Extracting prog: 1h50m37.873559951s Minimizing prog: 9m32.668884954s Simplifying prog options: 0s Extracting C: 38.83037686s Simplifying C: 11m55.368695556s extracting reproducer from 24 programs testing a last program of every proc single: executing 4 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$auto-mmap$auto-mmap$auto-madvise$auto-unshare$auto-syz_genetlink_get_family_id$auto_l2tp-mbind$auto-madvise$auto-syz_genetlink_get_family_id$auto_nfsd-socket-mmap$auto-mmap$auto-mmap$auto-socket-connect$auto-ioprio_set$auto-socketpair$auto-openat$auto_configfs_file_operations_configfs_internal-ioctl$sock_SIOCGIFINDEX-syz_clone-futex$auto-mbind$auto-madvise$auto-mmap$auto-madvise$auto-mbind$auto-clone$auto-close_range$auto-openat$auto_tty_fops_tty_io-openat$auto_nvmf_dev_fops_fabrics detailed listing: executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-socket-openat$auto_configfs_file_operations_configfs_internal-sendmsg$auto_NFSD_CMD_THREADS_SET-mmap$auto-syz_clone-socket-sendmsg$auto_NL80211_CMD_GET_REG detailed listing: executing program 0: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_fail_nth_operations_base-mmap$auto-socket-openat$auto_configfs_file_operations_configfs_internal-sendmsg$auto_NFSD_CMD_THREADS_SET-mmap$auto-socket-sendmsg$auto_NL80211_CMD_GET_REG detailed listing: executing program 0: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_proc_fail_nth_operations_base-close_range$auto-socket-openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-socket-sendmsg$auto_NL80211_CMD_GET_REG-openat$auto_ppp_device_fops_ppp_generic-ioctl$auto_PPPIOCSMRU-syz_open_procfs$namespace-recvmmsg$auto-writev$auto detailed listing: executing program 0: mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001580)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/byte_queue_limits/limit_max\x00', 0x2001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x3) program did not crash single: failed to extract reproducer bisect: bisecting 24 programs with base timeout 30s testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [28, 40, 30, 28, 18, 17, 28, 30, 18, 2, 26, 28, 17, 30, 17, 12, 30, 11, 13, 4, 8, 9, 28, 30] detailed listing: executing program 0: openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) mmap$auto(0x100000, 0x2b1, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0x5, 0x9b72, 0x2, 0x6) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x9, 0xfffffffd}, 0x1}, 0x5, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x1, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xc834, 0xfffffffffffffffa, 0x8000) pwrite64$auto(0xffffffffffffffff, 0x0, 0xb, 0x8000) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/ieee80211/phy0/hwsim/ps\x00', 0x100, 0x0) ioctl$auto(0x3, 0x80108907, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d1, 0x1, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0xfffffdef) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000280), r1) sendmsg$auto_IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000800) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r2, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r2, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x4}, @NL802154_ATTR_COORDINATOR={0x8, 0x1e, 0x0, 0x1, [@generic="25d3500a"]}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8804}, 0x4000040) prctl$auto_SECCOMP_MODE_STRICT(0x3, 0x1, 0x0, 0x9, 0x1) executing program 0: mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x90001, 0x0) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="010026bd7000fddbdf2507"], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000800) (async) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="010026bd7000fddbdf2507"], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000800) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) (async) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) (async) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) (async) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) (async) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) (async) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) executing program 0: unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = clone3$auto(&(0x7f0000000180)={0x2000000000100d, 0x7, 0x1, 0x200000000010000, 0xe11b, 0x8000000000000000, 0x9a1, 0x2, 0x12006, 0x1ff, 0x5185}, 0xfffffffffffffa81) prctl$auto(0x3e, 0x1, r1, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x123002, 0x0) ioctl$auto_SNDCTL_DSP_GETBLKSIZE(r2, 0xc0045004, &(0x7f0000000000)) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r3 = open(0x0, 0x261c2, 0x84) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b4a, 0x8, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r5, r4, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x67f, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x80000001}, 0x2) bpf$auto(0x1, &(0x7f0000000380)=@raw_tracepoint={0x5, r3, 0x0, 0x6}, 0xc) madvise$auto(0xfffffffffffffffe, 0x240007, 0x17) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) executing program 0: mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/vivid.0/video4linux/video60/power/autosuspend_delay_ms\x00', 0x200, 0x0) write$auto(r0, &(0x7f0000000000)='\'\x00', 0xdbd8) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/114, 0x72) sendmmsg$auto(r0, &(0x7f0000000380)={{&(0x7f0000000040), 0x848, 0x0, 0x0, 0x0, 0x3, 0x10b}, 0x800009}, 0x1, 0x20020800) close_range$auto(0x2, 0x8, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sg0\x00', 0x20000, 0x0) r1 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000740), 0x101001, 0x0) writev$auto(r1, &(0x7f0000000100)={0x0, 0x100000000007111}, 0x8) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000b00), 0x40042, 0x0) fadvise64$auto_POSIX_FADV_RANDOM(r2, 0x81, 0x8, 0x1) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) madvise$auto(0xff, 0x5, 0x17) r3 = openat$auto_fops_x64_ro_(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy10/netdev:wlan0/stations/08:02:11:00:00:01/driver_buffered_tids\x00', 0x12180, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/usbip-vudc.0/udc/usbip-vudc.0/current_speed\x00', 0x181040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000200)=""/206, 0xce) read$auto_fops_x64_ro_(r3, &(0x7f0000000200)=""/208, 0xd0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/timer\x00', 0x28102, 0x0) read$auto_proc_reg_file_ops_compat_inode(r5, &(0x7f0000001880)=""/4101, 0x1005) prctl$auto(0x3a, 0x1, 0x4, 0x2, 0xa) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x26, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) statmount$auto(&(0x7f0000000000)={0x1f, @raw, 0x80000007, 0x1ff, 0x8000000000000000}, 0x0, 0x2, 0x0) landlock_restrict_self$auto(0xffffffffffffffff, 0x4) executing program 2: r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) (async) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) (async, rerun: 64) close_range$auto(0x2, 0x8000, 0x0) (rerun: 64) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/cifsFYI\x00', 0x40c01, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = set_tid_address$auto(&(0x7f0000000140)=0xfffffffd) bpf$auto_BPF_LINK_DETACH(0x22, &(0x7f0000000180)=@task_fd_query={r2, r1, 0x6, 0x7f, 0x5, 0x3, r0, 0x4, 0x9}, 0xfffffff7) (async) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$auto(r1, 0xaea2, 0xffffffffffffffff) (async) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) (async) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000005c0)={'veth0_to_bridge\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r7, 0xffffffffffffffff, 0x9c, 0x1, 0x1, @relative_fd, 0x5}, 0x96) (async) ioctl$auto(0x3, 0xc048ae65, r0) fsconfig$auto_FSCONFIG_SET_PATH_EMPTY(r5, 0x4, &(0x7f0000000040)='-\x00', &(0x7f0000000080)="bb1e5ad3004d7a1741511d14ed5d2109f2e5e15b4cdf19389ee29c11e0b0cad5b9ce99e745e9de1cf27753e9c55abf243911da2301c76d123d3616645fa789f25da24cef55ddc98fc465451629ee59fe8c67a85e9a8442efe5e2760d7c0ed6ed9d282e7cd3d97c56c786286654171d5155de27a2066080540d9249e75c5fec5dd6225193d313d3c8efb61fce6606bec2b8b53eb20a56c195dfdeb2d5d119bec7c9cd01cc16ffc1ff59f532f4309717723a21b8a199a696484a", 0x2b4) executing program 2: openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) mmap$auto(0x7, 0x400008, 0xdf, 0x91, 0x7, 0x800008000) socket(0xa, 0x3, 0x3a) ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) write$auto(0xca, 0x0, 0x3) lseek$auto(0xffffffffffffffff, 0x9, 0x0) getdents$auto(0xffffffffffffffff, 0x0, 0x62d4) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x2, 0x0) executing program 2: openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) mmap$auto(0x100000, 0x2b1, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0x5, 0x9b72, 0x2, 0x6) r1 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x9, 0xfffffffd}, 0x1}, 0x5, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x1, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xc834, 0xfffffffffffffffa, 0x8000) pwrite64$auto(0xffffffffffffffff, 0x0, 0xb, 0x8000) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/ieee80211/phy0/hwsim/ps\x00', 0x100, 0x0) ioctl$auto(0x3, 0x80108907, 0x38) setsockopt$auto(0x3, 0x6, 0x3, 0x0, 0xd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d1, 0x1, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0xfffffdef) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000280), r1) sendmsg$auto_IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000800) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r2, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800) sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r2, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x4}, @NL802154_ATTR_COORDINATOR={0x8, 0x1e, 0x0, 