Extracting prog: 20m50.306973392s
Minimizing prog: 14m3.461519099s
Simplifying prog options: 3m54.767734995s
Extracting C: 2m7.459794907s
Simplifying C: 0s


extracting reproducer from 38 programs
testing a last program of every proc
single: executing 8 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})
clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) (fail_nth: 10)

program did not crash
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-socket-socket$nl_generic-ioctl$auto_FS_IOC_UNRESVSP64-socket-unshare$auto-mmap$auto-mmap$auto-getsockopt$auto_SO_NO_CHECK-mmap$auto-recvmmsg$auto-openat$auto_kernfs_file_fops_kernfs_internal-sendmsg$auto_NFSD_CMD_THREADS_SET-write$auto-mmap$auto-ioctl$auto_CEC_ADAP_S_LOG_ADDRS-mmap$auto-bpf$auto-close_range$auto-io_uring_setup$auto-io_uring_register$auto
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
r1 = socket(0x2, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_FS_IOC_UNRESVSP64(r1, 0x4030582b, 0x2)
socket(0x1d, 0x3, 0x1)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
getsockopt$auto_SO_NO_CHECK(r2, 0x3ff, 0xb, &(0x7f0000000040)='*%\x00', &(0x7f00000000c0)=0xc9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/ati_remote2/parameters/mode_mask\x00', 0x80401, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x84080801}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000328bd7000fedbdf25020000000800010010000000080003002000000008000200010000000800010048000003000000000004002f6465762f7474793000000008000200020000000000000000"], 0x36}}, 0x14000014)
write$auto(r3, 0x0, 0x800f)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000300)={'\x00', 0x7, 0x77, 0x1, 0x4, 0x2, "17ac1bffa6dae494eae3a0eecef41b", "fbcbed61", "09f9abf8", "404da8fb", ["aa1c0321183ca593c1e2db91", "34864d3d6b5ab550f58b7d18", "ee143090c321017daf8c9491", "6a377a79102f3fd37ed75847"]})
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_11={0x7, 0x3d, 0x16d7, 0x1000, 0xecb, 0x8, 0x3}, 0x9)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x23, &(0x7f00000000c0), 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_snd_ctl_f_ops_control-mmap$auto-socket-ioctl$auto_TIOCMSET2-mmap$auto-socket$nl_generic-openat$auto_kvm_chardev_ops_kvm_main-io_uring_setup$auto-lseek$auto-setsockopt$auto-unshare$auto-pread64$auto-close_range$auto
detailed listing:
executing program 0:
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0)
mmap$auto(0x7, 0x400008, 0xdf, 0x91, 0x7, 0x800008000)
socket(0xa, 0x3, 0x3a)
ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
io_uring_setup$auto(0x2, 0x0)
lseek$auto(0xffffffffffffffff, 0x9, 0x0)
setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567)
unshare$auto(0x40000080)
pread64$auto(0xffffffffffffffff, &(0x7f00000002c0)='\x00', 0xffff, 0xb2)
close_range$auto(0x2, 0x8, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_def_blk_fops_fs-mprotect$auto-mq_notify$auto-sysfs$auto-syz_clone-mmap$auto-read$auto_kernfs_file_fops_kernfs_internal-openat$auto_seq_oss_f_ops_seq_oss-close_range$auto-socket$nl_generic-socket-bind$auto-connect$auto-sendmmsg$auto-sendmmsg$auto-connect$auto-mmap$auto-socketpair$auto-openat$auto_sco_debugfs_fops_-openat$auto_snd_timer_f_ops_timer-ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64-prctl$auto-sendfile$auto-pread64$auto-sendmmsg$auto-sendmmsg$auto-unshare$auto-write$auto-mmap$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram3\x00', 0x44000, 0x0)
mprotect$auto(0x200000000000, 0x806121, 0x8)
mq_notify$auto(0xffffffffffffffff, &(0x7f0000000040)={@sival_int=0x375, @inferred, 0x1})
sysfs$auto(0x2, 0x10000000000002f, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x80002, 0x73)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @local}, 0x54)
sendmmsg$auto(r0, 0x0, 0x9a6, 0xe000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
connect$auto(0x3, &(0x7f0000000080)=@xdp={0x2c, 0x4, 0x0, 0xc}, 0x54)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0)
r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r2, 0x400454a4, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
pread64$auto(r1, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00J:\xdd\xfc\xb6\xc6\x0f\xaf\xe3\x0f\xd1V\xb1yz\\\xa6\xed\ag+\xa3p(\xe2\x1b\xdc7\x1b\xc4TM}\xce\x90\xfa9\x957\xec\xd8\xe0TC\x86\xad\xe1G\xc7\xd4\x96\x12h\x84;Y\xe2\x03i\xa1)`\n\xc3\xfeR\x06\x03\xf5/@\xf0\'\xb9\xdf\xe1\xef\v\x19B\xc0\xe2\xac\xa5^\x01D\xef\xaf#\xbc\xa5\xf9J\xdc\xc3),=1\b\x05\x9d\x82\xd4\'\xe8\xfe\xfd\x9a\x9f\x00\x00\x00\x00\x00\x00\x00\x00', 0x7f)
mmap$auto(0x0, 0xe983, 0xdf, 0x400000000000eb1, 0xffffffffffffffff, 0x8000)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-mmap$auto-close_range$auto-socket$nl_generic-socket-connect$auto-ioctl$auto-sendmsg$auto_OVS_METER_CMD_SET-prctl$auto-write$auto-openat$auto__ctl_fops_dm_ioctl-close_range$auto-close_range$auto-socket-openat$auto_def_blk_fops_fs-ioctl$auto_BLKTRACESETUP-socket-bind$auto-connect$auto-write$auto-mmap$auto-sendfile$auto-bind$auto-openat$auto_def_blk_fops_fs-mmap$auto-openat$auto_ppp_device_fops_ppp_generic-capset$auto-ioctl$auto_PPPIOCSMRU-ioctl$auto_PPPIOCSCOMPRESS-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x91f)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2a, 0x1, 0x0)
connect$auto(r1, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55)
ioctl$auto(0x3, 0x800005411, 0x38)
sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x24040044)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x2, 0x80002, 0x73)
r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0)
ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000180)={"8d658a4ef528c664a1187f8a7d38a143a646688ae8b9010754859680b1723f82", 0x61f5, 0x200007, 0x3ff, 0x8010001, 0xffffffffffffffff})
socket(0x11, 0x4, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(r0, &(0x7f0000000080)=@can, 0x8000)
write$auto(r2, &(0x7f00000000c0)='\x04\x13\xac\x04\x00\x00\x00\x00\x00\x00\x00\x01\n\xdc\x10\x00\x00\xef\xab\xe1ME:\xab \x87|\xe0Z\x1b\x9eZ\xa8\xff\x92+\xc9\x9fs\xbf\xd8\f\x00\x00\x00\xa5V\b\xf1Ne\xc6l\xd0\xdd7\x96gf\xb2\xa0\xf2cN\x8b\x95\xeb\xf3(\x9eM-\xdc\x84N\xc3\tts%\xe9\xbf<\xf1\xdav\xe0n\x04\xb33\x97\xd5\xb4\x02\x94B\xbb\x995\x1e\xf7@\xd8\xca\x8d\a0 \xfa\x87V\xeb1\xe4M%\xdd\xfd\xf6\x8d\xb4\xc7\x9b\x9d\xf5\xd9^\xcdL@\x0f\xd4\x15F,\xc1\xd1i\xa4f/{\xfa\xd5\n\xe1\x95l[\x91\xbfX\xea2\x1b\x8a\x85\t\x00\x05m\x1e\x9b\xca\xfb\x81\x9d{\x19S\xff\xe4\xd2k\x1b/wJ&\x03+{\x84R\xa8\x92\xad\xec\x1b\xb1\xe9\xa7XUo\x93\xd5\xfb\x94\xc4\xdf\x8e\xdd\x97\xfc\x00\x13\xd6\x80g\x7fR;\x88\xf7bm\x8f\xb5\x89\x1a\xb63\x98\xaa\xcc\xbf\x94\xbf#u\xb9', 0x2b)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mtdblock0\x00', 0xb0fa8c5dfecff50, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000001550, 0x8000000008011, 0xffffffffffffffff, 0x739a4313)
