@in={0x2, 0x4e21, @loopback}, 0x51)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r2, 0x0, 0x40000)
read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/binderfs/binder0\x00', 0x102, 0x0)
ioctl$auto_BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
r4 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x1e9482, 0x0)
read$auto_state_fops_(r4, &(0x7f0000000180)=""/61, 0xfffffeeb)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x18, 0x401, 0x300000000000)
ptrace$auto(0x3, 0x0, 0x5, 0x4)

2m18.966092128s ago: executing program 2 (id=1843):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/ttyr3/dev\x00', 0x7ef3837b7e67005, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptybc\x00', 0x80, 0x0)
fstat$auto(0x2, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
ioctl$auto(0x3, 0x5402, r0)
r2 = userfaultfd$auto(0x1)
ioctl$auto_TUNSETOFFLOAD2(r2, 0x400454d0, &(0x7f0000000000)=0x19)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
select$auto(0xd, 0x0, 0x0, &(0x7f0000000200)={[0x1fe, 0x7, 0x3, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x7f, 0x32, 0x7440, 0xd0, 0xa, 0x8, 0xdffffffffffffffe]}, 0x0)
openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/security/tomoyo/query\x00', 0x82a02, 0x0)
r3 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x2, 0x0)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
read$auto_ftrace_event_filter_fops_trace_events(r3, 0x0, 0x0)
read$auto(r5, 0x0, 0x20)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
write$auto(0x3, 0x0, 0x5c8)
statx$auto(r2, 0x0, 0x1000, 0x8, 0x0)
r6 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x48880, 0x0)
r7 = getpgid$auto(0xffffffffffffffff)
mq_notify$auto(r5, &(0x7f00000000c0)={@sival_ptr=&(0x7f0000000340)="faceb2a2033f0d6cb70b3265decd6acc6549c7b486e0f8601ad3507fa063bc46a7606368c04b94ab23059181fb3fed444f2b7477ef73a3714fd2b6fdc6a16a91bfe1243b9211b823d796c4eefce338fdd2c7e437aeaf15404533dbd670326afccf4beaed87d68ecbffe16345926f348104d47de048da17f86e79138dff63d1b1a864f2d4f0e34fcfc4f594014dbf37f6e47a75d6d8b27c6ebbd2bcc863879765c0c8859e8d27f220dc77169e639ecae185d8fd685e508e157a7dfadcb107ce", @inferred=r6, 0xfff, @_tid=r7})
move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2)
adjtimex$auto(&(0x7f0000000200)={0x5f95, 0x0, 0x2, 0x2000000a, 0xff7d, 0xbc58, 0x4000005, 0x0, 0x5, 0x8, 0x80000000, {0x7ff, 0xf423f}, 0x2744, 0x200000001, 0xff, 0x7, 0x0, 0x3c8, 0x8, 0x8, 0xffffffffffffffff, 0x1560cc85, 0x9})

2m17.091694877s ago: executing program 2 (id=1847):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2a, 0x2, 0x1)
r0 = socket(0x2, 0x5, 0x0)
getcwd$auto(0x0, 0xfffffffffffff4c7)
setsockopt$auto(0x3, 0x10000000084, 0x4, 0x0, 0x4)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x4}, 0x7, 0x0, 0x2, 0xb}, 0x6}, 0x5, 0x311)
readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x5b7}, 0x7)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/rc_rateidx_mcs_mask_5ghz\x00', 0x88000, 0x0)
r2 = openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000011500), 0x40002, 0x0)
write$auto(r2, 0x0, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000140)="3318cb")
r3 = pipe2$auto(0x0, 0x9)
read$auto(0xffffffffffffffff, 0x0, 0x20)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r6=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="2f212cbd7010ca705d845526cc0008000380", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8810)
sendmsg$auto_NL80211_CMD_GET_MPP(r3, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r5, 0x10, 0x6e4, 0x25dfdbfb, {}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0xff98}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000890}, 0x50)
ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, 0x0)
recvfrom$auto(r3, 0x0, 0x8000000000000001, 0x2, &(0x7f0000000180)=@vsock={0x28, 0x0, 0x2711, @host}, &(0x7f00000001c0)=0x2)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x2c40, 0x0)
read$auto(0x3, 0x0, 0x80)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), r4)
socket$nl_generic(0x10, 0x3, 0x10)

2m15.960667835s ago: executing program 2 (id=1848):
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
bpf$auto(0x8000000, 0x0, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/mem\x00', 0x40, 0x0)
write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa2\x9aSVd\x1d\xac\xe8\x90e\x9d\x03\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa', 0x100000a3da)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0)
sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054)
write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000001bc0), 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x202003, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0xe, 0x0, 0x20)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
io_uring_setup$auto(0x8008, 0x0)
close_range$auto(0x2, 0x8, 0x0)
clock_nanosleep$auto(0x2, 0x6, 0x0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0)
write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)

2m14.667554785s ago: executing program 2 (id=1852):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram10\x00', 0x14fa02, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000)
setresuid$auto(0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0)
read$auto(0xc8, 0x0, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card0\x00', 0x0, 0x0)
r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0)
splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
mmap$auto(0x2, 0x400008, 0xdf, 0x9b7f, r1, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(r2, 0x8, 0x0)
brk$auto(0xffffffffffffff66)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r4, 0x40043d04, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/block/nbd5/sched/owned_by_driver\x00', 0x2000, 0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_DETACH(r1, 0x7aa, 0x0)

2m13.460076577s ago: executing program 2 (id=1854):
r0 = openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pread64$auto(r0, &(0x7f00000001c0)='@\'&\x00', 0x5, 0x5)
mmap$auto(0xffffffffffffffff, 0x90, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x101082, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/v4l-subdev0\x00', 0x0, 0x0)
ioctl$auto(r1, 0xc0045543, r2)
r3 = io_uring_setup$auto(0x6, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r4, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB='}u\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000ffdbdf250c0000000800050000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040804)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r3)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/sunrpc/parameters/tcp_max_slot_table_entries\x00', 0x2c62, 0x0)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
mount_setattr$auto(0xffffffffffffff9c, 0x0, 0x1000, 0x0, 0xe9f)
write$auto_console_fops_tty_io(r7, &(0x7f0000000800)="a2df1cae747989b2047e0cbe119b4d43fc4fd1d04bcdab09715eed3988c58e4e0740af60ea71e7dcf414adb6c500edc96a09864da5a5302df2cccb70c5cc16d20f3903772a13cea3bccf0b16e4f1ce5cce49d037479902866d62c3e597e3a8b06ccc76396d24cc1e6bd3094e49225421fab9b8e6f6a0d356d9f86a4d4478538091dfd7dec6cd75dd", 0x88)
write$auto(r7, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r6], 0xd0}, 0x1, 0x0, 0x0, 0x4084}, 0x80004)
syz_clone3(&(0x7f00000004c0)={0x800000, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0xd}, &(0x7f0000000340)=""/66, 0x42, &(0x7f00000003c0)=""/172, &(0x7f0000000480)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0], 0x8, {r3}}, 0x58)
pipe$auto(0x0)
r8 = socket(0x21, 0x2, 0xa)
sendmsg$auto_MACSEC_CMD_ADD_TXSA(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r9 = socket(0x21, 0x2, 0xa)
sendmsg$auto_MACSEC_CMD_ADD_TXSA(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
r10 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/008/001\x00', 0xa901, 0x0)
ioctl$auto_USBDEVFS_SETCONFIGURATION(r10, 0x80045505, 0x0)

1m59.62652584s ago: executing program 1 (id=1880):
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f00000002c0)={0x1, 0x17b7, "e5d02ebff1a0f22827060519362f2f88e79b08745cfeeb517c6dc57b7e6cdc606f490e7822d765e620e59b384bb7a4767cef31f639bb12efa4922229c5b4918f", "957bb98f6817aa559f6d1846dba8340fd7ad51f4595586d2c600434e68629cea1e53bc48eae23140d90b519394bf8df11a3924c9253960b4e9ab012fc27ef6ab0965734454d6662aa9e4680705010b14", 0x4, 0x2, "8568cf815dcbb782114b268bb324a302a4842e0b7270da771be7a331349e3b3cb06f60eabb01da08aaee3bafb4fda1fa3d27f74dd006547ab43c2200128038c7"})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
write$auto_tty_fops_tty_io(r1, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296", 0x2e)
ioctl$auto(0xffffffffffffffff, 0x8912, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
ustat$auto(0x801, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)

1m58.525677745s ago: executing program 1 (id=1884):
mmap$auto(0x0, 0x400008, 0xdf, 0xfffffffffffffc10, 0xffffffffffffffff, 0x800008000)
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = fcntl$auto(r0, 0x400, 0x1)
execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
execve$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff)
fcntl$auto(0x3, 0x4, 0xa553)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cpu.pressure\x00', 0x183142, 0x0)
sendfile$auto(r1, r2, 0x0, 0xc01)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb5, 0xffffffffffffffff, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0)
keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000000e)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
r3 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0)
ioctl$auto_BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x80489439, &(0x7f0000000f80)=[{0x3ff, 0x3, 0x8000000000000000}, {0x5, 0x5, 0x2}, {0xa6, 0x1, 0x2}])
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
statmount$auto(0x0, 0x0, 0x1fe, 0x5)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
unshare$auto(0x40000080)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/midiC2D2\x00', 0x80980, 0x0)

1m58.432394853s ago: executing program 32 (id=1854):
r0 = openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pread64$auto(r0, &(0x7f00000001c0)='@\'&\x00', 0x5, 0x5)
mmap$auto(0xffffffffffffffff, 0x90, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000)
r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC1\x00', 0x101082, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/v4l-subdev0\x00', 0x0, 0x0)
ioctl$auto(r1, 0xc0045543, r2)
r3 = io_uring_setup$auto(0x6, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r4, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB='}u\x00\x00', @ANYRES16=r5, @ANYBLOB="010028bd7000ffdbdf250c0000000800050000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040804)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r3)
r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/sunrpc/parameters/tcp_max_slot_table_entries\x00', 0x2c62, 0x0)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
mount_setattr$auto(0xffffffffffffff9c, 0x0, 0x1000, 0x0, 0xe9f)
write$auto_console_fops_tty_io(r7, &(0x7f0000000800)="a2df1cae747989b2047e0cbe119b4d43fc4fd1d04bcdab09715eed3988c58e4e0740af60ea71e7dcf414adb6c500edc96a09864da5a5302df2cccb70c5cc16d20f3903772a13cea3bccf0b16e4f1ce5cce49d037479902866d62c3e597e3a8b06ccc76396d24cc1e6bd3094e49225421fab9b8e6f6a0d356d9f86a4d4478538091dfd7dec6cd75dd", 0x88)
write$auto(r7, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r6], 0xd0}, 0x1, 0x0, 0x0, 0x4084}, 0x80004)
syz_clone3(&(0x7f00000004c0)={0x800000, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0xd}, &(0x7f0000000340)=""/66, 0x42, &(0x7f00000003c0)=""/172, &(0x7f0000000480)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0], 0x8, {r3}}, 0x58)
pipe$auto(0x0)
r8 = socket(0x21, 0x2, 0xa)
sendmsg$auto_MACSEC_CMD_ADD_TXSA(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r9 = socket(0x21, 0x2, 0xa)
sendmsg$auto_MACSEC_CMD_ADD_TXSA(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
r10 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/008/001\x00', 0xa901, 0x0)
ioctl$auto_USBDEVFS_SETCONFIGURATION(r10, 0x80045505, 0x0)

1m57.540656566s ago: executing program 1 (id=1888):
bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x0, 0x2}}, 0x66)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0)
ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080))
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
unshare$auto(0x40000080)
r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mtd0ro\x00', 0x10400, 0x0)
close_range$auto(r1, 0xfffffffffffff000, 0x6)
close_range$auto(0x0, 0x5, 0x0)
r2 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x7, 0x400008, 0xdf, 0x9b71, r1, 0x7fff)
r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto_EVIOCSCLOCKID(r5, 0x400445a0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/nbd15/queue/io_poll\x00', 0x400040, 0x0)
io_uring_register$auto_IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000640)="018fac297e857e25b7371f9d3e9a350e7ac811c087f2794823b838385544315f18c78aee068e8971ca6feb7f5f21444f160ffbc6db39677d21dec99144eadfc787b697614aa78b2a09a39bcb0208ff082e47645c25907bbc783bdd342c0650e39eca7a57213fceadff804bb496b0e41c2e02a57a5ef51c54f23bf5287e1db445733328b476535b7090cb672953e1120510e1a584e9fcfc1c4808ac9cede07dd7e98c09a3995a9da60b347a878e0f225d96e77240f4a7fa722cbb4c8227aff94545ceeb882986e65511321297dbb4499c00000000000019c766a6278ff3c4630cc2a2ec836612116b9e025e852d42e7584d4a0f60125302c5c74ea60ed92538424e4622d1250cc2ce405778e9957a7cb1b94ff1f3e3817ae961cc6df39e5fd5f0f3728179ba600fc6fecf9f8d2a0b1a8f11eec6bdd4b76bc2a9016c4aa19e0050504a34252502d6d09ceadd2153c18f3b4641fec28a498a5e89a03a111cd6b127481c7de2e3cdd0b24dfdae8716990506ab3f120cdbb47350a2079a81f79cd1765cdd52bbeb74f1d2412174a9760c9781cec2b69b458f73ccae98b745dfaa4264f3701df6f9f67efb7dca62f60aab39b339eeae128beb47e77e61cbb0f1", 0x8)
write$auto(0xffffffffffffffff, 0x0, 0x4)
write$auto(r3, 0x0, 0x100000a3d9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0)
socket(0x9, 0x3, 0x7)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
fsopen$auto(0x0, 0x1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181482, 0x0)
mmap$auto(0x0, 0x4, 0x7f, 0x40eb1, 0xffffffffffffffff, 0x3000001ffffd)
r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSTI2(r6, 0x545c, 0x0)
ioctl$auto_MEMGETREGIONCOUNT(r4, 0x80044d07, 0x0)
ioctl$auto_TIOCVHANGUP2(r6, 0x5437, 0x0)
ustat$auto(0xfff, &(0x7f0000000080)={0x5, 0xffff, "45d734c582c0", "b898e7f0a051"})

1m56.279833472s ago: executing program 1 (id=1890):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
setresuid$auto(0xffffffffffffffff, 0x0, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x2b, 0x1, 0x0)
listen$auto(0x3, 0x81)
ioctl$auto(0x3, 0x8905, 0x38)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
madvise$auto(0x0, 0x240007, 0x19)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)={0x3c, r2, 0x1, 0x70bd31, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x5, 0x0, 0x1, [@typed={0x4, 0x9f}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x3c}}, 0x24048084)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kfence/parameters/sample_interval\x00', 0x102, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0)
bpf$auto(0x2, &(0x7f0000000380)=@token_create={0x5315, r3}, 0x1)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)
pread64$auto(r5, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001)

1m53.296062542s ago: executing program 1 (id=1897):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x752502, 0x0)
mmap$auto(0x40000000000003, 0x400008, 0x1, 0x9b72, 0x2, 0x86)
gettid()
symlink$auto(&(0x7f0000000080)='.\x00', &(0x7f0000000040)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0/../file0\x00', &(0x7f00000002c0)={0x101000, 0x0, 0x12}, 0x18)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x7e382, 0x0)
openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
syz_clone3(0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
r0 = socket(0x1e, 0x1, 0x0)
openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x20c000, 0x0)
r1 = socketpair$auto(0x8, 0x1, 0x8000000000000000, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/dfscache\x00', 0x101a41, 0x0)
ioctl$auto_rfkill_fops_core(r1, 0xbf, &(0x7f0000000140)="031accec4a2a216618ac826c831dba62b355c4b2d84be6441e9a3e4e1ffeeebfff67c7d84c9f06f070c38f5e8e43bbb1fc609b9719f41d11bd716399f0055cbe4d")
write$auto(r3, 0x0, 0x6)
r4 = socket(0xa, 0x3, 0x3a)
mknod$auto(0x0, 0xcb, 0x7)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
sendmsg$auto_NL80211_CMD_GET_WIPHY(r4, 0x0, 0x20000040)
write$auto(0x4, 0x0, 0x100082)
ioctl$auto(r2, 0xc0045627, r0)
r5 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0)
ioctl$auto_RNDGETENTCNT2(r5, 0x80045200, &(0x7f0000000200)=0x6)
ppoll$auto(0x0, 0xf3, 0x0, 0x0, 0x8)
close_range$auto(0x2, 0x8, 0x0)

1m52.216516978s ago: executing program 1 (id=1900):
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x2, 0x801, 0x106)
socket(0xa, 0x5, 0x0)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
ioctl$auto(0xffffffffffffffff, 0xc08c5102, 0xffffffffffffffff)
write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
sigaltstack$auto(&(0x7f0000000180)={0x0, 0x80000001, 0x40b4}, 0x0)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x14, r0, 0x10, 0x53, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40048a1}, 0x20000001)
ptrace$auto(0x10, r1, 0x100000001, 0x7ff)
ptrace$auto_PTRACE_SINGLESTEP(0x9, r1, 0xffff, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x7, 0x0)
getsockopt$auto(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
semctl$auto(0x4, 0x10006, 0x1, 0x6)
shmctl$auto_SHM_UNLOCK(0x7, 0xc, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2000, 0x0)
r4 = setfsuid$auto(0xee00)
r5 = setfsuid$auto(0xee01)
setresuid$auto(r4, r5, r4)

1m36.921875561s ago: executing program 33 (id=1900):
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40800)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x2, 0x801, 0x106)
socket(0xa, 0x5, 0x0)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
ioctl$auto(0xffffffffffffffff, 0xc08c5102, 0xffffffffffffffff)
write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
sigaltstack$auto(&(0x7f0000000180)={0x0, 0x80000001, 0x40b4}, 0x0)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x14, r0, 0x10, 0x53, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40048a1}, 0x20000001)
ptrace$auto(0x10, r1, 0x100000001, 0x7ff)
ptrace$auto_PTRACE_SINGLESTEP(0x9, r1, 0xffff, 0x0)
pread64$auto(0xffffffffffffffff, 0x0, 0x7, 0x0)
getsockopt$auto(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
semctl$auto(0x4, 0x10006, 0x1, 0x6)
shmctl$auto_SHM_UNLOCK(0x7, 0xc, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2000, 0x0)
r4 = setfsuid$auto(0xee00)
r5 = setfsuid$auto(0xee01)
setresuid$auto(r4, r5, r4)

1m17.124510456s ago: executing program 5 (id=1977):
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
r0 = socket(0x18, 0x3, 0x2)
bind$auto(r0, &(0x7f0000000180)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@hci={0x1f, 0x2}, 0x55)
mmap$auto(0x0, 0x10000, 0x4080000000db, 0xeb1, 0x2, 0x8000)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x24040, 0x0)
syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff)
open(0x0, 0x161342, 0x130)
r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0)
pread64$auto(r2, 0x0, 0x101, 0x103)
read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x801, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51)
listen$auto(0x3, 0x83)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
readv$auto(0xffffffffffffffff, 0x0, 0x3)
link$auto(&(0x7f0000003240)='./file0\x00', &(0x7f0000003280)='./file2\x00')
ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d00", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/zswap/parameters/compressor\x00', 0x7b6b147fd3e87020, 0x0)
write$auto_ocfs2_control_fops_stack_user(r3, &(0x7f0000003900)='\t', 0x1)
r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
lseek$auto(r4, 0x5, 0x0)
getdents$auto(r4, 0x0, 0x62d4)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/sunrpc/parameters/auth_hashtable_size\x00', 0x2ab42, 0x0)
sendfile$auto(r5, r5, 0x0, 0x4f64a1d2)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000380), 0x82002, 0x0)

1m16.451641255s ago: executing program 5 (id=1980):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram10\x00', 0x14fa02, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000)
setresuid$auto(0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0)
read$auto(0xc8, 0x0, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card0\x00', 0x0, 0x0)
r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0)
splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
mmap$auto(0x2, 0x400008, 0xdf, 0x9b7f, r1, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
close_range$auto(r2, 0x8, 0x0)
brk$auto(0xffffffffffffff66)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(0xffffffffffffffff, 0x40043d04, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/block/nbd5/sched/owned_by_driver\x00', 0x2000, 0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_DETACH(r1, 0x7aa, 0x0)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r4, &(0x7f0000000100)=""/169, 0xa9)

1m15.053228421s ago: executing program 5 (id=1983):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0)
inotify_init1$auto(0x3000000000000)
openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
mmap$auto(0x0, 0x400008, 0xdb, 0x9b72, 0xfffffffffffffffe, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0xb, 0x0)
r0 = socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@xdp={0x2c, 0x2, 0x0, 0x39}, 0x6a)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
socket(0x1e, 0x1, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
sysfs$auto(0x2, 0xe, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x8040, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x40000403c6f2b, 0x0)
r3 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x2003, 0x0)
ioctl$auto(r3, 0x6f2d, r3)
r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0)
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)
close_range$auto(0x2, 0x8, 0x0)

1m14.057957857s ago: executing program 5 (id=1984):
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f00000002c0)={0x1, 0x17b7, "e5d02ebff1a0f22827060519362f2f88e79b08745cfeeb517c6dc57b7e6cdc606f490e7822d765e620e59b384bb7a4767cef31f639bb12efa4922229c5b4918f", "957bb98f6817aa559f6d1846dba8340fd7ad51f4595586d2c600434e68629cea1e53bc48eae23140d90b519394bf8df11a3924c9253960b4e9ab012fc27ef6ab0965734454d6662aa9e4680705010b14", 0x4, 0x2, "8568cf815dcbb782114b268bb324a302a4842e0b7270da771be7a331349e3b3cb06f60eabb01da08aaee3bafb4fda1fa3d27f74dd006547ab43c2200128038c7"})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
write$auto_tty_fops_tty_io(r1, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296", 0x2e)
ioctl$auto(0xffffffffffffffff, 0x8912, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
ustat$auto(0x801, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x5, 0x0, 0x102)
getpid()
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0)
write$auto(r3, &(0x7f0000000140)='7\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x103, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0xb, 0x100000000}})
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0x400053, 0x9)