0x1, [@generic="25d3500a"]}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8804}, 0x4000040) prctl$auto_SECCOMP_MODE_STRICT(0x3, 0x1, 0x0, 0x9, 0x1) executing program 3: mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0x2003f0, 0x1015) (async) madvise$auto(0x0, 0x200007, 0x19) (async) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) socket(0x11, 0x800, 0x7) (async) r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) socketpair$auto(0x3, 0xd, 0x8dc2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) bpf$auto_BPF_TOKEN_CREATE(0x24, &(0x7f00000002c0)=@info={r0, 0xd, 0x139}, 0x3) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) (async) pivot_root$auto(0x0, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0x2000040080000000, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) connect$auto(0x3, 0x0, 0x10) (async) unshare$auto(0x40000080) (async) r1 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0) lseek$auto(r1, 0x0, 0x2) (async) readv$auto(r1, 0x0, 0x1) getsockopt$auto(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000040)='/dev/cec27\x00', 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) executing program 0: statmount$auto(&(0x7f0000000040)={0x1f, @raw, 0x80000027, 0xf5ff, 0x8}, 0x0, 0x208, 0x0) r0 = open(0x0, 0x161342, 0x130) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages\x00', 0x40200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/65, 0x41) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_adj\x00', 0x600000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48101, 0x0) write$auto(r3, &(0x7f0000000100)='/surit\x8b\xafR\xf2y/integrity?iqa/policy\x00\xa2\xf4\x92_\xe8\xaeD\xca/ \xe5\xed`\xa4\xb5b\xff\x8c\xcf8\x00\xd5s\xb36\"\'\xb0\x84k\x98\xd7\xca\x06O\xd8Y\x15{W\f=XM\xb7\xf4\xca\xdf\x8fe\xe2\x91>`D{\x9e\xfe\x92\x9f|#5P\x8b\xdd\xd2/\b\xb5g\x18\xed\xaa \x9fs\xe0\x04\x84\x04\x02\x89\x84%d\xc1@\x91W\xf8\xf65\xa8\x1d\xde\alUZ\xab\x17\xba\xf8\x02\x12\x94\xdc\xcb\xc3\x06\x82\xc8G4>J\x83\xd3^\x8d', 0x2000000000c5) capset$auto(&(0x7f0000000040)={0x19980330}, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/tty/ttyt4/power/autosuspend_delay_ms\x00', 0x242602, 0x0) write$auto(0x3, 0x0, 0xffd8) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) executing program 1: r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000000), 0x80200, 0x0) ioctl$auto_LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) executing program 3: mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) r1 = socket(0xa, 0x801, 0x84) lsm_list_modules$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x1, 0x3f, 0x0, 0xb) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c) listen$auto(0x3, 0x81) r2 = socket(0x10, 0x80002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x7, 0x0) timerfd_settime$auto(r2, 0x0, 0x0, &(0x7f0000000080)={{0x1cf, 0x4}, {0x8, 0x9}}) accept$auto(0x3, 0x0, 0x0) read$auto(r0, 0x0, 0x80000000) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) sendmsg$auto_IPVS_CMD_SET_SERVICE(0xffffffffffffffff, 0x0, 0x40812) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec\x00', 0x189302, 0x0) r4 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r4, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r4, &(0x7f0000000240)="f85bcccc7952bf07004d40d5c48811724495d8b6c192512193c94bcb225ac16aa711c65ea1c1404692799b280660c2058309ead870c47ae0fe1a427fda17651eee63af615a93bf1cd60a4bf9cea1da1e7d25c63b85b626f63e7905d4159ecc3a37c13d68a9c3a190f69c42cd7a70d73ab607d63bbdc7a043d240c6370000000000000000009a58a5bbf50c2cb2e57199e19959894b446bea9aca58a7134c08000000eb59359bd247deda3851d3cf3b2d0442498ef5bb3d423732d59c51371e4fbc6bd2fbd411e750e21c9a9dd48cdf6a542ffba2050cce6acf42fe28f60ca259cfda4709160000000000000000000000000000007590e3ba50954664fff84b88edf994ead5845b2d2604675718abe0f42b9b359565e3cd81c4e1e453bdfde4fed953b57548f894d377174c5ad943f899a6c2e5efca7033da71bb8c34108926d9cfd78f6180a5757eedce2633a4609f77d71e9b2447bc4531f11765e6723d850599908552e96bc38b170e6ceaf075cc8e4a7702e7d91faecf35a5c8bf91b564dada26751f6631a87053978324a3cffc8ad8495a5b8e4231a2323c4042ecd7a1b86780f2ec2079ea3387a39c4233", 0x1ad) writev$auto(r3, &(0x7f0000000200)={0x0, 0x9}, 0x5) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) executing program 1: mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(r0, 0x0, 0x1) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtd0ro\x00', 0x28082, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/ram3/queue/iostats_passthrough\x00', 0x28ce81, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) mmap$auto(0x0, 0x40009, 0xde, 0x9b72, 0x7, 0x28000) write$auto(r1, 0x0, 0xfffffdef) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x4329d0f5, 0xffffffffffffffff, 0x8003) r3 = openat$auto_dfs_sched_itmt_fops_itmt(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/debug/netdevsim/netdevsim4/ports/2/bpf_tc_non_bound_accept\x00', 0x100, 0x0) mmap$auto(0x657, 0x2020009, 0x3, 0xebd, r3, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x1e2b42, 0x0) mmap$auto(0x0, 0x1, 0x9, 0xeb1, 0xfffffffffffffffa, 0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/lapb2/statistics/rx_compressed\x00', 0x8000, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clockevents/clockevent0/unbind_device\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000180)='{', 0x1) close_range$auto(0x2, 0x8, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002dbd7000fbdbdf25010000000800010021100000040007800c0002000100000000000000249fbb47bb9a8cb0f6947572c350dea295ab39a4dff58df70121f646d348796d9ff88c93329093483b7868ac958ba44fae700c87b82c7e4e989e4d787772d596a5c64846c0bb082f7e2745f1735521ab5c9b4efade52418ddb66c6986627fa83db471ab97e4aa29ba6909c7b6293ef58d3caf802ebd505e8241593b22523912c579122644c87bcc043d7143a14f2e3ff662353c635b34d63fee989ccf7686d51491492521d4a05b160f175a113269e8c771b7adabf8e0881a5a5f864430ef7e763498f64"], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) executing program 3: mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r0 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000580)='/proc/thread-self/net/raw6\x00', 0x500, 0x0) pread64$auto(r1, 0x0, 0x206, 0x14a) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r2, @ANYBLOB="02002cbd7000fbdbdf250e00000006728f0807939c9dc5bb6a9416b435d11cb41cee97ce64c93adfbccb251a966a3106ae656ec576352c12c05c37a212a0cad1a1b92ff448efa1f19d6c3fa25387701233698d08000078b0f59d5cace4d4c94371e7750b664b2279eaa1c3f2a390e9dbdb1ae8043c6c4a721688b9a46dccff4e70284d0444be32d62f40ba07b9156efe5849d75889091cc644fe9e58e763a0cfee805059a41f1e1e039f111ea73fa676788a19662b531fae00b8e2b450a73f27afdb26f02a1730c3b046f2bc44b178cbc7b46811ba886d51b9a669ab15885d52df3cd1aa123cca465273c6a9e1af5d962180a8dd4f36e4f8be6418ed08b344cd4f6743c5a820496845db6774d98f076e289e685812010cb58237431c7f1ccd13d9fc974064aade896ee465dc8523e38968589f7ad8236707c83ead6457553ce6a6808272cffd2e9a5ebba3c18d592bca977883cfcb5a1c7a3443639c15b275d9a182211aab937c2f5d556220f7c4ef56cffdc50d13016523b7ffff9e690ffb39a837e34ae13d1d7aacb4492a7e85cfd0e2a783a91ca09e8c4213caef7b4ce744f10f12eb8a1f3ac53924ca2e07efd9de5f97715b205aa7f6f1b1b82abcd10411d586e10c8bcb28a5a97488fc6919a14ebffea500"], 0xb0}, 0x1, 0x0, 0x0, 0xc014}, 0x20000000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) read$auto(0x4, 0x0, 0xfdef) sendto$auto(0xffffffffffffffff, &(0x7f0000000480)="77d3b9af53414919a6575cb84c0a540b62e3fd11ad276ae8158132506c239ac66298de8b171fe6644b05425d2adf8fd13fea87d6bfe9fbf761a70d75c12cc333d3c3188d27599bc26f1941b3c669791b87c8dbf69416940790395ceeb9fcde1a79b2d6560367e6532f0996cb10bc9c69b81823f3cf609a1877c6e2302eb91882569b67f59dfb15f4cf02eca9cac0ec", 0xf88, 0x0, &(0x7f00000000c0)=@vsock, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x6a) executing program 3: r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram11\x00', 0x14fe02, 0x0) mmap$auto(0x5, 0x810004, 0x4, 0x14, r0, 0x2000000000000002) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) dup3$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x3b09137d) close_range$auto(r0, 0xa, 0x4) ioctl$auto_BLKPG2(0xffffffffffffffff, 0x1269, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) r2 = socket(0x22, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x80044943, 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xfc\x04\x00\x00)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) executing program 2: openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) mmap$auto(0x7, 0x400008, 0xdf, 0x91, 0x7, 0x800008000) socket(0xa, 0x3, 0x3a) ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x1) lseek$auto(r0, 0x9, 0x0) getdents$auto(r0, 0x0, 0x62d4) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x2, 0x0) executing program 1: mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535"}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x10001, 0x1, 0x9, 0xc4, 0x8, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x6, 0x0, 0xa0, 0x5, 0x2, 0x9, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb78, 0x100000000, 0x3, 0x7, 0x7fffffffffffffff, 0x1, 0xd, 0x3, 0x71, 0x0, 0x8, 0x2, 0x3, 0xffffffffffffffbb, 0x2d7, 0x1, 0x1, 0x6, 0x2, 0x800000000, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0x9, 0x3ff, 0x8, 0x7, 0xffff, 0x50ce0883, 0x3d9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x7, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x2, 0x6, 0x1, 0x3, 0x3, 0xfffffffffffff16a, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x6, 0x4, 0x2, 0x3, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x14b, 0x2, 0x45f3, 0x0, 0x0, 0x4, 0x0, 0x8001, 0x0, 0x1, 0x7, 0xcf4, 0x1, 0x3, 0x0, 0x4, 0x6, 0x6, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x8, 0x9, 0xfffffffffffffffb, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x0, 0x1, 0x9, 0x210001, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x3], {0x9, 0x3, 0x6, 0x0, 0x4, 0x895, 0x3fdc, 0x6, 0x5}, {0x2, 0x1d11, 0x54ed, 0x0, 0x101, 0xff, 0xc63, 0xa, 0xb}}) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="000329bd7000fedbdf250900000008000c000100008008000300", @ANYRES32, @ANYBLOB="08002c000001000008001d"], 0x3c}, 0x1, 0x0, 0x0, 0x20000828}, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) (async) socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x3}, 0x3ef3}, 0x3, 0x0) executing program 1: r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = clone3$auto(&(0x7f0000000040)={0x80000000, 0x400, 0x9, 0x2, 0x200, 0x9, 0x8000000000000000, 0x9, 0x9, 0x7f, 0x800}, 0x1abf9b6f) fcntl$auto_F_SETOWN(r0, 0x8, r1) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='\x00', 0x5) (async, rerun: 64) fsconfig$auto_SHMEM_HUGE_DENY(r0, 0x100, &(0x7f0000000100)='!)