r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x84b00, 0x0)
capset$auto(0x0, 0x0)
ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSCOMPRESS(r4, 0x4010744d, &(0x7f0000000200)={0x0, 0x2008, 0x80})
write$auto(0x3, 0x0, 0xfdef)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-mmap$auto-close_range$auto-socket$nl_generic-socket-connect$auto-ioctl$auto-sendmsg$auto_OVS_METER_CMD_SET-prctl$auto-write$auto-openat$auto__ctl_fops_dm_ioctl-close_range$auto-close_range$auto-socket-openat$auto_def_blk_fops_fs-ioctl$auto_BLKTRACESETUP-socket-bind$auto-connect$auto-write$auto-mmap$auto-sendfile$auto-bind$auto-openat$auto_def_blk_fops_fs-mmap$auto-openat$auto_ppp_device_fops_ppp_generic-capset$auto-ioctl$auto_PPPIOCSMRU-ioctl$auto_PPPIOCSCOMPRESS-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x91f)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2a, 0x1, 0x0)
connect$auto(r1, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55)
ioctl$auto(0x3, 0x800005411, 0x38)
sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x24040044)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x2, 0x80002, 0x73)
r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0)
ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000180)={"8d658a4ef528c664a1187f8a7d38a143a646688ae8b9010754859680b1723f82", 0x61f5, 0x200007, 0x3ff, 0x8010001, 0xffffffffffffffff})
socket(0x11, 0x4, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(r0, &(0x7f0000000080)=@can, 0x8000)
write$auto(r2, &(0x7f00000000c0)='\x04\x13\xac\x04\x00\x00\x00\x00\x00\x00\x00\x01\n\xdc\x10\x00\x00\xef\xab\xe1ME:\xab \x87|\xe0Z\x1b\x9eZ\xa8\xff\x92+\xc9\x9fs\xbf\xd8\f\x00\x00\x00\xa5V\b\xf1Ne\xc6l\xd0\xdd7\x96gf\xb2\xa0\xf2cN\x8b\x95\xeb\xf3(\x9eM-\xdc\x84N\xc3\tts%\xe9\xbf<\xf1\xdav\xe0n\x04\xb33\x97\xd5\xb4\x02\x94B\xbb\x995\x1e\xf7@\xd8\xca\x8d\a0 \xfa\x87V\xeb1\xe4M%\xdd\xfd\xf6\x8d\xb4\xc7\x9b\x9d\xf5\xd9^\xcdL@\x0f\xd4\x15F,\xc1\xd1i\xa4f/{\xfa\xd5\n\xe1\x95l[\x91\xbfX\xea2\x1b\x8a\x85\t\x00\x05m\x1e\x9b\xca\xfb\x81\x9d{\x19S\xff\xe4\xd2k\x1b/wJ&\x03+{\x84R\xa8\x92\xad\xec\x1b\xb1\xe9\xa7XUo\x93\xd5\xfb\x94\xc4\xdf\x8e\xdd\x97\xfc\x00\x13\xd6\x80g\x7fR;\x88\xf7bm\x8f\xb5\x89\x1a\xb63\x98\xaa\xcc\xbf\x94\xbf#u\xb9', 0x2b)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mtdblock0\x00', 0xb0fa8c5dfecff50, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000001550, 0x8000000008011, 0xffffffffffffffff, 0x739a4313)
r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x84b00, 0x0)
capset$auto(0x0, 0x0)
ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSCOMPRESS(r4, 0x4010744d, &(0x7f0000000200)={0x0, 0x2008, 0x80})
write$auto(0x3, 0x0, 0xfdef)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-write$auto_ocfs2_control_fops_stack_user-openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-fanotify_init$auto-select$auto-madvise$auto-prctl$auto-execve$auto-mmap$auto-unshare$auto-unshare$auto-clone$auto-openat$auto_btrfs_ctl_fops_super-mmap$auto-move_pages$auto-ioctl$auto-creat$auto
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
fanotify_init$auto(0x5, 0x2)
select$auto(0x5, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x8000000000000201, 0x9, 0x3, 0x6, 0x7, 0xd886, 0x5e58296b, 0x341, 0x41, 0x7, 0x200, 0x8, 0xc]}, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
execve$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
unshare$auto(0x40000080)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5)
openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x400454ca, 0x38)
creat$auto(0x0, 0x7)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_kernfs_file_fops_kernfs_internal-write$auto_ocfs2_control_fops_stack_user-openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-fanotify_init$auto-select$auto-madvise$auto-prctl$auto-execve$auto-mmap$auto-unshare$auto-unshare$auto-clone$auto-openat$auto_btrfs_ctl_fops_super-mmap$auto-move_pages$auto-ioctl$auto-creat$auto
detailed listing:
executing program 0:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
fanotify_init$auto(0x5, 0x2)
select$auto(0x5, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x8000000000000201, 0x9, 0x3, 0x6, 0x7, 0xd886, 0x5e58296b, 0x341, 0x41, 0x7, 0x200, 0x8, 0xc]}, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
execve$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
unshare$auto(0x40000080)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5)
openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x400454ca, 0x38)
creat$auto(0x0, 0x7)

program did not crash
single: failed to extract reproducer
bisect: bisecting 38 programs with base timeout 30s
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 30, 30, 38, 20, 18, 30, 29, 18, 22, 27, 15, 30, 30, 28, 11, 29, 30, 22, 30, 27, 15, 30, 17, 30, 30, 3, 30, 30, 30, 32, 30, 30, 25, 28, 13, 21, 3]
detailed listing:
executing program 2:
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000780), r0)
unshare$auto(0xe)
sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@OVS_VPORT_ATTR_NAME={0xe, 0x3, 'ovs_vport\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x8100)
mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000)
bind$auto(0x3, 0x0, 0x6a)
sendto$auto(0xffffffffffffffff, 0x0, 0x401, 0x7f, 0x0, 0x1c)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x0, 0x0)
capget$auto(0x0, 0xfffffffffffffffe)
capset$auto(0x0, &(0x7f0000000000)={0x2, 0x10000002, 0x6})
ioctl$auto(r2, 0x401870cb, r2)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40, @remote}, 0x7fff)
r3 = socket(0xa, 0x2, 0x0)
sendmmsg$auto(r3, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x8008)
close_range$auto(0x2, 0x8, 0x0)
executing program 2:
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
mmap$auto(0x7, 0x6, 0xdf, 0x9b72, 0x2, 0xe8)
sysfs$auto(0x2, 0x4d, 0x0)
r0 = fsopen$auto(0x0, 0x1)
