last executing test programs: 8.438742207s ago: executing program 3 (id=4): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f00000004c0)={0x8, 0x3ff, 0x2, 0x7, 0x48, 0x7ff, 0x5, 0x7, 0x4, 0x6, 0x8, 0x3, 0x5, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x80, 0x100000000, 0x800000, 0x7, 0x8, 0x200, 0xfffffffd, 0x84, 0x0, 0x6, 0x2, 0x0, 0x0, [0xffffffffffffffff, 0x1ff, 0x1, 0x0, 0x1000000000, 0x0, 0x0, 0x4, 0x3, 0x0, 0x8003, 0x4000000, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x20000000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xec4e, 0x400000000000, 0x8000000000000001, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a], "49822ea0dcada2cb578bb19d553ec885e2b3d6a29b8a8fea6e8e2fe2b37fd614dbb91b3038659f54338e7b0657f901ecb180ba7b95aecffd30b91220402899d431d4feda642281982452cd3d63fcc1c1459d8c9e12eebc9dc3b69ee4e892b1f7901e64328aaa8a8728472194aa3a0b61cbbd1af1cd4a3d3585ede3ee122921cc0e2a827c9f62740300800000abd8bd55b25455547f5f067e1dd7a9532f6d603857"}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x24, 0x4008) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r1, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x4a7) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace\x00', 0x26082, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000002c0)={{@inferred=0xffffffffffffffff, 0x4, 0x1, 0x0, "bfc956f7b829ea9bc64a831c54b927c5c84cdfcb6d840bf6034bbe162b339fcc0b9ad62f05f5e47256dc5c36", @raw=0x4}, 0x0, 0x5, 0xd77e, @inferred, @integer={0x5, 0x2, 0x5}, "ff0931dc5a3fb879791acf380abcfd7f9f393a68114cc9d69244416e96525a166b971aae562cbc70472d48eb5f54d36edf407701d0d1c4e40409e86cafa60765"}) open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) mkdir$auto(&(0x7f0000000480)='./cgroup\x00', 0x6) open(0x0, 0x80880, 0x0) rmdir$auto(&(0x7f0000000300)='./cgroup\x00') close_range$auto(0x2, r1, 0xc82) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, 0x0, 0x414041, 0x0) 7.47303951s ago: executing program 0 (id=6): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x511080, 0x0) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYRES16, @ANYRES16=r1, @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x24048040}, 0x0) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/snd/controlC0\x00', 0x80, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) epoll_create$auto(0x4) socket(0x2, 0x5, 0x0) unshare$auto(0x40000080) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x7ffe) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) ioctl$auto_PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000080)=0x9) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) clock_nanosleep$auto(0x9, 0x0, 0x0, 0xffffffffffffffff) socket(0x18, 0x80803, 0x7) r3 = epoll_create$auto(0x1) capset$auto(0x0, 0x0) epoll_ctl$auto(r3, 0x1, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop6\x00', 0x40203, 0x0) sysfs$auto(0x2, 0xd, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) r5 = fsopen$auto(0x0, 0x4) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) close_range$auto(0x2, r2, 0x401) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) 7.219352947s ago: executing program 3 (id=8): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/cpu/events/branch-instructions\x00', 0x22b42, 0x0) sendfile$auto(r0, r0, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x3) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400284, 0x0) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) rseq$auto(0x0, 0x8000, 0x0, 0x27) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macsec0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r1, &(0x7f0000004100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x34, r2, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x18, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x3f}, @typed={0x8, 0x2, 0x0, 0x0, @pid}]}, @MACSEC_ATTR_IFINDEX={0x8, 0x1, r3}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000040) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x10540, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) ioctl$auto(0xc8, 0x400454cb, 0xffffffffffffffff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 6.321065581s ago: executing program 0 (id=10): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x1, 0x401) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x540a, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="01002cbd7000fbdbdf2503000000040001800d000180080003800400c08075fbff000400080035d3c929c4103ad1569f79046ba6161f91cd744c1f503eed0900000000000000a908f178c1c94c0e91113a86be7bd2d2aa6b1bb3d3f924c9d10b11834731810932c4159ed491ba2763afbe051c7e875c5f2cc539b77ad8118eb951b2621fd35adfb3f943467a31f286a16e6f69c636b3e4031014043ed2f2256157b562cd5c7f099e967d6100d661749f681cf58a72b163565c83fe813c3ca0752c5aa369573895a11390571d01d1a7b0983cd02d8163f853142222bb6aa825bd12c506ec35360400587500"/249], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800) unshare$auto(0x40000080) open(&(0x7f00000000c0)='./file0\x00', 0x4020c0, 0x140) keyctl$auto(0xf, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) semctl$auto(0x201, 0x2, 0x13, 0x1) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) read$auto_tracing_fops_trace(r1, &(0x7f0000000280)=""/249, 0xf9) r4 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r4, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r5, 0x1, 0x7ff) ptrace$auto_PTRACE_SECCOMP_GET_METADATA(0x420d, r5, 0x62, 0x27dd) prctl$auto_PR_SET_MM_ARG_START(0x8000, 0x8, r5, 0x81, 0x9) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setgroups$auto(0xe32, 0x0) 5.940329928s ago: executing program 1 (id=13): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/transparent_hugepage/hugepages-8kB/shmem_enabled\x00', 0x1a1842, 0x0) sendfile$auto(r0, r0, 0x0, 0x6) r1 = socket(0x28, 0x0, 0xe3) getsockopt$auto_SO_PASSPIDFD(r1, 0x1000, 0x4c, &(0x7f00000000c0)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', &(0x7f00000001c0)=0x5f) fstat$auto(0xffffffffffffffff, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) prctl$auto(0x10000000017, 0x28, 0x4, 0x8000000156, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = io_uring_setup$auto(0x1, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000440)="b4cfbaa27e5d", 0x12}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) write$auto(0xffffffffffffffff, 0x0, 0x9) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0xffffffffffffffff, 0x7f8, 0x5, 0x5, 0x809, 0xffffffffffffffff, 0x10000, 0x5}, 0x14) fcntl$auto_F_OFD_SETLKW(r2, 0x26, 0x4) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r4, 0x5, 0x0, 0x0, 0x0) shmctl$auto(0x8, 0xff, &(0x7f00000011c0)={{0xd9, 0x0, 0xee01, 0x6, 0x800, 0x5, 0xfffa}, 0x90000000, 0x0, 0x3, 0x6, @raw=0xdc7, @inferred=0xffffffffffffffff, 0x3, 0x0, 