1m12.292905237s ago: executing program 5 (id=1987):
openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace_marker\x00', 0x341, 0x0)
mmap$auto(0x401000000000, 0x40000004020009, 0xc, 0x15, 0xffffffffffffffff, 0x7ffe)
r0 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x1e, 0x4, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r4, 0x10f, 0x87, 0x0, 0x14)
r5 = getuid()
sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000002200)=ANY=[@ANYBLOB="901d0000", @ANYRES16, @ANYBLOB="080a26bd7000ffdbdf2516000000090309800c00e78008009200640101020602bf60393b8e8c11f6cd9517d218fb1332b73000bf0615509cbcfe065420c5a8267e38c3168162b01da5b94d7ecf0e134186aff62b953239185b0eaa5deac2d64935195b895c1a9410cd67f6b3e723b4eda49c1f83d8ad650ffaecdc3f8d2085c1f4a44f5c7f3110806bc714133668fc964068183d21c40bfd007b8014000900fe8000000000000000000000000000aa0800b700", @ANYRES32=r2, @ANYBLOB="5707be7cd8848e7744de2fb3b8bd1dfbcab32ed5616e3e0b305ea367d9c1a760158c9e347046ff09af0a5f8bdb4724075cf1d6f3b30fceabe162bf7d38c2346cdc953da7703957c1acfd0b58c9848d992fd8d3d4ec080400098008003c00", @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="04009b800800340000000000000000ab008680040003808352f74ae947fb23c79111bc17b6bf8c6c3d619fc962743d7d14007e000000000000000000000000000000000004001e8027a418ee81d8d4625e800957f968a786b97aee04fe05f579d40c5406fd0d5ef0103e622a30d7ae796f01424e1cee1b2f82b798bd87ce1151af749262a081ccbf323c40080d96e502fc77c2b2b0fd240a6602b1352d77649318b9f91026a21728eb7be75449a5e5d620d983c79b7dc4e8e54200729c70094e951838c6c10d02f507d846b1b09fe0b19842d0f79322ee4d223f6dc68534052022adf30b8b217a692b6e184d0912bbb191ec1ddff9644dcd5c67984d729df9c870a12cd2d0562e8ceae6f8eeda8d3416a8c1f094839f061a4add8fa9044cedd640a014fd2752c2ca03ae256937be3e449f21cfea42723a8109f039b474e345a11a7aabaced775bbeb653270c8e20853679dd1a8f236fcc1c563943a06ab168fb6141682e19907ba333753b79debc5f1f003d80e2a50e9926de63ef942dfb2e3f4ba87020906ef84b514ccb6c18dc00000000fe0005800800c400", @ANYRES32=r0, @ANYBLOB="1800698014006600fe8000000000000000000000000000262000358004007d8008002f00", @ANYRES32=r1, @ANYBLOB="080017009507000006008d007b0000002000db8004001b8014007b00fc0100000000000000000000000000000400d0800400ca000400f380b1ac8cc2f2532445cf4f070f70d7db4240319ce22baa1cf45c6edb6123a7506113f7079cc5befdb7efcda99dac56274f77e6b4ca6b73f565baeef0b044e16f50868aedae53adacfda229944027b08ed35e913361503c477b8a27a558d116498ae75b105aef6daa44b7122d40822b426b7c575fbd2a8c94408c1d9b433df908c397a18891960715dcd2690800078004001a8000008305048074f21ce5a5e37b59bba86390d6a50f13a4e57d6930a27e61bdefaba25562857af34f54bbbf8dea09e7a686e70c823e96714d85668df3e2e9e7f9f4ca706ffd6459535b4d95db88cac6366775fe26b4bbabcdf79f129d7a62a73aa01b0ba3f0841be3c22f5235d97787ed04006700ec8e2fde77cc9bd71b33a7b512814872ac7413ad8314006600ff0100000000000000000000000000018500fa00c73c78455c0a7ca08f4b32c31a1d076653e2cf8b4c301619322c2ff6f53738535c3f71b2416c8b2b9c62fbea50ab0e7758015868ff1d31842799499e6d7cc3a5a4406b1c1686ca977cc478d2f25cc58157dc2f243c84004c1095aa042ddf3b1c22441999a56ee9bebe99594a2702bb9059b51571dfe10e6b159308cd4990becdf2000000147ef978ae28b1ef61321c766aa0a3016c8bc6596d6f3c6a9e9446250e8b86a258e6499b151e464b780fd59260cf4ce97e92aad0cb7a986f7e97491d9969dccae556fc5e507aee23f40c83991fe894a004094302893261344a2d78852392bf3585a819f96cfe3ed7a5fecb572454a7c0b2e676dab4d8d7b2357897fd1777ee5c816efdcd4444df833cc7978c7f54cde157e3cf7ccfa646c7235ab050abed6fd8677a46243793bbf5360b4b0d1a50eec2b37b1349afb4bb1e04dd13ef491943ffa0d4ae24374dc12a6fa2470c00ba006e6c38303231310004d47c0d9b4ad7f8f1ba5e1d4ce660da5746da27992b293af0b807528f50d0e6d2b0b41dda172fac34905fdf98d3a9c40763a69180fb674c8ba86a92a8d5c3ac005422a41b56f551334db5df652458ffba182a702b85d440044379ae1df187237977de397d8bfcf368bf761ceed204113d6ced259b58d060e305d661fba532a3f5e7a54f2194e6f22bfb7dfdd1a44892d2d87ee055110e72df2fd4743cfd5aba77251cf3b95e2c491d1454f3e35526fdb2e0daa740925be684ba711ccffeb3d031df3589a7eff265544c8d585cb4b2898ec8788846f49a21fb36b8db2da2ab1ef9a5025880c500f2008c2f10666443f1ac1a8cc60ad8ddc6a49e9e70c93aa8ecefcc6d50059327ce7606eee6f19670a825d18c98b36652368e2425406316cae751284ed1cee6a102b1784aa20c22843d1414e11dea7129fcc0e01e7d043014ffb1f2d13dd923f12beca055612cf1fb886971986086142fea1f2d8a2c46343e77a69c945859eda4921e04c1b15035eae070bd6fb6c8b83a1951480e0cb6c6c32ec2a90d958ba7bbad5a3f609a38e89b66ea6ea05d5e20383b5aa988fe761fec4bd3ec1b467105714c08fd0000000400a98036ffa99410db814df01973d68db033f4ee87aec2a3892d37ad2087ad0def0d948efa748f812c6d02424d38d8c88e1dd5049980f3ce2f4b66266222d08e96478ed174efeaa00b88389ae193eb30c196206d44b7915e039d40785ac0ddfaa1149b3d82a2e7cd7cf432ecdd877519ce49d7d4d9fc821ba8fb40726714cd8775b0d5af9863379226847e153d5a22ca94d7168c52c09d3e11e1b6c74d4b756dc823dd5ab47f79d75b62c0b872872040582510e6927fd5850e5d784d04002b8021164748b4a166dcf1799e5f9b86dac3fe303aa6feb1fe8e8d167a9e0cf465a586cbce8aa60d7b5fec02ac9310746e4c64fa7fef906e4071bd8ab49b95768cdcb0844158fd5df872be0d60a53a437f76359568956a73a35ef06c847f66eb1b00102b01ddbe1b62edc3626eb08ddce6e4285e41f236f4d73b6349f52cfe47010a6362ea7dcc494290bee854dbb918d06a3ada2227eb6dfb9d1346108d2b08f0e207d195c30fd1f65ecf89789aedc304f22e1d151e0b801572b23685b7e575e6743c184802e0e616fca6283f4011441f1638e96e337587558d698a2edd4e06cde17243e4cf12c44c4bf021fc2dee596bd8da56ce7c4a514aa94abdd637ab491b301736b54c14009300fc000000000000000000000000000001000000002300098008000900", @ANYRES32=r5, @ANYRES32=r0, @ANYBLOB="0c001c0006000000000000000800a6000a01010204007580000007020280fd00f980bd303502d572a153126393fcf955a7f3fc4b6effc2938fe89d05c24c13d274de030f62905fda4401fb967408b20b56ddfe2af28a54701b98c669538caf8ea9a9eaf01ab6307a64d7a290268db39ea238256f7e41647035a93ed2b9015bf9febc51c74c9999d055496f461b108e1aab72c2d16af33fb964f55013a250db66c4facb472b056ae66fcadf553973fccc6f067d6b154f45854261a02b42e7371279410e98ba9d5a6fc4b1cde86d2dd4d69fe37565011087d55a49d5f7a44ea78a4e53d4145f77770e4c9aad0775257175e58480ba8552a812154698ad8e85ff0ac2b04c08004000", @ANYRES32=r3, @ANYBLOB="08001200", @ANYRES32=r1, @ANYBLOB="efaac42583e74436c25ab0b0f91b7d23ad8a318bd1d3aaf26f9dda28d46812e2264fc14f2b4eb8f61f2fb8b603da278bf19b9089193630b756d3e3c6182e240fd5fe1ce4c95d4f7ee6cafa631be1044301c4bb050f1bab91d2f4dc59253c370294736844c3daffee06dbfe9c5c0243f250b1c7a152", @ANYRES32, @ANYBLOB="0000000b00a6002d242940402800003d8dd36080fa7aa05b59b135f2b57c9eda9e52eab69a4c50d5abb614cc556824f73f6691cbca4326fd9b905235abff3f077b5f11cff5ab049e5e24b30acf407b963665f8323be4eecd9e9d9ca15b7561c456b6a8d7b1b6583d8db1671a7cbf986c606cd23097e42e53606aad329982da6d0a14de4362e141689da6e56898d4eecc97defd881a7d2ce5b8a87074f131688557b7a1d8638c0c67e386abf5d922cb90fb9a9ec5715ff287c2ca99a601a00f0146d433caf1aff5bf13395c86eee32620637a3ab607522b6ae1221bb9eac7b3712479e2f8c4a0f821386c3e17ba37e6b1c5df07d6129a6d2353e4d399e55c9fcefe2f2c7ad83c00040004803a000000b0030dea85a2ec43a7936b290b90f49ac78d7bce4ff8f9834e3e1bc51e40efe34a1ce6e0042d61d6c303f58a859d26ccb207e4dd2dd70000"], 0x1d90}, 0x1, 0x0, 0x0, 0x80}, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
recvmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230)
r6 = prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007)
bpf$auto_BPF_PROG_LOAD(0x5, &(0x7f0000000300)=@bpf_attr_0={0x9a, 0x2, 0x5, 0x8, 0x7eb, r2, 0x5, "e03f43200a26d5ea743998fb7500", 0x0, <r7=>r6, 0x9, 0x1, 0x4, 0x7, r3, r3}, 0x7ff)
r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r7)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r10=>0x0})
io_uring_setup$auto(0x4e8c, 0x0)
madvise$auto(0x0, 0x2003f0, 0x15)
r11 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$auto_VFIO_IOMMU_MAP_DMA(r11, 0x3b71, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r10], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x4080)

1m10.073461121s ago: executing program 5 (id=1991):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/thermal/cooling_device0/max_state\x00', 0x500, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004)
openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci2/msft_opcode\x00', 0x2, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f0, 0x15)
madvise$auto(0x0, 0x200007, 0x19)
getrusage$auto_RUSAGE_BOTH(0xfffffffffffffffe, 0x0)
openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000003c0), 0x1001, 0x0)
socket(0x2, 0x801, 0x100)
connect$auto(0x3, &(0x7f00000000c0), 0x55)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
recvmmsg$auto(r1, 0x0, 0xffffffff, 0x4, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
sendmmsg$auto(0x3, 0x0, 0xff, 0x7000000)
unshare$auto(0x40000080)

54.853724332s ago: executing program 34 (id=1991):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/thermal/cooling_device0/max_state\x00', 0x500, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004)
openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci2/msft_opcode\x00', 0x2, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f0, 0x15)
madvise$auto(0x0, 0x200007, 0x19)
getrusage$auto_RUSAGE_BOTH(0xfffffffffffffffe, 0x0)
openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000003c0), 0x1001, 0x0)
socket(0x2, 0x801, 0x100)
connect$auto(0x3, &(0x7f00000000c0), 0x55)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
recvmmsg$auto(r1, 0x0, 0xffffffff, 0x4, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
sendmmsg$auto(0x3, 0x0, 0xff, 0x7000000)
unshare$auto(0x40000080)

32.90882673s ago: executing program 4 (id=2082):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram10\x00', 0x14fa02, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000)
setresuid$auto(0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0)
read$auto(0xc8, 0x0, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card0\x00', 0x0, 0x0)
r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0x4040, 0x0)
splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
mmap$auto(0x2, 0x400008, 0xdf, 0x9b7f, r1, 0x8000)
close_range$auto(r2, 0x8, 0x0)
brk$auto(0xffffffffffffff66)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r4, 0x40043d04, 0x0)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e</\xfd\x9b\xe4\x99G\xeaS\x9a\xadu(:\x94:\xaf\x06c=3>1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0xda)
r5 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/block/nbd5/sched/owned_by_driver\x00', 0x2000, 0x0)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_DETACH(r1, 0x7aa, 0x0)
read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r5, &(0x7f0000000100)=""/169, 0xa9)

31.539425902s ago: executing program 4 (id=2086):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000580)='/sys/devices/virtual/thermal/cooling_device0/max_state\x00', 0x500, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004)
openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/bluetooth/hci2/msft_opcode\x00', 0x2, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f0, 0x15)
madvise$auto(0x0, 0x200007, 0x19)
getrusage$auto_RUSAGE_BOTH(0xfffffffffffffffe, 0x0)
openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000003c0), 0x1001, 0x0)
socket(0x2, 0x801, 0x100)
connect$auto(0x3, &(0x7f00000000c0), 0x55)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
recvmmsg$auto(r1, 0x0, 0xffffffff, 0x4, 0x0)
sendmmsg$auto(0x3, 0x0, 0xff, 0x7000000)
close_range$auto(0x2, 0x8, 0x0)
unshare$auto(0x40000080)

29.753231743s ago: executing program 4 (id=2090):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$auto_TCSBRK2(0xffffffffffffffff, 0x5409, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r0, 0x1, &(0x7f0000000000)='4\x93\x03\x00\x04\x00\x00', &(0x7f00000001c0), 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r0, 0x8000)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x20002, 0x400100)
openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/make-it-fail\x00', 0x40002, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
socket(0x10, 0x2, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/cgroup\x00', 0x400, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="720100", @ANYBLOB="19"], 0x1ac}}, 0x40000)
mkdir$auto(&(0x7f0000004440)='./file0\x00', 0x1)
mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9)
rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0\x00')
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8000)
socket(0x10, 0x2, 0x0)
r1 = setfsuid$auto(0xee00)
r2 = waitid$auto_P_ALL(0x0, 0x4, &(0x7f0000000400)={@siginfo_0_0={0x200000, 0x43, 0x7, @_sigfault={&(0x7f0000000080)="444683f7fb148044742c", @_addr_lsb=0xb}}}, 0xfffffff9, &(0x7f0000000480)={{0x3, 0x81}, {0xa64, 0x6}, 0xfb, 0x8000, 0xfffffffffffffff5, 0xffff, 0x6feae9e1, 0x1, 0xb4, 0x100000000, 0x81, 0x800000000000000, 0x4, 0x3, 0x7, 0x5})
fcntl$auto(r0, 0x4, r2)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/ip6_mr_vif\x00', 0x480, 0x0)
pread64$auto(r3, &(0x7f0000000040)='-#!=\x00', 0xa86, 0x9)
setreuid$auto(r1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x7d4, 0x1, 0x401c2, 0x2081, 0x3f, 0x7ffc, 0x1ffde, 0x8001, 0x2, 0x4, 0x9, 0x3, 0x5, 0x8, 0x3004, 0x9, 0x6, 0x10002, 0x80, 0x400, 0xa9, 0x7, 0x1ffc, 0x8203, 0x400, 0x2, 0x1, 0x0, 0x40, 0x5, 0x2, [0x7249, 0xa9f, 0x0, 0x1000000000000000, 0x0, 0x180, 0x2, 0x0, 0x0, 0x200000000000000, 0xfc6a, 0x1000000, 0x10000, 0x40000000000, 0x0, 0x400000000000, 0x80000000000000, 0x0, 0xffffffffff7ffffc, 0x5, 0x0, 0x2, 0xfff, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x400000000000002, 0xfffffffffffffffc, 0x3, 0x1, 0x5, 0xfffffffffffffffc, 0x4]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20048810}, 0x40000)
r4 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfe, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

28.504460554s ago: executing program 4 (id=2091):
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x1, 0x100)
sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="02002abd7000fadbdf250200000008000200e00800000800020001000000080002000400000008000200070000000800020000040000080002004d000000080002000600000005da17ee76769eff8ef80c760e13609af3b626827d654030c509a0a132240315dda949a95fffd4d9c8adfc07268c4499325f21dbd0b7d7246dc22944084cd9907b46012bbdf272ed3384ff3781c1901117a7704a4e652d8a81f33008bd2cf866b3f8d94b7c3bb21b546cce3a6ddad561f4d6592d9c3587d66db1097a785fa70f9c051ad815de97decb460c63f9e437efc794a4ada619c3d0db90acd9bf6e613c125e115c7beca64a0d"], 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x20040010)
ioctl$auto(0x3, 0x80000541b, 0x38)
socket(0x2, 0x1, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = socket(0x2b, 0x1, 0x0)
listen$auto(r1, 0x1)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x100, 0x0)
r2 = getpid()
move_pages$auto(r2, 0x359, 0x0, 0x0, 0x0, 0x0)
socketpair$auto(0x8, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_CREATE_VM(r3, 0x4048aecb, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bdi/43:192/stable_pages_required\x00', 0x22100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000080)=""/247, 0xf7)
getsockopt$auto(0x100000006, 0x88, 0x1, 0xfffffffffffffffe, 0x0)

27.535075319s ago: executing program 4 (id=2094):
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r1)
unshare$auto(0x8000000)
semget$auto(0x0, 0x2e4a, 0x8000)
semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0)
semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x0, 0x36ec}, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x0, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x20100, 0x0)
r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0)
ioctl$auto(r3, 0x9210641e, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000006c0)={'batadv0\x00', <r4=>0x0})
sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010b2732ba4cdfdbdf24fefffff8080003007828c52cf2b66a5d47c0", @ANYRES32=r4, @ANYBLOB="08000600", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4825}, 0x9800)
bpf$auto_BPF_MAP_CREATE(0x0, &(0x7f00000000c0)=@bpf_attr_11={0x1, 0x100000001, 0x1, 0x8, 0x8000, 0x5, 0x5, r0}, 0x6)
personality$auto(0xfffff032)
r5 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64)
fchdir$auto(r5)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/cgroup.type\x00', 0x103042, 0x0)
rmdir$auto(&(0x7f0000000180)='./cgroup\x00')
ppoll$auto(&(0x7f0000001ac0)={r5, 0x9, 0x6}, 0xc, &(0x7f0000001b00)={0xf2, 0x9}, &(0x7f00000002c0)={0x5}, 0x8)
socket(0xa, 0x1, 0x84)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mtd/mtd0/oobsize\x00', 0x40000, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_ucma_fops_ucma(0xffffffffffffff9c, 0x0, 0x101002, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(r6, 0xfffffffffffff000, 0x2)

27.2027922s ago: executing program 4 (id=2098):
timer_settime$auto(0xffffffff, 0x9, &(0x7f00000000c0)={{0x400000000f, 0x10008}, {0x9, 0x2}}, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))
r1 = fcntl$auto(0xffffffffffffffff, 0x20007, 0xa553)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
getsockopt$auto_SO_MEMINFO(r1, 0xb, 0x37, 0x0, &(0x7f00000000c0)=0x6)
getsockopt$auto_SO_ACCEPTCONN(r0, 0x800, 0x1e, 0x0, 0x0)
read$auto(0x3, 0x0, 0x8080)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
mmap$auto(0x81, 0x9, 0x2000000000000dd, 0x19, r1, 0x7ffd)
unshare$auto(0x40000080)
socket(0xa, 0x5, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
ioctl$auto_EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r4 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r4, 0x29, 0x38, 0x0, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r5 = socket(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(r5, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x24000000)
geteuid()
syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0)

18.674362998s ago: executing program 0 (id=2114):
mmap$auto(0x0, 0x2020009, 0x3, 0x4000000000000eb1, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0x80, 0x6, 0xeb1, 0x401, 0xffffffffffff7fff)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/tcp_available_congestion_control\x00', 0x0, 0x0)
bpf$auto(0x0, 0x0, 0x4f4)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/class/devcoredump/disabled\x00', 0xe3102, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0)
ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0xffffffffffffaee1, 0xfffffffffffffffe, 0x2, 0x7, 0xbfb, 0x79, 0x30, 0x3, 0x2})
write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x60042, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kmsg\x00', 0x80900, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/net/rt_cache\x00', 0x2000, 0x0)
select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x400, 0x3, 0x462, 0x80000001, 0x50a7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7f, 0xd, 0x1, 0x948f, 0x1005, 0x206, 0x7, 0xfffffffffffffff6, 0x7, 0x9, 0x79d, 0x6, 0x100000000000000, 0xfffffffffffffffe, 0xf]}, 0x0)
capget$auto(0x0, 0xfffffffffffffffe)
capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6})
r3 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
setsockopt$auto_SO_SELECT_ERR_QUEUE(r3, 0xf, 0x2d, &(0x7f0000000200)='::,+\x00', 0x101)
r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/usb/usbmon/33u\x00', 0x20202, 0x0)
pread64$auto(r4, 0x0, 0xfffe, 0x9)
close_range$auto(0x2, 0xa, 0x0)
r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pts/ptmx\x00', 0xa0540, 0x0)
ioctl$auto(r5, 0x80045430, 0x38)
close_range$auto(0x0, 0xffffffffffffffff, 0x2)
epoll_create$auto(0x12b8)

17.655767277s ago: executing program 0 (id=2116):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0)
inotify_init1$auto(0x3000000000000)
openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
mmap$auto(0x0, 0x400008, 0xdb, 0x9b72, 0xfffffffffffffffe, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0xb, 0x0)
r0 = socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311)
bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@xdp={0x2c, 0x2, 0x0, 0x39}, 0x6a)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
socket(0x1e, 0x1, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
sysfs$auto(0x2, 0xe, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x2003, 0x0)
openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0)

17.245976369s ago: executing program 0 (id=2117):
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f00000002c0)={0x1, 0x17b7, "e5d02ebff1a0f22827060519362f2f88e79b08745cfeeb517c6dc57b7e6cdc606f490e7822d765e620e59b384bb7a4767cef31f639bb12efa4922229c5b4918f", "957bb98f6817aa559f6d1846dba8340fd7ad51f4595586d2c600434e68629cea1e53bc48eae23140d90b519394bf8df11a3924c9253960b4e9ab012fc27ef6ab0965734454d6662aa9e4680705010b14", 0x4, 0x2, "8568cf815dcbb782114b268bb324a302a4842e0b7270da771be7a331349e3b3cb06f60eabb01da08aaee3bafb4fda1fa3d27f74dd006547ab43c2200128038c7"})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
write$auto_tty_fops_tty_io(r1, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296", 0x2e)
ioctl$auto(0xffffffffffffffff, 0x8912, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
ustat$auto(0x801, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x5, 0x0, 0x102)
getpid()
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0)
write$auto(r3, &(0x7f0000000140)='7\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
fcntl$auto(0xff80000000000000, 0x409, 0x3f)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x103, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0xb, 0x100000000}})
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0x400053, 0x9)

15.995544621s ago: executing program 0 (id=2121):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
statx$auto(0xffffffffffffffff, 0x0, 0x1000, 0xbdfc, 0x0)
r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
recvfrom$auto(r0, &(0x7f0000000040)="7cd556c6", 0x2, 0x8, &(0x7f0000000080)=@ax25={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5}, &(0x7f00000000c0)=0x1)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xfffe, 0x3, 0x3)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0xc040804)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = open(0x0, 0x22240, 0x155)
socket(0x2, 0x80802, 0x0)
connect$auto(0x3, 0x0, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000)
close_range$auto(0x2, 0x8000, 0x0)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/pcm0c/sub3/sw_params\x00', 0x0, 0x0)
pread64$auto(r2, 0x0, 0x8, 0x7fff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRES8=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/force_tx_status\x00', 0x82, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="24000000b8d1d49c233a0c12ff32f4c0b4fda535739bf61d0305ef1bb1afc1614793583296df9c2c56f415bffd8d36a2fa3440a9e2c9f51da11553b93d14a394056e2167d6c9d2bf712e47494b00bfe48118fbea0785b46c5ce68153f2138a1e4ff100"/110, @ANYRES16=0x0, @ANYBLOB="00032cbd7000fedbdf250200000000003500060000000800130001000100"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4008800)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14008601", @ANYRES16=0x0, @ANYRES8], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000140)={0x4000008, 0x0, [{0x10000, 0x4, 0x2}, {0x2, 0x44, 0xfffffffffffffe01}]})

14.831070911s ago: executing program 0 (id=2124):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
signalfd$auto(r0, 0x0, 0x8000000000000001)
signalfd4$auto(r0, &(0x7f0000000240)={0x9}, 0x1, 0x4)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$auto(r1, 0x1, 0x1, 0x0, &(0x7f0000000300)=0xfff)
prctl$auto(0x8, 0x1, 0x0, 0x800000001, 0xffffffff)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
select$auto(0x57b, 0x0, 0x0, &(0x7f0000000440)={[0x1ff, 0x7, 0xd, 0x8000000000001, 0x948b, 0x3, 0x15f4da07, 0x3, 0x7, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x1009, 0x2, 0x8]}, 0x0)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0xffffffff, 0x9, 0x7, 0x200, 0x6, 0x3, 0x2, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0xffff]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0x6})
rseq$auto(0x0, 0xc93, 0x1, 0x2)
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xfe, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
write$auto(0x3, 0x0, 0xfffffdef)

13.8594278s ago: executing program 0 (id=2125):
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe2180, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0)
migrate_pages$auto(0x0, 0x7e6, 0x0, &(0x7f00000001c0)=0x7b)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0)
ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0))
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SYNC(r2, 0x5001, 0x0)
r3 = socket(0x2000000000000021, 0x2, 0x10000000000002)
r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r5, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01012bbd700079d9df250d00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0006000400000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
shutdown$auto(r3, 0x10000)
r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/ping_group_range\x00', 0x202, 0x0)
sendfile$auto(r6, r6, 0x0, 0x2)
io_pgetevents$auto(0x4, 0x8, 0xa31f, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0)
mmap$auto(0x0, 0x1000000004020008, 0x9, 0xfffffffffffffffc, 0x401, 0x8004)
migrate_pages$auto(0xffffffffffffffff, 0x5, 0x0, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x8ad, 0x62, 0x6, 0x7, 0x6d3f, 0x9, 0x6, 0xfffffffffffffffe]}, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffff8, 0x1, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000000000, 0x2, 0x6d3c, 0x3, 0x2, 0x8008000000000006]}, 0x0)
sysfs$auto(0x2, 0x100000000000030, 0x0)
fsopen$auto(0x0, 0x1)