&\x00', &(0x7f0000000140)="73fe481b69e1d37a05e415895b0ca79770b002ae42166880c1d25ef4447d2d9d73f7f6b6e433cdf90c56d4a916609aa0b1c6f873f79a3c3132f76c5ae08f8962b1e5f40c680bd73b4f1629427fd545f9f676cfe7e7a55a77a4afdc34bb2c1131469808d16e5fffc3253896cf2fdebb842b8c2e3f9d9e7b9cd4ce9ce76e9aeea7f4762718ceb49e0866e654e3fbf3b5df81867ffa15fd53207c53a427ea2f0cddc0ecf6c0a14c99beff6c0d5958f1fe167e065721c3d3", 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000200)="5e4a4893e6a9a413dc15c53ff4e4ef3cbe26d745469984df89477c17376f4825a843b7d902db1ac93db339f91311f38c26efa965a0898640484318beb5728b876b949af48a1ed44ba575dcd8ea0bfba09669da2f8660f91414358853be5d05122adc03241bfa8340e76831420c8f443eb4fa5784a935e66d69dff580b149286d8571aa6a5f8954ec662d05767d5b9f025844792ee99dd6f2589cf7dff1b99e03678bab0c454f25041cc5aaa69b", 0xad) bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)=@link_detach={0xffffffffffffffff}, 0x6) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000003c0), r4) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000400)={'pim6reg\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_SET(r4, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x78, r5, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@OVS_DP_ATTR_NAME={0x2a, 0x1, '/sys/kernel/debug/binder/transactions\x00'}, @OVS_DP_ATTR_NAME={0x8, 0x1, '!)&\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x4}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r6}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r1}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x7}]}, 0x78}, 0x1, 0x0, 0x0, 0x44000}, 0x20000004) (async) mmap$auto(0x9, 0xfffffffffffffffa, 0x80, 0x10, r4, 0x5) ioctl$auto_OTPGETREGIONINFO(r4, 0x400c4d0f, &(0x7f0000000540)={0x5, 0x80000000}) getpid() (async) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000005c0), r3) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x64, r7, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xffff}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xb}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x200}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x80000001}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x81}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x2299}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x810) (async) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000740), r3) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r8, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8051}, 0x0) (async, rerun: 32) ioctl$auto_VHOST_SET_FEATURES2(r4, 0x4008af00, &(0x7f0000000840)=0x7fffffff) (rerun: 32) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000880)='/dev/mtd0\x00', 0x2, 0x0) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8001}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4804}, 0x804) (rerun: 64) r9 = socketpair$auto(0x7f, 0x1800, 0x3ff, &(0x7f0000000a00)) sendmsg$auto_NL80211_CMD_DEL_STATION(r9, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x38, r8, 0xa02, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xfffb}, @NL80211_ATTR_HE_OBSS_PD={0xc, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x7f}]}, @NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x6}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1fa7}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x44890) (async) sysfs$auto(0xff, 0x101, 0x9) (async) write$auto_drm_connector_fops_drm_debugfs(r4, &(0x7f0000000b40)="089dabed6728a55fc347bb4500e4f8c935d71cba5f4f59f3", 0x18) (async) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000bc0), r9) sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r3, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, r10, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_DISABLE_HE={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8845}, 0x4000000) (async) getsockopt$auto_SO_BPF_EXTENSIONS(r0, 0x1000, 0x30, &(0x7f0000000cc0)='\x00', &(0x7f0000000d00)=0xd) (async, rerun: 32) sendmsg$auto_NCSI_CMD_PKG_INFO(r3, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x28, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x437}, @NCSI_ATTR_IFINDEX={0x8}, @NCSI_ATTR_MULTI_FLAG={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x8044) (rerun: 32) executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001580)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/byte_queue_limits/limit_max\x00', 0x2001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x3) executing program 1: r0 = socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000040)={0x2, 0x5, [0x1, 0x10000, 0xfffffffffffffff7, 0x2, 0x5c74, 0x10]}) sendto$auto(r0, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) executing program 1: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 2: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 3: unshare$auto(0x40000080) (async) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRESDEC=r0], 0x14}}, 0x24048004) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) (async) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) epoll_create$auto(0x2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state bisect: bisecting 24 programs bisect: split chunks (needed=false): <24> bisect: split chunk #0 of len 24 into 3 parts bisect: testing without sub-chunk 1/3 testing program (duration=34s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 2, 26, 28, 17, 30, 17, 12, 30, 11, 13, 4, 8, 9, 28, 30] detailed listing: executing program 0: statmount$auto(&(0x7f0000000040)={0x1f, @raw, 0x80000027, 0xf5ff, 0x8}, 0x0, 0x208, 0x0) r0 = open(0x0, 0x161342, 0x130) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages\x00', 0x40200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/65, 0x41) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_adj\x00', 0x600000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48101, 0x0) write$auto(r3, &(0x7f0000000100)='/surit\x8b\xafR\xf2y/integrity?iqa/policy\x00\xa2\xf4\x92_\xe8\xaeD\xca/ \xe5\xed`\xa4\xb5b\xff\x8c\xcf8\x00\xd5s\xb36\"\'\xb0\x84k\x98\xd7\xca\x06O\xd8Y\x15{W\f=XM\xb7\xf4\xca\xdf\x8fe\xe2\x91>`D{\x9e\xfe\x92\x9f|#5P\x8b\xdd\xd2/\b\xb5g\x18\xed\xaa \x9fs\xe0\x04\x84\x04\x02\x89\x84%d\xc1@\x91W\xf8\xf65\xa8\x1d\xde\alUZ\xab\x17\xba\xf8\x02\x12\x94\xdc\xcb\xc3\x06\x82\xc8G4>J\x83\xd3^\x8d', 0x2000000000c5) capset$auto(&(0x7f0000000040)={0x19980330}, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/tty/ttyt4/power/autosuspend_delay_ms\x00', 0x242602, 0x0) write$auto(0x3, 0x0, 0xffd8) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) executing program 1: r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000000), 0x80200, 0x0) ioctl$auto_LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) executing program 3: mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) r1 = socket(0xa, 0x801, 0x84) lsm_list_modules$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x1, 0x3f, 0x0, 0xb) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c) listen$auto(0x3, 0x81) r2 = socket(0x10, 0x80002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x7, 0x0) timerfd_settime$auto(r2, 0x0, 0x0, &(0x7f0000000080)={{0x1cf, 0x4}, {0x8, 0x9}}) accept$auto(0x3, 0x0, 0x0) read$auto(r0, 0x0, 0x80000000) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) sendmsg$auto_IPVS_CMD_SET_SERVICE(0xffffffffffffffff, 0x0, 0x40812) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec\x00', 0x189302, 0x0) r4 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r4, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r4, &(0x7f0000000240)="f85bcccc7952bf07004d40d5c48811724495d8b6c192512193c94bcb225ac16aa711c65ea1c1404692799b280660c2058309ead870c47ae0fe1a427fda17651eee63af615a93bf1cd60a4bf9cea1da1e7d25c63b85b626f63e7905d4159ecc3a37c13d68a9c3a190f69c42cd7a70d73ab607d63bbdc7a043d240c6370000000000000000009a58a5bbf50c2cb2e57199e19959894b446bea9aca58a7134c08000000eb59359bd247deda3851d3cf3b2d0442498ef5bb3d423732d59c51371e4fbc6bd2fbd411e750e21c9a9dd48cdf6a542ffba2050cce6acf42fe28f60ca259cfda4709160000000000000000000000000000007590e3ba50954664fff84b88edf994ead5845b2d2604675718abe0f42b9b359565e3cd81c4e1e453bdfde4fed953b57548f894d377174c5ad943f899a6c2e5efca7033da71bb8c34108926d9cfd78f6180a5757eedce2633a4609f77d71e9b2447bc4531f11765e6723d850599908552e96bc38b170e6ceaf075cc8e4a7702e7d91faecf35a5c8bf91b564dada26751f6631a87053978324a3cffc8ad8495a5b8e4231a2323c4042ecd7a1b86780f2ec2079ea3387a39c4233", 0x1ad) writev$auto(r3, &(0x7f0000000200)={0x0, 0x9}, 0x5) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace\x00', 0x1a6b75d638828712, 0x0) executing program 1: mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) write$auto(r0, 0x0, 0x1) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtd0ro\x00', 0x28082, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/ram3/queue/iostats_passthrough\x00', 0x28ce81, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) mmap$auto(0x0, 0x40009, 