0x0, &(0x7f00000001c0)="6f05eea8ee4ce0036557360d7102e2c5111f93c5f4a7a81ae9e9897a234986a635dc88f4b9716da8048e0ac48d3b6ff4b7784c2a1795ce458374dbf55bbb81eec15e4d0f58db42e095c7bd31efeb90acf0879ea6aa654fe657039558bdbf0ee9ee91ac12d3deed9352c4a53d130921e550f078347ef75bcbd05344e63299de6645c851c6767df5641511312bf3c93eae89a1311d601f7adcc6014e753bd52eb3047b183758c90f603d8455d4ef579b92543637c25cbbfb1abe357e1525737e2eaade43a125139fc3aae41ab3dadcaa99d34cffbf14563d7f08bbdcbca299520dabee8e492561cec98815405885670288256fbe2395b6d80a323538ceddb5b4c5d73a7f837e0af4d62b379c394f9c91c97489017cf3ff947927342ffa50178c233a668ec7aecb5d42651950630ad4b0fda8bfe8fda22a95bff27f6f3635ddfccd5c90cd11e8216dab6913fb5c9c815aa96f7a6e3c092145f55faa1491f0dcc5a3767f23b80674b1f63ce07f6de416fb60c4bac2044552bba9f25ce6aec8808e4637a9349bb9dedc523ff692a1f3a743387696c0a69170babe8751c5413ace902729e4a0bba469b0dcbf190336ac81c3f10fc15d008e6885a52c485525c04330b490ef4411b967f2a5d2d714367bb6f9a502f97f345d42cdbfeb5ad836e6e6fcd357d231f7139fd5f965441a02db67a5746a340b3a7024a7ad6fbde0325689b207b50942d5577fe928a8fdc2c9a256a0d1274ac34a2b7d048644263d04fe5c7f5e76884117e98c0a215b7738187fb452be0ccde7c7a1323339a4b52f7bba499fb3ad682f0b633e57c72d4dc93bbcb9386c69acaf8716b99a8a2e73b53f957801caae5e225c89e924ab4d96b78594d3a1d6c30a441860af8e9be0c65ba3b66abc313d4caf7b76b2fbbf38fd2173e9387546bf84d44b30882460c61bebed5d74950497c3a51982d3514f854482b52dcb7a81aec88a4b21f44f08e05572c0f5ba6bb282bcd331df7cfbd76ad285692fe12981a40924c3091533c3f916be46d0591d3e6e53bff5b253a6e2d01c85cc002594857489ef92178d7c9cfbb4ba56d80a1ba9f0826c64038084e531c591d08af11b063deccc9f91539aa85d2713e73d21854aaf6bebe95ecb41af6b5fd917e0a9f653aa7548556e260c13dc3834dab1d1c1fdad9a160c296ffbbb4fe40db5e2bdd2c5236b8bc5c23c4889fd661ca7f1717f10a7e8302d920b8fc6c1caad04db26417554b0da165c1d624ce07d91089d20f7dc3d51d2f3e3bdf1f4b430296577676864f0254952a60b71ed3ea7345651e606d1d78c95bc6c9e338e73c178886fb71d057e0500af3ac8c8b0fa99d67291f26ef100d28091bfd3ea8ce960c256d7f11b2f6c45c018839a25ee3351804ee9be27602bd9a4dea2e66772b98bb8b1ee139293d52ffa50656c112e33965ebf9a904cbe6a144494fbc86a3bb5feeb66d89cfb2a6b4e83fbcc8826b12d86ea5113bba6abf682fe850683f96d7f715e8e9e36c787432e9f492b2b8b2d094495c0fddd7c4d25db6d5bf443207257f73a0f4256462c32b8d48731d11d6a793017633e95c487cf6540e344ab64f187bf30befe9142a75a6a335bab9792d4ecffceab605a84b7fe95c8c3a3673ebec4189510bcefde03a92519742517f796a9e4abe4ae171b15cc2031ac90fed39f3a08e2f10f8a536f7e8614ac750728610228010d007082cc63a16289985f741547b11f6b4533c931fc44eae1404e6ecb52440379c19422587b1cc036cb7f595dec54c56a865e04e6e5ff24d466c6462d8ea4791526831829567b487d23b7bc9673b64b8c8a1511fb86f56066884bd14a9127bfe120434e7de63e7f6377c8609083b3f019323d3c4bb51b45079b3946f284"}) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyb7\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000000)="c80d1b5d399b5b", 0xfdef) 4.898051732s ago: executing program 1 (id=15): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0x1, 0x401) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r2, 0x540a, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="01002cbd7000fbdbdf2503000000040001800d000180080003800400c08075fbff000400080035d3c929c4103ad1569f79046ba6161f91cd744c1f503eed0900000000000000a908f178c1c94c0e91113a86be7bd2d2aa6b1bb3d3f924c9d10b11834731810932c4159ed491ba2763afbe051c7e875c5f2cc539b77ad8118eb951b2621fd35adfb3f943467a31f286a16e6f69c636b3e4031014043ed2f2256157b562cd5c7f099e967d6100d661749f681cf58a72b163565c83fe813c3ca0752c5aa369573895a11390571d01d1a7b0983cd02d8163f853142222bb6aa825bd12c506ec35360400587500"/249], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800) unshare$auto(0x40000080) open(&(0x7f00000000c0)='./file0\x00', 0x4020c0, 0x140) keyctl$auto(0xf, 0xfffff7ffffffffff, 0x0, 0x8, 0x8) semctl$auto(0x201, 0x2, 0x13, 0x1) setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) read$auto_tracing_fops_trace(r1, &(0x7f0000000280)=""/249, 0xf9) r4 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r4, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r5, 0x1, 0x7ff) ptrace$auto_PTRACE_SECCOMP_GET_METADATA(0x420d, r5, 0x62, 0x27dd) prctl$auto_PR_SET_MM_ARG_START(0x8000, 0x8, r5, 0x81, 0x9) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) setgroups$auto(0xe32, 0x0) 4.634149773s ago: executing program 0 (id=16): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) msync$auto(0x200000, 0x2000000005, 0x6) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0x1000000a) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb5, 0x401, 0x8000) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x20000000000008, 0x2, 0x19) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r2, 0x29, 0x4c, 0x0, 0x4) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_FS_IOC_SETFLAGS2(r0, 0x40086602, &(0x7f0000000180)=0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x8006, 0x0) msgctl$auto_MSG_STAT(0x8001, 0xb, &(0x7f0000001600)={{0x2, 0xee00, 0x0, 0x3, 0xb, 0x3, 0xcd8e}, 0x0, &(0x7f00000002c0), 0x8, 0x356, 0x3, 0x800000000000000, 0x80000002, 0x3, 0xffff, 0x1000}) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000008c41c83b6ab1ff2ea4d3f0057c3d46b636f3e764bebbfd34606f4a", @ANYRES16=r4, @ANYBLOB="01002cbd7000fddbdf25020000000800010002000000"], 0x1c}}, 0x4000) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x60, 0xdf, 0x800000000000eb1, 0x401, 0x8001) r5 = getsockopt$auto_SO_PEERPIDFD(0xffffffffffffffff, 0x9, 0x4d, &(0x7f00000004c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', &(0x7f00000005c0)=0x6) epoll_ctl$auto_EPOLL_CTL_MOD(r2, 0x3, r5, &(0x7f0000000600)={0x7, 0x4}) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0xa) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 4.01206003s ago: executing program 2 (id=17): mmap$auto(0x0, 0x5, 0x2, 0x8000000000040eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getcwd$auto(0x0, 0xc34) r0 = open_tree$auto(0xffffffffffffffff, 0x0, 0x2) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x20009, 0x800000000000df, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/scsi/sg/debug\x00', 0x100, 0x0) pread64$auto(r1, 0x0, 0x80000006, 0x3) setsockopt$auto(0x3, 0x10000000084, 0x25, 0x0, 0x90) ioctl$auto_FBIOGET_FSCREENINFO(r0, 0x4602, &(0x7f0000000000)="d9654f5be4c217c2729f9dfc30b26c3ddaa1f03decf4e6457cd8609b3c8ae0b4ecdee74dcb4f5dac53cc6656ab592420ff8f6fb75d5971a9e7fdc688588c084f77b175db65d77b1f114b55ef0195b9293ee84bd31cec435eb669b20047c2968c79a47681fc4fc6eaa5f5051b8a30622f537009526f8f0e20a7f43c12db6bf0c4cbc78efe7838259f6bbc04d495fe8ae19825fd692a98221d7c01a8db6ceed4b2a9c88af4aa45cfd4c85ec8231e7ba1cf76b3775fb834b159cbc4304859befcf959928045bcd74f68e9b4faec4850996b482bea00fe8a") futex$auto(0x0, 0x8c, 0x1, 0x0, &(0x7f0000000180)=0x8e, 0x0) 3.91540581s ago: executing program 2 (id=18): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = prctl$auto(0x23, 0xc, 0x2008, 0x0, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x402800, 0x0) mmap$auto(0x0, 0x42020009, 0x3, 0x10010, 0xfffffffffffffffa, 0x3) mmap$auto(0x200000000, 0x5, 0x8, 0x40009b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) munmap$auto(0x8000, 0xffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x511080, 0x0) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(r0, 0x8, 0x0) ioctl$auto_VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000080)={0x100, r1}) 3.806943831s ago: executing program 3 (id=19): mmap$auto(0x0, 0xe983, 0xdf, 0xe91, 0x401, 0x808000) setresuid$auto(0x2, 0x7, 0x8080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x88) clone$auto(0x6, 0xfffffffffffffffe, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r0 = socket(0x10, 0x1, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = timerfd_create$auto(0x8, 0x800) timerfd_settime$auto(r0, 0x2, 0x0, 0x0) r2 = openat$auto_clear_warn_once_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000140)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_WRITE_READ(r3, 0x5452, &(0x7f0000000000)) connect$auto(0x3, &(0x7f00000000c0)=@sco, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) select$auto(0x7, 0x0, &(0x7f0000000300)={[0x2098, 0xe9e, 0x1000048, 0x8015, 0xd5, 0x100000005, 0xc, 0xf, 0x4, 0x0, 0x7fff, 0xd59, 0x101, 0xfb, 0xa, 0x8000000001]}, 0x0, 0x0) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000000, 0x3b9ac9ff}) close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x401, 0xfffff801) r4 = inotify_init1$auto(0x3000000000000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r4) sendmsg$auto_NL80211_CMD_SET_STATION(r4, &(0x7f00000002c0)={&(0x7f0000000140), 