fsconfig$auto_EROFS_MOUNT_DAX_NEVER(r0, 0x4, &(0x7f00000001c0)='\x00\x14\x86\x12/\xdd\x1d\xd9iu\xd7_\xd8\xde\x89\xea|d\xac\x11\x06\x9f\t\x9f\x91\xeb\xaf\x8d\x8d$\x19\x13\xa1\x97\xaey\xf9\x1b_g\xb0\x8bN\xe1c[\x01\x10\x97\xcd\xdf\xc1^(\x9b\xd9EC\xb3R\xdfDC\xcdt\x17\xefS\xe1\x85\x8a\x87f\xa3]\xc0\xac\x86\xc8*;\nD\x92\x9f\xf3\x90\xb0\xd8Y\xbep\xb1\x14\x89\xb1\n!b\x10\xedS\xca\x8c&\xbf\xca\x1d\xccnw\xd9T\x044\xc6\x96\xfc\x02j!\x00\x00\x00\x00\x00\x00', &(0x7f0000000140), 0xffffff9c)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0)
r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000c40)='/proc/self/syscall\x00', 0x684882, 0x0)
sysfs$auto(0x1, 0x1, 0xf1)
read$auto_proc_single_file_operations_base(r2, &(0x7f00000001c0)=""/164, 0xa4)
ioctl$auto(r1, 0x540a, 0x0)
r3 = socket(0xa, 0x5, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000)
timer_create$auto(0x0, 0x0, 0x0)
r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, 0x0, 0x0)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3, 0x6, 0x7, 0x8, 0xffffffffffffffff, [0x35e], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x6, 0x100000000}})
io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83)
sendmsg$auto_NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, 0x0, 0x40000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x7, 0x3, 0x1)
set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
set_mempolicy_home_node$auto(0xb67, 0x7, 0x9, 0x7f)
clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001)
shutdown$auto(r3, 0xfff)
socket(0x2, 0x1, 0x0)
executing program 2:
r0 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x2, 0x0)
socketpair$auto(0x6, 0x4, 0x491a, &(0x7f0000000000)=0x5)
write$auto_ftrace_event_filter_fops_trace_events(r0, &(0x7f0000000300)="2baf82c1a5bc872318c266c40109c6b2b8e16198d96732ec3515702f77291f", 0x1f)
mmap$auto(0x200000003, 0x6b7, 0x20000001000009, 0x17, 0xffffffffffffffff, 0x304000000000)
r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0x2)
getsockopt$auto(r1, 0x0, 0xd0, 0x0, 0x0)
r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto_PR_SCHED_CORE_GET(0x476, 0x0, 0x0, 0x5, 0x7)
r3 = socket(0xa, 0x1, 0x84)
socket(0xf, 0x2, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0xf, &(0x7f0000000100)=@bpf_attr_11={0xb2, 0x7, 0xfffffffe, 0x3264, 0xb, 0x4b, 0x3}, 0xa3)
close_range$auto(r3, 0x8, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0)
read$auto(r4, 0x0, 0x20)
r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3)
unshare$auto(0x40000080)
mmap$auto(0x2, 0x400008, 0xdf, 0x49b72, 0xffffffffffffffff, 0x6)
write$auto(0x1, 0x0, 0x80000000)
mmap$auto(0x100001, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x111800, 0x0)
ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0)
madvise$auto(0x0, 0x2003f0, 0x15)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
executing program 2:
unshare$auto(0x40000080) (async)
unshare$auto(0x40000080)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
listen$auto(r0, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0)
close_range$auto(0xffffffffffffffff, 0xa, 0x0)
mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) (async)
mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000)
futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) (async)
futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005)
arch_prctl$auto(0x5003, 0x800000000800)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) (async)
r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0)
ioctl$auto_BLKPG2(r2, 0x1269, 0x0)
ioctl$auto_MEMGETINFO(r2, 0x80204d01, 0x0)
openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) (async)
r3 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0)
mmap$auto(0x0, 0x402000b, 0x4af, 0xeb1, 0x401, 0x8000)
read$auto(0x3, 0x0, 0xfffffdef)
syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000080), 0xffffffffffffffff)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
getsockopt$auto_SO_SNDBUF(r3, 0x73, 0x7, &(0x7f0000000100)='SEG\x85\x00', &(0x7f0000000140)=0x9d9) (async)
getsockopt$auto_SO_SNDBUF(r3, 0x73, 0x7, &(0x7f0000000100)='SEG\x85\x00', &(0x7f0000000140)=0x9d9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/bus/usb/drivers/aircable/uevent\x00', 0x1, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000180)=""/248, 0xf8)
mbind$auto(0x1c0000, 0x800097, 0x1, 0x0, 0x3, 0x1)
mbind$auto(0x0, 0x800605, 0x1, &(0x7f0000000500)=0xffff, 0xa, 0x3)
ioctl$auto(0x3, 0x402c542b, 0x38) (async)
ioctl$auto(0x3, 0x402c542b, 0x38)
ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) (async)
ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x4, 0xdf, 0xeb1, 0x401, 0x0)
bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0xffffffffffffffff, 0x3, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x100)
r0 = getpid()
process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000100), 0xffffffff}, 0x6, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setfsuid$auto(0x0)
r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
io_uring_setup$auto(0x85, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x3b72, 0x0)
r2 = socket(0x1e, 0x5, 0x0)
ioctl$auto(r2, 0x8941, 0x8)
r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video39\x00', 0x22281, 0x0)
ioctl$auto(r3, 0xc0905664, r3)
socket(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x21, 0x2, 0xa)
sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x20040000)
sendmmsg$auto(0x6, &(0x7f0000000400)={{0x0, 0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x1, &(0x7f0000000300), 0x20, 0x8000000}, 0xed7138c}, 0x6, 0x0)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
fanotify_init$auto(0x5, 0x2)
select$auto(0x5, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x8000000000000201, 0x9, 0x3, 0x6, 0x7, 0xd886, 0x5e58296b, 0x341, 0x41, 0x7, 0x200, 0x8, 0xc]}, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
execve$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
unshare$auto(0x40000080)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5)
openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x400454ca, 0x38)
creat$auto(0x0, 0x7)
executing program 1:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3, 0x80, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0xe2, 0x4, 0xc28}, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0)
sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r1, 0x0, 0x24000000)
write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