0xde, 0x9b72, 0x7, 0x28000) write$auto(r1, 0x0, 0xfffffdef) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x4329d0f5, 0xffffffffffffffff, 0x8003) r3 = openat$auto_dfs_sched_itmt_fops_itmt(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/debug/netdevsim/netdevsim4/ports/2/bpf_tc_non_bound_accept\x00', 0x100, 0x0) mmap$auto(0x657, 0x2020009, 0x3, 0xebd, r3, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x1e2b42, 0x0) mmap$auto(0x0, 0x1, 0x9, 0xeb1, 0xfffffffffffffffa, 0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/lapb2/statistics/rx_compressed\x00', 0x8000, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clockevents/clockevent0/unbind_device\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000180)='{', 0x1) close_range$auto(0x2, 0x8, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002dbd7000fbdbdf25010000000800010021100000040007800c0002000100000000000000249fbb47bb9a8cb0f6947572c350dea295ab39a4dff58df70121f646d348796d9ff88c93329093483b7868ac958ba44fae700c87b82c7e4e989e4d787772d596a5c64846c0bb082f7e2745f1735521ab5c9b4efade52418ddb66c6986627fa83db471ab97e4aa29ba6909c7b6293ef58d3caf802ebd505e8241593b22523912c579122644c87bcc043d7143a14f2e3ff662353c635b34d63fee989ccf7686d51491492521d4a05b160f175a113269e8c771b7adabf8e0881a5a5f864430ef7e763498f64"], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) executing program 3: mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r0 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000580)='/proc/thread-self/net/raw6\x00', 0x500, 0x0) pread64$auto(r1, 0x0, 0x206, 0x14a) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r2, @ANYBLOB="02002cbd7000fbdbdf250e00000006728f0807939c9dc5bb6a9416b435d11cb41cee97ce64c93adfbccb251a966a3106ae656ec576352c12c05c37a212a0cad1a1b92ff448efa1f19d6c3fa25387701233698d08000078b0f59d5cace4d4c94371e7750b664b2279eaa1c3f2a390e9dbdb1ae8043c6c4a721688b9a46dccff4e70284d0444be32d62f40ba07b9156efe5849d75889091cc644fe9e58e763a0cfee805059a41f1e1e039f111ea73fa676788a19662b531fae00b8e2b450a73f27afdb26f02a1730c3b046f2bc44b178cbc7b46811ba886d51b9a669ab15885d52df3cd1aa123cca465273c6a9e1af5d962180a8dd4f36e4f8be6418ed08b344cd4f6743c5a820496845db6774d98f076e289e685812010cb58237431c7f1ccd13d9fc974064aade896ee465dc8523e38968589f7ad8236707c83ead6457553ce6a6808272cffd2e9a5ebba3c18d592bca977883cfcb5a1c7a3443639c15b275d9a182211aab937c2f5d556220f7c4ef56cffdc50d13016523b7ffff9e690ffb39a837e34ae13d1d7aacb4492a7e85cfd0e2a783a91ca09e8c4213caef7b4ce744f10f12eb8a1f3ac53924ca2e07efd9de5f97715b205aa7f6f1b1b82abcd10411d586e10c8bcb28a5a97488fc6919a14ebffea500"], 0xb0}, 0x1, 0x0, 0x0, 0xc014}, 0x20000000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) read$auto(0x4, 0x0, 0xfdef) sendto$auto(0xffffffffffffffff, &(0x7f0000000480)="77d3b9af53414919a6575cb84c0a540b62e3fd11ad276ae8158132506c239ac66298de8b171fe6644b05425d2adf8fd13fea87d6bfe9fbf761a70d75c12cc333d3c3188d27599bc26f1941b3c669791b87c8dbf69416940790395ceeb9fcde1a79b2d6560367e6532f0996cb10bc9c69b81823f3cf609a1877c6e2302eb91882569b67f59dfb15f4cf02eca9cac0ec", 0xf88, 0x0, &(0x7f00000000c0)=@vsock, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@generic={0xa, "02d0ac0c00e435826339c7328903"}, 0x6a) executing program 3: r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram11\x00', 0x14fe02, 0x0) mmap$auto(0x5, 0x810004, 0x4, 0x14, r0, 0x2000000000000002) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) dup3$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x3b09137d) close_range$auto(r0, 0xa, 0x4) ioctl$auto_BLKPG2(0xffffffffffffffff, 0x1269, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) r2 = socket(0x22, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x80044943, 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, 0x0) mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xfc\x04\x00\x00)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) executing program 2: openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) mmap$auto(0x7, 0x400008, 0xdf, 0x91, 0x7, 0x800008000) socket(0xa, 0x3, 0x3a) ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x1) lseek$auto(r0, 0x9, 0x0) getdents$auto(r0, 0x0, 0x62d4) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x2, 0x0) executing program 1: mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535"}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x10001, 0x1, 0x9, 0xc4, 0x8, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x6, 0x0, 0xa0, 0x5, 0x2, 0x9, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb78, 0x100000000, 0x3, 0x7, 0x7fffffffffffffff, 0x1, 0xd, 0x3, 0x71, 0x0, 0x8, 0x2, 0x3, 0xffffffffffffffbb, 0x2d7, 0x1, 0x1, 0x6, 0x2, 0x800000000, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0x9, 0x3ff, 0x8, 0x7, 0xffff, 0x50ce0883, 0x3d9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x7, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x2, 0x6, 0x1, 0x3, 0x3, 0xfffffffffffff16a, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x6, 0x4, 0x2, 0x3, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x14b, 0x2, 0x45f3, 0x0, 0x0, 0x4, 0x0, 0x8001, 0x0, 0x1, 0x7, 0xcf4, 0x1, 0x3, 0x0, 0x4, 0x6, 0x6, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x8, 0x9, 0xfffffffffffffffb, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x0, 0x1, 0x9, 0x210001, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x3], {0x9, 0x3, 0x6, 0x0, 0x4, 0x895, 0x3fdc, 0x6, 0x5}, {0x2, 0x1d11, 0x54ed, 0x0, 0x101, 0xff, 0xc63, 0xa, 0xb}}) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="000329bd7000fedbdf250900000008000c000100008008000300", @ANYRES32, @ANYBLOB="08002c000001000008001d"], 0x3c}, 0x1, 0x0, 0x0, 0x20000828}, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) (async) socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x3}, 0x3ef3}, 0x3, 0x0) executing program 1: r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = clone3$auto(&(0x7f0000000040)={0x80000000, 0x400, 0x9, 0x2, 0x200, 0x9, 0x8000000000000000, 0x9, 0x9, 0x7f, 0x800}, 0x1abf9b6f) fcntl$auto_F_SETOWN(r0, 0x8, r1) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='\x00', 0x5) (async, rerun: 64) fsconfig$auto_SHMEM_HUGE_DENY(r0, 0x100, &(0x7f0000000100)='!)&\x00', &(0x7f0000000140)="73fe481b69e1d37a05e415895b0ca79770b002ae42166880c1d25ef4447d2d9d73f7f6b6e433cdf90c56d4a916609aa0b1c6f873f79a3c3132f76c5ae08f8962b1e5f40c680bd73b4f1629427fd545f9f676cfe7e7a55a77a4afdc34bb2c1131469808d16e5fffc3253896cf2fdebb842b8c2e3f9d9e7b9cd4ce9ce76e9aeea7f4762718ceb49e0866e654e3fbf3b5df81867ffa15fd53207c53a427ea2f0cddc0ecf6c0a14c99beff6c0d5958f1fe167e065721c3d3", 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000200)="5e4a4893e6a9a413dc15c53ff4e4ef3cbe26d745469984df89477c17376f4825a843b7d902db1ac93db339f91311f38c26efa965a0898640484318beb5728b876b949af48a1ed44ba575dcd8ea0bfba09669da2f8660f91414358853be5d05122adc03241bfa8340e76831420c8f443eb4fa5784a935e66d69dff580b149286d8571aa6a5f8954ec662d05767d5b9f025844792ee99dd6f2589cf7dff1b99e03678bab0c454f25041cc5aaa69b", 0xad) bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)=@link_detach={0xffffffffffffffff}, 0x6) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000003c0), r4) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000400)={'pim6reg\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_SET(r4, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x78, r5, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@OVS_DP_ATTR_NAME={0x2a, 0x1, '/sys/kernel/debug/binder/transactions\x00'}, @OVS_DP_ATTR_NAME={0x8, 0x1, '!)&\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x4}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r6}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r1}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x7}]}, 0x78}, 0x1, 0x0, 0x0, 0x44000}, 0x20000004) (async) mmap$auto(0x9, 0xfffffffffffffffa, 0x80, 0x10, r4, 0x5) ioctl$auto_OTPGETREGIONINFO(r4, 0x400c4d0f, &(0x7f0000000540)={0x5, 0x80000000}) getpid() (async) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000005c0), r3) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x64, r7, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xffff}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xb}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x200}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x80000001}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x81}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x2299}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x810) (async) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000740), r3) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r8, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8051}, 0x0) (async, rerun: 32) ioctl$auto_VHOST_SET_FEATURES2(r4, 0x4008af00, &(0x7f0000000840)=0x7fffffff) (rerun: 32) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000880)='/dev/mtd0\x00', 0x2, 0x0) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8001}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4804}, 0x804) (rerun: 64) r9 = socketpair$auto(0x7f, 0x1800, 0x3ff, &(0x7f0000000a00)) sendmsg$auto_NL80211_CMD_DEL_STATION(r9, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x38, r8, 0xa02, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xfffb}, @NL80211_ATTR_HE_OBSS_PD={0xc, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x7f}]}, @NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x6}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1fa7}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x44890) (async) sysfs$auto(0xff, 0x101, 0x9) (async) write$auto_drm_connector_fops_drm_debugfs(r4, &(0x7f0000000b40)="089dabed6728a55fc347bb4500e4f8c935d71cba5f4f59f3", 