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="0200be9b", @ANYRES32, @ANYBLOB="000126bd7000fddbdf25120000000600eb00000000006a00f50057a06776814ba089ed9f80b1d1247eff5e37362080cfd101ac5a1a72fa79b7629398dffb3f824e47acbfcaa997799e50813dedfb6e532044a0aab83a634bad472c97d9d08569b9c45c667660802a22483cb954d75d111cf9d7e600002c000d019545971650267ffc809157be00000000000000006155963e0ccb3f80fe4e12a163041d25f68b830600"/174], 0xb4}, 0x1, 0x0, 0x0, 0x4044001}, 0x8000) getsockopt$auto(0x2, 0x114, 0x8, 0xfffffffffffffffc, 0x0) r5 = socket(0x10, 0x2, 0x0) ioctl$auto(0xffffffffffffffff, 0x8946, r2) syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000040), r1) sendmsg$auto_HANDSHAKE_CMD_DONE(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4044880}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3.477906076s ago: executing program 3 (id=20): unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x4, 0x4008) r1 = socket(0x29, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x0) listen$auto(r0, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) setfsuid$auto(0xee01) modify_ldt$auto(0x3, &(0x7f00000001c0)="8493dd0830b9d3de5f92fbfc48f16d73eed576c670f592f41ad94465b9ee3d52907e477651f7d0b9b4945bee80f2c13c08b50d8b2cbeb58ddde43b206454c099e8c02d6f", 0x6) ioctl$auto(r1, 0x89f2, 0x24) 3.441453941s ago: executing program 1 (id=21): timer_settime$auto(0xffffffff, 0x9, &(0x7f0000000140)={{0x7, 0x4}, {0x10}}, 0x0) mmap$auto(0x0, 0x420009, 0xe0, 0xeb1, 0x401, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000100)=ANY=[@ANYBLOB="1406000000000000001cc854514be06bd6c70000", @ANYRES16=r0, @ANYBLOB="000125bd7000fedbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x408a}, 0x4048000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000480)={{&(0x7f00000001c0)="8d10a50b60e1380b545f89c54bab4fbfb3e0feda7edd7e46ae550aa997ff56be56fea27cb83751daf5f24ad06844d84862e0d8ddb179f76038831d67eaac8ab77003e5fc4eaf9d788521bd99b2729d94e367eabcdce535dd22dee07e455f0d28213b56b89d026239a1a68f51487800b3643829c256b36302e01c43618a797b05025b5feebfc59d59d2d916fd4248245863a0fd01593abab17301a9c36f0ec8bcbd4d8e6757f5b19d5092696e8e3e7ae1179791a4d12d4b6e213364b1f45cbae151889a10e446fe3ddc6e35545780a45518a4", 0x3, &(0x7f00000003c0)={&(0x7f00000002c0)="a05773e17fc3f097c1dda9674cdda8495227c3f6143b1c9dae28868eb2521113ee53fe55139a6cafe81097998f467936029d7cc2a59bd8df4aac7fbffdb54dfbc4dabe4693db529a457b072d24a74a8cc4064a179611df8dbc3eb7d0d68f653f5c970fe5e8039b309bf88b2d95319ac03fe3fed98f97feb30230ed7bc44c009694c3a27e9526df2fdf2b2d30adf6f4e00f90211708f37043fdc4153b871250e305e2c21184eaa67cb94b2d8e79f89ec13959f9918ffa08e8a519c2ad073327cf5ae99cbd9397b8187ea2e9c37e5535d88c6ce6ca1e247930b3585aa92c14", 0x100}, 0x1, &(0x7f0000000400)="2491e2f933b13df8b9767a34918374d206e5f3c766ee0baae721e41d7b28fc255fc9387e8c68e335e84ca7720ac49cdfdff203042b32ffe2ddf3fee62aa25966f135af5acda0f5ee35af2663f7f69d40ea81d8bce8fc80c0add9", 0x1, 0x1}, 0x401}, 0x5, 0x4) mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8004) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x8000, 0x0) ioctl$auto(r2, 0x4018620d, 0x9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) socketpair$auto(0x5, 0x5, 0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_XFS_IOC_SWAPEXT(r3, 0xc0c0586d, &(0x7f0000000380)={0x3, @inferred, @inferred=r3, 0x7, 0x477, '\x00', {0x7, 0xa35, 0x400, 0xffffffffffffffff, 0x0, 0xc9, 0x6, 0xffffffffffff8001, {0xe, 0xc}, {0x5, 0x800}, {0x2, 0xe9}, 0x7ff, 0xa, 0x4, 0x5, 0x8000, 0x8ac, 0x4, 0x40, 0x9, 0x2, '\x00', 0x80000002, 0x4, 0xd, 0x3d3b}}) r4 = syz_clone(0x308ac80, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0x6, 0x2, 0x0) rt_sigqueueinfo$auto(r4, 0x5, 0x0) prctl$auto(0x43, 0xe, 0x0, 0x0, 0x0) r5 = getpid() prctl$auto_PR_SET_VMA_ANON_NAME(0x0, 0x0, r5, 0xf0, 0x9) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x5, 0x3, 0x9) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x36, 0x0, 0x8) 2.737746032s ago: executing program 2 (id=22): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd13\x00', 0x4a083, 0x0) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x52, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xa) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = socket(0x2, 0x1, 0x106) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/geneve0/disable_policy\x00', 0x40180, 0x0) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) write$auto(r3, 0x0, 0x5) r4 = socket(0x11, 0xa, 0x9) bind$auto(r4, &(0x7f0000000140)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x38}}, 0x9) sendmsg$auto_OVS_FLOW_CMD_SET(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000090}, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) ioctl$auto_TCFLSH2(r1, 0x5422, 0x0) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) 2.70795598s ago: executing program 1 (id=23): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x200007, 0x19) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x40005) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) io_uring_register$auto(0x2, 0x1, 0x0, 0x0) 2.493063684s ago: executing program 1 (id=24): mmap$auto(0x0, 0x6, 0x3, 0x19, 0x7, 0x8003) sysfs$auto(0x7, 0x626, 0x756) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vidtv.0/i2c-0/0-0068/name\x00', 0x18b080, 0x0) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x8000000000000001, 0x4) get_mempolicy$auto(0x0, 0x0, 0x400, 0x0, 0x0) ioctl$auto_BLKPG2(r0, 0x1269, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sys/net/ipv6/conf/netdevsim2/accept_ra_defrtr\x00', 0x8a042, 0x0) pidfd_getfd$auto(r1, r1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0xb, 0x9, 0x8, 0x5, 0x1001, 0x1ff, 0xf, 0x1000, 0xb, 0x5, 0xced80000000001, 0x9, 0x3, 0x0, 0x1, 0x7fffffff]}, 0x0, 0x0) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) select$auto(0x7, 0x0, &(0x7f0000000100)={[0x9, 0x5, 0x0, 0xfffffffffffffff6, 0x7, 0xfffffffffffdffff, 0xdffffffffffffff8, 0x2, 0x0, 0x10000005e58296f, 0x6, 0x7, 0x3, 0x29, 0x1, 0x9]}, 0x0, 0x0) r2 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, 0x0, 0x8800, 0x0) ioctl$auto_BTRFS_IOC_DEVICES_READY(r2, 0x90009427, 0x0) read$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x14, 0xfffffffffffffffa, 0x80000000008003) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x1e8) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/input/event2\x00', 0x2004c2, 0x0) ioctl$auto_EVIOCGMASK(r3, 0x80104592, &(0x7f0000000040)={0x8, 0x200, 0x2}) unshare$auto(0x40000080) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\x9e\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xec\xf9\x8a\xff\x87\x1f\x88p\xef8D\xd9\x1d\xb1#v8Ma~\x97F\xc8', 0x100000a3d3) 2.485531015s ago: executing program 0 (id=25): openat$auto_msr_fops_msr(0xffffffffffffff9c, 0x0, 0x181f82, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, 0x100000, 0x5, 0x44, 0x5, 0xe4, 0xe6, 0x0, 0x0, 0x0, 0x2}) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto_FIOQSIZE(r2, 0x5460, 0x5) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x1000, 0x400050, 0x9) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x10bb41, 0x0) timer_create$auto(0x3, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1b, 0x0, 0xffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r3, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/btrfs/features/supported_sectorsizes\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000001c00)=""/4111, 0x100f) openat$auto_ima_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000080), 0x150882, 0x0) r5 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r5, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)={0x18c, r6, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@HWSIM_ATTR_MLO_SUPPORT={0x4}, @HWSIM_ATTR_ADDR_TRANSMITTER={0xe8, 