11.774423932s ago: executing program 35 (id=2098):
timer_settime$auto(0xffffffff, 0x9, &(0x7f00000000c0)={{0x400000000f, 0x10008}, {0x9, 0x2}}, 0x0)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))
r1 = fcntl$auto(0xffffffffffffffff, 0x20007, 0xa553)
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
getsockopt$auto_SO_MEMINFO(r1, 0xb, 0x37, 0x0, &(0x7f00000000c0)=0x6)
getsockopt$auto_SO_ACCEPTCONN(r0, 0x800, 0x1e, 0x0, 0x0)
read$auto(0x3, 0x0, 0x8080)
write$auto(0x3, 0x0, 0xffd8)
unshare$auto(0x40000080)
mmap$auto(0x81, 0x9, 0x2000000000000dd, 0x19, r1, 0x7ffd)
unshare$auto(0x40000080)
socket(0xa, 0x5, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
ioctl$auto_EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x20)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r4 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r4, 0x29, 0x38, 0x0, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r5 = socket(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(r5, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x24000000)
geteuid()
syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0)

9.475512031s ago: executing program 3 (id=2133):
socket(0x2, 0x1, 0x106)
migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0)
ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0))
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
write$auto(0x3, 0x0, 0x100082)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0)
select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001fc, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x5, 0x5, 0x6d3f, 0x7, 0x6, 0x6]}, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x40f00, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000001c0)=0x2)
close_range$auto(0x2, 0x8, 0x0)
r3 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', <r6=>0x0})
sendmsg$auto_NET_SHAPER_CMD_GROUP(r4, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000600)={0x40, r5, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_HANDLE={0x14, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x3}, @NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x6}]}, @NET_SHAPER_A_LEAVES={0x10, 0xa, 0x0, 0x1, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x2}]}]}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r6}]}, 0x40}, 0x1, 0x0, 0x0, 0x44000}, 0x14)
sendmsg$auto_IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEST_PAN_ID={0x6, 0x10, 0x401}]}, 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x24000040)
sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mremap$auto(0x1ff000, 0x100008, 0x843, 0x3, 0xfffff000)

8.430833224s ago: executing program 3 (id=2135):
rseq$auto(&(0x7f00000001c0)={0xa, 0x20401, 0x5fc, 0x10000006, 0xffffffff, 0x6}, 0x8000, 0x0, 0x6)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/class/firmware/timeout\x00', 0x1a1942, 0x0)
write$auto(r0, &(0x7f0000000180)='o\x00d1^\xa1/[\x00\x00\x00\x00\x00\xdc\xbf\x05V\x12\x00\x00\x00\x00\x00\x00\xf3\xa8)', 0x4)
r1 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000380), 0x400, 0x0)
pread64$auto(r1, &(0x7f00000003c0)='@\x00', 0x9, 0x1)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x0, 0x0)
read$auto(r2, 0x0, 0x100)
open(&(0x7f0000000100)='.\x00', 0x0, 0x1)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = socket(0x11, 0xa, 0x9)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0)
r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = socket(0x825bd3580f837f9c, 0x1, 0xdde4)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r3, @ANYRES8=r4], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082)
write$auto(r5, &(0x7f0000000000)='-\x00', 0xfdef)
mmap$auto(0x0, 0x2000000000a, 0xffb, 0x12, 0x3, 0x0)
r6 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kmsg\x00', 0x80900, 0x0)
r7 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x20282, 0x0)
ioctl$auto_UI_DEV_CREATE(r7, 0x5501, 0x0)
read$auto_proc_single_file_operations_base(r6, &(0x7f0000000500)=""/214, 0xd6)
acct$auto(&(0x7f0000000000)='/dev/dsp\x00')
socket$nl_generic(0x10, 0x3, 0x10)

6.990702776s ago: executing program 3 (id=2137):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x2, 0x2, 0x1)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0)
mmap$auto(0x0, 0x40000c, 0x45bd, 0x9b72, 0x2, 0x8000)
r0 = epoll_create$auto(0x4)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_marker_raw\x00', 0x401, 0x0)
write$auto(0x3, 0x0, 0x5c8)
statmount$auto(0x0, &(0x7f0000000180)={0x770, 0xfffffffe, 0x8, 0x4, 0x4005, 0x0, 0x5, 0x400, 0x3, 0x9, 0x5, 0x6, 0x4, 0x11ffffffffffb, 0xb2, 0x2, 0x6, 0x10, 0x480, 0x7ff, 0x8000, 0x1, 0x1, 0x202, 0x9, 0xbca7, 0x4, 0x0, 0x0, 0x0, 0x694, [0x2, 0x6, 0x0, 0x5, 0x0, 0x0, 0x20000000000, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffc01, 0x7fffffff, 0xfffffffffffffffb, 0x0, 0x9, 0x1ffffff, 0xfffffffffffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x1, 0x0, 0x7fffffff, 0x0, 0x0, 0x20000000000000, 0x0, 0x1000000000000200, 0x14, 0x400, 0x96, 0x4000000000009, 0xff, 0xe17, 0x0, 0x6]}, 0x1fe, 0x1)
r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioprio_get$auto_IOPRIO_WHO_PROCESS(0x1, 0x0)
writev$auto(r0, &(0x7f0000000100)={&(0x7f00000000c0)="d2784339a8a16fb9526347efa76ac7fad5255421ebcc7ed0e6b570240df16bf29d8989a5b39272cbf8", 0x80000000}, 0x9)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x480001, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x148b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
write$auto(r2, 0x0, 0x100000a3d9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/ram8/trace/pid\x00', 0x101042, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
timerfd_gettime$auto(0xffffffffffffffff, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x19, 0xffffffffffffffff, 0x28000)
madvise$auto(0x0, 0x2003f0, 0x15)
ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffffffffffd03, &(0x7f00000001c0))
socket(0x2, 0x1, 0x106)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0)

5.096387093s ago: executing program 7 (id=2128):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$auto_TCSBRK2(0xffffffffffffffff, 0x5409, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r0, 0x1, &(0x7f0000000000)='4\x93\x03\x00\x04\x00\x00', &(0x7f00000001c0), 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r0, 0x8000)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x20002, 0x400100)
openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/make-it-fail\x00', 0x40002, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
socket(0x10, 0x2, 0x0)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/cgroup\x00', 0x400, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="720100", @ANYBLOB="19"], 0x1ac}}, 0x40000)
mkdir$auto(&(0x7f0000004440)='./file0\x00', 0x1)
mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9)
rename$auto(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0\x00')
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8000)
socket(0x10, 0x2, 0x0)
r1 = setfsuid$auto(0xee00)
r2 = waitid$auto_P_ALL(0x0, 0x4, &(0x7f0000000400)={@siginfo_0_0={0x200000, 0x43, 0x7, @_sigfault={&(0x7f0000000080)="444683f7fb148044742c", @_addr_lsb=0xb}}}, 0xfffffff9, &(0x7f0000000480)={{0x3, 0x81}, {0xa64, 0x6}, 0xfb, 0x8000, 0xfffffffffffffff5, 0xffff, 0x6feae9e1, 0x1, 0xb4, 0x100000000, 0x81, 0x800000000000000, 0x4, 0x3, 0x7, 0x5})
fcntl$auto(r0, 0x4, r2)
r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/ip6_mr_vif\x00', 0x480, 0x0)
pread64$auto(r3, &(0x7f0000000040)='-#!=\x00', 0xa86, 0x9)
setreuid$auto(r1, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x7d4, 0x1, 0x401c2, 0x2081, 0x3f, 0x7ffc, 0x1ffde, 0x8001, 0x2, 0x4, 0x9, 0x3, 0x5, 0x8, 0x3004, 0x9, 0x6, 0x10002, 0x80, 0x400, 0xa9, 0x7, 0x1ffc, 0x8203, 0x400, 0x2, 0x1, 0x0, 0x40, 0x5, 0x2, [0x7249, 0xa9f, 0x0, 0x1000000000000000, 0x0, 0x180, 0x2, 0x0, 0x0, 0x200000000000000, 0xfc6a, 0x1000000, 0x10000, 0x40000000000, 0x0, 0x400000000000, 0x80000000000000, 0x0, 0xffffffffff7ffffc, 0x5, 0x0, 0x2, 0xfff, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x400000000000002, 0xfffffffffffffffc, 0x3, 0x1, 0x5, 0xfffffffffffffffc, 0x4]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20048810}, 0x40000)
r4 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfe, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

4.203626706s ago: executing program 6 (id=2140):
r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, 0x0, 0xc42, 0x0)
flistxattr$auto(r0, 0x0, 0x0)

4.095946633s ago: executing program 7 (id=2141):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000)
rseq$auto(0x0, 0x1a, 0x5d7, 0x2)
mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000)
r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c)
sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x8000800)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/034/001\x00', 0x802, 0x0)
ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x18, 0x10, 0x808, 0x7fb, &(0x7f0000000340)})
r3 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000100), r1)
sendmsg$auto_NFC_CMD_DISABLE_SE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r3, 0xc08, 0x70bd2d, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_POWERED={0x5, 0xc, 0x9}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x8}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008094}, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
r4 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0)
writev$auto(r4, &(0x7f0000000140)={0x0, 0x5}, 0x5)
r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_PAUSE_OLD(0xffffffffffffffff, 0x5423, &(0x7f0000000440)="002f80ce438dc7e603f0b7a6067f41576cc19dc24b459e69b05dfa9eba540b47fd877cd9a9cbe1ce996aca0cf78f8dd358e105183018bbd49e72a48e06e80a63c0591e726372310c6e7384e48fcb6b67e16e53766708eebda1240d48cc109058cb288be330e82b55c58e344cdbcd072798e325e59e5195f5ad19ada69accd4b4577a6e4ecef8889e8686fd042f97a79a6874353ec9cede4744c079526aa5fdd69d11c3e9281214eea7600c1f0134267f8c3214ac4964a8ab1902dcab2a35bf483b0913a2fff749ca0f8aa7297200"/221)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
r6 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/io\x00', 0x800, 0x0)
read$auto_proc_single_file_operations_base(r6, &(0x7f00000000c0)=""/14, 0xe)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x40401, 0x0)

4.008262742s ago: executing program 6 (id=2142):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
statx$auto(0xffffffffffffffff, 0x0, 0x1000, 0xbdfc, 0x0)
r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
recvfrom$auto(r0, &(0x7f0000000040)="7cd556c6", 0x2, 0x8, &(0x7f0000000080)=@ax25={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5}, &(0x7f00000000c0)=0x1)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mbind$auto(0x0, 0x800605, 0x8003, &(0x7f0000000100)=0xfffe, 0x3, 0x3)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0xc040804)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = open(0x0, 0x22240, 0x155)
socket(0x2, 0x80802, 0x0)
connect$auto(0x3, 0x0, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000)
close_range$auto(0x2, 0x8000, 0x0)
r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/pcm0c/sub3/sw_params\x00', 0x0, 0x0)
pread64$auto(r2, 0x0, 0x8, 0x7fff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRES8=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/force_tx_status\x00', 0x82, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="24000000b8d1d49c233a0c12ff32f4c0b4fda535739bf61d0305ef1bb1afc1614793583296df9c2c56f415bffd8d36a2fa3440a9e2c9f51da11553b93d14a394056e2167d6c9d2bf712e47494b00bfe48118fbea0785b46c5ce68153f2138a1e4ff100"/110, @ANYRES16=0x0, @ANYBLOB="00032cbd7000fedbdf250200000000003500060000000800130001000100"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4008800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004c18}, 0x8894)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14008601", @ANYRES16=0x0, @ANYRES8], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000140)={0x4000008, 0x0, [{0x10000, 0x4, 0x2}, {0x2, 0x44, 0xfffffffffffffe01}]})

3.621042228s ago: executing program 3 (id=2143):
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f00000002c0)={0x1, 0x17b7, "e5d02ebff1a0f22827060519362f2f88e79b08745cfeeb517c6dc57b7e6cdc606f490e7822d765e620e59b384bb7a4767cef31f639bb12efa4922229c5b4918f", "957bb98f6817aa559f6d1846dba8340fd7ad51f4595586d2c600434e68629cea1e53bc48eae23140d90b519394bf8df11a3924c9253960b4e9ab012fc27ef6ab0965734454d6662aa9e4680705010b14", 0x4, 0x2, "8568cf815dcbb782114b268bb324a302a4842e0b7270da771be7a331349e3b3cb06f60eabb01da08aaee3bafb4fda1fa3d27f74dd006547ab43c2200128038c7"})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
write$auto_tty_fops_tty_io(r1, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296", 0x2e)
ioctl$auto(0xffffffffffffffff, 0x8912, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
ustat$auto(0x801, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x5, 0x0, 0x102)
getpid()
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0)
write$auto(r3, &(0x7f0000000140)='7\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
fcntl$auto(0xff80000000000000, 0x409, 0x3f)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x103, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0xb, 0x100000000}})
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0x400053, 0x9)

2.911191138s ago: executing program 7 (id=2144):
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0)
r1 = ioctl$auto_UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={r0, 0x0, 0x56, 0x800})
read$auto_configfs_file_operations_configfs_internal(r1, &(0x7f0000000040)=""/19, 0x13)
ioctl$auto(r0, 0x5646, r0)
openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/setgroups\x00', 0x80000, 0x0)
read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000280)=""/40, 0x28)
ioctl$auto(r0, 0x2400000, 0xffffffffffffffff)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r2, 0x4, 0x7ff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
socket(0xa, 0x1, 0x6)
socket(0x11, 0x80003, 0x300)
socket(0x10, 0x2, 0x0)
socket(0x26, 0x3, 0x3)
socket(0x2, 0x3, 0x104)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x40, 0x0)
socketpair$auto(0x3, 0x5, 0x7, 0x0)
bind$auto(0xffffffffffffffff, 0x0, 0x6f)
connect$auto(0xffffffffffffffff, 0x0, 0x55)
close_range$auto(0x2, 0xa, 0x0)

2.767411656s ago: executing program 6 (id=2145):
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f00000002c0)={0x1, 0x17b7, "e5d02ebff1a0f22827060519362f2f88e79b08745cfeeb517c6dc57b7e6cdc606f490e7822d765e620e59b384bb7a4767cef31f639bb12efa4922229c5b4918f", "957bb98f6817aa559f6d1846dba8340fd7ad51f4595586d2c600434e68629cea1e53bc48eae23140d90b519394bf8df11a3924c9253960b4e9ab012fc27ef6ab0965734454d6662aa9e4680705010b14", 0x4, 0x2, "8568cf815dcbb782114b268bb324a302a4842e0b7270da771be7a331349e3b3cb06f60eabb01da08aaee3bafb4fda1fa3d27f74dd006547ab43c2200128038c7"})
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0)
write$auto_tty_fops_tty_io(r1, &(0x7f0000000200)="352c8efa610c0bcf83a4ebdb040000000000000021cb244b19a48bb5e0d12df9735b745b9554dfb0ad77a37be296", 0x2e)
ioctl$auto(0xffffffffffffffff, 0x8912, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000)
ustat$auto(0x801, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xff1, 0x8000)
io_uring_setup$auto(0x1, 0x0)
bpf$auto(0x5, 0x0, 0x102)
getpid()
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000164c0), 0xffffffffffffffff)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
fcntl$auto(0xff80000000000000, 0x409, 0x3f)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x103, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0xb, 0x100000000}})
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0x400053, 0x9)

2.216723731s ago: executing program 3 (id=2146):
ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x5412, &(0x7f0000000080)="8ce968f6d33e1d1a4f6a2f12f470f8cdb7dfeaf02768589362668247de44a359e8d9c13d4e52cc42ef43f1d4c965d3d505ad05f2c97a5541863adc5154e4028bdf351c0900000421cd3d73083f859a25a8b713916bb90e14883914f1b33ebd88ce433cff55ac")
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8740, 0x0)
ioctl$auto(r0, 0xc08c5102, 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x602, 0x1)
fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20)
linkat$auto(r1, &(0x7f0000000040)='\x00', 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000)
socket(0x26, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000cc0), 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0x4, 0xa910, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0xfffffffffffff001, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$auto_percpu_stats_fops_(0xffffffffffffff9c, &(0x7f0000000240), 0x303101, 0x0)
ioctl$auto_FS_IOC_ENABLE_VERITY3(0xffffffffffffffff, 0x40806685, &(0x7f0000000280)={0x1c0, 0x3, 0x9, 0x6, 0x1, 0xa, 0x0, 0x1})
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snd/controlC2\x00', 0x400, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(0x0, r3)
r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"})
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999"})
ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8)
ioctl$auto_SW_SYNC_IOC_INC(r4, 0x40045701, &(0x7f0000000040)=0x8)
io_uring_setup$auto(0x6, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0)

1.599782514s ago: executing program 3 (id=2147):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
io_uring_setup$auto(0x87, 0x0)
r0 = socket(0xa, 0x1, 0x84)
getsockopt$auto(r0, 0x0, 0x487, 0x0, 0x0)
r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/binderfs/binder0\x00', 0x0, 0x0)
ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, 0x0)
statmount$auto(0x0, 0x0, 0x1fe, 0xb)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0x1ffdc, 0x7, 0x2000000000000006, 0x2, 0x9, 0x8, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0xfffffffc, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, [0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x8000000000000000, 0x0, 0x10, 0x0, 0x0, 0x1]}, 0x1fe, 0x83)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5a}, 0x80000800}, 0x7, 0x4008)
r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x8001, 0x2)
read$auto_proc_pid_maps_operations_internal(r3, &(0x7f0000000900)=""/4096, 0x1000)
openat$auto_tracing_free_buffer_fops_trace(0xffffffffffffff9c, 0x0, 0x20103, 0x0)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x4, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2003f2, 0x15)
madvise$auto(0x1, 0xfffffffffffff001, 0xe)
madvise$auto(0x0, 0x200007, 0x19)

1.459164999s ago: executing program 7 (id=2148):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0xa, 0x4, 0xe172)
clock_adjtime$auto(0x0, &(0x7f0000000240)={0xdbd, 0x0, 0x7, 0xfffffffffffffffe, 0x600, 0xf4, 0xb, 0x0, 0x100000000, 0x8, 0x3, {0x403, 0xd05}, 0xfffffffffffffff8, 0xa5, 0x9, 0xb87f, 0x0, 0xc7, 0x80, 0xb, 0x5, 0x5, 0xfffffff5})
keyctl$auto(0xe, 0x1, 0x0, 0x5eaf, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r2, 0x4b66, 0x1)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x200007, 0x8)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000040)={0x101401, 0x0, 0x11}, 0x18)
unshare$auto(0x40000080)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x82002, 0x0)
openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x0, 0x7, 0xdd36, 0x8fd6, 0x948b, 0x20003, 0x15f4da0a, 0x3, 0x10000000000003, 0x3739aae3, 0x2, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0)
r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRESOCT=r0, @ANYRES16=r3, @ANYRES8=0x0], 0x14}, 0x1, 0x0, 0x0, 0x4014}, 0x20008881)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0)
r5 = ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r4)
mlockall$auto(0x3)
ioctl$auto(0x3, 0xae41, r1)
ioctl$auto_KVM_GET_MSRS(r5, 0xc008ae88, &(0x7f00000000c0)={0x2, 0x0, [{0x206, 0x10, 0x1}]})
r6 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0xa507}, 0x800}, 0x7, 0x8)

1.210008415s ago: executing program 6 (id=2149):
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x400000000065f, 0x1ffde, 0x40007, 0x40000000007f, 0x20000005, 0x9, 0x3, 0x6, 0x400000004, 0xb4, 0x4, 0x6, 0x2, 0x1, 0xfff, 0xfffffff7, 0x7, 0x1fff, 0x203, 0x838b, 0x84, 0x2, 0x0, 0x5, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x400, 0x0, 0x0, 0x401, 0x0, 0x0, 0x7, 0x0, 0x81, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x251, 0x3, 0x0, 0x0, 0x8, 0x3, 0xfffffffffffff7cc, 0x4, 0x400000000000002, 0x0, 0x0, 0x0, 0x0, 0x9, 0x8, 0x2000]}, 0x1fe, 0x8)
personality$auto(0xfffff032)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec4\x00', 0x101901, 0x0)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x8)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x8e40, 0x0)
ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, 0x0)
r2 = socket(0x1d, 0x80008, 0x7fff)
r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0)
writev$auto(r5, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3)
r6 = socket(0x18, 0x5, 0x1)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TCFLSH2(r7, 0x5403, 0x0)
connect$auto(r6, 0x0, 0x3a)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r6, 0x0, 0x30004850)
msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtdblock0\x00', 0x20200, 0x0)
preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x80000000}, 0x5, 0xffffffffffffffff, 0x7, 0x2e)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), r4)
sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0)

169.811445ms ago: executing program 6 (id=2150):
r0 = openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, 0x0, 0xc42, 0x0)
flistxattr$auto(r0, 0x0, 0x0)

0s ago: executing program 6 (id=2151):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
signalfd$auto(r0, 0x0, 0x8000000000000001)
signalfd4$auto(r0, &(0x7f0000000240)={0x9}, 0x1, 0x4)
openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$auto(r1, 0x1, 0x1, 0x0, &(0x7f0000000300)=0xfff)
prctl$auto(0x8, 0x1, 0x0, 0x800000001, 0xffffffff)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
select$auto(0x57b, 0x0, 0x0, &(0x7f0000000440)={[0x1ff, 0x7, 0xd, 0x8000000000001, 0x948b, 0x3, 0x15f4da07, 0x3, 0x7, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x1009, 0x2, 0x8]}, 0x0)
select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0xffffffff, 0x9, 0x7, 0x200, 0x6, 0x3, 0x2, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0xffff]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0x6})
rseq$auto(0x0, 0xc93, 0x1, 0x2)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x1, 0x8000, 0x1ffe0, 0x1, 0x2, 0x1, 0x9, 0x3, 0x5, 0x8, 0x3002, 0x9, 0xb, 0x80010002, 0x80, 0xd8f9, 0x0, 0x7, 0x2, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x4004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x24008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0xfe, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
write$auto(0x3, 0x0, 0xfffffdef)

kernel console output (not intermixed with test programs):