0x18) (async) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000bc0), r9) sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r3, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, r10, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_DISABLE_HE={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8845}, 0x4000000) (async) getsockopt$auto_SO_BPF_EXTENSIONS(r0, 0x1000, 0x30, &(0x7f0000000cc0)='\x00', &(0x7f0000000d00)=0xd) (async, rerun: 32) sendmsg$auto_NCSI_CMD_PKG_INFO(r3, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x28, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x437}, @NCSI_ATTR_IFINDEX={0x8}, @NCSI_ATTR_MULTI_FLAG={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x8044) (rerun: 32) executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001580)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/byte_queue_limits/limit_max\x00', 0x2001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x3) executing program 1: r0 = socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000040)={0x2, 0x5, [0x1, 0x10000, 0xfffffffffffffff7, 0x2, 0x5c74, 0x10]}) sendto$auto(r0, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) executing program 1: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 2: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 3: unshare$auto(0x40000080) (async) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRESDEC=r0], 0x14}}, 0x24048004) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) (async) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) epoll_create$auto(0x2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state bisect: the chunk can be dropped bisect: testing without sub-chunk 2/3 testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 11, 13, 4, 8, 9, 28, 30] detailed listing: executing program 1: r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = clone3$auto(&(0x7f0000000040)={0x80000000, 0x400, 0x9, 0x2, 0x200, 0x9, 0x8000000000000000, 0x9, 0x9, 0x7f, 0x800}, 0x1abf9b6f) fcntl$auto_F_SETOWN(r0, 0x8, r1) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='\x00', 0x5) (async, rerun: 64) fsconfig$auto_SHMEM_HUGE_DENY(r0, 0x100, &(0x7f0000000100)='!)&\x00', &(0x7f0000000140)="73fe481b69e1d37a05e415895b0ca79770b002ae42166880c1d25ef4447d2d9d73f7f6b6e433cdf90c56d4a916609aa0b1c6f873f79a3c3132f76c5ae08f8962b1e5f40c680bd73b4f1629427fd545f9f676cfe7e7a55a77a4afdc34bb2c1131469808d16e5fffc3253896cf2fdebb842b8c2e3f9d9e7b9cd4ce9ce76e9aeea7f4762718ceb49e0866e654e3fbf3b5df81867ffa15fd53207c53a427ea2f0cddc0ecf6c0a14c99beff6c0d5958f1fe167e065721c3d3", 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000200)="5e4a4893e6a9a413dc15c53ff4e4ef3cbe26d745469984df89477c17376f4825a843b7d902db1ac93db339f91311f38c26efa965a0898640484318beb5728b876b949af48a1ed44ba575dcd8ea0bfba09669da2f8660f91414358853be5d05122adc03241bfa8340e76831420c8f443eb4fa5784a935e66d69dff580b149286d8571aa6a5f8954ec662d05767d5b9f025844792ee99dd6f2589cf7dff1b99e03678bab0c454f25041cc5aaa69b", 0xad) bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)=@link_detach={0xffffffffffffffff}, 0x6) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000003c0), r4) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000400)={'pim6reg\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_SET(r4, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x78, r5, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@OVS_DP_ATTR_NAME={0x2a, 0x1, '/sys/kernel/debug/binder/transactions\x00'}, @OVS_DP_ATTR_NAME={0x8, 0x1, '!)&\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x4}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r6}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r1}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x7}]}, 0x78}, 0x1, 0x0, 0x0, 0x44000}, 0x20000004) (async) mmap$auto(0x9, 0xfffffffffffffffa, 0x80, 0x10, r4, 0x5) ioctl$auto_OTPGETREGIONINFO(r4, 0x400c4d0f, &(0x7f0000000540)={0x5, 0x80000000}) getpid() (async) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000005c0), r3) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x64, r7, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xffff}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xb}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x200}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x80000001}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x81}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x2299}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x810) (async) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000740), r3) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r8, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8051}, 0x0) (async, rerun: 32) ioctl$auto_VHOST_SET_FEATURES2(r4, 0x4008af00, &(0x7f0000000840)=0x7fffffff) (rerun: 32) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000880)='/dev/mtd0\x00', 0x2, 0x0) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8001}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4804}, 0x804) (rerun: 64) r9 = socketpair$auto(0x7f, 0x1800, 0x3ff, &(0x7f0000000a00)) sendmsg$auto_NL80211_CMD_DEL_STATION(r9, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x38, r8, 0xa02, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xfffb}, @NL80211_ATTR_HE_OBSS_PD={0xc, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x7f}]}, @NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x6}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1fa7}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x44890) (async) sysfs$auto(0xff, 0x101, 0x9) (async) write$auto_drm_connector_fops_drm_debugfs(r4, &(0x7f0000000b40)="089dabed6728a55fc347bb4500e4f8c935d71cba5f4f59f3", 0x18) (async) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000bc0), r9) sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r3, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, r10, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_DISABLE_HE={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8845}, 0x4000000) (async) getsockopt$auto_SO_BPF_EXTENSIONS(r0, 0x1000, 0x30, &(0x7f0000000cc0)='\x00', &(0x7f0000000d00)=0xd) (async, rerun: 32) sendmsg$auto_NCSI_CMD_PKG_INFO(r3, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x28, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x437}, @NCSI_ATTR_IFINDEX={0x8}, @NCSI_ATTR_MULTI_FLAG={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x8044) (rerun: 32) executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001580)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/byte_queue_limits/limit_max\x00', 0x2001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x3) executing program 1: r0 = socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000040)={0x2, 0x5, [0x1, 0x10000, 0xfffffffffffffff7, 0x2, 0x5c74, 0x10]}) sendto$auto(r0, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) executing program 1: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 2: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 3: unshare$auto(0x40000080) (async) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRESDEC=r0], 0x14}}, 0x24048004) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) (async) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) epoll_create$auto(0x2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state bisect: the chunk can be dropped bisect: testing without sub-chunk 3/3 bisect: split chunks (needed=true): <8> bisect: split chunk #0 of len 8 into 2 parts bisect: testing without sub-chunk 1/2 testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 9, 28, 30] detailed listing: executing program 1: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 2: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 3: unshare$auto(0x40000080) (async) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRESDEC=r0], 0x14}}, 0x24048004) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) (async) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) epoll_create$auto(0x2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program did not crash bisect: testing without sub-chunk 2/2 testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 11, 13, 4] detailed listing: executing program 1: r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = clone3$auto(&(0x7f0000000040)={0x80000000, 0x400, 0x9, 0x2, 0x200, 0x9, 0x8000000000000000, 0x9, 0x9, 0x7f, 0x800}, 0x1abf9b6f) fcntl$auto_F_SETOWN(r0, 0x8, r1) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='\x00', 0x5) (async, rerun: 64) fsconfig$auto_SHMEM_HUGE_DENY(r0, 0x100, &(0x7f0000000100)='!)&\x00', &(0x7f0000000140)="73fe481b69e1d37a05e415895b0ca79770b002ae42166880c1d25ef4447d2d9d73f7f6b6e433cdf90c56d4a916609aa0b1c6f873f79a3c3132f76c5ae08f8962b1e5f40c680bd73b4f1629427fd545f9f676cfe7e7a55a77a4afdc34bb2c1131469808d16e5fffc3253896cf2fdebb842b8c2e3f9d9e7b9cd4ce9ce76e9aeea7f4762718ceb49e0866e654e3fbf3b5df81867ffa15fd53207c53a427ea2f0cddc0ecf6c0a14c99beff6c0d5958f1fe167e065721c3d3", 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000200)="5e4a4893e6a9a413dc15c53ff4e4ef3cbe26d745469984df89477c17376f4825a843b7d902db1ac93db339f91311f38c26efa965a0898640484318beb5728b876b949af48a1ed44ba575dcd8ea0bfba09669da2f8660f91414358853be5d05122adc03241bfa8340e76831420c8f443eb4fa5784a935e66d69dff580b149286d8571aa6a5f8954ec662d05767d5b9f025844792ee99dd6f2589cf7dff1b99e03678bab0c454f25041cc5aaa69b", 0xad) bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)=@link_detach={0xffffffffffffffff}, 0x6) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000003c0), r4) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000400)={'pim6reg\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_SET(r4, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x78, r5, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@OVS_DP_ATTR_NAME={0x2a, 0x1, '/sys/kernel/debug/binder/transactions\x00'}, @OVS_DP_ATTR_NAME={0x8, 0x1, '!)