0x2, "a5f533a64d7dd868e79a344cf9e579d1b4b4793d0985fda4080381ddfc8a5d9cc0a4c625831b1bf8270a70151d0109a218989f69649c9f907f85b1636377a6a27e10fe4dc249a9e8d7d6514e0bc4ca93461a984c5c4b0fe712733b7d30fca4428ee0c8ab6b6a23055bd9731671099278a5635d7c218d6325547aa2cc725c23b5d4a1b15e9acb17f0057cc7a6d6939ad2352e0f1fd566712f0e92107075c09896e53b8c9c5049eac6f761f3bcc3294876a7c6e010fe88d66b3bed97ed091a4c5608c22de7103e91ab1b9616018ab0b934f59fda399ab64e649ba4644d7c12c0a6dff8a518"}, @HWSIM_ATTR_FLAGS={0x8, 0x4, 0x10001}, @HWSIM_ATTR_CIPHER_SUPPORT={0x82, 0x18, "1b8e8964e19ef193b8d882bf5ec23a94e8d0e7f962bf1fc455245a23af55d77b3d53733a8f990c234362dacf907f675228f99a6e600840528069f4555de50190d5111041611edc84a5bab2c855c7c698c327e7ff5a76b193148fb5ecb14ed4f1e946c4472b0ea33a53deb5e8e91e7025da559d4d77b05ed7504f90e4b981"}]}, 0x18c}, 0x1, 0x0, 0x0, 0x8840}, 0x20040000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop11\x00', 0x511080, 0x0) r7 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) 2.167749853s ago: executing program 3 (id=26): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(r0, &(0x7f0000000000)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a4, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x3, 0xfff, 0x9b72, 0xffffffffffffffff, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_ipvs(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x8, 0x5c, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x0, 0x4, 0x6, 0x800000000eb1, 0xfffffffffffffffa, 0x8001) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, &(0x7f0000000540)={0xfff, &(0x7f0000000180)}) rseq$auto(0x0, 0x80000002, 0x8, 0xfd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7fff) 1.989067892s ago: executing program 0 (id=27): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) acct$auto(&(0x7f00000000c0)='/dev/input/event1\x00') madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x100480, 0x0) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x4, 0xdf, 0x80000000000eb1, 0x3, 0x0) sysfs$auto(0x2, 0x4, 0x0) r1 = socket(0xa, 0x5, 0x0) getsockopt$auto(r1, 0x84, 0x12, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socket(0x2c, 0x3, 0x0) bind$auto(r2, &(0x7f0000000080)=@xdp={0x2c, 0xc, 0x0, 0x1c}, 0x6b) setsockopt$auto_SO_BROADCAST(r2, 0x5, 0x6, 0x0, 0x74) socket(0x25, 0x6, 0x4b3) socket(0x18, 0x3, 0x2) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) fcntl$auto(0x0, 0x408, 0x100000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x400, 0x80007f8) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) ioctl$auto_TIOCGICOUNT2(r0, 0x545d, &(0x7f0000000680)) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.352852337s ago: executing program 2 (id=28): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x5, 0x2, 0x3ab5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000d40)='/sys/devices/pci0000:00/0000:00:00.0/driver_override\x00', 0x4a401, 0x0) write$auto(0x3, 0x0, 0x100085) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x511080, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5dcd4f56d60000000000f4fcc35fce000000000000000000", @ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18804) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/crash_elfcorehdr_size\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/116, 0x74) socket(0x29, 0x2, 0x0) ioctl$auto(0x3, 0x89e0, 0xfffffffffffff4e0) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(r0, 0x8, 0x0) 1.070302227s ago: executing program 2 (id=29): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) r1 = socket(0xa, 0x2, 0x0) setsockopt$auto(r1, 0x29, 0x12, 0x0, 0x56b) fsconfig$auto_EROFS_MOUNT_DAX_NEVER(r1, 0x9, &(0x7f0000000180)=']),:^}^(}]\x00', &(0x7f00000001c0)="2627b959948e64921bf846e03d033ac34853306601b3b33867ba338b0023f460359f66b9fc2133d6cd09fcae4a1d5ca185972da8a8829acf2eaaf8d445854038959d3d47851991b34bd1e79fb8602759e52c6daa7723cb7d45b359c42a22db64f3ccacb33b92e762b1ca02313f045e872ade1b18f849177d066018535856d9e435f00f387f09fcc53d16d3c572aa83ce7df22cc9e4771e0f7883ef281e363f940bc637bdd6b5705a77454ec1f9fcee2060c5beef4d99558aa4d8c4d1f499a4e624c84f9a368d0c6d1eafca5532410695a11d742a23b8df43487b262d", 0x80) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000140)={0x0, 0xfffd}, 0x9) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) timer_create$auto_CLOCK_TAI(0xb, 0x0, &(0x7f0000000040)=0x1) read$auto_proc_timers_operations_base(0xffffffffffffffff, &(0x7f00000006c0)=""/1, 0x1) 244.728496ms ago: executing program 1 (id=30): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r0, 0x5, r0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x62, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TCSBRK2(r1, 0x5409, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r3, 0x4068aea3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000f4631104cf7613538c899adb1c2a4cbae37647a7c7d294d8544a4a21ed5eb9f1509acd8afa3f69584964c76e81713971c54374af351bf4e188a5e7790a0018fc0baed3fec514a1736063ec6b30a5189db72237907f0f4507000000ecb210d4d2dfb96c6b8f7cddde10636c02f71d16275a7781361e2e7f1d4e20b83363ad403d29c490193ee6caa03bf391ff5ffadca7734c5e74a96efc8d2f07b03522f14cedd9f9d79491579cb6dd752e260890d7e28f3e68247c724cc924fb85e00fb939caf1ec1c22c9db80a8aa308930e5e47f23981b482ba02fa8", @ANYRES16=0x0, @ANYBLOB="f9af2ceb1ab9d7c881605a5ab7446f0e0f11da4efa56390b28131d2d58fd57cc6dad0f5c07d601e9f13f2245af0547e3746b6952d24f13ade0b5f14aef3a4478073bd8872ca5f612b2199a6647dd2414fa"], 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x2) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x01\x00\x00\x00\x01\x00\xb6', 0x7f) timer_create$auto(0x803, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/saved_tgids\x00', 0x109100, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sem\x00', 0x80401, 0x0) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000340), 0x7111}, 0x8) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) preadv2$auto(r4, &(0x7f00000000c0)={0x0, 0x80000000009}, 0x6, 0xffffffffffffffff, 0x4, 0x200) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) unshare$auto(0x4000000000000f29) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz7\x00', 0x48f41, 0x0) ioctl$auto(0x3, 0x402c542d, r5) write$auto(0x3, 0x0, 0xfffffdef) 100.194255ms ago: executing program 0 (id=31): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0x16, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x200000001000000, 0xfffff7fffffffff7, 0x3ee) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x11, 0x2, 0x0) socket(0x29, 0x2, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/net/kcm_stats\x00', 0x8282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000180)=""/8, 0x8) bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xe4, 0x9b72, 0x2, 0x400) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8003, 0x2) mprotect$auto(0x0, 0x806121, 0x7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/urbnum\x00', 0xa0420, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/15, 0xf) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sg0\x00', 0x4100, 0x0) r3 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x5, 0x40, 0x9, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x80000002, 0x9, 0x4, 0xb2, 0x9, 0x0, 0xfffd, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x100000, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1, 0x6, 0x4, 0x0, 0x0, 0x3, 0x6, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x0, 0x10, 0x40000000000000, 0x6, 0x0, 0xfffffffffffffffc, 0x4, 0x8000000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2000000ffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x0, 0x4, 0x0, 0x1, 0x0, 0x5]}, 0x2000202, 0x2000000d) setsockopt$auto(0x400000000000003, 0x29, 0x33, 0x0, 0x20056b) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) msgctl$auto_IPC_INFO(0xf5, 0x3, &(0x7f0000000080)={{0x4, 0x0, 