62363][T13213]  devlink_fmsg_string_pair_put+0x17a/0x1b0
[  685.662390][T13213]  nsim_dev_dummy_fmsg_put+0x77/0x1e0
[  685.662413][T13213]  devlink_health_do_dump+0x243/0x620
[  685.662443][T13213]  devlink_health_report+0x6c3/0xb00
[  685.662474][T13213]  ? __pfx_devlink_health_report+0x10/0x10
[  685.662503][T13213]  ? _copy_from_user+0x59/0xd0
[  685.662531][T13213]  nsim_dev_health_break_write+0x166/0x210
[  685.662553][T13213]  ? __pfx_nsim_dev_health_break_write+0x10/0x10
[  685.662583][T13213]  full_proxy_write+0x131/0x1a0
[  685.662606][T13213]  ? __pfx_full_proxy_write+0x10/0x10
[  685.662625][T13213]  vfs_write+0x2a0/0x11d0
[  685.662662][T13213]  ? __pfx___mutex_lock+0x10/0x10
[  685.662686][T13213]  ? __pfx_vfs_write+0x10/0x10
[  685.662718][T13213]  ? __fget_files+0x20e/0x3c0
[  685.662749][T13213]  ksys_write+0x12a/0x250
[  685.662774][T13213]  ? __pfx_ksys_write+0x10/0x10
[  685.662808][T13213]  do_syscall_64+0xcd/0xfa0
[  685.662830][T13213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.662850][T13213] RIP: 0033:0x7fa28c98f7c9
[  685.662866][T13213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.662886][T13213] RSP: 002b:00007fa28d89c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  685.662905][T13213] RAX: ffffffffffffffda RBX: 00007fa28cbe5fa0 RCX: 00007fa28c98f7c9
[  685.662918][T13213] RDX: 0000000000000006 RSI: 0000200000005900 RDI: 0000000000000008
[  685.662929][T13213] RBP: 00007fa28ca13f91 R08: 0000000000000000 R09: 0000000000000000
[  685.662941][T13213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  685.662953][T13213] R13: 00007fa28cbe6038 R14: 00007fa28cbe5fa0 R15: 00007ffcd83db798
[  685.662980][T13213]  </TASK>
[  685.666959][T13210] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1347'.
[  686.948421][T13231] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input103
[  687.423666][T13231] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input104
[  689.087233][T13250] FAULT_INJECTION: forcing a failure.
[  689.087233][T13250] name fail_futex, interval 1, probability 0, space 0, times 0
[  689.134929][T13250] CPU: 1 UID: 0 PID: 13250 Comm: syz.1.1357 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  689.134963][T13250] Tainted: [U]=USER
[  689.134970][T13250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  689.134982][T13250] Call Trace:
[  689.134988][T13250]  <TASK>
[  689.134996][T13250]  dump_stack_lvl+0x16c/0x1f0
[  689.135020][T13250]  should_fail_ex+0x512/0x640
[  689.135048][T13250]  get_futex_key+0x1d0/0x1560
[  689.135080][T13250]  ? __pfx_get_futex_key+0x10/0x10
[  689.135117][T13250]  futex_wake+0xea/0x530
[  689.135139][T13250]  ? __pfx_futex_wake+0x10/0x10
[  689.135165][T13250]  ? __lock_acquire+0x622/0x1c90
[  689.135200][T13250]  do_futex+0x1e3/0x350
[  689.135231][T13250]  ? __pfx_do_futex+0x10/0x10
[  689.135262][T13250]  ? lock_acquire+0x179/0x350
[  689.135295][T13250]  __x64_sys_futex+0x1e0/0x4c0
[  689.135329][T13250]  ? __pfx___x64_sys_futex+0x10/0x10
[  689.135362][T13250]  ? anon_inode_getfd+0x81/0xb0
[  689.135396][T13250]  do_syscall_64+0xcd/0xfa0
[  689.135425][T13250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.135446][T13250] RIP: 0033:0x7f749538f7c9
[  689.135462][T13250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  689.135482][T13250] RSP: 002b:00007f749623f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  689.135501][T13250] RAX: ffffffffffffffda RBX: 00007f74955e5fa8 RCX: 00007f749538f7c9
[  689.135514][T13250] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f74955e5fac
[  689.135527][T13250] RBP: 00007f74955e5fa0 R08: 00007f7496240000 R09: 0000000000000000
[  689.135540][T13250] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000000
[  689.135552][T13250] R13: 00007f74955e6038 R14: 00007ffc6e272420 R15: 00007ffc6e272508
[  689.135578][T13250]  </TASK>
[  690.929097][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  690.929143][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  691.436853][T13286] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input106
[  692.135461][T13286] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input107
[  695.362768][T13352] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input108
[  696.667443][T13352] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input109
[  698.282116][   T52] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  699.641147][T13394] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1385'.
[  701.845074][T13437] random: crng reseeded on system resumption
[  702.356626][T13429] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1392'.
[  704.332431][T13462] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1397'.
[  708.152427][T13497] ptrace attach of "./syz-executor exec"[5843] was attempted by ""[13497]
[  709.409125][T13519] binder: 13513:13519 ioctl 4018620d 9 returned -22
[  709.899551][T13503] kexec: Could not allocate control_code_buffer
[  711.011257][T13530] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1408'.
[  711.127396][T13537] block nbd9: NBD_DISCONNECT
[  712.717503][T13539] Process accounting resumed
[  714.426337][T13561] netlink: set zone limit has 8 unknown bytes
[  714.440489][T13567] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input111
[  714.872017][T13572] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  714.945430][T13572] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  715.075517][T13572] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  715.144395][T13572] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  715.173689][T13576] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input112
[  715.275396][T13572] CPU0 is offline.
[  715.519118][T13580] netlink: 'syz.1.1417': attribute type 1 has an invalid length.
[  716.095221][T13588] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input113
[  716.122328][   T52] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  716.214034][T13589] mkiss: ax0: crc mode is auto.
[  716.525885][T13590] netlink: set zone limit has 8 unknown bytes
[  716.920878][   T52] Bluetooth: hci1: command 0x0c1a tx timeout
[  717.080874][   T52] Bluetooth: hci3: command 0x0c1a tx timeout
[  717.122122][T13588] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input114
[  718.205124][   T52] Bluetooth: hci2: command 0x0c1a tx timeout
[  719.004057][   T52] Bluetooth: hci1: command 0x0c1a tx timeout
[  719.163939][   T52] Bluetooth: hci3: command 0x0c1a tx timeout
[  719.378651][T13617] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1427'.
[  719.458707][T13610] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  719.761381][T13631] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input115
[  720.433785][T13639] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input116
[  720.654748][T13641] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1431'.
[  722.905629][T13680] Invalid ELF header magic: != ELF
[  723.465070][T13690] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1440'.
[  726.920762][T13743] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1453'.
[  727.023798][T13745] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  727.919821][   T30] audit: type=1800 audit(4294967417.550:23): pid=13765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1456" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0
[  728.375473][T13769] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input117
[  728.766669][T13781] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1459'.
[  729.234417][T13769] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input118
[  733.013503][T13840] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input119
[  733.694848][T13846] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input120
[  734.072060][T13853] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input121
[  734.602852][T13864] bond0: option all_slaves_active: invalid value ()
[  735.398243][T13877] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input122
[  735.683678][T13887] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input123
[  736.506643][T13890] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input124
[  737.348468][T13894] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1482'.
[  738.910453][T13929] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input125
[  739.344930][T13940] input: jJǸ���;9�%v����l��Q�	J86�� as /devices/virtual/input/input126
[  739.736219][T13934] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input127
[  740.224060][T13945] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  740.290040][T13945] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  740.330707][T13945] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  740.470222][T13945] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  740.509315][T13945] CPU0 is offline.
[  742.280493][   T52] Bluetooth: hci1: command 0x0c1a tx timeout
[  742.357822][T13964] serio: Serial port ttyS2
[  742.362454][   T52] Bluetooth: hci2: command 0x0c1a tx timeout
[  742.520703][   T52] Bluetooth: hci3: command 0x0c1a tx timeout
[  744.443199][   T52] Bluetooth: hci2: command 0x0c1a tx timeout
[  744.616440][T13985] Process accounting paused
[  745.011069][T14003] blktrace: Concurrent blktraces are not allowed on loop2
[  745.636069][T14010] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1502'.
[  745.985765][T14016] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input128
[  746.692069][T14018] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input129
[  746.882639][T14022] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(4)
[  746.934493][T14027] random: crng reseeded on system resumption
[  747.417690][   T30] audit: type=1800 audit(4294967437.050:24): pid=14037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1506" name="lu_gp_id" dev="configfs" ino=44532 res=0 errno=0
[  747.532615][   T30] audit: type=1800 audit(4294967437.110:25): pid=14037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1506" name="version" dev="configfs" ino=44537 res=0 errno=0
[  748.684655][T14054] input: f�
 as /devices/virtual/input/input130
[  751.452173][T14089] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1516'.
[  751.796070][T14093] program syz.1.1517 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  752.198340][   T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  752.365667][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  752.372294][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  752.449146][T14106] netlink: set zone limit has 8 unknown bytes
[  753.610636][T14123] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1522'.
[  753.750914][T14122] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1521'.
[  754.280635][T14107] Bluetooth: hci3: command 0x0c1a tx timeout
[  758.086453][T14179] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1534'.
[  758.974897][T14194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1538'.
[  759.016862][T14194] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1538'.
[  759.357341][T14204] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input131
[  760.537704][T14209] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input132
[  761.156401][   T30] audit: type=1800 audit(4294967450.790:26): pid=14234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1545" name="dbroot" dev="configfs" ino=45431 res=0 errno=0
[  761.517388][T14234] db_root: cannot open: 
[  762.369877][T14239] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1546'.
[  763.879143][T14270] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input133
[  764.774103][T14271] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input134
[  765.612837][T14286] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input135
[  768.496872][T14314] can: request_module (can-proto-5) failed.
[  768.534917][T14313] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1560'.
[  769.216614][T14318] Invalid ELF header magic: != ELF
[  770.213564][T14341] ovs_: entered promiscuous mode
[  770.869465][T14351] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input136
[  775.885124][T14372] Process accounting resumed
[  776.067719][T14401] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input137
[  776.535955][T14406] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1577'.
[  776.802794][T14402] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input138
[  777.886483][T14411] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input139
[  778.046080][T14421] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1579'.
[  778.868562][T14412] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input140
[  779.538810][T14428] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input141
[  780.470575][T14430] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input142
[  781.988597][T14107] Bluetooth: hci1: unexpected event for opcode 0x0000
[  785.116950][T14497] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1592'.
[  786.042541][T14107] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  786.052213][T14107] Bluetooth: hci1: Injecting HCI hardware error event
[  786.061596][T14107] Bluetooth: hci1: hardware error 0x00
[  786.502962][T10056] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  787.726934][T14527] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input144
[  788.084253][T14532] usb usb36: usbfs: process 14532 (syz.3.1600) did not claim interface 0 before use
[  788.121220][T14107] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  788.146464][T14529] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input145
[  792.235830][T14575] random: crng reseeded on system resumption
[  793.518038][T14586] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1610'.
[  794.233408][T14601] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1615'.
[  794.276717][T14601] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1615'.
[  794.480617][T14603] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1614'.
[  797.301704][T14635] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input146
[  797.736792][T14642] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1623'.
[  797.758587][T14639] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input147
[  798.098386][T14649] mkiss: ax0: crc mode is auto.
[  798.400503][T14635] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input148
[  798.453115][T14655] random: crng reseeded on system resumption
[  799.262023][T14663] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1627'.
[  799.933818][T14676] sp0: Synchronizing with TNC
[  800.006904][T14678] ptp ptp0: new virtual clock ptp4
[  800.088161][T14678] ptp ptp0: new virtual clock ptp5
[  800.151964][T14678] ptp ptp0: new virtual clock ptp6
[  800.213830][T14678] ptp ptp0: new virtual clock ptp7
[  800.344421][T14678] ptp ptp0: new virtual clock ptp8
[  800.418160][T14678] ptp ptp0: new virtual clock ptp9
[  800.521194][T14678] ptp ptp0: new virtual clock ptp10
[  800.579245][T14678] ptp ptp0: guarantee physical clock free running
[  805.378074][   T30] audit: type=1800 audit(4294967495.000:27): pid=14722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1635" name="lu_gp_id" dev="configfs" ino=47931 res=0 errno=0
[  806.284663][T14699] Process accounting paused
[  806.446461][T14731] random: crng reseeded on system resumption
[  807.970707][   T30] audit: type=1800 audit(4294967497.600:28): pid=14755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1641" name="lu_gp_id" dev="configfs" ino=48156 res=0 errno=0
[  808.127678][T14107] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  808.136818][T14107] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  808.146356][T14107] CPU: 1 UID: 0 PID: 14107 Comm: kworker/u9:1 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  808.146405][T14107] Tainted: [U]=USER
[  808.146412][T14107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  808.146426][T14107] Workqueue: hci3 hci_rx_work
[  808.146463][T14107] Call Trace:
[  808.146470][T14107]  <TASK>
[  808.146479][T14107]  dump_stack_lvl+0x16c/0x1f0
[  808.146503][T14107]  sysfs_warn_dup+0x7f/0xa0
[  808.146537][T14107]  sysfs_create_dir_ns+0x24b/0x2b0
[  808.146570][T14107]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  808.146602][T14107]  ? find_held_lock+0x2b/0x80
[  808.146632][T14107]  ? do_raw_spin_unlock+0x172/0x230
[  808.146655][T14107]  kobject_add_internal+0x2c4/0x9b0
[  808.146685][T14107]  kobject_add+0x16e/0x240
[  808.146709][T14107]  ? __pfx_kobject_add+0x10/0x10
[  808.146736][T14107]  ? do_raw_spin_unlock+0x172/0x230
[  808.146758][T14107]  ? kobject_put+0xab/0x5a0
[  808.146788][T14107]  device_add+0x288/0x1aa0
[  808.146815][T14107]  ? __pfx_dev_set_name+0x10/0x10
[  808.146845][T14107]  ? __pfx_device_add+0x10/0x10
[  808.146872][T14107]  ? mgmt_send_event_skb+0x2fb/0x460
[  808.146912][T14107]  hci_conn_add_sysfs+0x17e/0x230
[  808.146935][T14107]  le_conn_complete_evt+0x1260/0x2150
[  808.146975][T14107]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  808.147008][T14107]  ? bt_warn+0xe4/0x120
[  808.147036][T14107]  ? __pfx_bt_warn+0x10/0x10
[  808.147072][T14107]  hci_le_conn_complete_evt+0x23c/0x370
[  808.147111][T14107]  hci_le_meta_evt+0x357/0x5e0
[  808.147131][T14107]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  808.147168][T14107]  hci_event_packet+0x685/0x11c0
[  808.147201][T14107]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  808.147222][T14107]  ? __pfx_hci_event_packet+0x10/0x10
[  808.147258][T14107]  ? kcov_remote_start+0x3c9/0x6d0
[  808.147281][T14107]  ? lockdep_hardirqs_on+0x7c/0x110
[  808.147309][T14107]  hci_rx_work+0x2c9/0xeb0
[  808.147351][T14107]  process_one_work+0x9cf/0x1b70
[  808.147396][T14107]  ? __pfx_process_one_work+0x10/0x10
[  808.147438][T14107]  ? assign_work+0x1a0/0x250
[  808.147471][T14107]  worker_thread+0x6c8/0xf10
[  808.147512][T14107]  ? __kthread_parkme+0x19e/0x250
[  808.147540][T14107]  ? __pfx_worker_thread+0x10/0x10
[  808.147585][T14107]  kthread+0x3c5/0x780
[  808.147614][T14107]  ? __pfx_kthread+0x10/0x10
[  808.147644][T14107]  ? rcu_is_watching+0x12/0xc0
[  808.147668][T14107]  ? __pfx_kthread+0x10/0x10
[  808.147697][T14107]  ret_from_fork+0x675/0x7d0
[  808.147745][T14107]  ? __pfx_kthread+0x10/0x10
[  808.147777][T14107]  ret_from_fork_asm+0x1a/0x30
[  808.147832][T14107]  </TASK>
[  808.147853][T14107] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  808.429778][T14107] Bluetooth: hci3: failed to register connection device
[  809.905126][T14773] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1644'.
[  810.442745][T14107] Bluetooth: hci3: command 0x0c1a tx timeout
[  810.628349][T14780] random: crng reseeded on system resumption
[  812.334147][T14801] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1650'.
[  813.810826][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  813.817156][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  816.087581][T14837] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1657'.
[  816.843559][T14845] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input149
[  817.518039][T14848] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input150
[  818.442332][T14854] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137
[  818.512531][T14854] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138
[  818.581090][T14854] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum
[  819.422137][T14875] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  819.437132][T14875] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  819.503147][T14875] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  819.605836][T14875] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  819.643910][T14875] CPU0 is offline.
[  819.705600][T10056] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  819.716188][T10056] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  819.726141][T10056] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  819.734034][T10056] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  819.742130][T10056] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  820.408591][T14879] chnl_net:caif_netlink_parms(): no params data found
[  820.587696][T14888] random: crng reseeded on system resumption
[  820.743466][T14879] bridge0: port 1(bridge_slave_0) entered blocking state
[  820.773555][T14879] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.800932][T14879] bridge_slave_0: entered allmulticast mode
[  820.819895][T14879] bridge_slave_0: entered promiscuous mode
[  820.879993][T14879] bridge0: port 2(bridge_slave_1) entered blocking state
[  820.911765][T14879] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.918942][T14879] bridge_slave_1: entered allmulticast mode
[  820.982711][T14879] bridge_slave_1: entered promiscuous mode
[  821.026079][T14897] QAT: Stopping all acceleration devices.
[  821.135931][T14879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  821.223033][T14879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  821.383705][T14879] team0: Port device team_slave_0 added
[  821.416904][T14879] team0: Port device team_slave_1 added
[  821.485548][T10056] Bluetooth: hci3: command 0x0c1a tx timeout
[  821.492258][T14107] Bluetooth: hci2: command 0x0c1a tx timeout
[  821.587624][T14879] batman_adv: batadv0: Adding interface: batadv_slave_0
[  821.627472][T14879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  821.772531][T14879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  821.800579][T10056] Bluetooth: hci4: command tx timeout
[  821.839393][T14879] batman_adv: batadv0: Adding interface: batadv_slave_1
[  821.866439][T14879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  821.989069][T14879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  822.179924][T14909] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input151
[  822.207804][T14879] hsr_slave_0: entered promiscuous mode
[  822.256733][T14879] hsr_slave_1: entered promiscuous mode
[  822.291297][T14879] debugfs: 'hsr0' already exists in 'hsr'
[  822.320422][T14879] Cannot create hsr debugfs directory
[  822.546230][T14913] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input152
[  822.964265][T14924] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input153
[  823.271198][T14879] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  823.407875][T14925] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input154
[  823.557437][T14879] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  823.569711][T10056] Bluetooth: hci3: command 0x0c1a tx timeout
[  823.887100][T10056] Bluetooth: hci4: command tx timeout
[  823.908852][T14879] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.056917][T14879] netdevsim netdevsim2 netdevsim1 (unregistering): left allmulticast mode
[  824.076667][T14879] netdevsim netdevsim2 netdevsim1 (unregistering): left promiscuous mode
[  824.101768][T14879] bridge0: port 3(netdevsim1) entered disabled state
[  824.141790][T14879] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.239021][T14879] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.826483][T14879] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  824.959173][T14879] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  824.998381][T14879] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  825.054448][T14879] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  825.451386][T14879] 8021q: adding VLAN 0 to HW filter on device bond0
[  825.505445][T14879] 8021q: adding VLAN 0 to HW filter on device team0
[  825.547484][T14922] bridge0: port 1(bridge_slave_0) entered blocking state
[  825.547628][T14922] bridge0: port 1(bridge_slave_0) entered forwarding state
[  825.549386][T14922] bridge0: port 2(bridge_slave_1) entered blocking state
[  825.549457][T14922] bridge0: port 2(bridge_slave_1) entered forwarding state
[  825.640858][T10056] Bluetooth: hci3: command 0x0c1a tx timeout
[  825.970303][T10056] Bluetooth: hci4: command tx timeout
[  826.257181][T14967] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1682'.
[  826.267616][T14879] 8021q: adding VLAN 0 to HW filter on device batadv0
[  826.593794][T14879] veth0_vlan: entered promiscuous mode
[  826.646788][T14879] veth1_vlan: entered promiscuous mode
[  826.752035][T14879] veth0_macvtap: entered promiscuous mode
[  826.794230][T14879] veth1_macvtap: entered promiscuous mode
[  826.858491][T14966] netlink: 62 bytes leftover after parsing attributes in process `syz.3.1683'.
[  827.078608][T14879] batman_adv: batadv0: Interface activated: batadv_slave_0
[  827.129131][T14879] batman_adv: batadv0: Interface activated: batadv_slave_1
[  827.233828][   T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  827.281787][   T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  827.393948][   T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  827.604767][   T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  827.986247][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.026303][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.043080][T10056] Bluetooth: hci4: command tx timeout