&\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x4}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r6}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r1}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x7}]}, 0x78}, 0x1, 0x0, 0x0, 0x44000}, 0x20000004) (async) mmap$auto(0x9, 0xfffffffffffffffa, 0x80, 0x10, r4, 0x5) ioctl$auto_OTPGETREGIONINFO(r4, 0x400c4d0f, &(0x7f0000000540)={0x5, 0x80000000}) getpid() (async) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000005c0), r3) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x64, r7, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xffff}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xb}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x200}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x80000001}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x81}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x2299}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x810) (async) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000740), r3) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r8, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8051}, 0x0) (async, rerun: 32) ioctl$auto_VHOST_SET_FEATURES2(r4, 0x4008af00, &(0x7f0000000840)=0x7fffffff) (rerun: 32) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000880)='/dev/mtd0\x00', 0x2, 0x0) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8001}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4804}, 0x804) (rerun: 64) r9 = socketpair$auto(0x7f, 0x1800, 0x3ff, &(0x7f0000000a00)) sendmsg$auto_NL80211_CMD_DEL_STATION(r9, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x38, r8, 0xa02, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xfffb}, @NL80211_ATTR_HE_OBSS_PD={0xc, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x7f}]}, @NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x6}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1fa7}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x44890) (async) sysfs$auto(0xff, 0x101, 0x9) (async) write$auto_drm_connector_fops_drm_debugfs(r4, &(0x7f0000000b40)="089dabed6728a55fc347bb4500e4f8c935d71cba5f4f59f3", 0x18) (async) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000bc0), r9) sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r3, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, r10, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_DISABLE_HE={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8845}, 0x4000000) (async) getsockopt$auto_SO_BPF_EXTENSIONS(r0, 0x1000, 0x30, &(0x7f0000000cc0)='\x00', &(0x7f0000000d00)=0xd) (async, rerun: 32) sendmsg$auto_NCSI_CMD_PKG_INFO(r3, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x28, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x437}, @NCSI_ATTR_IFINDEX={0x8}, @NCSI_ATTR_MULTI_FLAG={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x8044) (rerun: 32) executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001580)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/byte_queue_limits/limit_max\x00', 0x2001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x3) executing program 1: r0 = socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000040)={0x2, 0x5, [0x1, 0x10000, 0xfffffffffffffff7, 0x2, 0x5c74, 0x10]}) sendto$auto(r0, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) program did not crash bisect: split chunks (needed=true): <4>, <4> bisect: split chunk #0 of len 4 into 2 parts bisect: testing without sub-chunk 1/2 testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 4, 8, 9, 28, 30] detailed listing: executing program 0: mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001580)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/net/wpan0/queues/tx-0/byte_queue_limits/limit_max\x00', 0x2001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time\x00') recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x3) executing program 1: r0 = socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000040)={0x2, 0x5, [0x1, 0x10000, 0xfffffffffffffff7, 0x2, 0x5c74, 0x10]}) sendto$auto(r0, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) executing program 1: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 2: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 3: unshare$auto(0x40000080) (async) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRESDEC=r0], 0x14}}, 0x24048004) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) (async) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) epoll_create$auto(0x2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program did not crash bisect: testing without sub-chunk 2/2 testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 11, 8, 9, 28, 30] detailed listing: executing program 1: r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = clone3$auto(&(0x7f0000000040)={0x80000000, 0x400, 0x9, 0x2, 0x200, 0x9, 0x8000000000000000, 0x9, 0x9, 0x7f, 0x800}, 0x1abf9b6f) fcntl$auto_F_SETOWN(r0, 0x8, r1) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='\x00', 0x5) (async, rerun: 64) fsconfig$auto_SHMEM_HUGE_DENY(r0, 0x100, &(0x7f0000000100)='!)&\x00', &(0x7f0000000140)="73fe481b69e1d37a05e415895b0ca79770b002ae42166880c1d25ef4447d2d9d73f7f6b6e433cdf90c56d4a916609aa0b1c6f873f79a3c3132f76c5ae08f8962b1e5f40c680bd73b4f1629427fd545f9f676cfe7e7a55a77a4afdc34bb2c1131469808d16e5fffc3253896cf2fdebb842b8c2e3f9d9e7b9cd4ce9ce76e9aeea7f4762718ceb49e0866e654e3fbf3b5df81867ffa15fd53207c53a427ea2f0cddc0ecf6c0a14c99beff6c0d5958f1fe167e065721c3d3", 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000200)="5e4a4893e6a9a413dc15c53ff4e4ef3cbe26d745469984df89477c17376f4825a843b7d902db1ac93db339f91311f38c26efa965a0898640484318beb5728b876b949af48a1ed44ba575dcd8ea0bfba09669da2f8660f91414358853be5d05122adc03241bfa8340e76831420c8f443eb4fa5784a935e66d69dff580b149286d8571aa6a5f8954ec662d05767d5b9f025844792ee99dd6f2589cf7dff1b99e03678bab0c454f25041cc5aaa69b", 0xad) bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)=@link_detach={0xffffffffffffffff}, 0x6) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000003c0), r4) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000400)={'pim6reg\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_SET(r4, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x78, r5, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@OVS_DP_ATTR_NAME={0x2a, 0x1, '/sys/kernel/debug/binder/transactions\x00'}, @OVS_DP_ATTR_NAME={0x8, 0x1, '!)&\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x4}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r6}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r1}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x7}]}, 0x78}, 0x1, 0x0, 0x0, 0x44000}, 0x20000004) (async) mmap$auto(0x9, 0xfffffffffffffffa, 0x80, 0x10, r4, 0x5) ioctl$auto_OTPGETREGIONINFO(r4, 0x400c4d0f, &(0x7f0000000540)={0x5, 0x80000000}) getpid() (async) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000005c0), r3) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x64, r7, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xffff}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xb}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x200}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x80000001}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x81}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x2299}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x810) (async) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000740), r3) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r8, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8051}, 0x0) (async, rerun: 32) ioctl$auto_VHOST_SET_FEATURES2(r4, 0x4008af00, &(0x7f0000000840)=0x7fffffff) (rerun: 32) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000880)='/dev/mtd0\x00', 0x2, 0x0) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8001}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4804}, 0x804) (rerun: 64) r9 = socketpair$auto(0x7f, 0x1800, 0x3ff, &(0x7f0000000a00)) sendmsg$auto_NL80211_CMD_DEL_STATION(r9, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x38, r8, 0xa02, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xfffb}, @NL80211_ATTR_HE_OBSS_PD={0xc, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x7f}]}, @NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x6}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1fa7}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x44890) (async) sysfs$auto(0xff, 0x101, 0x9) (async) write$auto_drm_connector_fops_drm_debugfs(r4, &(0x7f0000000b40)="089dabed6728a55fc347bb4500e4f8c935d71cba5f4f59f3", 0x18) (async) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000bc0), r9) sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r3, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, r10, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_DISABLE_HE={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8845}, 0x4000000) (async) getsockopt$auto_SO_BPF_EXTENSIONS(r0, 0x1000, 0x30, &(0x7f0000000cc0)='\x00', &(0x7f0000000d00)=0xd) (async, rerun: 32) sendmsg$auto_NCSI_CMD_PKG_INFO(r3, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x28, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x437}, @NCSI_ATTR_IFINDEX={0x8}, @NCSI_ATTR_MULTI_FLAG={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x8044) (rerun: 32) executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 1: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 2: openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x80003, 0xffff) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/members\x00', 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1a00"], 0x1ac}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) executing program 3: unshare$auto(0x40000080) (async) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRESDEC=r0], 0x14}}, 0x24048004) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) (async) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) epoll_create$auto(0x2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state bisect: the chunk can be dropped bisect: split chunk #1 of len 4 into 2 parts bisect: testing without sub-chunk 1/2 testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 11, 28, 30] detailed listing: executing program 1: r0 = openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = clone3$auto(&(0x7f0000000040)={0x80000000, 0x400, 0x9, 0x2, 0x200, 0x9, 0x8000000000000000, 0x9, 0x9, 0x7f, 0x800}, 0x1abf9b6f) fcntl$auto_F_SETOWN(r0, 0x8, r1) (async, rerun: 64) write$auto(r0, &(0x7f00000000c0)='\x00', 0x5) (async, rerun: 64) fsconfig$auto_SHMEM_HUGE_DENY(r0, 0x100, &(0x7f0000000100)='!)