write$auto(r2, &(0x7f00000005c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket(0xa, 0x3, 0x3b)
mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000340)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fff7}, 0x4, 0x0, 0xa, 0xb}, 0xfff}, 0x5, 0x311)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
socket(0xa, 0x2, 0x0)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x6db, 0x0, 0x3ff, 0x0, 0x3, 0x697b}, 0xed7138c}, 0x9a6, 0xc01)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r3)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010027bd7000fbdbdf2504000000080017000800000004000e00170a6e91ec4d585b71ed58da822fda81ce8a6188182a2d6bbb3f26d508799ea0fe5497a4980b59d7e4ecd5895164facda6ffbd75d39ae745716720ff1ece2de4efd69952d8ce46c035ae98e741082f584490aab09f721eddf49b03b9f5ded612a892fea3128ad26ada5f9ef2cf75e8842f6f46881d29bed2da879c3f61577b7253538844c297583b5a87b5c93e31ae75ea58bb230bbbcb092c389015608032926358ef882fa8c151af1b0f68872750985f248e0c0d4c7e5e653b389350fa664f2c97af184bac1777116cee1c972bbbb0a6a4171c1b97a58fa30fe77e29f97c1f5985e1fd4c38fa179aea280a9db54e0981577746d6574554e12ef5"], 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0)
mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
executing program 1:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
r1 = socket(0x2, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_FS_IOC_UNRESVSP64(r1, 0x4030582b, 0x2)
socket(0x1d, 0x3, 0x1)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
getsockopt$auto_SO_NO_CHECK(r2, 0x3ff, 0xb, &(0x7f0000000040)='*%\x00', &(0x7f00000000c0)=0xc9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/ati_remote2/parameters/mode_mask\x00', 0x80401, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x84080801}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000328bd7000fedbdf25020000000800010010000000080003002000000008000200010000000800010048000003000000000004002f6465762f7474793000000008000200020000000000000000"], 0x36}}, 0x14000014)
write$auto(r3, 0x0, 0x800f)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000300)={'\x00', 0x7, 0x77, 0x1, 0x4, 0x2, "17ac1bffa6dae494eae3a0eecef41b", "fbcbed61", "09f9abf8", "404da8fb", ["aa1c0321183ca593c1e2db91", "34864d3d6b5ab550f58b7d18", "ee143090c321017daf8c9491", "6a377a79102f3fd37ed75847"]})
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
fstat$auto(r4, 0x0)
r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
r6 = openat$auto_safesetid_uid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000500), 0x1, 0x0)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_11={0x7, 0x3d, 0x16d7, 0x1000, 0xecb, 0x8, 0x3}, 0x9)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x23, &(0x7f00000000c0), 0x0)
write$auto(r6, 0x0, 0x0)
write$auto_console_fops_tty_io(r5, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee98a7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1fb124cab606faed24a393058cea1c1286001ee5c0c1fa26b6a81ebdd4718a94cebdb45bfe812c771df398d3305da03d37ced9d0242b6da212dc9f5c14d7ff999bee20f6621792d1442e449eba8589a823e5e99c65fdffbaefe89e2e32406ec4cf574e335e2d288e4cdad56f4b1b57c364ed3e28809e480d6f410c7ebf43bd2a605d6a8c9facae6b7f8f2c56f792ae21fc0cc5dd9beae0cab3547ebb5467183c2f01bc315bd7bd191088886752dc5108093bdbc91348743440130f33d3dfa9c25490245e5fa904f8660e82253c826b7bea4e9a7a1c627e10c56d71878a644bd176016f29cf5398be14cc0fdec45c65e2b967aedb75212eed1eb05a44da62190009d1c08163b74813b82c27f1e6cd681a4b5150f967444b7bc930da68603fd706e96ba8663b2e50ef0a9b04e321a8a337b08fea7288a3fef5062c7e4c17ad3d490870d39c10b78a74eab25c993527e313a4f59d86de55aa9a8a63f734c2db556692fe993b0cd08e0ab5434c9ec02d5127354f55e6b5d5a7b61685d02edae21ece71d203abf7408211229a9ebbfdeffa2c0f38db274066d0706d80398c172e6daf4a0dce62c2287cbf0d30cfa313d7baf4e5caa18f594f0ab0d854f3cef76ff83e96fa49d0e0f8a47193b51a0a45aee2e1d9a5b372b8ee828f645a06979ec351d798480c7824e846028c02f58b5641acbae1e2079abd86182a662bb1642c9346d7fba628fb012da293acef33b8b76a8885c2e5d685348b6148c5b44409f58d8d5f29344fe8a2e4c2432ae622bb1912ea65d55745eff6aa689e859dcaeff39bff895025bd72cd780d59cbaa0886afd5d6676d2de6266903115525c075cc3f75ce9eba3787a890e1f758f0e502c4c9c0538dc942cf4e2d69742edeeddb66b1d459fcf6f744b2c40111104ab21fd4e99b4477e25cc5a9af59108c8b2f569d4ba227c754f294fdc1e6b383fd89861a203f4d4ee33814aeb21ee411a0d6918533aa2450b1e35c97ab6f01f3829c8a4c33fe0fbc81dd579bbdb44eda4f335d2bc512ca7f38f603c29033c94df2c9533f4422432f574a021e90a0fe3a4cf54de46e25986315b30956face49e26e8dcbcc9e1363627a9f38a2ee8304307dab4013d77f4c337551e2a6ac230788513cdd15e734263e4973c75757d9809c510977adc3be6c5b110597b09c7dad1f54e4506744710b53221e4a7982ac4c59bfae6370258b5af7864a4ca680addd736e35da579cc0e975e6cdefa3d082c8b4b10b205415c32797d9450c002895c9b40", 0xd4f)
executing program 32:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0)
write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
fanotify_init$auto(0x5, 0x2)
select$auto(0x5, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x8000000000000201, 0x9, 0x3, 0x6, 0x7, 0xd886, 0x5e58296b, 0x341, 0x41, 0x7, 0x200, 0x8, 0xc]}, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
execve$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
unshare$auto(0x40000080)
clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5)
openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000f40), 0x2100, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
ioctl$auto(0x3, 0x400454ca, 0x38)
creat$auto(0x0, 0x7)
executing program 1:
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x2c, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_FW_FLASH_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x2c}, 0x1, 0x1000000, 0x0, 0x40}, 0x8094) (fail_nth: 5)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
close_range$auto(0x2, 0x8, 0x395)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000001c0), r2)
sendmsg$auto_CTRL_CMD_GETPOLICY(r2, 0x0, 0xc040810)
mmap$auto(0x0, 0x4020009, 0xdf, 0x40000000eb1, 0x401, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000f80)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/hid\x00', 0x0, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x40)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
timer_create$auto(0x0, 0x0, 0x0)
timer_settime$auto(0x0, 0x9, 0x0, 0x0)
timer_gettime$auto(0x0, 0x0)
socket(0x2b, 0x1, 0x1)
openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, 0x0, 0x42400, 0x0)