[  828.326647][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.354105][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  829.531648][T15007] random: crng reseeded on system resumption
[  830.596091][T15018] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1691'.
[  831.592054][T15026] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1693'.
[  832.345546][T15039] usb usb36: usbfs: process 15039 (syz.3.1695) did not claim interface 0 before use
[  832.791263][T15045] FAULT_INJECTION: forcing a failure.
[  832.791263][T15045] name failslab, interval 1, probability 0, space 0, times 0
[  832.920501][T15045] CPU: 1 UID: 0 PID: 15045 Comm: syz.2.1697 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  832.920541][T15045] Tainted: [U]=USER
[  832.920549][T15045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  832.920563][T15045] Call Trace:
[  832.920571][T15045]  <TASK>
[  832.920579][T15045]  dump_stack_lvl+0x16c/0x1f0
[  832.920608][T15045]  should_fail_ex+0x512/0x640
[  832.920637][T15045]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  832.920669][T15045]  should_failslab+0xc2/0x120
[  832.920715][T15045]  kmem_cache_alloc_noprof+0x75/0x6e0
[  832.920744][T15045]  ? __proc_create+0x2ce/0x8e0
[  832.920775][T15045]  ? __proc_create+0x2ce/0x8e0
[  832.920798][T15045]  __proc_create+0x2ce/0x8e0
[  832.920824][T15045]  ? __pfx___proc_create+0x10/0x10
[  832.920853][T15045]  ? _raw_write_unlock+0x28/0x50
[  832.920874][T15045]  ? proc_register+0x559/0x8b0
[  832.920904][T15045]  proc_create_reg+0x7d/0x180
[  832.920931][T15045]  ? __pfx_ip_vs_stats_show+0x10/0x10
[  832.920970][T15045]  proc_create_net_single+0x86/0x180
[  832.920997][T15045]  ? __pfx_proc_create_net_single+0x10/0x10
[  832.921034][T15045]  ip_vs_control_net_init+0x457/0x1d20
[  832.921064][T15045]  ? debug_mutex_init+0x37/0x70
[  832.921094][T15045]  __ip_vs_init+0x217/0x520
[  832.921126][T15045]  ? __pfx___ip_vs_init+0x10/0x10
[  832.921157][T15045]  ops_init+0x1e2/0x5f0
[  832.921194][T15045]  setup_net+0x11d/0x3a0
[  832.921228][T15045]  ? __pfx_setup_net+0x10/0x10
[  832.921264][T15045]  ? debug_mutex_init+0x37/0x70
[  832.921293][T15045]  copy_net_ns+0x351/0x5d0
[  832.921337][T15045]  create_new_namespaces+0x3ea/0xab0
[  832.921370][T15045]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  832.921400][T15045]  ksys_unshare+0x45b/0xa40
[  832.921431][T15045]  ? __pfx_ksys_unshare+0x10/0x10
[  832.921464][T15045]  ? xfd_validate_state+0x61/0x180
[  832.921506][T15045]  __x64_sys_unshare+0x31/0x40
[  832.921549][T15045]  do_syscall_64+0xcd/0xfa0
[  832.921574][T15045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.921597][T15045] RIP: 0033:0x7f7066b8f7c9
[  832.921615][T15045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  832.921648][T15045] RSP: 002b:00007f70679c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  832.921666][T15045] RAX: ffffffffffffffda RBX: 00007f7066de6090 RCX: 00007f7066b8f7c9
[  832.921679][T15045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  832.921696][T15045] RBP: 00007f7066c13f91 R08: 0000000000000000 R09: 0000000000000000
[  832.921708][T15045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  832.921720][T15045] R13: 00007f7066de6128 R14: 00007f7066de6090 R15: 00007fff0c5ff358
[  832.921747][T15045]  </TASK>
[  833.193749][    C1] vkms_vblank_simulate: vblank timer overrun
[  838.747654][T15118] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  838.865709][T15118] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  838.979326][T15118] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  839.022535][T15122] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input155
[  839.056871][T15118] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  839.254339][T15118] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  839.578539][T15118] CPU0 is offline.
[  840.440976][T15122] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input156
[  840.511762][T15133] FAULT_INJECTION: forcing a failure.
[  840.511762][T15133] name failslab, interval 1, probability 0, space 0, times 0
[  840.627290][T15133] CPU: 1 UID: 0 PID: 15133 Comm: syz.1.1715 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  840.627325][T15133] Tainted: [U]=USER
[  840.627332][T15133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  840.627346][T15133] Call Trace:
[  840.627353][T15133]  <TASK>
[  840.627362][T15133]  dump_stack_lvl+0x16c/0x1f0
[  840.627390][T15133]  should_fail_ex+0x512/0x640
[  840.627418][T15133]  ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0
[  840.627455][T15133]  should_failslab+0xc2/0x120
[  840.627491][T15133]  __kmalloc_node_track_caller_noprof+0xde/0x8a0
[  840.627525][T15133]  ? devinet_init_net+0x9c/0x910
[  840.627553][T15133]  ? __pfx_devinet_init_net+0x10/0x10
[  840.627578][T15133]  ? kmemdup_noprof+0x29/0x60
[  840.627604][T15133]  kmemdup_noprof+0x29/0x60
[  840.627633][T15133]  devinet_init_net+0x9c/0x910
[  840.627659][T15133]  ? __pfx_devinet_init_net+0x10/0x10
[  840.627684][T15133]  ops_init+0x1e2/0x5f0
[  840.627719][T15133]  setup_net+0x11d/0x3a0
[  840.627753][T15133]  ? __pfx_setup_net+0x10/0x10
[  840.627786][T15133]  ? debug_mutex_init+0x37/0x70
[  840.627817][T15133]  copy_net_ns+0x351/0x5d0
[  840.627855][T15133]  create_new_namespaces+0x3ea/0xab0
[  840.627888][T15133]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  840.627917][T15133]  ksys_unshare+0x45b/0xa40
[  840.627947][T15133]  ? __pfx_ksys_unshare+0x10/0x10
[  840.627979][T15133]  ? xfd_validate_state+0x61/0x180
[  840.628019][T15133]  __x64_sys_unshare+0x31/0x40
[  840.628049][T15133]  do_syscall_64+0xcd/0xfa0
[  840.628074][T15133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.628098][T15133] RIP: 0033:0x7f749538f7c9
[  840.628115][T15133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  840.628138][T15133] RSP: 002b:00007f749623f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  840.628159][T15133] RAX: ffffffffffffffda RBX: 00007f74955e5fa0 RCX: 00007f749538f7c9
[  840.628181][T15133] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  840.628195][T15133] RBP: 00007f7495413f91 R08: 0000000000000000 R09: 0000000000000000
[  840.628209][T15133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  840.628222][T15133] R13: 00007f74955e6038 R14: 00007f74955e5fa0 R15: 00007ffc6e272508
[  840.628252][T15133]  </TASK>
[  841.230356][T10056] Bluetooth: hci2: command 0x0c1a tx timeout
[  841.236419][T10056] Bluetooth: hci3: command 0x0c1a tx timeout
[  841.243203][T10056] Bluetooth: hci4: command 0x0c1a tx timeout
[  842.755317][T15151] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1717'.
[  843.327338][T14107] Bluetooth: hci4: command 0x0c1a tx timeout
[  843.558838][T14107] Bluetooth: hci2: Malformed LE Event: 0x1b
[  844.062256][T15162] FAULT_INJECTION: forcing a failure.
[  844.062256][T15162] name fail_futex, interval 1, probability 0, space 0, times 0
[  844.207669][T15162] CPU: 1 UID: 0 PID: 15162 Comm: syz.2.1719 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  844.207702][T15162] Tainted: [U]=USER
[  844.207709][T15162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  844.207721][T15162] Call Trace:
[  844.207728][T15162]  <TASK>
[  844.207735][T15162]  dump_stack_lvl+0x16c/0x1f0
[  844.207760][T15162]  should_fail_ex+0x512/0x640
[  844.207789][T15162]  get_futex_key+0x1d0/0x1560
[  844.207819][T15162]  ? xas_create+0x1d7/0x1460
[  844.207841][T15162]  ? __pfx_get_futex_key+0x10/0x10
[  844.207870][T15162]  ? __lock_acquire+0x622/0x1c90
[  844.207913][T15162]  futex_wait_setup+0x9d/0x550
[  844.207941][T15162]  __futex_wait+0x193/0x2f0
[  844.207962][T15162]  ? __pfx___futex_wait+0x10/0x10
[  844.207981][T15162]  ? __pfx___xa_store+0x10/0x10
[  844.208007][T15162]  ? __pfx_futex_wake_mark+0x10/0x10
[  844.208031][T15162]  ? futex_hash+0x2c5/0x380
[  844.208061][T15162]  ? futex_private_hash_put+0xd5/0x190
[  844.208091][T15162]  futex_wait+0xe8/0x380
[  844.208111][T15162]  ? __pfx_futex_wait+0x10/0x10
[  844.208138][T15162]  ? ksys_write+0x190/0x250
[  844.208168][T15162]  do_futex+0x229/0x350
[  844.208198][T15162]  ? __pfx_do_futex+0x10/0x10
[  844.208235][T15162]  __x64_sys_futex+0x1e0/0x4c0
[  844.208267][T15162]  ? fput+0x9b/0xd0
[  844.208296][T15162]  ? __pfx___x64_sys_futex+0x10/0x10
[  844.208326][T15162]  ? ksys_write+0x1ac/0x250
[  844.208350][T15162]  ? __pfx_ksys_write+0x10/0x10
[  844.208383][T15162]  do_syscall_64+0xcd/0xfa0
[  844.208405][T15162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.208425][T15162] RIP: 0033:0x7f7066b8f7c9
[  844.208440][T15162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  844.208460][T15162] RSP: 002b:00007f70679c00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  844.208479][T15162] RAX: ffffffffffffffda RBX: 00007f7066de6098 RCX: 00007f7066b8f7c9
[  844.208492][T15162] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7066de6098
[  844.208504][T15162] RBP: 00007f7066de6090 R08: 0000000000000000 R09: 0000000000000000
[  844.208516][T15162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  844.208527][T15162] R13: 00007f7066de6128 R14: 00007fff0c5ff270 R15: 00007fff0c5ff358
[  844.208553][T15162]  </TASK>
[  845.403198][T14107] Bluetooth: hci4: command 0x0c1a tx timeout
[  846.672126][T15180] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1725'.
[  846.919268][T15185] zswap: compressor  not available
[  846.982290][T15191] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1728'.
[  847.004307][T15192] device-mapper: ioctl: Invalid ioctl structure: name �, dev 200010002
[  851.183104][T15218] netlink: 62 bytes leftover after parsing attributes in process `syz.1.1733'.
[  852.631644][T15231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1736'.
[  854.558378][T15243] blktrace: Concurrent blktraces are not allowed on loop2
[  858.641925][T15284] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1749'.
[  859.334370][T15287] netlink: 62 bytes leftover after parsing attributes in process `syz.0.1747'.
[  860.740548][T15326] bond0: invalid ARP target specified
[  860.841783][T15310] zswap: compressor  not available
[  861.139637][T15326] netlink: 'syz.1.1756': attribute type 2 has an invalid length.
[  861.170574][T15326] FAULT_INJECTION: forcing a failure.
[  861.170574][T15326] name fail_futex, interval 1, probability 0, space 0, times 0
[  861.183432][T15326] CPU: 1 UID: 0 PID: 15326 Comm: syz.1.1756 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  861.183464][T15326] Tainted: [U]=USER
[  861.183471][T15326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  861.183484][T15326] Call Trace:
[  861.183491][T15326]  <TASK>
[  861.183499][T15326]  dump_stack_lvl+0x16c/0x1f0
[  861.183527][T15326]  should_fail_ex+0x512/0x640
[  861.183557][T15326]  should_fail_futex+0x4c/0x60
[  861.183587][T15326]  futex_lock_pi_atomic+0x101/0xd50
[  861.183614][T15326]  futex_lock_pi+0x23f/0x7c0
[  861.183639][T15326]  ? __pfx_futex_lock_pi+0x10/0x10
[  861.183658][T15326]  ? preempt_schedule_common+0x44/0xc0
[  861.183680][T15326]  ? preempt_schedule_thunk+0x16/0x30
[  861.183723][T15326]  ? __pfx_try_to_wake_up+0x10/0x10
[  861.183759][T15326]  ? futex_private_hash_put+0xd5/0x190
[  861.183793][T15326]  ? __pfx_futex_wake_mark+0x10/0x10
[  861.183823][T15326]  ? ksys_write+0x190/0x250
[  861.183856][T15326]  do_futex+0x11a/0x350
[  861.183888][T15326]  ? __pfx_do_futex+0x10/0x10
[  861.183928][T15326]  __x64_sys_futex+0x1e0/0x4c0
[  861.183964][T15326]  ? __pfx___x64_sys_futex+0x10/0x10
[  861.183998][T15326]  ? syscall_user_dispatch+0x78/0x140
[  861.184028][T15326]  do_syscall_64+0xcd/0xfa0
[  861.184062][T15326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  861.184082][T15326] RIP: 0033:0x7f749538f7c9
[  861.184097][T15326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  861.184117][T15326] RSP: 002b:00007f749623f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  861.184135][T15326] RAX: ffffffffffffffda RBX: 00007f74955e5fa0 RCX: 00007f749538f7c9
[  861.184148][T15326] RDX: 0000000080000001 RSI: 0000000000000006 RDI: 0000000000000000
[  861.184160][T15326] RBP: 00007f7495413f91 R08: 0000000000000000 R09: 0000000000000000
[  861.184172][T15326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  861.184183][T15326] R13: 00007f74955e6038 R14: 00007f74955e5fa0 R15: 00007ffc6e272508
[  861.184210][T15326]  </TASK>
[  862.153636][T15310] kexec: Could not allocate control_code_buffer
[  862.793762][T15343] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1759'.
[  863.147518][T15348] zswap: compressor  not available
[  863.238450][T15344] device-mapper: ioctl: Invalid ioctl structure: name �, dev 200010002
[  866.502836][T15381] bond0: no command found in slaves file - use +ifname or -ifname
[  868.942660][T15405] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input157
[  870.541088][  T196] bridge_slave_1: left allmulticast mode
[  870.571085][  T196] bridge_slave_1: left promiscuous mode
[  870.601946][  T196] bridge0: port 2(bridge_slave_1) entered disabled state
[  870.699253][  T196] bridge_slave_0: left allmulticast mode
[  870.735907][  T196] bridge_slave_0: left promiscuous mode
[  870.782193][  T196] bridge0: port 1(bridge_slave_0) entered disabled state
[  871.249174][T15416] delete_channel: no stack
[  871.877547][T15436] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input158
[  872.103273][T15439] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1778'.
[  873.091421][T15419] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  873.103221][T15419] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  873.122594][T15419] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  873.145373][T15419] CPU0 is offline.
[  873.157136][  T196] HfR: left promiscuous mode
[  873.466437][  T196] tipc: Left network mode
[  875.160857][T14107] Bluetooth: hci4: command 0x0c1a tx timeout
[  875.166899][T14107] Bluetooth: hci3: command 0x0c1a tx timeout
[  875.173552][T10056] Bluetooth: hci2: command 0x0c1a tx timeout
[  875.252552][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  875.263975][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  876.880834][  T196] hsr_slave_0: left promiscuous mode
[  876.907292][  T196] hsr_slave_1: left promiscuous mode
[  877.021443][T15501] random: crng reseeded on system resumption
[  877.070847][  T196] veth1_macvtap: left allmulticast mode
[  877.106421][  T196] veth1_macvtap: left promiscuous mode
[  877.115013][T15493] zswap: compressor  not available
[  877.135298][  T196] veth0_macvtap: left promiscuous mode
[  877.162970][  T196] veth1_vlan: left promiscuous mode
[  877.194901][  T196] veth0_vlan: left promiscuous mode
[  877.507201][T15503] Unable to find swap-space signature
[  879.654315][T15530] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1797'.
[  880.314584][  T196] team0 (unregistering): Port device team_slave_1 removed
[  880.494187][  T196] team0 (unregistering): Port device team_slave_0 removed
[  881.269039][  T196] smc: removing net device dummy0 with user defined pnetid DUMMY0
[  882.066891][T15543] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1798'.
[  882.112899][T15543] FAULT_INJECTION: forcing a failure.
[  882.112899][T15543] name failslab, interval 1, probability 0, space 0, times 0
[  882.170674][T15543] CPU: 1 UID: 0 PID: 15543 Comm: syz.3.1798 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  882.170711][T15543] Tainted: [U]=USER
[  882.170719][T15543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  882.170733][T15543] Call Trace:
[  882.170740][T15543]  <TASK>
[  882.170749][T15543]  dump_stack_lvl+0x16c/0x1f0
[  882.170776][T15543]  should_fail_ex+0x512/0x640
[  882.170803][T15543]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  882.170834][T15543]  should_failslab+0xc2/0x120
[  882.170871][T15543]  kmem_cache_alloc_noprof+0x75/0x6e0
[  882.170898][T15543]  ? __kernfs_new_node+0xd2/0x8e0
[  882.170940][T15543]  ? __kernfs_new_node+0xd2/0x8e0
[  882.170975][T15543]  __kernfs_new_node+0xd2/0x8e0
[  882.171013][T15543]  ? kernfs_add_one+0x14e/0x840
[  882.171037][T15543]  ? __pfx___kernfs_new_node+0x10/0x10
[  882.171081][T15543]  ? find_held_lock+0x2b/0x80
[  882.171116][T15543]  ? kernfs_root+0xee/0x2a0
[  882.171142][T15543]  kernfs_new_node+0x13c/0x1e0
[  882.171172][T15543]  kernfs_create_link+0xcc/0x240
[  882.171206][T15543]  sysfs_do_create_link_sd+0x90/0x140
[  882.171246][T15543]  sysfs_create_link+0x61/0xc0
[  882.171282][T15543]  device_add+0x50a/0x1aa0
[  882.171336][T15543]  ? __pfx_device_add+0x10/0x10
[  882.171382][T15543]  ? lockdep_init_map_type+0x5c/0x280
[  882.171421][T15543]  ? __init_waitqueue_head+0xca/0x150
[  882.171455][T15543]  netdev_register_kobject+0x1a9/0x3d0
[  882.171482][T15543]  register_netdevice+0x13dc/0x2270
[  882.171525][T15543]  ? __pfx_register_netdevice+0x10/0x10
[  882.171586][T15543]  internal_dev_create+0x2d3/0x520
[  882.171626][T15543]  ovs_vport_add+0x147/0x4d0
[  882.171650][T15543]  new_vport+0x16/0x1d0
[  882.171681][T15543]  ovs_dp_cmd_new+0x6ba/0xe60
[  882.171722][T15543]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  882.171761][T15543]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  882.171786][T15543]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  882.171816][T15543]  genl_family_rcv_msg_doit+0x209/0x2f0
[  882.171841][T15543]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  882.171873][T15543]  ? bpf_lsm_capable+0x9/0x10
[  882.171905][T15543]  ? security_capable+0x7e/0x260
[  882.171929][T15543]  ? ns_capable+0xd7/0x110
[  882.171954][T15543]  genl_rcv_msg+0x55c/0x800
[  882.171979][T15543]  ? __pfx_genl_rcv_msg+0x10/0x10
[  882.172002][T15543]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  882.172045][T15543]  netlink_rcv_skb+0x158/0x420
[  882.172078][T15543]  ? __pfx_genl_rcv_msg+0x10/0x10
[  882.172102][T15543]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  882.172147][T15543]  ? netlink_deliver_tap+0x1ae/0xd30
[  882.172183][T15543]  genl_rcv+0x28/0x40
[  882.172201][T15543]  netlink_unicast+0x5aa/0x870
[  882.172238][T15543]  ? __pfx_netlink_unicast+0x10/0x10
[  882.172282][T15543]  netlink_sendmsg+0x8c8/0xdd0
[  882.172381][T15543]  ? __pfx_netlink_sendmsg+0x10/0x10
[  882.172420][T15543]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  882.172451][T15543]  ____sys_sendmsg+0xa98/0xc70
[  882.172472][T15543]  ? copy_msghdr_from_user+0x10a/0x160
[  882.172511][T15543]  ? __pfx_____sys_sendmsg+0x10/0x10
[  882.172529][T15543]  ? preempt_schedule_thunk+0x16/0x30
[  882.172565][T15543]  ? try_to_wake_up+0xa67/0x1870
[  882.172592][T15543]  ___sys_sendmsg+0x134/0x1d0
[  882.172617][T15543]  ? find_held_lock+0x2b/0x80
[  882.172642][T15543]  ? __pfx____sys_sendmsg+0x10/0x10
[  882.172666][T15543]  ? __lock_acquire+0x622/0x1c90
[  882.172727][T15543]  __sys_sendmsg+0x16d/0x220
[  882.172755][T15543]  ? __pfx___sys_sendmsg+0x10/0x10
[  882.172782][T15543]  ? __x64_sys_futex+0x1e0/0x4c0
[  882.172828][T15543]  do_syscall_64+0xcd/0xfa0
[  882.172850][T15543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  882.172870][T15543] RIP: 0033:0x7f6fee78f7c9
[  882.172886][T15543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  882.172906][T15543] RSP: 002b:00007f6fef70c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  882.172925][T15543] RAX: ffffffffffffffda RBX: 00007f6fee9e5fa0 RCX: 00007f6fee78f7c9
[  882.172938][T15543] RDX: 0000000002000000 RSI: 0000200000000080 RDI: 0000000000000007
[  882.172950][T15543] RBP: 00007f6fee813f91 R08: 0000000000000000 R09: 0000000000000000
[  882.172962][T15543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  882.172973][T15543] R13: 00007f6fee9e6038 R14: 00007f6fee9e5fa0 R15: 00007ffc5f50eeb8
[  882.173000][T15543]  </TASK>
[  884.230871][T15554] sp0: Synchronizing with TNC
[  884.725350][T15572] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000
[  884.762331][T15572] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff)
[  884.859190][T15572] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000
[  884.903529][T15576] Unable to find swap-space signature
[  884.989689][T15572] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  885.085833][T15572] page dumped because: unmovable page
[  885.167638][T15572] page_owner info is not present (never set?)
[  885.263610][T15586] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input159
[  885.892901][T15586] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input160
[  887.337634][T15617] kfence: disabled
[  887.373278][T15617] kfence: re-enabled
[  888.159338][T15639] sp0: Synchronizing with TNC
[  888.221587][T15638] bond0: no command found in slaves file - use +ifname or -ifname
[  890.969493][T15673] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1822'.
[  891.181801][T15675] zswap: compressor  not available
[  892.420437][   T30] audit: type=1800 audit(4294967582.050:29): pid=15701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=050820 name="lu_gp_id" dev="configfs" ino=53440 res=0 errno=0
[  894.384037][T15717] bond0: invalid ARP target specified
[  895.222920][T15737] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  895.282416][T15737] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  895.317956][T15737] page_type: f2(table)
[  895.338502][T15737] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  895.380892][T15737] raw: 0000000000000000 0000000000000000 00000001f2000000 0000000000000000
[  895.420627][T15737] page dumped because: unmovable page
[  895.450811][T15737] page_owner tracks the page as allocated
[  895.468386][T15737] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), pid 5198, tgid 5198 (udevd), ts 97647225317, free_ts 97371432099
[  895.553709][T15737]  post_alloc_hook+0x1af/0x220
[  895.580830][T15737]  get_page_from_freelist+0x10a3/0x3a30
[  895.603545][T15737]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  895.631085][T15737]  alloc_pages_mpol+0x1fb/0x550
[  895.659484][T15737]  alloc_pages_noprof+0x131/0x390
[  895.726762][T15737]  __pud_alloc+0x3b/0x6b0
[  895.796520][T15737]  copy_page_range+0x4650/0x6930
[  895.812422][T15737]  dup_mmap+0xe80/0x2280
[  895.860902][T15737]  copy_process+0x3f14/0x76b0
[  895.890939][T15737]  kernel_clone+0xfc/0x930
[  895.951472][T15737]  __do_sys_clone+0xce/0x120
[  895.999233][T15737]  do_syscall_64+0xcd/0xfa0
[  896.035158][T15737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  896.081937][T15737] page last free pid 0 tgid 0 stack trace:
[  896.087774][T15737]  __free_frozen_pages+0x7df/0x1160
[  896.123625][T15737]  tlb_remove_table_rcu+0x121/0x320
[  896.128860][T15737]  rcu_core+0x79c/0x1530
[  896.160553][T15737]  handle_softirqs+0x219/0x8e0
[  896.188587][T15737]  __irq_exit_rcu+0x109/0x170
[  896.210265][T15737]  irq_exit_rcu+0x9/0x30
[  896.214535][T15737]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  896.245470][T15737]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  896.364815][T15733] FAULT_INJECTION: forcing a failure.
[  896.364815][T15733] name fail_futex, interval 1, probability 0, space 0, times 0
[  896.524184][T15733] CPU: 1 UID: 0 PID: 15733 Comm: syz.3.1832 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  896.524215][T15733] Tainted: [U]=USER
[  896.524222][T15733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  896.524234][T15733] Call Trace:
[  896.524240][T15733]  <TASK>
[  896.524247][T15733]  dump_stack_lvl+0x16c/0x1f0
[  896.524271][T15733]  should_fail_ex+0x512/0x640
[  896.524298][T15733]  get_futex_key+0x1d0/0x1560
[  896.524329][T15733]  ? __pfx_get_futex_key+0x10/0x10
[  896.524365][T15733]  ? __mutex_trylock_common+0xe9/0x250
[  896.524401][T15733]  futex_wake+0xea/0x530
[  896.524424][T15733]  ? __pfx_futex_wake+0x10/0x10
[  896.524441][T15733]  ? __lock_acquire+0xb8a/0x1c90
[  896.524480][T15733]  do_futex+0x1e3/0x350
[  896.524509][T15733]  ? __pfx_do_futex+0x10/0x10
[  896.524536][T15733]  ? __might_fault+0xe3/0x190
[  896.524566][T15733]  mm_release+0x24e/0x300
[  896.524588][T15733]  do_exit+0x68e/0x2bf0
[  896.524619][T15733]  ? __pfx_do_exit+0x10/0x10
[  896.524645][T15733]  ? do_raw_spin_lock+0x12c/0x2b0
[  896.524663][T15733]  ? find_held_lock+0x2b/0x80
[  896.524689][T15733]  do_group_exit+0xd3/0x2a0
[  896.524717][T15733]  get_signal+0x2671/0x26d0
[  896.524748][T15733]  ? __pfx_get_signal+0x10/0x10
[  896.524769][T15733]  ? do_futex+0x122/0x350
[  896.524798][T15733]  ? __pfx_do_futex+0x10/0x10
[  896.524829][T15733]  arch_do_signal_or_restart+0x8f/0x790
[  896.524874][T15733]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  896.524905][T15733]  ? set_cred_ucounts+0x10f/0x200
[  896.524932][T15733]  exit_to_user_mode_loop+0x85/0x130
[  896.524953][T15733]  do_syscall_64+0x426/0xfa0
[  896.524976][T15733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  896.525016][T15733] RIP: 0033:0x7f6fee78f7c9