&\x00', &(0x7f0000000140)="73fe481b69e1d37a05e415895b0ca79770b002ae42166880c1d25ef4447d2d9d73f7f6b6e433cdf90c56d4a916609aa0b1c6f873f79a3c3132f76c5ae08f8962b1e5f40c680bd73b4f1629427fd545f9f676cfe7e7a55a77a4afdc34bb2c1131469808d16e5fffc3253896cf2fdebb842b8c2e3f9d9e7b9cd4ce9ce76e9aeea7f4762718ceb49e0866e654e3fbf3b5df81867ffa15fd53207c53a427ea2f0cddc0ecf6c0a14c99beff6c0d5958f1fe167e065721c3d3", 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000200)="5e4a4893e6a9a413dc15c53ff4e4ef3cbe26d745469984df89477c17376f4825a843b7d902db1ac93db339f91311f38c26efa965a0898640484318beb5728b876b949af48a1ed44ba575dcd8ea0bfba09669da2f8660f91414358853be5d05122adc03241bfa8340e76831420c8f443eb4fa5784a935e66d69dff580b149286d8571aa6a5f8954ec662d05767d5b9f025844792ee99dd6f2589cf7dff1b99e03678bab0c454f25041cc5aaa69b", 0xad) bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)=@link_detach={0xffffffffffffffff}, 0x6) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000003c0), r4) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000400)={'pim6reg\x00', 0x0}) sendmsg$auto_OVS_DP_CMD_SET(r4, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x78, r5, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@OVS_DP_ATTR_NAME={0x2a, 0x1, '/sys/kernel/debug/binder/transactions\x00'}, @OVS_DP_ATTR_NAME={0x8, 0x1, '!)&\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_NAME={0x5, 0x1, '\x00'}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x4}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r6}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, r1}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x7}]}, 0x78}, 0x1, 0x0, 0x0, 0x44000}, 0x20000004) (async) mmap$auto(0x9, 0xfffffffffffffffa, 0x80, 0x10, r4, 0x5) ioctl$auto_OTPGETREGIONINFO(r4, 0x400c4d0f, &(0x7f0000000540)={0x5, 0x80000000}) getpid() (async) r7 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000005c0), r3) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x64, r7, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0x3}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xffff}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0xb}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x200}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x80000001}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x7}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x81}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x2299}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x810) (async) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000740), r3) sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r8, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8051}, 0x0) (async, rerun: 32) ioctl$auto_VHOST_SET_FEATURES2(r4, 0x4008af00, &(0x7f0000000840)=0x7fffffff) (rerun: 32) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000880)='/dev/mtd0\x00', 0x2, 0x0) (async, rerun: 64) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x70, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8001}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4804}, 0x804) (rerun: 64) r9 = socketpair$auto(0x7f, 0x1800, 0x3ff, &(0x7f0000000a00)) sendmsg$auto_NL80211_CMD_DEL_STATION(r9, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x38, r8, 0xa02, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xfffb}, @NL80211_ATTR_HE_OBSS_PD={0xc, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x7f}]}, @NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x6}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1fa7}]}, 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x44890) (async) sysfs$auto(0xff, 0x101, 0x9) (async) write$auto_drm_connector_fops_drm_debugfs(r4, &(0x7f0000000b40)="089dabed6728a55fc347bb4500e4f8c935d71cba5f4f59f3", 0x18) (async) r10 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000bc0), r9) sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r3, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, r10, 0x10, 0x70bd2c, 0x25dfdbff, {}, [@NL80211_ATTR_DISABLE_HE={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8845}, 0x4000000) (async) getsockopt$auto_SO_BPF_EXTENSIONS(r0, 0x1000, 0x30, &(0x7f0000000cc0)='\x00', &(0x7f0000000d00)=0xd) (async, rerun: 32) sendmsg$auto_NCSI_CMD_PKG_INFO(r3, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x28, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@NCSI_ATTR_PACKAGE_ID={0x8, 0x3, 0x437}, @NCSI_ATTR_IFINDEX={0x8}, @NCSI_ATTR_MULTI_FLAG={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x8044) (rerun: 32) executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: unshare$auto(0x40000080) (async) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRESDEC=r0], 0x14}}, 0x24048004) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) (async) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) epoll_create$auto(0x2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state bisect: the chunk can be dropped bisect: testing without sub-chunk 2/2 bisect: no need to test this chunk, it's definitely needed bisect: split chunks (needed=true): <2>, <2> bisect: split chunk #0 of len 2 into 2 parts bisect: testing without sub-chunk 1/2 testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 28, 30] detailed listing: executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: unshare$auto(0x40000080) (async) openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) (async) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYRES8, @ANYRES64=0x0, @ANYRESDEC=r0], 0x14}}, 0x24048004) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r3, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) (async) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) epoll_create$auto(0x2) (async) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state bisect: the chunk can be dropped bisect: testing without sub-chunk 2/2 bisect: no need to test this chunk, it's definitely needed bisect: split chunk #1 of len 2 into 2 parts bisect: testing without sub-chunk 1/2 testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 30] detailed listing: executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state bisect: the chunk can be dropped bisect: testing without sub-chunk 2/2 bisect: no need to test this chunk, it's definitely needed bisect: split chunks (needed=true): <1>, <1> bisect: split chunk #0 of len 1 into 2 parts bisect: no way to further split the chunk bisect: split chunk #1 of len 1 into 2 parts bisect: no way to further split the chunk bisect: 2 programs left: executing program 2: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) bisect: trying to concatenate bisect: concatenate 2 entries minimizing program #0 before concatenation testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) read$auto(r0, &(0x7f0000000000)='/proc/self/maps\x00', 0x9) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program did not crash testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x8000000000000006, 0x22, 0x0, 0x7ffffc) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program did not crash testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: BUG: Bad rss-counter state testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) socket(0x2, 0x1, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [6, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) mkdir$auto(&(0x7f0000000280)='./cgroup.net/\f\x00\x00\x00\x00', 0xa3) ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program did not crash testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [6, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x181) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 30] detailed listing: executing program 0: open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 30] detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 3: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) program crashed: WARNING in __mmdrop minimized 11 calls -> 3 calls minimizing program #1 before concatenation testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 29] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 28] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) close_range$auto(0x2, 0x8, 0x0) program crashed: lost connection to test machine suppressed program crash: lost connection to test machine testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 28] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 27] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 26] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 25] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 24] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in futex_hash_put testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 23] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 22] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 21] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 20] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 19] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/config/nullb/features\x00', 0x109103, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 18] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 17] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) ioprio_set$auto(0x3, 0x0, 0x4b34) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 16] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) connect$auto(0x3, 0x0, 0x54) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 15] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x106) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 14] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0xa00009, 0x400002, 0x40eb1, 0x602, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 13] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 12] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 11] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 10] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in futex_unqueue testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 9] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) madvise$auto(0x0, 0x20499d, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 8] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) mbind$auto(0x8000000000000002, 0x100000004, 0x100000000, 0x0, 0x9, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 7] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 6] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) unshare$auto(0x40000080) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 5] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffff70005, 0x17) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 4] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: WARNING in __mmdrop testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 2] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: seccomp$auto(0x1, 0x3f, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 1] detailed listing: executing program 2: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) executing program 0: openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule minimized 30 calls -> 1 calls testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto-openat$auto_tty_fops_tty_io detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptya7\x00', 0x101e81, 0x0) program crashed: KASAN: slab-use-after-free Read in __schedule bisect: concatenation succeeded found reproducer with 4 syscalls minimizing guilty program testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) program crashed: KASAN: slab-use-after-free Read in __schedule testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) program crashed: KASAN: slab-use-after-free Read in mm_release testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal detailed listing: executing program 0: openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) program did not crash testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$auto_PROCMAP_QUERY detailed listing: executing program 0: ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) program did not crash testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) program did not crash testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program crashed: WARNING in __mmdrop simplifying C reproducer testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program did not crash testing compiled C program (duration=45s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program did not crash testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program crashed: KASAN: slab-use-after-free Read in futex_hash_put testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program crashed: KASAN: slab-use-after-free Read in futex_hash_put testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program crashed: kernel BUG in __mmput a never seen crash title: kernel BUG in __mmput, ignore testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program crashed: KASAN: slab-use-after-free Read in futex_hash_put testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program crashed: KASAN: slab-use-after-free Read in futex_unqueue testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY program crashed: KASAN: slab-use-after-free Read in futex_hash_put testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) program crashed: WARNING in __mmdrop validation run: crashed=true testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) program crashed: WARNING in __mmdrop validation run: crashed=true testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY detailed listing: executing program 0: r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) program crashed: WARNING in __mmdrop validation run: crashed=true reproducing took 2h18m14.034676642s repro crashed as (corrupted=false): ------------[ cut here ]------------ mm == current->mm WARNING: kernel/fork.c:720 at __mmdrop+0x5de/0x750 kernel/fork.c:720, CPU#0: syz.0.19/6013 Modules linked in: CPU: 0 UID: 0 PID: 6013 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 RIP: 0010:__mmdrop+0x5de/0x750 kernel/fork.c:720 Code: 00 90 0f 0b e8 93 ef 41 00 90 0f 0b 90 e9 e9 fa ff ff e8 85 ef 41 00 48 89 df e8 dd 44 a9 00 e9 c0 fb ff ff e8 73 ef 41 00 90 <0f> 0b 90 e9 85 fa ff ff e8 65 ef 41 00 90 0f 0b 90 e9 5f fb ff ff RSP: 0018:ffffc90003baf8f8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88807aa93d40 RCX: ffffffff81d3fa45 RDX: ffff888078f73d00 RSI: ffffffff81c45eed RDI: ffff888078f74298 RBP: ffffc90003baf990 R08: 0000000000000001 R09: ffffed100f5527a8 R10: ffff88807aa93d43 R11: 0000000000000000 R12: ffff888078f73d00 R13: ffff888032e75b80 R14: ffff888032e75b80 R15: ffff8880b843bbf0 FS: 00007f9eec7116c0(0000) GS:ffff8881245e2000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2fa63fff CR3: 000000007623e000 CR4: 00000000003526f0 Call Trace: mmdrop include/linux/sched/mm.h:55 [inline] mmdrop_sched include/linux/sched/mm.h:83 [inline] mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline] finish_task_switch.isra.0+0x76e/0xb70 kernel/sched/core.c:5143 context_switch kernel/sched/core.c:5263 [inline] __schedule+0xfee/0x5fa0 kernel/sched/core.c:6867 preempt_schedule_common+0x42/0xc0 kernel/sched/core.c:7051 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 class_preempt_destructor include/linux/preempt.h:468 [inline] try_to_wake_up+0x644/0x1a60 kernel/sched/core.c:4070 wake_up_process kernel/sched/core.c:4349 [inline] wake_up_q+0xa1/0x130 kernel/sched/core.c:1087 futex_wake+0x460/0x530 kernel/futex/waitwake.c:198 do_futex+0x32b/0x350 kernel/futex/syscalls.c:135 __do_sys_futex kernel/futex/syscalls.c:207 [inline] __se_sys_futex kernel/futex/syscalls.c:188 [inline] __x64_sys_futex+0x34f/0x4d0 kernel/futex/syscalls.c:188 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9eeb79af79 Code: Unable to access opcode bytes at 0x7f9eeb79af4f. RSP: 002b:00007f9eec7110e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007f9eeba15fa8 RCX: 00007f9eeb79af79 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9eeba15fac RBP: 00007f9eeba15fa0 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f9eeba16038 R14: 00007ffc9832d5e0 R15: 00007ffc9832d6c8 final repro crashed as (corrupted=false): ------------[ cut here ]------------ mm == current->mm WARNING: kernel/fork.c:720 at __mmdrop+0x5de/0x750 kernel/fork.c:720, CPU#0: syz.0.19/6013 Modules linked in: CPU: 0 UID: 0 PID: 6013 Comm: syz.0.19 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 RIP: 0010:__mmdrop+0x5de/0x750 kernel/fork.c:720 Code: 00 90 0f 0b e8 93 ef 41 00 90 0f 0b 90 e9 e9 fa ff ff e8 85 ef 41 00 48 89 df e8 dd 44 a9 00 e9 c0 fb ff ff e8 73 ef 41 00 90 <0f> 0b 90 e9 85 fa ff ff e8 65 ef 41 00 90 0f 0b 90 e9 5f fb ff ff RSP: 0018:ffffc90003baf8f8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88807aa93d40 RCX: ffffffff81d3fa45 RDX: ffff888078f73d00 RSI: ffffffff81c45eed RDI: ffff888078f74298 RBP: ffffc90003baf990 R08: 0000000000000001 R09: ffffed100f5527a8 R10: ffff88807aa93d43 R11: 0000000000000000 R12: ffff888078f73d00 R13: ffff888032e75b80 R14: ffff888032e75b80 R15: ffff8880b843bbf0 FS: 00007f9eec7116c0(0000) GS:ffff8881245e2000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2fa63fff CR3: 000000007623e000 CR4: 00000000003526f0 Call Trace: mmdrop include/linux/sched/mm.h:55 [inline] mmdrop_sched include/linux/sched/mm.h:83 [inline] mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline] finish_task_switch.isra.0+0x76e/0xb70 kernel/sched/core.c:5143 context_switch kernel/sched/core.c:5263 [inline] __schedule+0xfee/0x5fa0 kernel/sched/core.c:6867 preempt_schedule_common+0x42/0xc0 kernel/sched/core.c:7051 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12 class_preempt_destructor include/linux/preempt.h:468 [inline] try_to_wake_up+0x644/0x1a60 kernel/sched/core.c:4070 wake_up_process kernel/sched/core.c:4349 [inline] wake_up_q+0xa1/0x130 kernel/sched/core.c:1087 futex_wake+0x460/0x530 kernel/futex/waitwake.c:198 do_futex+0x32b/0x350 kernel/futex/syscalls.c:135 __do_sys_futex kernel/futex/syscalls.c:207 [inline] __se_sys_futex kernel/futex/syscalls.c:188 [inline] __x64_sys_futex+0x34f/0x4d0 kernel/futex/syscalls.c:188 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9eeb79af79 Code: Unable to access opcode bytes at 0x7f9eeb79af4f. RSP: 002b:00007f9eec7110e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007f9eeba15fa8 RCX: 00007f9eeb79af79 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9eeba15fac RBP: 00007f9eeba15fa0 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007f9eeba16038 R14: 00007ffc9832d5e0 R15: 00007ffc9832d6c8