getsockopt$auto_SO_BUF_LOCK(0xffffffffffffffff, 0x1, 0x48, 0x0, &(0x7f0000000100)=0x6)
openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x101440, 0x0)
executing program 1:
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
poll$auto(&(0x7f0000000d40)={0x3, 0xffff, 0xa}, 0x5, 0x400)
sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x9, 0xfffffffd}, 0x1}, 0x5, 0x20000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x0)
r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0xffffffffffffffff, 0x300000000000)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
select$auto(0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000)
futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa)
futex$auto(&(0x7f0000000080)=0xfffffffa, 0xc, 0x1, 0x0, 0x0, 0xfffffffa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x240007, 0x19)
close_range$auto(0x2, 0x8, 0x0)
ioctl$auto_FIONCLEX(r1, 0x5450, 0xfffffffffffffffa)
open(0x0, 0x22040, 0x75)
socket(0x840000000002, 0x3, 0xff)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x55)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
getpid()
executing program 1:
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000003880), 0x20000, 0x0)
openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim5/ports/1/pp_hold\x00', 0x101500, 0x0)
openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/sysname\x00', 0xaa902, 0x0)
close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket(0x2, 0x801, 0x106)
listen$auto(0x3, 0x83)
accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd)
write$auto(r1, &(0x7f0000000240)='.G\x1f*@sy\b\x00\xe7\xc9 \x8f\x10!\x11\xd4\x9by\xa8\xb2\x89c\xf8\xc41\xd4\x0f\x82\x8d\xd2\x04\x0f\xf6\xa0\xf7,O\x1d\t8\xb9H\xd5\xc4\xbb\x8f\x13\x94%\xcc\x0e\x9eT\xc1}+\x02J\xb9\x80\xe7\xb3<\x9a\xf1B\x13\xb7P\x9b\xce~\xff&zQ\xa8\x97\n\xb2\xf7\x15Z\x05\x8cl\x04\xca\x954\xdd3\xf9\xa3\x1e#,\xb7\xd2\xa6\x8d\x13\xd0\xf0\x14\x9a\xfa\xed\x9d\xa1\x98P.\'\xccA\x8b\xff\x82\xf8\xc3\xa9\xb6\xc3\x80E\xfc\xe3\xc6\x8d\xb8uh\x9f\xd1!\xa3\xe0dR\xda?\xdc:\xbd\x15X%\x84\xd2yL\x05\xaeV$\xda\xcd\xa1}_\xe0\x9c\x87\xaa\xa1\x1f\x93(\x96}\"sU.2\x1e\xb8\x01U\x8f\xe5\x7f]L\xca\xa2\x9b\x92ZYE\xd2\xe1<4\x9c\x85\x04\x86l2\x8e\xb2\x9e\x11\x82s\xd7\xe3\xdd\xdb\x041\xb2\x1c\xac@\x16\xb3sn\xec\r\x11J*\xbb\xd6\xde\x86v\x83T\xb1\xae\x91{_\xd7JK\xda\x01i#\xe89\x17\xaf\x03j5\r\xce\a\x1dl/#\x96I<osc,P\r\x00u\xe8\x9e-\xd1\x03}=h\x84\xd8\xf2\xad\xf5\xb5\xb0\xe9', 0x8)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
ioctl$auto_BTRFS_IOC_FORGET_DEV(r0, 0x50009405, 0x0)
r2 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r2, 0x6, 0x0, 0x0, 0x0)
write$auto_lru_gen_rw_fops_vmscan(r2, &(0x7f0000000000)="4ae2ed6737b6e2a55c4783f856b9b9d7c79456fd7a68c8a664415ef60fe5cc2d442ff4233554014eea9cbc0ddbb10073c5b9e83c19607695ac9842c2108267ece96cb6bdcc2349ea4bb83b174d57cbfa5824d45d683f1005923678debb841483b7049f565d4ccee3f10f551274f0a1beb06ce637331a6468b818c373efe52f782d0f84fc942a88932d9d430db58f1379ffc801db53a9426064bbd07ea45848bc07d46c99cd57ef6627a0c0f30186931a5a8ffe8731985ff200cc2537b87b3d2492df069aad60b57157b845ee8394e9db87107de6ce091ae9c252f10ab8ec88e9670006df34179e2c6472a7345ac015d106e68e5db14d4f8d", 0xf8)
executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x91f)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2a, 0x1, 0x0)
connect$auto(r1, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55)
ioctl$auto(0x3, 0x800005411, 0x38)
sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x24040044)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x2, 0x80002, 0x73)
r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0)
ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000180)={"8d658a4ef528c664a1187f8a7d38a143a646688ae8b9010754859680b1723f82", 0x61f5, 0x200007, 0x3ff, 0x8010001, 0xffffffffffffffff})
socket(0x11, 0x4, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(r0, &(0x7f0000000080)=@can, 0x8000)
write$auto(r2, &(0x7f00000000c0)='\x04\x13\xac\x04\x00\x00\x00\x00\x00\x00\x00\x01\n\xdc\x10\x00\x00\xef\xab\xe1ME:\xab \x87|\xe0Z\x1b\x9eZ\xa8\xff\x92+\xc9\x9fs\xbf\xd8\f\x00\x00\x00\xa5V\b\xf1Ne\xc6l\xd0\xdd7\x96gf\xb2\xa0\xf2cN\x8b\x95\xeb\xf3(\x9eM-\xdc\x84N\xc3\tts%\xe9\xbf<\xf1\xdav\xe0n\x04\xb33\x97\xd5\xb4\x02\x94B\xbb\x995\x1e\xf7@\xd8\xca\x8d\a0 \xfa\x87V\xeb1\xe4M%\xdd\xfd\xf6\x8d\xb4\xc7\x9b\x9d\xf5\xd9^\xcdL@\x0f\xd4\x15F,\xc1\xd1i\xa4f/{\xfa\xd5\n\xe1\x95l[\x91\xbfX\xea2\x1b\x8a\x85\t\x00\x05m\x1e\x9b\xca\xfb\x81\x9d{\x19S\xff\xe4\xd2k\x1b/wJ&\x03+{\x84R\xa8\x92\xad\xec\x1b\xb1\xe9\xa7XUo\x93\xd5\xfb\x94\xc4\xdf\x8e\xdd\x97\xfc\x00\x13\xd6\x80g\x7fR;\x88\xf7bm\x8f\xb5\x89\x1a\xb63\x98\xaa\xcc\xbf\x94\xbf#u\xb9', 0x2b)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mtdblock0\x00', 0xb0fa8c5dfecff50, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000001550, 0x8000000008011, 0xffffffffffffffff, 0x739a4313)
r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x84b00, 0x0)
capset$auto(0x0, 0x0)
ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSCOMPRESS(r4, 0x4010744d, &(0x7f0000000200)={0x0, 0x2008, 0x80})
write$auto(0x3, 0x0, 0xfdef)
executing program 33:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x91f)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2a, 0x1, 0x0)
connect$auto(r1, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55)
ioctl$auto(0x3, 0x800005411, 0x38)
sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x24040044)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x2, 0x80002, 0x73)
r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0)
ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000180)={"8d658a4ef528c664a1187f8a7d38a143a646688ae8b9010754859680b1723f82", 0x61f5, 0x200007, 0x3ff, 0x8010001, 0xffffffffffffffff})
socket(0x11, 0x4, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(r0, &(0x7f0000000080)=@can, 0x8000)
write$auto(r2, &(0x7f00000000c0)='\x04\x13\xac\x04\x00\x00\x00\x00\x00\x00\x00\x01\n\xdc\x10\x00\x00\xef\xab\xe1ME:\xab \x87|\xe0Z\x1b\x9eZ\xa8\xff\x92+\xc9\x9fs\xbf\xd8\f\x00\x00\x00\xa5V\b\xf1Ne\xc6l\xd0\xdd7\x96gf\xb2\xa0\xf2cN\x8b\x95\xeb\xf3(\x9eM-\xdc\x84N\xc3\tts%\xe9\xbf<\xf1\xdav\xe0n\x04\xb33\x97\xd5\xb4\x02\x94B\xbb\x995\x1e\xf7@\xd8\xca\x8d\a0 \xfa\x87V\xeb1\xe4M%\xdd\xfd\xf6\x8d\xb4\xc7\x9b\x9d\xf5\xd9^\xcdL@\x0f\xd4\x15F,\xc1\xd1i\xa4f/{\xfa\xd5\n\xe1\x95l[\x91\xbfX\xea2\x1b\x8a\x85\t\x00\x05m\x1e\x9b\xca\xfb\x81\x9d{\x19S\xff\xe4\xd2k\x1b/wJ&\x03+{\x84R\xa8\x92\xad\xec\x1b\xb1\xe9\xa7XUo\x93\xd5\xfb\x94\xc4\xdf\x8e\xdd\x97\xfc\x00\x13\xd6\x80g\x7fR;\x88\xf7bm\x8f\xb5\x89\x1a\xb63\x98\xaa\xcc\xbf\x94\xbf#u\xb9', 0x2b)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mtdblock0\x00', 0xb0fa8c5dfecff50, 0x0)