[  896.525032][T15733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  896.525051][T15733] RSP: 002b:00007f6fef6ca0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  896.525069][T15733] RAX: fffffffffffffe00 RBX: 00007f6fee9e6188 RCX: 00007f6fee78f7c9
[  896.525081][T15733] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6fee9e6188
[  896.525093][T15733] RBP: 00007f6fee9e6180 R08: 0000000000000000 R09: 0000000000000000
[  896.525105][T15733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  896.525116][T15733] R13: 00007f6fee9e6218 R14: 00007ffc5f50edd0 R15: 00007ffc5f50eeb8
[  896.525142][T15733]  </TASK>
[  897.216197][T15740] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  897.242012][T15740] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  897.286123][T15740] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  897.319759][T15740] CPU0 is offline.
[  897.679932][   T30] audit: type=1800 audit(4294967587.300:30): pid=15764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=050820 name="lu_gp_id" dev="configfs" ino=53750 res=0 errno=0
[  898.065642][T15742] FAULT_INJECTION: forcing a failure.
[  898.065642][T15742] name failslab, interval 1, probability 0, space 0, times 0
[  898.135261][T15742] CPU: 1 UID: 0 PID: 15742 Comm: syz.1.1836 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  898.135322][T15742] Tainted: [U]=USER
[  898.135330][T15742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  898.135343][T15742] Call Trace:
[  898.135351][T15742]  <TASK>
[  898.135359][T15742]  dump_stack_lvl+0x16c/0x1f0
[  898.135388][T15742]  should_fail_ex+0x512/0x640
[  898.135416][T15742]  ? __kmalloc_noprof+0xca/0x880
[  898.135444][T15742]  should_failslab+0xc2/0x120
[  898.135481][T15742]  __kmalloc_noprof+0xdd/0x880
[  898.135506][T15742]  ? kobject_get_path+0xd2/0x2a0
[  898.135536][T15742]  ? kobject_get_path+0xd2/0x2a0
[  898.135559][T15742]  kobject_get_path+0xd2/0x2a0
[  898.135593][T15742]  kobject_uevent_env+0x289/0x1870
[  898.135623][T15742]  ? __pfx_dev_uevent_name+0x10/0x10
[  898.135670][T15742]  ? queue_work_on+0x12a/0x1f0
[  898.135704][T15742]  ? bus_to_subsys+0x131/0x160
[  898.135737][T15742]  driver_bound+0x164/0x230
[  898.135760][T15742]  device_bind_driver+0x3a/0x70
[  898.135781][T15742]  mac80211_hwsim_new_radio+0x3e8/0x50b0
[  898.135824][T15742]  ? __asan_memset+0x23/0x50
[  898.135851][T15742]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  898.135890][T15742]  hwsim_new_radio_nl+0xba2/0x1330
[  898.135923][T15742]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  898.135963][T15742]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  898.135987][T15742]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  898.136017][T15742]  genl_family_rcv_msg_doit+0x209/0x2f0
[  898.136041][T15742]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  898.136072][T15742]  ? bpf_lsm_capable+0x9/0x10
[  898.136103][T15742]  ? security_capable+0x7e/0x260
[  898.136127][T15742]  ? ns_capable+0xd7/0x110
[  898.136150][T15742]  genl_rcv_msg+0x55c/0x800
[  898.136175][T15742]  ? __pfx_genl_rcv_msg+0x10/0x10
[  898.136197][T15742]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  898.136237][T15742]  netlink_rcv_skb+0x158/0x420
[  898.136275][T15742]  ? __pfx_genl_rcv_msg+0x10/0x10
[  898.136299][T15742]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  898.136343][T15742]  ? netlink_deliver_tap+0x1ae/0xd30
[  898.136379][T15742]  genl_rcv+0x28/0x40
[  898.136397][T15742]  netlink_unicast+0x5aa/0x870
[  898.136433][T15742]  ? __pfx_netlink_unicast+0x10/0x10
[  898.136496][T15742]  netlink_sendmsg+0x8c8/0xdd0
[  898.136536][T15742]  ? __pfx_netlink_sendmsg+0x10/0x10
[  898.136575][T15742]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  898.136616][T15742]  ____sys_sendmsg+0xa98/0xc70
[  898.136637][T15742]  ? copy_msghdr_from_user+0x10a/0x160
[  898.136686][T15742]  ? __pfx_____sys_sendmsg+0x10/0x10
[  898.136714][T15742]  ? __pfx_futex_wake_mark+0x10/0x10
[  898.136742][T15742]  ___sys_sendmsg+0x134/0x1d0
[  898.136770][T15742]  ? find_held_lock+0x2b/0x80
[  898.136798][T15742]  ? __pfx____sys_sendmsg+0x10/0x10
[  898.136827][T15742]  ? __lock_acquire+0x622/0x1c90
[  898.136896][T15742]  __sys_sendmsg+0x16d/0x220
[  898.136927][T15742]  ? __pfx___sys_sendmsg+0x10/0x10
[  898.136968][T15742]  ? __x64_sys_futex+0x1e0/0x4c0
[  898.137017][T15742]  do_syscall_64+0xcd/0xfa0
[  898.137041][T15742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  898.137063][T15742] RIP: 0033:0x7f749538f7c9
[  898.137080][T15742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  898.137101][T15742] RSP: 002b:00007f749623f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  898.137122][T15742] RAX: ffffffffffffffda RBX: 00007f74955e5fa0 RCX: 00007f749538f7c9
[  898.137135][T15742] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007
[  898.137148][T15742] RBP: 00007f7495413f91 R08: 0000000000000000 R09: 0000000000000000
[  898.137161][T15742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  898.137174][T15742] R13: 00007f74955e6038 R14: 00007f74955e5fa0 R15: 00007ffc6e272508
[  898.137202][T15742]  </TASK>
[  898.678362][T15573] Bluetooth: hci2: command 0x0c1a tx timeout
[  899.340277][T15573] Bluetooth: hci3: command 0x0c1a tx timeout
[  899.401093][T15573] Bluetooth: hci4: command 0x0c1a tx timeout
[  899.499068][T15782] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[  899.561988][T15782] FAULT_INJECTION: forcing a failure.
[  899.561988][T15782] name failslab, interval 1, probability 0, space 0, times 0
[  899.609783][T15782] CPU: 1 UID: 0 PID: 15782 Comm: syz.2.1843 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  899.609816][T15782] Tainted: [U]=USER
[  899.609822][T15782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  899.609834][T15782] Call Trace:
[  899.609841][T15782]  <TASK>
[  899.609849][T15782]  dump_stack_lvl+0x16c/0x1f0
[  899.609874][T15782]  should_fail_ex+0x512/0x640
[  899.609898][T15782]  ? __kmalloc_noprof+0xca/0x880
[  899.609922][T15782]  should_failslab+0xc2/0x120
[  899.609954][T15782]  __kmalloc_noprof+0xdd/0x880
[  899.609975][T15782]  ? process_preds+0x48b/0x1c50
[  899.610011][T15782]  ? process_preds+0x48b/0x1c50
[  899.610040][T15782]  process_preds+0x48b/0x1c50
[  899.610075][T15782]  ? create_filter_start.constprop.0+0x56/0x300
[  899.610111][T15782]  create_filter+0x140/0x210
[  899.610156][T15782]  ? __pfx_create_filter+0x10/0x10
[  899.610205][T15782]  ? __pfx___mutex_lock+0x10/0x10
[  899.610226][T15782]  ? find_held_lock+0x2b/0x80
[  899.610252][T15782]  apply_event_filter+0x220/0x500
[  899.610285][T15782]  ? __pfx_apply_event_filter+0x10/0x10
[  899.610325][T15782]  event_filter_write+0x16d/0x290
[  899.610350][T15782]  ? __pfx_event_filter_write+0x10/0x10
[  899.610372][T15782]  vfs_write+0x2a0/0x11d0
[  899.610403][T15782]  ? __pfx___mutex_lock+0x10/0x10
[  899.610425][T15782]  ? __pfx_vfs_write+0x10/0x10
[  899.610477][T15782]  ? __fget_files+0x20e/0x3c0
[  899.610513][T15782]  ksys_write+0x12a/0x250
[  899.610541][T15782]  ? __pfx_ksys_write+0x10/0x10
[  899.610579][T15782]  do_syscall_64+0xcd/0xfa0
[  899.610604][T15782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  899.610627][T15782] RIP: 0033:0x7f7066b8f7c9
[  899.610645][T15782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  899.610667][T15782] RSP: 002b:00007f70679e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  899.610688][T15782] RAX: ffffffffffffffda RBX: 00007f7066de5fa0 RCX: 00007f7066b8f7c9
[  899.610703][T15782] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003
[  899.610716][T15782] RBP: 00007f7066c13f91 R08: 0000000000000000 R09: 0000000000000000
[  899.610730][T15782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  899.610744][T15782] R13: 00007f7066de6038 R14: 00007f7066de5fa0 R15: 00007fff0c5ff358
[  899.610775][T15782]  </TASK>
[  902.452221][T15810] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input162
[  904.466450][T15835] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1853'.
[  905.567233][T15842] serio: Serial port ttyS2
[  907.599369][T15859] FAULT_INJECTION: forcing a failure.
[  907.599369][T15859] name fail_futex, interval 1, probability 0, space 0, times 0
[  907.748440][T15859] CPU: 1 UID: 0 PID: 15859 Comm: syz.1.1856 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  907.748478][T15859] Tainted: [U]=USER
[  907.748486][T15859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  907.748500][T15859] Call Trace:
[  907.748507][T15859]  <TASK>
[  907.748515][T15859]  dump_stack_lvl+0x16c/0x1f0
[  907.748543][T15859]  should_fail_ex+0x512/0x640
[  907.748575][T15859]  get_futex_key+0x1d0/0x1560
[  907.748620][T15859]  ? __pfx_get_futex_key+0x10/0x10
[  907.748652][T15859]  ? __mutex_trylock_common+0xe9/0x250
[  907.748695][T15859]  futex_wake+0xea/0x530
[  907.748721][T15859]  ? __pfx_futex_wake+0x10/0x10
[  907.748742][T15859]  ? __lock_acquire+0xb8a/0x1c90
[  907.748788][T15859]  do_futex+0x1e3/0x350
[  907.748823][T15859]  ? __pfx_do_futex+0x10/0x10
[  907.748855][T15859]  ? __might_fault+0xe3/0x190
[  907.748889][T15859]  mm_release+0x24e/0x300
[  907.748915][T15859]  do_exit+0x68e/0x2bf0
[  907.748952][T15859]  ? __pfx_do_exit+0x10/0x10
[  907.748983][T15859]  ? do_raw_spin_lock+0x12c/0x2b0
[  907.749004][T15859]  ? find_held_lock+0x2b/0x80
[  907.749034][T15859]  do_group_exit+0xd3/0x2a0
[  907.749068][T15859]  get_signal+0x2671/0x26d0
[  907.749104][T15859]  ? __pfx_get_signal+0x10/0x10
[  907.749129][T15859]  ? do_futex+0x122/0x350
[  907.749163][T15859]  ? __pfx_do_futex+0x10/0x10
[  907.749199][T15859]  arch_do_signal_or_restart+0x8f/0x790
[  907.749230][T15859]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  907.749264][T15859]  ? set_cred_ucounts+0x10f/0x200
[  907.749295][T15859]  exit_to_user_mode_loop+0x85/0x130
[  907.749317][T15859]  do_syscall_64+0x426/0xfa0
[  907.749343][T15859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  907.749366][T15859] RIP: 0033:0x7f749538f7c9
[  907.749384][T15859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  907.749407][T15859] RSP: 002b:00007f74961fd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  907.749428][T15859] RAX: fffffffffffffe00 RBX: 00007f74955e6188 RCX: 00007f749538f7c9
[  907.749443][T15859] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f74955e6188
[  907.749457][T15859] RBP: 00007f74955e6180 R08: 0000000000000000 R09: 0000000000000000
[  907.749471][T15859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  907.749484][T15859] R13: 00007f74955e6218 R14: 00007ffc6e272420 R15: 00007ffc6e272508
[  907.749514][T15859]  </TASK>
[  909.060559][T15886] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1859'.
[  909.398152][T15894] bond0: invalid ARP target specified
[  911.301003][T15907] serio: Serial port ttyS2
[  911.327305][T15911] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1866'.
[  911.786386][T15905] Console: switching to colour frame buffer device 4x6
[  913.408995][T15927] FAULT_INJECTION: forcing a failure.
[  913.408995][T15927] name failslab, interval 1, probability 0, space 0, times 0
[  913.466794][T15927] CPU: 1 UID: 0 PID: 15927 Comm: syz.3.1869 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  913.466829][T15927] Tainted: [U]=USER
[  913.466847][T15927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  913.466859][T15927] Call Trace:
[  913.466866][T15927]  <TASK>
[  913.466874][T15927]  dump_stack_lvl+0x16c/0x1f0
[  913.466898][T15927]  should_fail_ex+0x512/0x640
[  913.466923][T15927]  ? __kmalloc_cache_node_noprof+0x62/0x7a0
[  913.466955][T15927]  should_failslab+0xc2/0x120
[  913.466987][T15927]  __kmalloc_cache_node_noprof+0x75/0x7a0
[  913.467014][T15927]  ? look_up_lock_class+0x59/0x150
[  913.467033][T15927]  ? __get_vm_area_node+0x101/0x330
[  913.467069][T15927]  ? __get_vm_area_node+0x101/0x330
[  913.467099][T15927]  __get_vm_area_node+0x101/0x330
[  913.467130][T15927]  ? __lock_acquire+0xb8a/0x1c90
[  913.467162][T15927]  __vmalloc_node_range_noprof+0x271/0x1480
[  913.467196][T15927]  ? n_tty_open+0x1a/0x170
[  913.467222][T15927]  ? do_raw_spin_unlock+0x172/0x230
[  913.467249][T15927]  ? n_tty_open+0x1a/0x170
[  913.467274][T15927]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  913.467307][T15927]  ? console_unlock+0x184/0x210
[  913.467330][T15927]  ? __pfx_console_unlock+0x10/0x10
[  913.467354][T15927]  ? __pfx___ldsem_down_write_nested+0x10/0x10
[  913.467378][T15927]  ? n_tty_open+0x1a/0x170
[  913.467395][T15927]  __vmalloc_node_noprof+0xad/0xf0
[  913.467427][T15927]  ? n_tty_open+0x1a/0x170
[  913.467446][T15927]  ? __pfx_n_tty_open+0x10/0x10
[  913.467465][T15927]  n_tty_open+0x1a/0x170
[  913.467484][T15927]  ? __pfx_n_tty_open+0x10/0x10
[  913.467502][T15927]  tty_ldisc_open+0x9f/0x120
[  913.467528][T15927]  tty_ldisc_setup+0x40/0x100
[  913.467555][T15927]  tty_init_dev.part.0+0x1ec/0x500
[  913.467589][T15927]  tty_open+0xa4f/0xf90
[  913.467624][T15927]  ? __pfx_tty_open+0x10/0x10
[  913.467655][T15927]  ? chrdev_open+0x10b/0x6a0
[  913.467686][T15927]  ? __pfx_tty_open+0x10/0x10
[  913.467716][T15927]  chrdev_open+0x234/0x6a0
[  913.467743][T15927]  ? __pfx_apparmor_file_open+0x10/0x10
[  913.467767][T15927]  ? __pfx_chrdev_open+0x10/0x10
[  913.467797][T15927]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  913.467829][T15927]  do_dentry_open+0x6fe/0x1560
[  913.467854][T15927]  ? __pfx_chrdev_open+0x10/0x10
[  913.467889][T15927]  vfs_open+0x82/0x3f0
[  913.467910][T15927]  path_openat+0x2016/0x2f90
[  913.467944][T15927]  ? __pfx_path_openat+0x10/0x10
[  913.467971][T15927]  ? __lock_acquire+0xb8a/0x1c90
[  913.468004][T15927]  do_filp_open+0x20b/0x470
[  913.468030][T15927]  ? __pfx_do_filp_open+0x10/0x10
[  913.468074][T15927]  ? alloc_fd+0x471/0x7d0
[  913.468104][T15927]  do_sys_openat2+0x11b/0x1d0
[  913.468123][T15927]  ? __pfx_do_sys_openat2+0x10/0x10
[  913.468152][T15927]  __x64_sys_openat+0x174/0x210
[  913.468172][T15927]  ? __pfx___x64_sys_openat+0x10/0x10
[  913.468202][T15927]  do_syscall_64+0xcd/0xfa0
[  913.468260][T15927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  913.468282][T15927] RIP: 0033:0x7f6fee78f7c9
[  913.468299][T15927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  913.468320][T15927] RSP: 002b:00007f6fef6ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  913.468340][T15927] RAX: ffffffffffffffda RBX: 00007f6fee9e6180 RCX: 00007f6fee78f7c9
[  913.468354][T15927] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  913.468368][T15927] RBP: 00007f6fee813f91 R08: 0000000000000000 R09: 0000000000000000
[  913.468381][T15927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  913.468393][T15927] R13: 00007f6fee9e6218 R14: 00007f6fee9e6180 R15: 00007ffc5f50eeb8
[  913.468422][T15927]  </TASK>
[  913.470510][T15927] syz.3.1869: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  914.606862][T15927] CPU: 1 UID: 0 PID: 15927 Comm: syz.3.1869 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  914.606899][T15927] Tainted: [U]=USER
[  914.606906][T15927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  914.606920][T15927] Call Trace:
[  914.606927][T15927]  <TASK>
[  914.606936][T15927]  dump_stack_lvl+0x16c/0x1f0
[  914.606963][T15927]  warn_alloc+0x248/0x3a0
[  914.606991][T15927]  ? __pfx_warn_alloc+0x10/0x10
[  914.607013][T15927]  ? rcu_is_watching+0x12/0xc0
[  914.607039][T15927]  ? __kmalloc_cache_node_noprof+0x2df/0x7a0
[  914.607076][T15927]  ? __kasan_kmalloc+0x8a/0xb0
[  914.607106][T15927]  ? __get_vm_area_node+0x208/0x330
[  914.607155][T15927]  __vmalloc_node_range_noprof+0xaf5/0x1480
[  914.607192][T15927]  ? do_raw_spin_unlock+0x172/0x230
[  914.607224][T15927]  ? n_tty_open+0x1a/0x170
[  914.607253][T15927]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  914.607290][T15927]  ? console_unlock+0x184/0x210
[  914.607315][T15927]  ? __pfx_console_unlock+0x10/0x10
[  914.607343][T15927]  ? __pfx___ldsem_down_write_nested+0x10/0x10
[  914.607369][T15927]  ? n_tty_open+0x1a/0x170
[  914.607389][T15927]  __vmalloc_node_noprof+0xad/0xf0
[  914.607426][T15927]  ? n_tty_open+0x1a/0x170
[  914.607447][T15927]  ? __pfx_n_tty_open+0x10/0x10
[  914.607469][T15927]  n_tty_open+0x1a/0x170
[  914.607489][T15927]  ? __pfx_n_tty_open+0x10/0x10
[  914.607510][T15927]  tty_ldisc_open+0x9f/0x120
[  914.607539][T15927]  tty_ldisc_setup+0x40/0x100
[  914.607571][T15927]  tty_init_dev.part.0+0x1ec/0x500
[  914.607609][T15927]  tty_open+0xa4f/0xf90
[  914.607650][T15927]  ? __pfx_tty_open+0x10/0x10
[  914.607685][T15927]  ? chrdev_open+0x10b/0x6a0
[  914.607720][T15927]  ? __pfx_tty_open+0x10/0x10
[  914.607755][T15927]  chrdev_open+0x234/0x6a0
[  914.607797][T15927]  ? __pfx_apparmor_file_open+0x10/0x10
[  914.607822][T15927]  ? __pfx_chrdev_open+0x10/0x10
[  914.607853][T15927]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  914.607907][T15927]  do_dentry_open+0x6fe/0x1560
[  914.607936][T15927]  ? __pfx_chrdev_open+0x10/0x10
[  914.607976][T15927]  vfs_open+0x82/0x3f0
[  914.607999][T15927]  path_openat+0x2016/0x2f90
[  914.608040][T15927]  ? __pfx_path_openat+0x10/0x10
[  914.608070][T15927]  ? __lock_acquire+0xb8a/0x1c90
[  914.608108][T15927]  do_filp_open+0x20b/0x470
[  914.608142][T15927]  ? __pfx_do_filp_open+0x10/0x10
[  914.608192][T15927]  ? alloc_fd+0x471/0x7d0
[  914.608227][T15927]  do_sys_openat2+0x11b/0x1d0
[  914.608248][T15927]  ? __pfx_do_sys_openat2+0x10/0x10
[  914.608281][T15927]  __x64_sys_openat+0x174/0x210
[  914.608304][T15927]  ? __pfx___x64_sys_openat+0x10/0x10
[  914.608338][T15927]  do_syscall_64+0xcd/0xfa0
[  914.608364][T15927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  914.608387][T15927] RIP: 0033:0x7f6fee78f7c9
[  914.608404][T15927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  914.608427][T15927] RSP: 002b:00007f6fef6ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  914.608447][T15927] RAX: ffffffffffffffda RBX: 00007f6fee9e6180 RCX: 00007f6fee78f7c9
[  914.608462][T15927] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  914.608477][T15927] RBP: 00007f6fee813f91 R08: 0000000000000000 R09: 0000000000000000
[  914.608490][T15927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  914.608503][T15927] R13: 00007f6fee9e6218 R14: 00007f6fee9e6180 R15: 00007ffc5f50eeb8
[  914.608534][T15927]  </TASK>
[  914.608542][T15927] Mem-Info:
[  915.162874][T15927] active_anon:39289 inactive_anon:33 isolated_anon:0
[  915.162874][T15927]  active_file:11946 inactive_file:42929 isolated_file:0
[  915.162874][T15927]  unevictable:768 dirty:534 writeback:0
[  915.162874][T15927]  slab_reclaimable:12474 slab_unreclaimable:103132
[  915.162874][T15927]  mapped:50801 shmem:25999 pagetables:1158
[  915.162874][T15927]  sec_pagetables:0 bounce:0
[  915.162874][T15927]  kernel_misc_reclaimable:0
[  915.162874][T15927]  free:1274619 free_pcp:23526 free_cma:0
[  915.208578][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.264969][T15927] Node 0 active_anon:157156kB inactive_anon:132kB active_file:47784kB inactive_file:171572kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:203196kB dirty:2136kB writeback:0kB shmem:102460kB shmem_thp:45056kB shmem_pmdmapped:43008kB anon_thp:0kB kernel_stack:11728kB pagetables:4488kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  915.298080][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.324744][T15927] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:144kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  915.354645][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.364170][T15927] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  915.394073][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.401123][T15927] lowmem_reserve[]: 0 2485 2487 2487 2487
[  915.407169][T15927] Node 0 DMA32 free:1212492kB boost:0kB min:34364kB low:42952kB high:51540kB reserved_highatomic:0KB free_highatomic:0KB active_anon:157156kB inactive_anon:132kB active_file:47784kB inactive_file:171572kB unevictable:1536kB writepending:2136kB zspages:8kB present:3129332kB managed:2544924kB mlocked:0kB bounce:0kB free_pcp:56040kB local_pcp:56040kB free_cma:0kB
[  915.440886][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.448836][T15927] lowmem_reserve[]: 0 0 1 1 1
[  915.453569][T15927] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  915.483210][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.493932][T15927] lowmem_reserve[]: 0 0 0 0 0
[  915.499049][T15927] Node 1 Normal free:3870624kB boost:0kB min:55512kB low:69388kB high:83264kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:144kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:37960kB local_pcp:37960kB free_cma:0kB
[  915.531388][    C1] vkms_vblank_simulate: vblank timer overrun
[  915.539306][T15927] lowmem_reserve[]: 0 0 0 0 0
[  915.544046][T15927] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  915.557597][T15927] Node 0 DMA32: 4211*4kB (UME) 632*8kB (UME) 1251*16kB (UME) 1471*32kB (UME) 1137*64kB (UME) 553*128kB (UME) 355*256kB (UM) 186*512kB (UME) 81*1024kB (UME) 21*2048kB (UM) 163*4096kB (UM) = 1212252kB
[  915.578499][T15927] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  915.590479][T15927] Node 1 Normal: 4*4kB (UE) 6*8kB (UME) 2*16kB (ME) 84*32kB (UE) 61*64kB (UE) 15*128kB (UME) 2*256kB (UE) 2*512kB (ME) 0*1024kB 1*2048kB (E) 942*4096kB (UM) = 3870624kB
[  915.610718][T15927] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  915.620945][T15927] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  915.631764][T15927] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  915.641608][T15927] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  915.651665][T15927] 80875 total pagecache pages
[  915.656608][T15927] 5 pages in swap cache
[  915.660817][T15927] Free swap  = 124968kB
[  915.665679][T15927] Total swap = 124996kB
[  915.669895][T15927] 2097051 pages RAM
[  915.674462][T15927] 0 pages HighMem/MovableOnly
[  915.679447][T15927] 428730 pages reserved
[  915.683647][T15927] 0 pages cma reserved
[  915.688408][T15927] tty tty29: ldisc open failed (-12), clearing slot 28
[  920.135523][T16007] Console: switching to colour VGA+ 80x25
[  920.867143][T16023] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  920.880755][T16023] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  920.888789][T16023] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  920.898429][T16023] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  920.905991][T16023] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  920.960380][T16012] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  921.012145][T16012] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  921.076272][T16012] page_type: f2(table)
[  921.140771][T16012] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  921.191812][T16012] raw: 0000000000000000 0000000000000000 00000001f2000000 0000000000000000
[  921.289040][T16012] page dumped because: unmovable page
[  921.357382][T16012] page_owner tracks the page as allocated
[  921.397092][T16012] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), pid 5198, tgid 5198 (udevd), ts 97647225317, free_ts 97371432099
[  921.465377][T16012]  post_alloc_hook+0x1af/0x220
[  921.470195][T16012]  get_page_from_freelist+0x10a3/0x3a30
[  921.515105][T16012]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  921.549706][T16012]  alloc_pages_mpol+0x1fb/0x550
[  921.573428][T16012]  alloc_pages_noprof+0x131/0x390
[  921.578509][T16012]  __pud_alloc+0x3b/0x6b0
[  921.582863][T16012]  copy_page_range+0x4650/0x6930
[  921.626254][T16012]  dup_mmap+0xe80/0x2280
[  921.630649][T16012]  copy_process+0x3f14/0x76b0
[  921.669618][T16012]  kernel_clone+0xfc/0x930
[  921.689772][T16012]  __do_sys_clone+0xce/0x120
[  921.710563][T16012]  do_syscall_64+0xcd/0xfa0
[  921.732393][T16012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  921.772421][T16012] page last free pid 0 tgid 0 stack trace:
[  921.778260][T16012]  __free_frozen_pages+0x7df/0x1160
[  921.815106][T16012]  tlb_remove_table_rcu+0x121/0x320
[  921.820356][T16012]  rcu_core+0x79c/0x1530
[  921.836791][T16022] chnl_net:caif_netlink_parms(): no params data found
[  921.852677][T16012]  handle_softirqs+0x219/0x8e0
[  921.864336][T16012]  __irq_exit_rcu+0x109/0x170
[  921.879252][T16012]  irq_exit_rcu+0x9/0x30
[  921.891487][T16012]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  921.913334][T16012]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  922.221329][T16022] bridge0: port 1(bridge_slave_0) entered blocking state
[  922.245991][T16022] bridge0: port 1(bridge_slave_0) entered disabled state
[  922.285443][T16022] bridge_slave_0: entered allmulticast mode
[  922.316561][T16022] bridge_slave_0: entered promiscuous mode
[  922.358739][T16022] bridge0: port 2(bridge_slave_1) entered blocking state
[  922.394567][T16022] bridge0: port 2(bridge_slave_1) entered disabled state
[  922.420160][T16022] bridge_slave_1: entered allmulticast mode
[  922.474824][T16022] bridge_slave_1: entered promiscuous mode
[  922.638517][T16022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  922.686689][T16022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  922.789458][T16055] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1892'.