0xee00, 0x4, 0x7ff, 0xac}, &(0x7f0000000000)=0x7, &(0x7f0000000040)=0x89, 0xffff, 0x9, 0x9, 0x10, 0x4, 0x72b9, 0x8, 0x5, @inferred=r0, @inferred=r0}) stat$auto(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x7, 0xffffffff, 0x4, 0x9, 0xee01, r5, 0x0, 0x401, 0x9, 0xfb1, 0x7838, 0x100000000, 0x3, 0x9, 0x73, 0x8, 0x4}) setresuid$auto(0x9, 0x0, r4) kill$auto(0xffffffffffffffff, 0x2) 0s ago: executing program 2 (id=32): r0 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r0, 0x5, 0x0, 0x0, 0x0) ioctl$auto_XFS_IOC_FREESP(r0, 0x4030580b, &(0x7f0000000040)={0x5, 0x7fff, 0x9, 0x703, 0x1, 0xffffffffffffffff}) shmctl$auto(0x8, 0xff, &(0x7f00000011c0)={{0xd9, 0x0, 0xee01, 0x6, 0x800, 0x5, 0xfffa}, 0x90000000, 0x0, 0x3, 0x6, @inferred=r1, @inferred=0xffffffffffffffff, 0x3, 0x0, 0x0, &(0x7f00000001c0)="6f05eea8ee4ce0036557360d7102e2c5111f93c5f4a7a81ae9e9897a234986a635dc88f4b9716da8048e0ac48d3b6ff4b7784c2a1795ce458374dbf55bbb81eec15e4d0f58db42e095c7bd31efeb90acf0879ea6aa654fe657039558bdbf0ee9ee91ac12d3deed9352c4a53d130921e550f078347ef75bcbd05344e63299de6645c851c6767df5641511312bf3c93eae89a1311d601f7adcc6014e753bd52eb3047b183758c90f603d8455d4ef579b92543637c25cbbfb1abe357e1525737e2eaade43a125139fc3aae41ab3dadcaa99d34cffbf14563d7f08bbdcbca299520dabee8e492561cec98815405885670288256fbe2395b6d80a323538ceddb5b4c5d73a7f837e0af4d62b379c394f9c91c97489017cf3ff947927342ffa50178c233a668ec7aecb5d42651950630ad4b0fda8bfe8fda22a95bff27f6f3635ddfccd5c90cd11e8216dab6913fb5c9c815aa96f7a6e3c092145f55faa1491f0dcc5a3767f23b80674b1f63ce07f6de416fb60c4bac2044552bba9f25ce6aec8808e4637a9349bb9dedc523ff692a1f3a743387696c0a69170babe8751c5413ace902729e4a0bba469b0dcbf190336ac81c3f10fc15d008e6885a52c485525c04330b490ef4411b967f2a5d2d714367bb6f9a502f97f345d42cdbfeb5ad836e6e6fcd357d231f7139fd5f965441a02db67a5746a340b3a7024a7ad6fbde0325689b207b50942d5577fe928a8fdc2c9a256a0d1274ac34a2b7d048644263d04fe5c7f5e76884117e98c0a215b7738187fb452be0ccde7c7a1323339a4b52f7bba499fb3ad682f0b633e57c72d4dc93bbcb9386c69acaf8716b99a8a2e73b53f957801caae5e225c89e924ab4d96b78594d3a1d6c30a441860af8e9be0c65ba3b66abc313d4caf7b76b2fbbf38fd2173e9387546bf84d44b30882460c61bebed5d74950497c3a51982d3514f854482b52dcb7a81aec88a4b21f44f08e05572c0f5ba6bb282bcd331df7cfbd76ad285692fe12981a40924c3091533c3f916be46d0591d3e6e53bff5b253a6e2d01c85cc002594857489ef92178d7c9cfbb4ba56d80a1ba9f0826c64038084e531c591d08af11b063deccc9f91539aa85d2713e73d21854aaf6bebe95ecb41af6b5fd917e0a9f653aa7548556e260c13dc3834dab1d1c1fdad9a160c296ffbbb4fe40db5e2bdd2c5236b8bc5c23c4889fd661ca7f1717f10a7e8302d920b8fc6c1caad04db26417554b0da165c1d624ce07d91089d20f7dc3d51d2f3e3bdf1f4b430296577676864f0254952a60b71ed3ea7345651e606d1d78c95bc6c9e338e73c178886fb71d057e0500af3ac8c8b0fa99d67291f26ef100d28091bfd3ea8ce960c256d7f11b2f6c45c018839a25ee3351804ee9be27602bd9a4dea2e66772b98bb8b1ee139293d52ffa50656c112e33965ebf9a904cbe6a144494fbc86a3bb5feeb66d89cfb2a6b4e83fbcc8826b12d86ea5113bba6abf682fe850683f96d7f715e8e9e36c787432e9f492b2b8b2d094495c0fddd7c4d25db6d5bf443207257f73a0f4256462c32b8d48731d11d6a793017633e95c487cf6540e344ab64f187bf30befe9142a75a6a335bab9792d4ecffceab605a84b7fe95c8c3a3673ebec4189510bcefde03a92519742517f796a9e4abe4ae171b15cc2031ac90fed39f3a08e2f10f8a536f7e8614ac750728610228010d007082cc63a16289985f741547b11f6b4533c931fc44eae1404e6ecb52440379c19422587b1cc036cb7f595dec54c56a865e04e6e5ff24d466c6462d8ea4791526831829567b487d23b7bc9673b64b8c8a1511fb86f56066884bd14a9127bfe120434e7de63e7f6377c8609083b3f019323d3c4bb51b45079b3946f284"}) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b5b", 0xfdef) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.80' (ED25519) to the list of known hosts. [ 72.427346][ T5811] cgroup: Unknown subsys name 'net' [ 72.537099][ T5811] cgroup: Unknown subsys name 'cpuset' [ 72.545707][ T5811] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.954322][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.752775][ T5825] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.760668][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.779861][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.793471][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.793471][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.794633][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.801083][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.826023][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.834177][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.842485][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.850638][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.852046][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.858608][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.866194][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.873244][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.880307][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.886770][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.893650][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.902159][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.924159][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.363104][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 76.479191][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 76.491670][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 76.626472][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 76.637477][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.645091][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.652317][ T5822] bridge_slave_0: entered allmulticast mode [ 76.659622][ T5822] bridge_slave_0: entered promiscuous mode [ 76.695987][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.703121][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.711195][ T5822] bridge_slave_1: entered allmulticast mode [ 76.718931][ T5822] bridge_slave_1: entered promiscuous mode [ 76.801150][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.808338][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.815861][ T5823] bridge_slave_0: entered allmulticast mode [ 76.822796][ T5823] bridge_slave_0: entered promiscuous mode [ 76.842297][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.857141][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.864496][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.871580][ T5823] bridge_slave_1: entered allmulticast mode [ 76.878736][ T5823] bridge_slave_1: entered promiscuous mode [ 76.885768][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.892879][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.900420][ T5824] bridge_slave_0: entered allmulticast mode [ 76.908246][ T5824] bridge_slave_0: entered promiscuous mode [ 76.917594][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.946662][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.953809][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.960972][ T5824] bridge_slave_1: entered allmulticast mode [ 76.967979][ T5824] bridge_slave_1: entered promiscuous mode [ 77.024296][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.031425][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.039605][ T5830] bridge_slave_0: entered allmulticast mode [ 77.046788][ T5830] bridge_slave_0: entered promiscuous mode [ 77.056949][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.078265][ T5822] team0: Port device team_slave_0 added [ 77.086634][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.099440][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.109145][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.116599][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.123692][ T5830] bridge_slave_1: entered allmulticast