mmap$auto(0x0, 0x810004, 0x400000000001550, 0x8000000008011, 0xffffffffffffffff, 0x739a4313)
r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x84b00, 0x0)
capset$auto(0x0, 0x0)
ioctl$auto_PPPIOCSMRU(r4, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSCOMPRESS(r4, 0x4010744d, &(0x7f0000000200)={0x0, 0x2008, 0x80})
write$auto(0x3, 0x0, 0xfdef)
executing program 0:
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x100000, 0x2b1, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0x5, 0x9b72, 0x2, 0x6)
r1 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x9, 0xfffffffd}, 0x1}, 0x5, 0x20000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x1, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xc834, 0xfffffffffffffffa, 0x8000)
pwrite64$auto(0xffffffffffffffff, 0x0, 0xb, 0x8000)
fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0)
openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/ieee80211/phy0/hwsim/ps\x00', 0x100, 0x0)
ioctl$auto(0x3, 0x80108907, 0x38)
setsockopt$auto(0x3, 0x6, 0x3, 0x0, 0xd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x0, 0x2091d1, 0x1, 0x0, 0x6, 0x2)
write$auto(0x3, 0x0, 0xfffffdef)
madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000280), r1)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000800)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r2, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r2, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x4}, @NL802154_ATTR_COORDINATOR={0x8, 0x1e, 0x0, 0x1, [@generic="25d3500a"]}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8804}, 0x4000040)
prctl$auto_SECCOMP_MODE_STRICT(0x3, 0x1, 0x0, 0x9, 0x1)
executing program 0:
mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x81)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000140)="d1807307", 0x4)
r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
r3 = ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140))
r4 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
write$auto_ftrace_subsystem_filter_fops_trace_events(r3, &(0x7f0000000040)="deb07ae72d70adf76ba3cce2d9e107e81a", 0x11)
close_range$auto(r3, r4, 0x0)
executing program 3:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/vhci_hcd.0/usb10/power/wakeup_active\x00', 0x20b42, 0x0)
sendmsg$auto_VDPA_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x240480cd}, 0x40000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = io_uring_setup$auto(0xfffffffb, 0x0)
r2 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r2, 0x107, 0xf, 0x0, 0x6)
sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000000), 0xc2f, &(0x7f0000000100)={&(0x7f0000000080)="1e4306002c53", 0x807f}, 0x40000005, 0x0, 0xb, 0x107f}, 0x5}, 0x3, 0x100)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0)
write$auto_rfkill_fops_core(r1, 0x0, 0x0)
sendfile$auto(r0, 0x3, 0x0, 0x7)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x3, 0xe1, 0x80000011, 0x7, 0x28000)
close_range$auto(r2, 0xfffffffffffff000, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="d71544400010", @ANYRES16=r0, @ANYBLOB="1b0026bd7000fddbdf250300000004000800100003800c000c80080006800111e15812000100898771f1c19f17790485908286dd000004000280"], 0x40}, 0x1, 0x0, 0x0, 0x50}, 0x400c880)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
mincore$auto(0x1000, 0x8001, 0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
mmap$auto(0x0, 0x202000d, 0x10000000000000a, 0xeb1, r1, 0x8000)
io_uring_setup$auto(0x6, 0x0)
fcntl$auto(0xffffffffffffffff, 0x26, 0x0)
fcntl$auto(0x8000000000000001, 0x7, 0x8)
r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x1, 0x6, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffc)
write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm1c/sub7/sw_params\x00', 0x280c60, 0x0)
pread64$auto(r4, 0x0, 0x5, 0x2000000000006573)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
executing program 4:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2003f2, 0x15)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x9)
madvise$auto(0x20000, 0x6, 0xfffffe00)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socket(0x15, 0x3, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xc40, 0x0)
mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
socket(0x2, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/mouse0\x00', 0x181502, 0x0)
socket(0xa, 0x80803, 0x6)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
r1 = epoll_create$auto(0x8800001)
epoll_ctl$auto(r1, 0x1, r0, 0x0)
executing program 0:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
r1 = socket(0x2, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_FS_IOC_UNRESVSP64(r1, 0x4030582b, 0x2)
socket(0x1d, 0x3, 0x1)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
getsockopt$auto_SO_NO_CHECK(r2, 0x3ff, 0xb, &(0x7f0000000040)='*%\x00', &(0x7f00000000c0)=0xc9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/ati_remote2/parameters/mode_mask\x00', 0x80401, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x84080801}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000328bd7000fedbdf25020000000800010010000000080003002000000008000200010000000800010048000003000000000004002f6465762f7474793000000008000200020000000000000000"], 0x36}}, 0x14000014)
write$auto(r3, 0x0, 0x800f)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000300)={'\x00', 0x7, 0x77, 0x1, 0x4, 0x2, "17ac1bffa6dae494eae3a0eecef41b", "fbcbed61", "09f9abf8", "404da8fb", ["aa1c0321183ca593c1e2db91", "34864d3d6b5ab550f58b7d18", "ee143090c321017daf8c9491", "6a377a79102f3fd37ed75847"]})
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_11={0x7, 0x3d, 0x16d7, 0x1000, 0xecb, 0x8, 0x3}, 0x9)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x23, &(0x7f00000000c0), 0x0)
executing program 3:
unshare$auto(0x40000080) (async)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x25, 0x1, 0x0) (async)
listen$auto(0x3, 0x81) (async)
socket(0x10, 0x2, 0x0) (async)
mmap$auto(0x0, 0x400008, 0x8008, 0xfdfffffffffffffb, 0x2, 0x8000) (async)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) (async)
mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) (async)
fsopen$auto(0x0, 0x1) (async)
madvise$auto(0xfffffffffffffffa, 0x9, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$auto_ethtool(0x0, r1) (async)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x78, 0x4, 0x300000000000) (async)
r3 = socket(0x1d, 0x3, 0x1)
getsockopt$auto(r3, 0x65, 0x6, 0xffffffffffffffff, 0x0) (async)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0)
sendfile$auto(r4, r4, 0x0, 0x3)
socket(0x10, 0x3, 0x0) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_ETHTOOL_MSG_STATS_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000844}, 0x0) (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='-\x00', @ANYBLOB=']'], 0x1ac}}, 0x40000) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
executing program 4:
write$auto(0xffffffffffffffff, &(0x7f00000002c0)='1\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) (async)
unshare$auto(0x40000080) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x101041, 0x0) (async)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745500, 0x0) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x42000, 0x0)
r2 = io_uring_setup$auto(0x59, 0x0)
openat$auto_lsm_ops_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
connect$auto(r1, &(0x7f0000000100)=@nfc={0x27, r3, 0xffffffffffffffff, 0x4}, 0x55) (async)
r4 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) (async)
syslog$auto_SYSLOG_ACTION_READ(0x2, &(0x7f0000000380)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x8000) (async)
r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r5, &(0x7f0000000440)="0a1bab5c30595644f93bb154d7886d8ec5eacee8d3371cadb82b2606381300770dc8f745b5c76eedaa0ec76b0a8b", 0x2e) (async)
sendmmsg$auto(0xffffffffffffffff, 0x0, 0x4, 0x0) (async)
ioctl$auto_XFS_IOC_FREESP(r2, 0x4030580b, &(0x7f0000000040)={0xffb0, 0x8, 0x8000000000000000, 0xd4e0000000, 0x9, <r6=>0xffffffffffffffff})
r7 = getpid()
process_vm_readv$auto(r7, &(0x7f0000000000)={0x0, 0x91f5}, 0x800000001, &(0x7f0000001080)={&(0x7f00000010c0)="837c43558323d5db424689e7e6cb5c40ad091e4374c10000000025", 0x1ffffffff}, 0x2, 0x0) (async)
r8 = openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/per_cpu/cpu0/stats\x00', 0x800, 0x0)
kcmp$auto(r6, r7, 0x8, r8, r0)
timer_create$auto_CLOCK_BOOTTIME(0x7, 0x0, 0x0) (async)
r9 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0)
sendfile$auto(r9, r9, 0x0, 0x2)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x4ab00, 0x0) (async)
ioctl$auto_SNAPSHOT_FREE(r4, 0x3314, 0x0) (async)
ioctl$auto_NVRAM_INIT(r2, 0x7040, 0x0)
executing program 3:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x7fffffff, 0x0, 0x9)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x0, 0x5, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/scsi/drivers/st/try_direct_io\x00', 0x121000, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001c00)=""/4111, 0x100f)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x7, 0xa, 0x800000000000004, 0x10000001, 0x948c, 0x6, 0x95f4da0a, 0xfffe, 0x900, 0xd64, 0x80000001, 0x9, 0x6d40, 0x5, 0x7ff, 0x9]}, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x3, 0x2)
mincore$auto(0x1000, 0x4000000, 0x0)
executing program 4:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
r0 = waitid$auto_P_PGID(0x2, 0x0, &(0x7f0000000100)={@_si_pad}, 0x9, &(0x7f0000000180)={{0x7}, {0x10000, 0x91}, 0x4, 0x0, 0xd33, 0x83, 0x100000001, 0x6, 0x7, 0x1, 0x6b1, 0x9, 0x3, 0x4, 0x8, 0x6})
mmap$auto(0x0, 0x100000020009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2a, 0x80002, 0x73)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x408)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
open(0x0, 0x64842, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ptyq3\x00', 0x40001, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
mprotect$auto(0x200000000000, 0x1f, 0x5)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0)
write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)='4', 0x1)
openat$auto_vga_arb_device_fops_vgaarb(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
select$auto(0x5, &(0x7f0000000080)={[0x400020000008, 0xfffffffffffffffc, 0x7, 0x6, 0xc, 0x3, 0x3, 0x1ffe000, 0x7, 0x2, 0x9, 0xf, 0xa657, 0x203, 0xd3, 0x1]}, 0x0, 0x0, 0x0)
unshare$auto(0x40000080)
r3 = socket(0xa, 0x3, 0x3a)
socket(0x3, 0x5, 0x0)
r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/005/001\x00', 0x100, 0x0)
poll$auto(&(0x7f00000004c0)={r4, 0x5, 0x2}, 0x3, 0x8)
ioctl$auto(r3, 0x8982, 0x1)
r5 = prctl$auto(0x3a, 0x2, r0, 0x5, 0x800007)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r5)
r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101c82, 0x0)
write$auto(r6, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
r7 = prctl$auto(0x5, 0x39a, r0, 0x9, 0x20000000000001ff)
ioctl$auto_BLKROSET(r7, 0x125d, 0x0)
executing program 5:
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0)
mmap$auto(0x7, 0x400008, 0xdf, 0x91, 0x7, 0x800008000)
socket(0xa, 0x3, 0x3a)
ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
io_uring_setup$auto(0x2, 0x0)
socket(0xa, 0x3, 0x3a)
setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4)
r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x1)
lseek$auto(r0, 0x9, 0x0)
getdents$auto(r0, 0x0, 0x62d4)
ioctl$auto_PPPIOCSPASS(r0, 0x40107447, 0x0)
setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x2, 0x0)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) (async)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
socket(0x10, 0x2, 0xc) (rerun: 64)
r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x42842, 0x95)
read$auto(r0, 0x0, 0x1)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket(0x1e, 0x4, 0x0)
socket(0x1e, 0x4, 0x0) (async, rerun: 64)
r1 = userfaultfd$auto(0x1) (rerun: 64)
getxattrat$auto(r1, 0x0, 0x2, 0x0, 0x0, 0x1000) (async, rerun: 64)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptya1\x00', 0x20080, 0x0) (async, rerun: 64)
io_uring_setup$auto(0x1000, 0x0) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async, rerun: 64)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (rerun: 64)
write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x28, 0x1, 0x0)
openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$auto_SEG6_CMD_DUMPHMAC(0xffffffffffffffff, 0x0, 0x20008804) (async)
sendto$auto(0xffffffffffffffff, 0x0, 0x8000000000000000, 0x7, 0x0, 0x5) (async)