[  922.899319][T16022] team0: Port device team_slave_0 added
[  922.924423][T16022] team0: Port device team_slave_1 added
[  922.966760][T16023] Bluetooth: hci4: command tx timeout
[  923.173567][T16022] batman_adv: batadv0: Adding interface: batadv_slave_0
[  923.200786][T16022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  923.290727][T16022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  923.336513][T16022] batman_adv: batadv0: Adding interface: batadv_slave_1
[  923.359112][T16022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  923.479445][T16022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  923.697050][T16022] hsr_slave_0: entered promiscuous mode
[  923.733991][T16022] hsr_slave_1: entered promiscuous mode
[  924.518475][T16022] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  924.561678][T16022] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  924.626838][T16022] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  924.699996][T16022] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  925.037342][T16023] Bluetooth: hci4: command tx timeout
[  925.080904][T16022] 8021q: adding VLAN 0 to HW filter on device bond0
[  925.183614][T16022] 8021q: adding VLAN 0 to HW filter on device team0
[  925.212925][T15593] bridge0: port 1(bridge_slave_0) entered blocking state
[  925.220094][T15593] bridge0: port 1(bridge_slave_0) entered forwarding state
[  925.279866][T15593] bridge0: port 2(bridge_slave_1) entered blocking state
[  925.287042][T15593] bridge0: port 2(bridge_slave_1) entered forwarding state
[  925.298603][T16077] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1896'.
[  925.959379][T16022] 8021q: adding VLAN 0 to HW filter on device batadv0
[  926.441972][T16101] FAULT_INJECTION: forcing a failure.
[  926.441972][T16101] name failslab, interval 1, probability 0, space 0, times 0
[  926.560141][T16101] CPU: 1 UID: 0 PID: 16101 Comm: syz.1.1900 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  926.560176][T16101] Tainted: [U]=USER
[  926.560183][T16101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  926.560195][T16101] Call Trace:
[  926.560202][T16101]  <TASK>
[  926.560210][T16101]  dump_stack_lvl+0x16c/0x1f0
[  926.560236][T16101]  should_fail_ex+0x512/0x640
[  926.560268][T16101]  should_failslab+0xc2/0x120
[  926.560303][T16101]  __kmalloc_cache_noprof+0x72/0x780
[  926.560329][T16101]  ? sctp_add_bind_addr+0xae/0x3f0
[  926.560366][T16101]  ? sctp_bind_addr_match+0x193/0x300
[  926.560402][T16101]  ? sctp_add_bind_addr+0xae/0x3f0
[  926.560437][T16101]  sctp_add_bind_addr+0xae/0x3f0
[  926.560494][T16101]  sctp_do_bind+0x2d6/0x700
[  926.560529][T16101]  sctp_connect_new_asoc+0x5e7/0x770
[  926.560562][T16101]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  926.560596][T16101]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  926.560630][T16101]  __sctp_connect+0x3f3/0xc60
[  926.560664][T16101]  ? do_raw_spin_lock+0x12c/0x2b0
[  926.560690][T16101]  ? __pfx___sctp_connect+0x10/0x10
[  926.560723][T16101]  ? __pfx_sctp_inet_connect+0x10/0x10
[  926.560755][T16101]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  926.560785][T16101]  ? __pfx_sctp_inet_connect+0x10/0x10
[  926.560814][T16101]  sctp_inet_connect+0x15f/0x200
[  926.560847][T16101]  __sys_connect_file+0x141/0x1a0
[  926.560879][T16101]  __sys_connect+0x13b/0x160
[  926.560905][T16101]  ? __pfx___sys_connect+0x10/0x10
[  926.560943][T16101]  ? xfd_validate_state+0x61/0x180
[  926.560985][T16101]  __x64_sys_connect+0x72/0xb0
[  926.561011][T16101]  ? lockdep_hardirqs_on+0x7c/0x110
[  926.561035][T16101]  do_syscall_64+0xcd/0xfa0
[  926.561061][T16101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  926.561086][T16101] RIP: 0033:0x7f749538f7c9
[  926.561104][T16101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  926.561127][T16101] RSP: 002b:00007f749621e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  926.561153][T16101] RAX: ffffffffffffffda RBX: 00007f74955e6090 RCX: 00007f749538f7c9
[  926.561169][T16101] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003
[  926.561183][T16101] RBP: 00007f7495413f91 R08: 0000000000000000 R09: 0000000000000000
[  926.561198][T16101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  926.561212][T16101] R13: 00007f74955e6128 R14: 00007f74955e6090 R15: 00007ffc6e272508
[  926.561243][T16101]  </TASK>
[  927.151485][T16023] Bluetooth: hci4: command tx timeout
[  927.376900][T16022] veth0_vlan: entered promiscuous mode
[  927.398249][T16022] veth1_vlan: entered promiscuous mode
[  927.459926][T16022] veth0_macvtap: entered promiscuous mode
[  927.501583][T16022] veth1_macvtap: entered promiscuous mode
[  927.556789][T16022] batman_adv: batadv0: Interface activated: batadv_slave_0
[  927.606948][T16022] batman_adv: batadv0: Interface activated: batadv_slave_1
[  927.658080][T15565] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  927.688834][T15565] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  927.718389][T15565] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  927.749009][T15565] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  927.862713][T16118] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1903'.
[  927.945016][T15872] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  927.971438][T15872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  928.108664][T15872] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  928.138758][T15872] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  929.032163][T16128] bond0: invalid ARP target specified
[  929.174447][T16023] Bluetooth: hci4: command tx timeout
[  930.863411][T16148] random: crng reseeded on system resumption
[  931.059194][T16023] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5
[  933.260216][T16179] bond0: invalid ARP target specified
[  935.221648][T16198] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000
[  935.303165][T16198] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  935.341171][T16198] page_type: f2(table)
[  935.355609][T16198] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  935.390077][T16198] raw: 0000000000000000 0000000000000000 00000001f2000000 0000000000000000
[  935.447254][T16198] page dumped because: unmovable page
[  935.520910][T16198] page_owner tracks the page as allocated
[  935.526776][T16198] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), pid 5198, tgid 5198 (udevd), ts 97647225317, free_ts 97371432099
[  935.731240][T16198]  post_alloc_hook+0x1af/0x220
[  935.757907][T16198]  get_page_from_freelist+0x10a3/0x3a30
[  935.781040][T16198]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  935.796379][T16198]  alloc_pages_mpol+0x1fb/0x550
[  935.811683][T16198]  alloc_pages_noprof+0x131/0x390
[  935.830581][T16198]  __pud_alloc+0x3b/0x6b0
[  935.834968][T16198]  copy_page_range+0x4650/0x6930
[  935.867454][T16198]  dup_mmap+0xe80/0x2280
[  935.889130][T16198]  copy_process+0x3f14/0x76b0
[  935.893859][T16198]  kernel_clone+0xfc/0x930
[  935.921453][T16198]  __do_sys_clone+0xce/0x120
[  935.938451][T16198]  do_syscall_64+0xcd/0xfa0
[  935.953550][T16198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  935.969846][T16198] page last free pid 0 tgid 0 stack trace:
[  935.995933][T16198]  __free_frozen_pages+0x7df/0x1160
[  936.018081][T16198]  tlb_remove_table_rcu+0x121/0x320
[  936.023328][T16198]  rcu_core+0x79c/0x1530
[  936.042089][T16198]  handle_softirqs+0x219/0x8e0
[  936.046907][T16198]  __irq_exit_rcu+0x109/0x170
[  936.097746][T16198]  irq_exit_rcu+0x9/0x30
[  936.121214][T16198]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  936.126905][T16198]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  936.175719][T16023] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  936.175750][T16023] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15
[  936.192533][T16023] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  936.502588][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  936.510618][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  936.693170][T16218] zswap: compressor  not available
[  937.479602][T16228] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1921'.
[  938.594519][T16244] zswap: compressor  not available
[  938.855406][T16244] FAULT_INJECTION: forcing a failure.
[  938.855406][T16244] name failslab, interval 1, probability 0, space 0, times 0
[  938.903237][T16244] CPU: 1 UID: 0 PID: 16244 Comm: syz.4.1927 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  938.903272][T16244] Tainted: [U]=USER
[  938.903279][T16244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  938.903292][T16244] Call Trace:
[  938.903299][T16244]  <TASK>
[  938.903307][T16244]  dump_stack_lvl+0x16c/0x1f0
[  938.903334][T16244]  should_fail_ex+0x512/0x640
[  938.903360][T16244]  ? fs_reclaim_acquire+0xae/0x150
[  938.903412][T16244]  should_failslab+0xc2/0x120
[  938.903449][T16244]  kmem_cache_alloc_noprof+0x75/0x6e0
[  938.903476][T16244]  ? __pfx_map_id_range_down+0x10/0x10
[  938.903507][T16244]  ? security_inode_alloc+0x3b/0x2b0
[  938.903540][T16244]  ? security_inode_alloc+0x3b/0x2b0
[  938.903566][T16244]  security_inode_alloc+0x3b/0x2b0
[  938.903594][T16244]  inode_init_always_gfp+0xced/0x1040
[  938.903627][T16244]  alloc_inode+0x86/0x240
[  938.903663][T16244]  sock_alloc+0x40/0x280
[  938.903698][T16244]  sock_create_lite+0x82/0x120
[  938.903734][T16244]  __netlink_kernel_create+0xbd/0x750
[  938.903770][T16244]  ? __lock_acquire+0x622/0x1c90
[  938.903804][T16244]  ? __pfx___netlink_kernel_create+0x10/0x10
[  938.903848][T16244]  rtnetlink_net_init+0xb9/0x140
[  938.903876][T16244]  ? __pfx_rtnetlink_net_init+0x10/0x10
[  938.903905][T16244]  ? lockdep_init_map_type+0x5c/0x280
[  938.903952][T16244]  ? __pfx_rtnetlink_rcv+0x10/0x10
[  938.903976][T16244]  ? __pfx_rtnetlink_bind+0x10/0x10
[  938.904001][T16244]  ? lockdep_init_map_type+0x5c/0x280
[  938.904035][T16244]  ? debug_mutex_init+0x37/0x70
[  938.904061][T16244]  ? __pfx_rtnetlink_net_init+0x10/0x10
[  938.904086][T16244]  ops_init+0x1e2/0x5f0
[  938.904119][T16244]  setup_net+0x11d/0x3a0
[  938.904150][T16244]  ? __pfx_setup_net+0x10/0x10
[  938.904182][T16244]  ? debug_mutex_init+0x37/0x70
[  938.904209][T16244]  copy_net_ns+0x351/0x5d0
[  938.904245][T16244]  create_new_namespaces+0x3ea/0xab0
[  938.904276][T16244]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  938.904302][T16244]  ksys_unshare+0x45b/0xa40
[  938.904331][T16244]  ? __pfx_ksys_unshare+0x10/0x10
[  938.904361][T16244]  ? do_user_addr_fault+0x843/0x1370
[  938.904402][T16244]  __x64_sys_unshare+0x31/0x40
[  938.904429][T16244]  do_syscall_64+0xcd/0xfa0
[  938.904453][T16244]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.904474][T16244] RIP: 0033:0x7f6e4b58f7c9
[  938.904497][T16244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  938.904519][T16244] RSP: 002b:00007f6e4c4ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  938.904539][T16244] RAX: ffffffffffffffda RBX: 00007f6e4b7e5fa0 RCX: 00007f6e4b58f7c9
[  938.904553][T16244] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  938.904566][T16244] RBP: 00007f6e4b613f91 R08: 0000000000000000 R09: 0000000000000000
[  938.904579][T16244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  938.904591][T16244] R13: 00007f6e4b7e6038 R14: 00007f6e4b7e5fa0 R15: 00007ffe5d216d98
[  938.904619][T16244]  </TASK>
[  942.367393][T15573] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  942.378003][T15573] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  942.385886][T15573] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  942.402941][T15573] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  942.411196][T15573] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  943.961351][T16288] chnl_net:caif_netlink_parms(): no params data found
[  944.456311][T16288] bridge0: port 1(bridge_slave_0) entered blocking state
[  944.463748][T16023] Bluetooth: hci5: command tx timeout
[  944.482596][T16288] bridge0: port 1(bridge_slave_0) entered disabled state
[  944.518455][T16288] bridge_slave_0: entered allmulticast mode
[  944.565725][T16288] bridge_slave_0: entered promiscuous mode
[  944.595394][T16288] bridge0: port 2(bridge_slave_1) entered blocking state
[  944.602519][T16288] bridge0: port 2(bridge_slave_1) entered disabled state
[  944.667214][T16288] bridge_slave_1: entered allmulticast mode
[  944.712986][T16288] bridge_slave_1: entered promiscuous mode
[  945.019131][T16288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  945.077009][T16288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  945.215365][T16288] team0: Port device team_slave_0 added
[  945.243416][T16288] team0: Port device team_slave_1 added
[  945.375230][T16288] batman_adv: batadv0: Adding interface: batadv_slave_0
[  945.416783][T16288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  945.553199][T16288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  945.624823][T16288] batman_adv: batadv0: Adding interface: batadv_slave_1
[  945.651283][T16288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  945.775103][T16288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  946.000116][T16288] hsr_slave_0: entered promiscuous mode
[  946.021330][T16288] hsr_slave_1: entered promiscuous mode
[  946.045202][T16288] debugfs: 'hsr0' already exists in 'hsr'
[  946.070096][T16288] Cannot create hsr debugfs directory
[  946.524497][T16023] Bluetooth: hci5: command tx timeout
[  946.651920][T16329] random: crng reseeded on system resumption
[  946.800287][T16023] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5
[  946.975648][T16288] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  947.046965][T16288] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  947.090247][T16288] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  947.157236][T16288] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  948.032868][T16288] 8021q: adding VLAN 0 to HW filter on device bond0
[  948.186256][T16288] 8021q: adding VLAN 0 to HW filter on device team0
[  948.451567][T15872] bridge0: port 1(bridge_slave_0) entered blocking state
[  948.458756][T15872] bridge0: port 1(bridge_slave_0) entered forwarding state
[  948.520363][T15872] bridge0: port 2(bridge_slave_1) entered blocking state
[  948.527596][T15872] bridge0: port 2(bridge_slave_1) entered forwarding state
[  948.593168][T16023] Bluetooth: hci5: command tx timeout
[  948.715938][T16288] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  948.729766][T16354] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1946'.
[  949.483929][T16288] 8021q: adding VLAN 0 to HW filter on device batadv0
[  950.252151][T16288] veth0_vlan: entered promiscuous mode
[  950.321384][T16288] veth1_vlan: entered promiscuous mode
[  950.461186][T16288] veth0_macvtap: entered promiscuous mode
[  950.550209][T16288] veth1_macvtap: entered promiscuous mode
[  950.617815][T16288] batman_adv: batadv0: Interface activated: batadv_slave_0
[  950.662191][T16023] Bluetooth: hci5: command tx timeout
[  950.692725][T16288] batman_adv: batadv0: Interface activated: batadv_slave_1
[  950.755300][T15565] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  950.787498][T15565] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  950.848663][T15565] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  950.882334][T15565] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  951.167387][T15873] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  951.211810][T15873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  951.318574][T16395] bond0: invalid ARP target specified
[  951.383615][T15872] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  951.416978][T15872] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  952.518015][T16406] block nbd2: not configured, cannot reconfigure
[  953.273810][T16422] random: crng reseeded on system resumption
[  953.281534][T16411] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1954'.
[  953.408623][T16023] Bluetooth: hci5: unexpected event 0x1c length: 725 > 5
[  953.578593][T16426] bond0: invalid ARP target specified
[  958.303840][T16481] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1969'.
[  960.366627][T16510] input: jJǸ-���9�%v���J86�� as /devices/virtual/input/input165
[  964.038152][T16552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1990'.
[  967.343172][T16586] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1987'.
[  971.779878][T16652] FAULT_INJECTION: forcing a failure.
[  971.779878][T16652] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  971.828773][T16652] CPU: 1 UID: 0 PID: 16652 Comm: syz.3.2002 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  971.828820][T16652] Tainted: [U]=USER
[  971.828828][T16652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  971.828842][T16652] Call Trace:
[  971.828848][T16652]  <TASK>
[  971.828857][T16652]  dump_stack_lvl+0x16c/0x1f0
[  971.828885][T16652]  should_fail_ex+0x512/0x640
[  971.828917][T16652]  should_fail_alloc_page+0xe7/0x130
[  971.828956][T16652]  prepare_alloc_pages+0x3c2/0x610
[  971.828991][T16652]  ? rcu_is_watching+0x12/0xc0
[  971.829021][T16652]  __alloc_frozen_pages_noprof+0x18b/0x2470
[  971.829084][T16652]  ? __pfx_debug_object_activate+0x10/0x10
[  971.829126][T16652]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  971.829156][T16652]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  971.829196][T16652]  ? __lock_acquire+0x622/0x1c90
[  971.829234][T16652]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  971.829269][T16652]  ? policy_nodemask+0xea/0x4e0
[  971.829307][T16652]  alloc_pages_mpol+0x1fb/0x550
[  971.829343][T16652]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  971.829386][T16652]  folio_alloc_mpol_noprof+0x36/0x2f0
[  971.829412][T16652]  vma_alloc_folio_noprof+0xed/0x1e0
[  971.829436][T16652]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  971.829469][T16652]  do_pte_missing+0x2202/0x3ba0
[  971.829513][T16652]  ? find_held_lock+0x2b/0x80
[  971.829548][T16652]  __handle_mm_fault+0x1556/0x2aa0
[  971.829582][T16652]  ? __pfx___handle_mm_fault+0x10/0x10
[  971.829609][T16652]  ? __pte_offset_map_lock+0x174/0x310
[  971.829644][T16652]  ? find_held_lock+0x2b/0x80
[  971.829680][T16652]  ? follow_page_pte+0x5cf/0x1390
[  971.829723][T16652]  handle_mm_fault+0x589/0xd10
[  971.829757][T16652]  __get_user_pages+0x54e/0x3530
[  971.829806][T16652]  ? __pfx___get_user_pages+0x10/0x10
[  971.829852][T16652]  populate_vma_page_range+0x267/0x3f0
[  971.829893][T16652]  ? __pfx_populate_vma_page_range+0x10/0x10
[  971.829931][T16652]  ? __pfx_find_vma_intersection+0x10/0x10
[  971.829968][T16652]  ? do_mmap+0x69c/0x1210
[  971.830005][T16652]  __mm_populate+0x1d8/0x380
[  971.830028][T16652]  ? __pfx___mm_populate+0x10/0x10
[  971.830051][T16652]  ? up_write+0x1b2/0x520
[  971.830076][T16652]  vm_mmap_pgoff+0x37f/0x470
[  971.830114][T16652]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  971.830156][T16652]  ? __x64_sys_futex+0x1e0/0x4c0
[  971.830190][T16652]  ? __x64_sys_futex+0x1e9/0x4c0
[  971.830229][T16652]  ksys_mmap_pgoff+0x7d/0x5c0
[  971.830269][T16652]  ? syscall_user_dispatch+0x78/0x140
[  971.830297][T16652]  __x64_sys_mmap+0x125/0x190
[  971.830336][T16652]  do_syscall_64+0xcd/0xfa0
[  971.830363][T16652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.830386][T16652] RIP: 0033:0x7f6fee78f7c9
[  971.830405][T16652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  971.830432][T16652] RSP: 002b:00007f6fef70c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  971.830454][T16652] RAX: ffffffffffffffda RBX: 00007f6fee9e5fa0 RCX: 00007f6fee78f7c9
[  971.830470][T16652] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
[  971.830484][T16652] RBP: 00007f6fee813f91 R08: 0000000000000002 R09: 0000000000008000
[  971.830499][T16652] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[  971.830513][T16652] R13: 00007f6fee9e6038 R14: 00007f6fee9e5fa0 R15: 00007ffc5f50eeb8
[  971.830544][T16652]  </TASK>
[  973.246680][T16666] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2005'.
[  973.835412][T16023] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  973.835441][T16023] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15
[  973.851833][T16023] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  974.359029][T16682] zswap: compressor  not available
[  974.390123][T16685] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2010'.
[  975.056501][T16023] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260
[  975.056530][T16023] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260
[  975.075730][T16023] Bluetooth: hci2: Dropping invalid advertising data
[  975.082585][T16023] Bluetooth: hci2: unknown advertising packet type: 0xe9
[  975.082604][T16023] Bluetooth: hci2: unknown advertising packet type: 0xbd
[  975.094911][T16023] Bluetooth: hci2: Dropping invalid advertising data
[  975.109089][T16023] Bluetooth: hci2: Malformed LE Event: 0x02
[  975.361013][T16712] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2015'.
[  975.374042][T16709] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2013'.
[  975.885072][T16023] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  975.885101][T16023] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15
[  975.901443][T16023] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  976.342476][T16731] zswap: compressor  not available
[  976.793062][T16023] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  976.793092][T16023] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15
[  976.808407][T16023] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  976.856456][T16744] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2020'.
[  976.909528][T16741] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2019'.
[  977.228063][T16753] zswap: compressor  not available
[  984.434245][T15573] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  984.445091][T15573] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  984.453164][T15573] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  984.461082][T15573] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  984.475832][T15573] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  984.892725][T16792] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2035'.
[  985.252281][T16784] chnl_net:caif_netlink_parms(): no params data found
[  985.664249][T16784] bridge0: port 1(bridge_slave_0) entered blocking state
[  985.704910][T16784] bridge0: port 1(bridge_slave_0) entered disabled state
[  985.745301][T16784] bridge_slave_0: entered allmulticast mode
[  985.771382][T16784] bridge_slave_0: entered promiscuous mode
[  985.805797][T16784] bridge0: port 2(bridge_slave_1) entered blocking state
[  985.837311][T16784] bridge0: port 2(bridge_slave_1) entered disabled state
[  985.866567][T16784] bridge_slave_1: entered allmulticast mode
[  985.912242][T16784] bridge_slave_1: entered promiscuous mode
[  986.044197][T16784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  986.092398][T16784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  986.240136][T16784] team0: Port device team_slave_0 added
[  986.273464][T16784] team0: Port device team_slave_1 added
[  986.389175][T16784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  986.435681][T16784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  986.562444][T16023] Bluetooth: hci6: command tx timeout
[  986.579009][T16784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  986.625127][T16784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  986.663522][T16784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  986.796028][T16784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  987.576035][T16784] hsr_slave_0: entered promiscuous mode
[  987.609349][T16784] hsr_slave_1: entered promiscuous mode
[  987.634271][T16784] debugfs: 'hsr0' already exists in 'hsr'
[  987.658062][T16784] Cannot create hsr debugfs directory
[  988.124102][T16830] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2034'.
[  988.622321][T16784] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  988.629760][T16023] Bluetooth: hci6: command tx timeout
[  988.712392][T16837] FAULT_INJECTION: forcing a failure.
[  988.712392][T16837] name failslab, interval 1, probability 0, space 0, times 0
[  988.760660][T16837] CPU: 1 UID: 0 PID: 16837 Comm: syz.3.2038 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[  988.760699][T16837] Tainted: [U]=USER
[  988.760706][T16837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  988.760721][T16837] Call Trace:
[  988.760728][T16837]  <TASK>
[  988.760737][T16837]  dump_stack_lvl+0x16c/0x1f0
[  988.760766][T16837]  should_fail_ex+0x512/0x640
[  988.760793][T16837]  ? __kmalloc_noprof+0xca/0x880
[  988.760822][T16837]  should_failslab+0xc2/0x120
[  988.760859][T16837]  __kmalloc_noprof+0xdd/0x880
[  988.760883][T16837]  ? kfree+0x2b8/0x6d0
[  988.760904][T16837]  ? constrain_params_by_rules+0xa09/0xca0