mode [ 77.131094][ T5830] bridge_slave_1: entered promiscuous mode [ 77.139906][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.159680][ T5822] team0: Port device team_slave_1 added [ 77.221695][ T5823] team0: Port device team_slave_0 added [ 77.239107][ T5824] team0: Port device team_slave_0 added [ 77.247175][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.258192][ T5823] team0: Port device team_slave_1 added [ 77.264731][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.271657][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.298041][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.317006][ T5824] team0: Port device team_slave_1 added [ 77.324938][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.343855][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.351000][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.376919][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.425908][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.432865][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.459150][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.493472][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.500508][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.526748][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.539096][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.549747][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.575682][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.595520][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.602474][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.629217][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.641826][ T5830] team0: Port device team_slave_0 added [ 77.675239][ T5830] team0: Port device team_slave_1 added [ 77.724996][ T5824] hsr_slave_0: entered promiscuous mode [ 77.731268][ T5824] hsr_slave_1: entered promiscuous mode [ 77.743480][ T5822] hsr_slave_0: entered promiscuous mode [ 77.749718][ T5822] hsr_slave_1: entered promiscuous mode [ 77.756148][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 77.761903][ T5822] Cannot create hsr debugfs directory [ 77.777874][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.785136][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.811315][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.823757][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.830898][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.856851][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.913164][ T5823] hsr_slave_0: entered promiscuous mode [ 77.920127][ T5823] hsr_slave_1: entered promiscuous mode [ 77.926283][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 77.932004][ T5823] Cannot create hsr debugfs directory [ 77.944814][ T5831] Bluetooth: hci2: command tx timeout [ 77.950434][ T5831] Bluetooth: hci3: command tx timeout [ 78.024215][ T51] Bluetooth: hci1: command tx timeout [ 78.029848][ T5831] Bluetooth: hci0: command tx timeout [ 78.063419][ T5830] hsr_slave_0: entered promiscuous mode [ 78.069648][ T5830] hsr_slave_1: entered promiscuous mode [ 78.075927][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 78.081650][ T5830] Cannot create hsr debugfs directory [ 78.427375][ T5824] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.438995][ T5824] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.449042][ T5824] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.467755][ T5824] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.527770][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 78.545190][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 78.555487][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 78.566160][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 78.649180][ T5823] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.684033][ T5823] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.715142][ T5823] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.725257][ T5823] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 78.788650][ T5830] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.806696][ T5830] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.818765][ T5830] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.828586][ T5830] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.856620][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.907499][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.941719][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.964901][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.977352][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.984612][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.010161][ T1342] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.017335][ T1342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.047113][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.054257][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.065039][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.072131][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.152872][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.247136][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.271387][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.301651][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.312433][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.319609][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.345665][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.352793][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.395320][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.402470][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.428617][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.435792][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.620146][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.662436][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.791666][ T5822] veth0_vlan: entered promiscuous mode [ 79.845090][ T5822] veth1_vlan: entered promiscuous mode [ 79.865671][ T5824] veth0_vlan: entered promiscuous mode [ 79.923216][ T5824] veth1_vlan: entered promiscuous mode [ 79.957775][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.976165][ T5822] veth0_macvtap: entered promiscuous mode [ 79.996098][ T5824] veth0_macvtap: entered promiscuous mode [ 80.009507][ T5822] veth1_macvtap: entered promiscuous mode [ 80.025744][ T5831] Bluetooth: hci3: command tx timeout [ 80.031146][ T5831] Bluetooth: hci2: command tx timeout [ 80.037976][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.045605][ T5824] veth1_macvtap: entered promiscuous mode [ 80.067535][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.089700][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.105044][ T51] Bluetooth: hci1: command tx timeout [ 80.110519][ T5831] Bluetooth: hci0: command tx timeout [ 80.131960][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.156951][ T750] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.174073][ T750] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.183313][ T5830] veth0_vlan: entered promiscuous mode [ 80.195942][ T750] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.205116][ T750] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.218749][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.240368][ T750] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.261550][ T5830] veth1_vlan: entered promiscuous mode [ 80.275510][ T750] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.284974][ T750] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.295282][ T5823] veth0_vlan: entered promiscuous mode [ 80.321178][ T750] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.375772][ T5823] veth1_vlan: entered promiscuous mode [ 80.417592][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.419704][ T5830] veth0_macvtap: entered promiscuous mode [ 80.432938][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.464377][ T5830] veth1_macvtap: entered promiscuous mode [ 80.514213][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.533029][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.541945][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.542358][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.563212][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.606319][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.627806][ T5823] veth0_macvtap: entered promiscuous mode [ 80.641921][ T1132] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.657171][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 80.689755][ T5823] veth1_macvtap: entered promiscuous mode [ 80.694904][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.697850][ T1132] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.703312][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.747629][ T1132] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.764962][ T1132] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.819756][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.872095][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.919026][ T1132] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.961414][ T1132] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.977794][ T1132] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.050203][ T1132] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.103563][ T1132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.103586][ T1132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.186055][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.186077][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.261402][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.261426][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.349106][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.349130][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.969700][ T5926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4'. [ 81.979223][ T5926] Zero length message leads to an empty skb [ 82.104383][ T5831] Bluetooth: hci2: command tx timeout [ 82.109888][ T51] Bluetooth: hci3: command tx timeout [ 82.184047][ T5831] Bluetooth: hci0: command tx timeout [ 82.189502][ T5831] Bluetooth: hci1: command tx timeout [ 82.747790][ T5946] random: crng reseeded on system resumption [ 83.777534][ T5949] netlink: 'syz.3.8': attribute type 2 has an invalid length. [ 83.804609][ T5964] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11'. [ 83.926636][ T5966] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 84.082809][ T5970] FAULT_INJECTION: forcing a failure. [ 84.082809][ T5970] name failslab, interval 1, probability 0, space 0, times 1 [ 84.102890][ T5970] CPU: 0 UID: 0 PID: 5970 Comm: syz.1.13 Not tainted syzkaller #0 PREEMPT(full) [ 84.102928][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 84.102951][ T5970] Call Trace: [ 84.102960][ T5970] [ 84.102970][ T5970] dump_stack_lvl+0x100/0x190 [ 84.103022][ T5970] should_fail_ex.cold+0x5/0xa [ 84.103056][ T5970] should_failslab+0xc2/0x120 [ 84.103087][ T5970] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 84.103130][ T5970] ? fcntl_setlk+0xaa/0xe40 [ 84.103160][ T5970] ? __lock_acquire+0x4a5/0x2630 [ 84.103203][ T5970] fcntl_setlk+0xaa/0xe40 [ 84.103237][ T5970] ? __pfx_fcntl_setlk+0x10/0x10 [ 84.103272][ T5970] ? find_held_lock+0x2b/0x80 [ 84.103298][ T5970] ? __might_fault+0xc5/0x140 [ 84.103344][ T5970] ? __might_fault+0xc5/0x140 [ 84.103399][ T5970] do_fcntl+0xf39/0x1670 [ 84.103437][ T5970] ? __pfx_do_fcntl+0x10/0x10 [ 84.103476][ T5970] ? __x64_sys_futex+0x34f/0x4d0 [ 84.103512][ T5970] ? __x64_sys_futex+0x358/0x4d0 [ 84.103552][ T5970] ? xfd_validate_state+0x129/0x190 [ 84.103591][ T5970] ? tomoyo_file_fcntl+0x6c/0xc0 [ 84.103622][ T5970] __x64_sys_fcntl+0x163/0x200 [ 84.103663][ T5970] do_syscall_64+0x106/0xf80 [ 84.103691][ T5970] ? clear_bhb_loop+0x40/0x90 [ 84.103725][ T5970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.103754][ T5970] RIP: 0033:0x7fb1d659c819 [ 84.103778][ T5970] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.103804][ T5970] RSP: 002b:00007fb1d47f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 84.103831][ T5970] RAX: ffffffffffffffda RBX: 00007fb1d6815fa0 RCX: 00007fb1d659c819 [ 84.103849][ T5970] RDX: 0000000000000004 RSI: 0000000000000026 RDI: 0000000000000004 [ 84.103868][ T5970] RBP: 00007fb1d6632c91 R08: 0000000000000000 R09: 0000000000000000 [ 84.103883][ T5970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.103897][ T5970] R13: 00007fb1d6816038 R14: 00007fb1d6815fa0 R15: 00007ffe3d3d81d8 [ 84.103929][ T5970] [ 84.496429][ T5831] Bluetooth: hci2: command tx timeout [ 84.501864][ T5831] Bluetooth: hci3: command tx timeout [ 84.508426][ T5831] Bluetooth: hci1: command tx timeout [ 84.513979][ T5831] Bluetooth: hci0: command tx timeout [ 84.880607][ T5977] netlink: 28 bytes leftover after parsing attributes in process `syz.2.14'. [ 86.121004][ T5999] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.483132][ T5996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18'. [ 86.676542][ T24] cfg80211: failed to load regulatory.db [ 86.684287][ T6012] binder: 6003:6012 ioctl 4018620d 9 returned -22 [ 89.949497][ T6065] ================================================================== [ 89.949517][ T6065] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 89.949568][ T6065] Write of size 8 at addr ffffc90003f3b800 by task syz.2.32/6065 [ 89.949591][ T6065] [ 89.949604][ T6065] CPU: 1 UID: 0 PID: 6065 Comm: syz.2.32 Not tainted syzkaller #0 PREEMPT(full) [ 89.949636][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 89.949652][ T6065] Call Trace: [ 89.949661][ T6065] [ 89.949671][ T6065] dump_stack_lvl+0x100/0x190 [ 89.949713][ T6065] print_report+0x156/0x4c9 [ 89.949750][ T6065] ? _raw_spin_lock_irqsave+0x52/0x60 [ 89.949792][ T6065] ? __virt_addr_valid+0x81/0x620 [ 89.949829][ T6065] ? sys_imageblit+0x19fb/0x1d60 [ 89.949869][ T6065] kasan_report+0xdf/0x1e0 [ 89.949906][ T6065] ? sys_imageblit+0x19fb/0x1d60 [ 89.949952][ T6065] sys_imageblit+0x19fb/0x1d60 [ 89.950046][ T6065] ? __pfx_sys_imageblit+0x10/0x10 [ 89.950091][ T6065] ? prb_read_valid+0x78/0xa0 [ 89.950143][ T6065] ? __pfx_prb_read_valid+0x10/0x10 [ 89.950183][ T6065] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 89.950219][ T6065] soft_cursor+0x524/0xa10 [ 89.950256][ T6065] ? fb_get_color_depth+0x120/0x250 [ 89.950290][ T6065] bit_cursor+0xe58/0x16f0 [ 89.950328][ T6065] ? __pfx_bit_cursor+0x10/0x10 [ 89.950362][ T6065] ? __lock_acquire+0x4a5/0x2630 [ 89.950401][ T6065] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 89.950430][ T6065] ? get_color+0x1da/0x450 [ 89.950459][ T6065] ? __pfx_bit_cursor+0x10/0x10 [ 89.950492][ T6065] fbcon_cursor+0x43c/0x5e0 [ 89.950522][ T6065] ? add_softcursor+0x1d0/0x290 [ 89.950560][ T6065] set_cursor+0x1db/0x250 [ 89.950595][ T6065] con_write+0x89/0xb0 [ 89.950620][ T6065] n_tty_write+0x44f/0x12d0 [ 89.950658][ T6065] ? __pfx_n_tty_write+0x10/0x10 [ 89.950689][ T6065] ? trace_kmalloc+0x101/0x130 [ 89.950718][ T6065] ? __pfx_woken_wake_function+0x10/0x10 [ 89.950760][ T6065] ? rcu_is_watching+0x12/0xc0 [ 89.950801][ T6065] ? file_tty_write.isra.0+0x694/0x890 [ 89.950843][ T6065] ? kfree+0x2ec/0x6b0 [ 89.950878][ T6065] ? __pfx_n_tty_write+0x10/0x10 [ 89.950906][ T6065] file_tty_write.isra.0+0x4d2/0x890 [ 89.950953][ T6065] redirected_tty_write+0xd4/0x120 [ 89.950996][ T6065] vfs_write+0x6ac/0x1070 [ 89.951023][ T6065] ? __pfx_redirected_tty_write+0x10/0x10 [ 89.951067][ T6065] ? __pfx_vfs_write+0x10/0x10 [ 89.951092][ T6065] ? find_held_lock+0x2b/0x80 [ 89.951134][ T6065] ksys_write+0x12a/0x250 [ 89.951160][ T6065] ? __pfx_ksys_write+0x10/0x10 [ 89.951191][ T6065] do_syscall_64+0x106/0xf80 [ 89.951219][ T6065] ? clear_bhb_loop+0x40/0x90 [ 89.951250][ T6065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.951278][ T6065] RIP: 0033:0x7f818cb9c819 [ 89.951300][ T6065] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.951326][ T6065] RSP: 002b:00007f818db29028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 89.951352][ T6065] RAX: ffffffffffffffda RBX: 00007f818ce15fa0 RCX: 00007f818cb9c819 [ 89.951371][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 89.951387][ T6065] RBP: 00007f818cc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 89.951404][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.951420][ T6065] R13: 00007f818ce16038 R14: 00007f818ce15fa0 R15: 00007ffc8a8b7e58 [ 89.951448][ T6065] [ 89.951457][ T6065] [ 89.951464][ T6065] The buggy address belongs to a 3-page vmalloc region starting at 0xffffc90003f39000 allocated at n_tty_open+0x1a/0x170 [ 89.951513][ T6065] The buggy address belongs to the physical page: [ 89.951532][ T6065] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888033976e80 pfn:0x33976 [ 89.951562][ T6065] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 89.951602][ T6065] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 89.951631][ T6065] raw: ffff888033976e80 0000000000000000 00000001ffffffff 0000000000000000 [ 89.951646][ T6065] page dumped because: kasan: bad access detected [ 89.951665][ T6065] page_owner tracks the page as allocated [ 89.951673][ T6065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6061, tgid 6058 (syz.1.30), ts 89746580489, free_ts 89746524370 [ 89.951725][ T6065] post_alloc_hook+0x153/0x170 [ 89.951763][ T6065] get_page_from_freelist+0x111d/0x3140 [ 89.951802][ T6065] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 89.951842][ T6065] alloc_pages_bulk_noprof+0x782/0x1490 [ 89.951893][ T6065] alloc_pages_bulk_mempolicy_noprof+0x255/0x1270 [ 89.951930][ T6065] __vmalloc_node_range_noprof+0x54b/0x1530 [ 89.951965][ T6065] __vmalloc_node_noprof+0xad/0xf0 [ 89.951997][ T6065] n_tty_open+0x1a/0x170 [ 89.952023][ T6065] tty_ldisc_open+0xa2/0x120 [ 89.952057][ T6065] tty_ldisc_setup+0x40/0xf0 [ 89.952093][ T6065] tty_init_dev.part.0+0x1b5/0x470 [ 89.952118][ T6065] tty_open+0xa63/0xfa0 [ 89.952148][ T6065] chrdev_open+0x234/0x6a0 [ 89.952175][ T6065] do_dentry_open+0x6d8/0x1660 [ 89.952200][ T6065] vfs_open+0x82/0x3f0 [ 89.952230][ T6065] path_openat+0x208c/0x31a0 [ 89.952257][ T6065] page last free pid 6061 tgid 6058 stack trace: [ 89.952271][ T6065] __free_frozen_pages+0x7e1/0x10d0 [ 89.952304][ T6065] __kasan_populate_vmalloc+0x1ea/0x210 [ 89.952343][ T6065] alloc_vmap_area+0x95d/0x2bd0 [ 89.952369][ T6065] __get_vm_area_node+0x1ca/0x330 [ 89.952399][ T6065] __vmalloc_node_range_noprof+0x213/0x1530 [ 89.952432][ T6065] __vmalloc_node_noprof+0xad/0xf0 [ 89.952463][ T6065] n_tty_open+0x1a/0x170 [ 89.952489][ T6065] tty_ldisc_open+0xa2/0x120 [ 89.952524][ T6065] tty_ldisc_setup+0x40/0xf0 [ 89.952559][ T6065] tty_init_dev.part.0+0x1b5/0x470 [ 89.952584][ T6065] tty_open+0xa63/0xfa0 [ 89.952606][ T6065] chrdev_open+0x234/0x6a0 [ 89.952632][ T6065] do_dentry_open+0x6d8/0x1660 [ 89.952657][ T6065] vfs_open+0x82/0x3f0 [ 89.952688][ T6065] path_openat+0x208c/0x31a0 [ 89.952713][ T6065] do_file_open+0x20e/0x430 [ 89.952740][ T6065] [ 89.952746][ T6065] Memory state around the buggy address: [ 89.952759][ T6065] ffffc90003f3b700: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 89.952778][ T6065] ffffc90003f3b780: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 89.952797][ T6065] >ffffc90003f3b800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 89.952811][ T6065] ^ [ 89.952825][ T6065] ffffc90003f3b880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 89.952843][ T6065] ffffc90003f3b900: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 89.952858][ T6065] ================================================================== [ 89.952873][ T6065] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 89.952889][ T6065] CPU: 1 UID: 0 PID: 6065 Comm: syz.2.32 Not tainted syzkaller #0 PREEMPT(full) [ 89.952922][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 89.952938][ T6065] Call Trace: [ 89.952947][ T6065] [ 89.952957][ T6065] dump_stack_lvl+0x100/0x190 [ 89.952997][ T6065] vpanic+0x552/0x970 [ 89.953024][ T6065] ? __pfx_vpanic+0x10/0x10 [ 89.953050][ T6065] ? __pfx_vprintk_emit+0x10/0x10 [ 89.953081][ T6065] ? sys_imageblit+0x19fb/0x1d60 [ 89.953122][ T6065] panic+0xd1/0xe0 [ 89.953155][ T6065] ? __pfx_panic+0x10/0x10 [ 89.953184][ T6065] ? sys_imageblit+0x19fb/0x1d60 [ 89.953229][ T6065] check_panic_on_warn.cold+0x19/0x34 [ 89.953259][ T6065] end_report.part.0+0x3a/0x90 [ 89.953297][ T6065] kasan_report.cold+0xe/0x18 [ 89.953335][ T6065] ? sys_imageblit+0x19fb/0x1d60 [ 89.953380][ T6065] sys_imageblit+0x19fb/0x1d60 [ 89.953426][ T6065] ? __pfx_sys_imageblit+0x10/0x10 [ 89.953469][ T6065] ? prb_read_valid+0x78/0xa0 [ 89.953506][ T6065] ? __pfx_prb_read_valid+0x10/0x10 [ 89.953545][ T6065] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 89.953578][ T6065] soft_cursor+0x524/0xa10 [ 89.953617][ T6065] ? fb_get_color_depth+0x120/0x250 [ 89.953651][ T6065] bit_cursor+0xe58/0x16f0 [ 89.953689][ T6065] ? __pfx_bit_cursor+0x10/0x10 [ 89.953724][ T6065] ? __lock_acquire+0x4a5/0x2630 [ 89.953763][ T6065] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 89.953793][ T6065] ? get_color+0x1da/0x450 [ 89.953822][ T6065] ? __pfx_bit_cursor+0x10/0x10 [ 89.953855][ T6065] fbcon_cursor+0x43c/0x5e0 [ 89.953888][ T6065] ? add_softcursor+0x1d0/0x290 [ 89.953926][ T6065] set_cursor+0x1db/0x250 [ 89.953964][ T6065] con_write+0x89/0xb0 [ 89.953990][ T6065] n_tty_write+0x44f/0x12d0 [ 89.954029][ T6065] ? __pfx_n_tty_write+0x10/0x10 [ 89.954061][ T6065] ? trace_kmalloc+0x101/0x130 [ 89.954091][ T6065] ? __pfx_woken_wake_function+0x10/0x10 [ 89.954136][ T6065] ? rcu_is_watching+0x12/0xc0 [ 89.954179][ T6065] ? file_tty_write.isra.0+0x694/0x890 [ 89.954203][ T6065] ? kfree+0x2ec/0x6b0 [ 89.954221][ T6065] ? __pfx_n_tty_write+0x10/0x10 [ 89.954238][ T6065] file_tty_write.isra.0+0x4d2/0x890 [ 89.954263][ T6065] redirected_tty_write+0xd4/0x120 [ 89.954284][ T6065] vfs_write+0x6ac/0x1070 [ 89.954298][ T6065] ? __pfx_redirected_tty_write+0x10/0x10 [ 89.954321][ T6065] ? __pfx_vfs_write+0x10/0x10 [ 89.954334][ T6065] ? find_held_lock+0x2b/0x80 [ 89.954352][ T6065] ksys_write+0x12a/0x250 [ 89.954365][ T6065] ? __pfx_ksys_write+0x10/0x10 [ 89.954381][ T6065] do_syscall_64+0x106/0xf80 [ 89.954395][ T6065] ? clear_bhb_loop+0x40/0x90 [ 89.954412][ T6065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.954427][ T6065] RIP: 0033:0x7f818cb9c819 [ 89.954439][ T6065] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.954452][ T6065] RSP: 002b:00007f818db29028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 89.954467][ T6065] RAX: ffffffffffffffda RBX: 00007f818ce15fa0 RCX: 00007f818cb9c819 [ 89.954476][ T6065] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 89.954485][ T6065] RBP: 00007f818cc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 89.954494][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.954503][ T6065] R13: 00007f818ce16038 R14: 00007f818ce15fa0 R15: 00007ffc8a8b7e58 [ 89.954517][ T6065] [ 89.954652][ T6065] Kernel Offset: disabled