[  988.760930][T16837]  ? constrain_params_by_rules+0x175/0xca0
[  988.760962][T16837]  ? constrain_params_by_rules+0x175/0xca0
[  988.760987][T16837]  constrain_params_by_rules+0x175/0xca0
[  988.761026][T16837]  ? __pfx_constrain_params_by_rules+0x10/0x10
[  988.761059][T16837]  ? __pfx_constrain_params_by_rules+0x10/0x10
[  988.761085][T16837]  ? __lock_acquire+0xb8a/0x1c90
[  988.761137][T16837]  ? snd_interval_refine+0x2fa/0x580
[  988.761176][T16837]  snd_pcm_hw_refine+0x7de/0xad0
[  988.761208][T16837]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  988.761240][T16837]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  988.761272][T16837]  ? snd_pcm_hw_param_value+0x266/0x5b0
[  988.761301][T16837]  snd_pcm_hw_param_first+0x334/0x6f0
[  988.761344][T16837]  snd_pcm_hw_params+0x5eb/0x1ba0
[  988.761379][T16837]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  988.761409][T16837]  ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0
[  988.761457][T16837]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  988.761484][T16837]  ? __asan_memset+0x23/0x50
[  988.761514][T16837]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  988.761547][T16837]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  988.761587][T16837]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  988.761649][T16837]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  988.761679][T16837]  snd_pcm_oss_ioctl+0x2212/0x37c0
[  988.761706][T16837]  ? hook_file_ioctl_common+0x145/0x410
[  988.761740][T16837]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  988.761767][T16837]  ? __fget_files+0x20e/0x3c0
[  988.761799][T16837]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  988.761825][T16837]  __x64_sys_ioctl+0x18e/0x210
[  988.761850][T16837]  do_syscall_64+0xcd/0xfa0
[  988.761875][T16837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  988.761903][T16837] RIP: 0033:0x7f6fee78f7c9
[  988.761922][T16837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  988.761944][T16837] RSP: 002b:00007f6fef70c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  988.761966][T16837] RAX: ffffffffffffffda RBX: 00007f6fee9e5fa0 RCX: 00007f6fee78f7c9
[  988.761980][T16837] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000008
[  988.761994][T16837] RBP: 00007f6fee813f91 R08: 0000000000000000 R09: 0000000000000000
[  988.762008][T16837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  988.762022][T16837] R13: 00007f6fee9e6038 R14: 00007f6fee9e5fa0 R15: 00007ffc5f50eeb8
[  988.762052][T16837]  </TASK>
[  988.763500][T16784] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  990.036305][T16784] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  990.083750][T16784] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  990.414570][T16784] 8021q: adding VLAN 0 to HW filter on device bond0
[  990.538931][T16784] 8021q: adding VLAN 0 to HW filter on device team0
[  990.597450][T15873] bridge0: port 1(bridge_slave_0) entered blocking state
[  990.604631][T15873] bridge0: port 1(bridge_slave_0) entered forwarding state
[  990.692094][T15873] bridge0: port 2(bridge_slave_1) entered blocking state
[  990.699368][T15873] bridge0: port 2(bridge_slave_1) entered forwarding state
[  990.710838][T16023] Bluetooth: hci6: command tx timeout
[  991.675775][T16784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  992.763512][T16023] Bluetooth: hci6: command tx timeout
[  992.774179][T16784] veth0_vlan: entered promiscuous mode
[  992.802293][T16905] bond0: option all_slaves_active: invalid value ()
[  992.827309][T16784] veth1_vlan: entered promiscuous mode
[  993.011265][T16784] veth0_macvtap: entered promiscuous mode
[  993.106518][T16784] veth1_macvtap: entered promiscuous mode
[  993.239965][T16784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  993.314815][T16784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  993.411897][T15872] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  993.454463][T15872] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  993.490602][T15872] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  993.511009][T16908] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2047'.
[  993.554699][T15872] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  993.712981][T16911] hub 8-0:1.0: USB hub found
[  993.776740][T16911] hub 8-0:1.0: 1 port detected
[  993.966756][T15872] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  994.013390][T15872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  994.147160][T15872] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  994.179470][T15872] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  994.861572][T16023] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[  994.861605][T16023] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15
[  994.878095][T16023] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[  995.313880][T16943] bond0: invalid ARP target specified
[  995.470015][T16940] zswap: compressor  not available
[  995.599304][T16950] delete_channel: no stack
[  997.093231][T16974] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2058'.
[  997.634382][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  997.647580][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  998.807568][T16998] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2063'.
[ 1001.011020][T17027] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x0 pfn:0x78000
[ 1001.044428][T17027] flags: 0xfff18000000014(referenced|dirty|node=0|zone=1|lastcpupid=0x7ff)
[ 1001.084984][T17027] raw: 00fff18000000014 0000000000000000 dead000000000122 0000000000000000
[ 1001.131553][T17027] raw: 0000000000000000 0000000000000000 0000000400000002 0000000000000000
[ 1001.189254][T17027] page dumped because: unmovable page
[ 1001.210185][T17027] page_owner tracks the page as allocated
[ 1001.215942][T17027] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 16764, tgid 16764 (syz-executor), ts 983532412357, free_ts 980786310193
[ 1001.313793][T17027]  post_alloc_hook+0x1af/0x220
[ 1001.337222][T17027]  get_page_from_freelist+0x10a3/0x3a30
[ 1001.372992][T17027]  __alloc_frozen_pages_noprof+0x25f/0x2470
[ 1001.417473][T17027]  alloc_pages_mpol+0x1fb/0x550
[ 1001.439333][T17027]  alloc_pages_noprof+0x131/0x390
[ 1001.444429][T17027]  __vmalloc_node_range_noprof+0x6f8/0x1480
[ 1001.483426][T17027]  vmalloc_user_noprof+0x9e/0xe0
[ 1001.508987][T17027]  kcov_ioctl+0x4c/0x730
[ 1001.513281][T17027]  __x64_sys_ioctl+0x18e/0x210
[ 1001.538662][T17027]  do_syscall_64+0xcd/0xfa0
[ 1001.549823][T17040] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub.
[ 1001.570646][T17027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1001.588321][T17027] page last free pid 15873 tgid 15873 stack trace:
[ 1001.620427][T17027]  __free_frozen_pages+0x7df/0x1160
[ 1001.625697][T17027]  tlb_remove_table_rcu+0x121/0x320
[ 1001.668581][T17027]  rcu_core+0x79c/0x1530
[ 1001.691084][T17027]  handle_softirqs+0x219/0x8e0
[ 1001.719526][T17027]  do_softirq+0xb2/0xf0
[ 1001.738163][T17027]  __local_bh_enable_ip+0x100/0x120
[ 1001.743439][T17027]  nsim_dev_trap_report_work+0x8b5/0xcf0
[ 1001.781562][T17027]  process_one_work+0x9cf/0x1b70
[ 1001.800614][T17027]  worker_thread+0x6c8/0xf10
[ 1001.820772][T17027]  kthread+0x3c5/0x780
[ 1001.824912][T17027]  ret_from_fork+0x675/0x7d0
[ 1001.858072][T17027]  ret_from_fork_asm+0x1a/0x30
[ 1004.699992][T17070] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1005.005072][T16023] Bluetooth: hci6: unexpected event 0x3e length: 726 > 260
[ 1005.005103][T16023] Bluetooth: hci6: unexpected subevent 0x0e length: 725 > 15
[ 1005.020378][T16023] Bluetooth: hci6: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[ 1005.497781][T17082] netlink: 'syz.0.2081': attribute type 3 has an invalid length.
[ 1005.585072][T17078] zswap: compressor  not available
[ 1006.633602][T17117] netlink: 186 bytes leftover after parsing attributes in process `syz.6.2084'.
[ 1007.621981][T16023] Bluetooth: hci6: unexpected event 0x3e length: 726 > 260
[ 1007.622010][T16023] Bluetooth: hci6: unexpected subevent 0x0e length: 725 > 15
[ 1007.637564][T16023] Bluetooth: hci6: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f
[ 1008.106714][T17133] zswap: compressor  not available
[ 1009.317896][T17148] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2090'.
[ 1009.437334][T17148] veth0_macvtap: left promiscuous mode
[ 1009.483166][T17148] macvtap0: entered promiscuous mode
[ 1009.506166][T17148] macvtap0: entered allmulticast mode
[ 1010.493625][T17169] bdi 43:192: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead.
[ 1012.995382][T17215] program syz.3.2102 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1013.804809][T17218] FAULT_INJECTION: forcing a failure.
[ 1013.804809][T17218] name failslab, interval 1, probability 0, space 0, times 0
[ 1013.938000][T17218] CPU: 1 UID: 0 PID: 17218 Comm: syz.3.2102 Tainted: G     U              syzkaller #0 PREEMPT(full) 
[ 1013.938038][T17218] Tainted: [U]=USER
[ 1013.938045][T17218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1013.938059][T17218] Call Trace:
[ 1013.938066][T17218]  <TASK>
[ 1013.938074][T17218]  dump_stack_lvl+0x16c/0x1f0
[ 1013.938102][T17218]  should_fail_ex+0x512/0x640
[ 1013.938130][T17218]  ? fs_reclaim_acquire+0xae/0x150
[ 1013.938167][T17218]  should_failslab+0xc2/0x120
[ 1013.938203][T17218]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1013.938229][T17218]  ? __pfx_map_id_range_down+0x10/0x10
[ 1013.938253][T17218]  ? security_inode_alloc+0x3b/0x2b0
[ 1013.938286][T17218]  ? security_inode_alloc+0x3b/0x2b0
[ 1013.938312][T17218]  security_inode_alloc+0x3b/0x2b0
[ 1013.938340][T17218]  inode_init_always_gfp+0xced/0x1040
[ 1013.938372][T17218]  alloc_inode+0x86/0x240
[ 1013.938417][T17218]  new_inode+0x22/0x1c0
[ 1013.938455][T17218]  proc_pid_make_inode+0x22/0x160
[ 1013.938494][T17218]  proc_ns_dir_lookup+0x25b/0x390
[ 1013.938535][T17218]  ? __pfx_proc_ns_dir_lookup+0x10/0x10
[ 1013.938571][T17218]  lookup_open.isra.0+0x4da/0x1580
[ 1013.938605][T17218]  ? __pfx_lookup_open.isra.0+0x10/0x10
[ 1013.938647][T17218]  ? mnt_get_write_access+0x1e9/0x2f0
[ 1013.938688][T17218]  path_openat+0xa24/0x2f90
[ 1013.938726][T17218]  ? __pfx_path_openat+0x10/0x10
[ 1013.938757][T17218]  ? __lock_acquire+0xb8a/0x1c90
[ 1013.938796][T17218]  do_filp_open+0x20b/0x470
[ 1013.938825][T17218]  ? __pfx_do_filp_open+0x10/0x10
[ 1013.938865][T17218]  ? __pfx_kfree_link+0x10/0x10
[ 1013.938895][T17218]  ? alloc_fd+0x471/0x7d0
[ 1013.938929][T17218]  do_sys_openat2+0x11b/0x1d0
[ 1013.938951][T17218]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1013.938984][T17218]  __x64_sys_openat+0x174/0x210
[ 1013.939018][T17218]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1013.939050][T17218]  do_syscall_64+0xcd/0xfa0
[ 1013.939093][T17218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1013.939116][T17218] RIP: 0033:0x7f6fee78e010
[ 1013.939134][T17218] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[ 1013.939157][T17218] RSP: 002b:00007f6fef6eaf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1013.939178][T17218] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f6fee78e010
[ 1013.939193][T17218] RDX: 0000000000000002 RSI: 00007f6fef6eafa0 RDI: 00000000ffffff9c
[ 1013.939207][T17218] RBP: 00007f6fef6eafa0 R08: 0000000000000000 R09: 0000000000000000
[ 1013.939220][T17218] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1013.939234][T17218] R13: 00007f6fee9e6128 R14: 00007f6fee9e6090 R15: 00007ffc5f50eeb8
[ 1013.939264][T17218]  </TASK>
[ 1015.372937][T17228] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2104'.
[ 1016.600783][T17240] random: crng reseeded on system resumption
[ 1019.054035][T17276] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2113'.
[ 1019.966120][T17282] binder: 17281:17282 ioctl c018620c 0 returned -22
[ 1020.036111][T17282] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2115'.
[ 1022.590710][T17302] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2120'.
[ 1023.758229][T17319] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2124'.
[ 1023.994260][T17320] random: crng reseeded on system resumption
[ 1027.062093][T15563] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1027.078498][T16023] Bluetooth: hci7: Opcode 0x0c03 failed: -110
[ 1027.099096][T16023] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1027.107659][T16023] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1027.118000][T16023] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1027.125596][T16023] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1027.655699][T17356] vhci_hcd: SetHubDepth req not supported for USB 2.0 roothub
[ 1027.699104][T17357] blktrace: Concurrent blktraces are not allowed on loop2
[ 1027.717016][T17344] chnl_net:caif_netlink_parms(): no params data found
[ 1028.028300][T17344] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1028.045579][T17344] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1028.073086][T17344] bridge_slave_0: entered allmulticast mode
[ 1028.094090][T17344] bridge_slave_0: entered promiscuous mode
[ 1028.114360][T17344] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1028.129749][T17344] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1028.146463][T17344] bridge_slave_1: entered allmulticast mode
[ 1028.210529][T17344] bridge_slave_1: entered promiscuous mode
[ 1028.352786][T17344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1028.405573][T17344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1028.515213][T17344] team0: Port device team_slave_0 added
[ 1028.551815][T17344] team0: Port device team_slave_1 added
[ 1028.672299][T17344] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1028.697184][T17344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1028.850620][T17344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1028.917277][T17344] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1028.939614][T17344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1029.038820][T17344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1029.214591][T16023] Bluetooth: hci8: command tx timeout
[ 1029.237170][T17344] hsr_slave_0: entered promiscuous mode
[ 1029.258743][T17344] hsr_slave_1: entered promiscuous mode
[ 1029.284193][T17344] debugfs: 'hsr0' already exists in 'hsr'
[ 1029.298622][T17344] Cannot create hsr debugfs directory
[ 1029.832476][T17380] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2134'.
[ 1029.926218][T17344] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1029.945228][T17344] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1029.971208][T17344] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1029.994923][T17344] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1030.220129][T17344] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1030.266090][T17344] 8021q: adding VLAN 0 to HW filter on device team0
[ 1030.296321][T15565] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1030.303597][T15565] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1030.345541][T15565] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1030.352726][T15565] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1031.113371][T17382] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 1031.168439][T17344] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1031.283091][T16023] Bluetooth: hci8: command tx timeout
[ 1031.992173][T17344] veth0_vlan: entered promiscuous mode
[ 1032.063895][T17344] veth1_vlan: entered promiscuous mode
[ 1032.162726][T17344] veth0_macvtap: entered promiscuous mode
[ 1032.213762][T17344] veth1_macvtap: entered promiscuous mode
[ 1032.281392][T17344] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1032.331828][T17344] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1032.379384][T15873] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.406418][T15873] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.457516][T15873] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.523440][T15873] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.718247][T15594] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1032.750376][T15594] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1032.869091][T15594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1032.904501][T15594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1033.356323][T16023] Bluetooth: hci8: command tx timeout
[ 1033.806297][T17424] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2128'.
[ 1033.858662][T17429] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[ 1033.870676][T17424] veth0_macvtap: left promiscuous mode
[ 1033.891825][T17424] macvtap0: entered promiscuous mode
[ 1033.931276][T17424] macvtap0: entered allmulticast mode
[ 1034.502446][T17442] vhci_hcd: invalid port number 16
[ 1034.645820][T17443] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1035.422646][T16023] Bluetooth: hci8: command tx timeout
[ 1035.455778][T17454] vivid-007: =================  START STATUS  =================
[ 1035.502382][T17454] vivid-007: Generate PTS: true
[ 1035.507584][T17454] vivid-007: Generate SCR: true
[ 1035.551151][T17454] tpg source WxH: 320x240 (Y'CbCr)
[ 1035.563001][T17454] tpg field: 1
[ 1035.574709][T17454] tpg crop: (0,0)/320x240
[ 1035.599925][T17454] tpg compose: (0,0)/320x240
[ 1035.609612][T17454] tpg colorspace: 8
[ 1035.632961][T17454] tpg transfer function: 0/0
[ 1035.637602][T17454] tpg Y'CbCr encoding: 0/0
[ 1035.666705][T17454] tpg quantization: 0/0
[ 1035.679816][T17454] tpg RGB range: 0/2
[ 1035.714666][T17454] vivid-007: ==================  END STATUS  ==================
[ 1036.799905][T17473] binder: 17472:17473 ioctl c018620c 0 returned -1
[ 1036.869073][T17473] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2147'.
[ 1038.372395][   T31] INFO: task kworker/u8:5:196 blocked for more than 143 seconds.
[ 1038.394430][   T31]       Tainted: G     U              syzkaller #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1038.421935][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1038.472886][   T31] task:kworker/u8:5    state:D stack:23528 pid:196   tgid:196   ppid:2      task_flags:0x4208160 flags:0x00080000
[ 1038.555008][   T31] Workqueue: netns cleanup_net
[ 1038.559833][   T31] Call Trace:
[ 1038.563121][   T31]  <TASK>
[ 1038.611822][   T31]  __schedule+0x1190/0x5de0
[ 1038.644541][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1038.663047][   T31]  ? __pfx___schedule+0x10/0x10
[ 1038.679946][   T31]  ? find_held_lock+0x2b/0x80
[ 1038.710181][   T31]  ? schedule+0x2d7/0x3a0
[ 1038.729143][   T31]  schedule+0xe7/0x3a0
[ 1038.733284][   T31]  schedule_timeout+0x257/0x290
[ 1038.773804][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1038.793038][   T31]  ? mark_held_locks+0x49/0x80
[ 1038.817605][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1038.855049][   T31]  __wait_for_common+0x2fc/0x4e0
[ 1038.864694][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1038.886546][   T31]  ? __pfx___wait_for_common+0x10/0x10
[ 1038.916675][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1038.940749][   T31]  ? flush_workqueue_prep_pwqs+0x2e9/0x510
[ 1038.968484][   T31]  __flush_workqueue+0x3e2/0x1230
[ 1038.987760][   T31]  ? __pfx___might_resched+0x10/0x10
[ 1039.020271][   T31]  ? __pfx___flush_workqueue+0x10/0x10
[ 1039.047546][   T31]  rxrpc_destroy_all_locals+0x40/0x180
[ 1039.073902][   T31]  rxrpc_exit_net+0x8b/0xc0
[ 1039.100920][   T31]  ? __pfx_rxrpc_exit_net+0x10/0x10
[ 1039.128987][   T31]  ops_undo_list+0x2ee/0xab0
[ 1039.148722][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[ 1039.191576][   T31]  ? cleanup_net+0x347/0x830
[ 1039.219203][   T31]  ? idr_destroy+0x62/0x2e0
[ 1039.293618][   T31]  cleanup_net+0x41b/0x830
[ 1039.299465][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1039.377773][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1039.410708][   T31]  process_one_work+0x9cf/0x1b70
[ 1039.415725][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1039.474782][   T31]  ? __pfx_process_one_work+0x10/0x10
[ 1039.501850][   T31]  ? assign_work+0x1a0/0x250
[ 1039.506595][   T31]  worker_thread+0x6c8/0xf10
[ 1039.528574][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1039.563317][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1039.568495][   T31]  kthread+0x3c5/0x780
[ 1039.581181][   T31]  ? __pfx_kthread+0x10/0x10
[ 1039.585816][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1039.619418][   T31]  ? __pfx_kthread+0x10/0x10
[ 1039.624061][   T31]  ret_from_fork+0x675/0x7d0
[ 1039.628677][   T31]  ? __pfx_kthread+0x10/0x10
[ 1039.665484][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1039.689746][   T31]  </TASK>
[ 1039.692965][   T31] 
[ 1039.692965][   T31] Showing all locks held in the system:
[ 1039.738868][   T31] 1 lock held by khungtaskd/31:
[ 1039.743748][   T31]  #0: ffffffff8e3c3ea0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1039.848301][   T31] 3 locks held by kworker/u8:5/196:
[ 1039.853536][   T31]  #0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1039.917910][   T31]  #1: ffffc90002ff7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1039.967516][   T31]  #2: ffffffff900d64f0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x830
[ 1039.976957][   T31] 1 lock held by syz.2.1854/15838:
[ 1040.020669][   T31]  #0: ffff888060a17508 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[ 1040.076860][   T31] 2 locks held by kworker/u10:6/15873:
[ 1040.082383][   T31]  #0: ffff88813ff29148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1040.147111][   T31]  #1: ffff8880b8524088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0
[ 1040.155901][   T31] 1 lock held by syz.3.1889/16047:
[ 1040.184121][   T31]  #0: ffffffff8e3cf438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[ 1040.236245][   T31] 1 lock held by syz.1.1900/16099:
[ 1040.241410][   T31]  #0: ffffffff900d64f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x333/0x5d0
[ 1040.305249][   T31] 1 lock held by syz.5.1991/16599:
[ 1040.312180][   T31]  #0: ffffffff900d64f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x333/0x5d0
[ 1040.335734][   T31] 5 locks held by syz-executor/16784:
[ 1040.341141][   T31]  #0: ffff88802794cdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[ 1040.376378][   T31]  #1: ffff88802794c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[ 1040.395765][   T31]  #2: ffffffff90360d88 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[ 1040.418707][   T31]  #3: ffff88805c275b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730
[ 1040.436056][   T31]  #4: ffffffff8e3cf438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[ 1040.452772][   T31] 1 lock held by syz.4.2098/17195:
[ 1040.458167][   T31]  #0: ffffffff900d64f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x333/0x5d0
[ 1040.472079][   T31] 1 lock held by syz.0.2125/17329:
[ 1040.477460][   T31]  #0: ffff88808022fac8 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[ 1040.489233][   T31] 2 locks held by getty/17418:
[ 1040.494007][   T31]  #0: ffff88814e1280a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1040.504103][   T31]  #1: ffffc9000ae2b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1040.564858][   T31] 
[ 1040.567238][   T31] =============================================
[ 1040.567238][   T31] 
[ 1040.614274][   T31] NMI backtrace for cpu 1
[ 1040.614296][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G     U              syzkaller #0 PREEMPT(full) 
[ 1040.614326][   T31] Tainted: [U]=USER
[ 1040.614333][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1040.614345][   T31] Call Trace:
[ 1040.614352][   T31]  <TASK>
[ 1040.614360][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1040.614388][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1040.614416][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 1040.614453][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1040.614485][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1040.614518][   T31]  watchdog+0xf3f/0x1170
[ 1040.614545][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1040.614571][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1040.614593][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1040.614616][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1040.614645][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1040.614667][   T31]  kthread+0x3c5/0x780
[ 1040.614698][   T31]  ? __pfx_kthread+0x10/0x10
[ 1040.614731][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1040.614756][   T31]  ? __pfx_kthread+0x10/0x10
[ 1040.614788][   T31]  ret_from_fork+0x675/0x7d0
[ 1040.614819][   T31]  ? __pfx_kthread+0x10/0x10
[ 1040.614857][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1040.614901][   T31]  </TASK>
[ 1041.326759][T16047] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem
[ 1041.364675][T16047] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem
[ 1045.538936][T16023] Bluetooth: hci4: command 0x0406 tx timeout