select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x4f4, 0x8]}, 0x0) (async, rerun: 32)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x800, 0x3, 0x2a, 0xc, 0x400000000003, 0x3, 0x0, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x1]}, 0x0) (async, rerun: 32)
mmap$auto(0x4, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32)
r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/rds/tcp/rds_tcp_sndbuf\x00', 0x40601, 0x0) (rerun: 32)
write$auto(r3, 0x0, 0x0) (async, rerun: 64)
setrlimit$auto(0x1000000007, 0x0) (async, rerun: 64)
userfaultfd$auto(0x1)
executing program 0:
mmap$auto(0xb, 0x2000c, 0x147b, 0x11, 0x40000000000a5, 0x8000)
r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0)
readv$auto(r0, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1)
io_cancel$auto(0x40000f659, &(0x7f0000000340)={0xb2b6, 0x8009, 0x9, 0x7ff, 0x6, r0, 0x8000000000000001, 0x9, 0x1, 0x0, 0x6, r0}, &(0x7f0000000380)={0xfffffffffffff2a1, 0x800, 0x0, 0x20000000008})
r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r2=>0x0})
connect$auto(r1, &(0x7f0000000080)=@can={0x1d, r2}, 0x3)
r3 = socket(0x29, 0x2, 0x0)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x101001, 0x0)
lseek$auto(r4, 0xffffffffffffbaeb, 0xcd06)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(r3, 0x0, 0x4048010)
r6 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x80000000000)
write$auto(r5, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
mmap$auto(0xd, 0x40009, 0xdf, 0x16, 0x7, 0x1)
r7 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
ioctl$auto_PPPIOCSMRU(r7, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSPASS(r7, 0x40107447, &(0x7f0000000040)={0xffff, 0x0})
ioctl$auto_PPPIOCSPASS(r7, 0x40107447, &(0x7f00000000c0)={0x8a, &(0x7f0000000000)={0x28, 0xf3, 0x6}})
write$auto(r7, 0x0, 0x6)
mremap$auto(0x800000000000080, 0x7, 0x6, 0x0, 0x1)
process_vm_readv$auto(0x0, &(0x7f0000000180)={0x0, 0x4}, 0x3fffffffffe, &(0x7f0000000100)={&(0x7f00000001c0)="91d04987a19757812fbdb6db03347f6aaee89e8ac11f7775e9ea495cee156d0dc6f75fb1417c663a75c133c23cf585c90c18d5ff4bd7751b9abff424fd08bb67455464c3d31a775c24f35f50124395125a806e9cc938903fecb6ce122a424beb1d7f4fa8abf5dc3ea60ed2784bdd9ad7f69a85b14e613b7144fb9d2fe154f6bc6780183fa4061c2a1de30ab681f3e5a0dd", 0x40000000001243}, 0xb, 0x0)
ioctl$auto(0x3, 0x400454ca, 0x38)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r6, &(0x7f0000000280)='\x90\x96\xd1\x00\xe4\xd2\xab1\xc7\xe8\xad\x83\xb7=\x89Z;\xa3\f\x13A\x1c\xdc\x9a\x89\x98\x12\xb4\xbb\'\x1eu@\xe1=A\xbe\xaaa\xabA\xea\x147\xa6\xb2\x1d,\xafD\xcd\xa1\x8c\xd2\xc1R\xeb\x01\x86\xf8\x92ys&\xcf\x83\b&s\x04\x9b\xd6\xe9\xb0\x82_\xd2\xb9\x8a\xcd\x87jY\x03\xe7\xedW\x17<\xca\xef\xc2\x97\xdb\x91Pk\xd3\x01!\xba\x04\x951B\xa1\xc7ue&vU\xbc\xcesG\xea\x01\xd1\x8c\xca\xb3{\x1c7^gk&\x85\x95k4\xc3\xf4\x1fC\xceN\xcc\x16@\x1f\x0e\r', 0x80000000)
mmap$auto(0x200000000000, 0x810004, 0x40000000000ffb, 0x8000000008011, 0x3, 0x8000)
executing program 5:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})
clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) (fail_nth: 9)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x100, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r0, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/oom_adj\x00', 0xe0c42, 0x0)
clone$auto(0xffffffffffffc767, 0xb, 0x0, &(0x7f0000000140)=0x9, 0x81)
r1 = socket(0x2, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
bpf$auto(0x6, &(0x7f0000000000)=@bpf_attr_3={0x1, 0x9067, 0x40000080018c, 0xf3, 0x0, 0x8, 0x5, 0x57b8, 0xf, "63ac0600000033ebc15774e816ef77cf", 0x0, 0x100543, r1, 0x207, 0x3, 0x1009, 0x4, 0x2, 0xe, 0x5, @attach_btf_obj_fd, 0x5, 0x7fb, 0x6, 0xa, 0x48000000}, 0x10)
writev$auto(0xc8, &(0x7f00000028c0)={0x0, 0x200}, 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/sctp/snmp\x00', 0x0, 0x0)
rt_tgsigqueueinfo$auto(0x3, 0x96, 0x803, &(0x7f0000000180)={@siginfo_0_0={0x8, 0x7, 0x8000, @_sigpoll={0x8000000000000000}}})
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
r2 = socket(0x22, 0xa, 0xe)
move_pages$auto(0x0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x0)
unshare$auto(0x40000080)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x400000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
fdatasync$auto(r2)
waitid$auto(0x8, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000180)={{0xfffffffffffffff9, 0x80}, {0x2, 0x6}, 0x4, 0x3, 0x1, 0x3, 0x0, 0x9, 0x80000000, 0x7, 0xb7, 0x5d9, 0x8, 0x7ff, 0x2055})
mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0x2, 0x10000000008000)
socket(0xa, 0x3, 0x3a)
executing program 0:
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x103003, 0x0)
mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000)
madvise$auto(0x5, 0xffffffffffff0005, 0x17)
r0 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000)
clock_nanosleep$auto(0x8, 0x6, &(0x7f0000001040)={0x8000, 0x100000000}, &(0x7f0000001080)={0xfffffffffffffc00, 0x8000000000000001})
sysfs$auto(0x2, 0x100000008000034, 0xfffffffffffffffd)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0xa, 0x0)
mmap$auto(0x0, 0x2020009, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000)
fcntl$auto_F_GETOWNER_UIDS(r0, 0x11, 0x9)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ram0\x00', 0x67f00, 0x0)
preadv2$auto(r1, &(0x7f0000000080)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x400, 0xfa93)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x1f)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x4, 0x0)
fsopen$auto(0x0, 0x1)
close_range$auto(0x2, 0x8, 0x0)
read$auto_rng_chrdev_ops_core(r0, &(0x7f0000000040)=""/4096, 0xfffffe82)
futimesat$auto(0xffffffffffffffff, 0x0, &(0x7f0000001280)={0xa, 0x1000})
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio0/drvctl\x00', 0x28001, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
r3 = fcntl$auto(0x3, 0x401, 0x3)
io_uring_setup$auto(0x4, 0x0)
ioctl$auto_FIDEDUPERANGE(r3, 0xc0189436, 0x3)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setpgid$auto(0x0, 0x0)
executing program 3:
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9)
mmap$auto(0x0, 0x9644, 0xdf, 0x9b72, 0x2, 0x2d4a29c0)
pivot_root$auto(0x0, 0x0)
kexec_load$auto(0x9, 0x0, 0x0, 0x1003e0000)
mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0x2000040080000000, 0xe)
mmap$auto(0x7f, 0x8202000a, 0x3, 0xeb1, 0xffffffffffffffff, 0x75581f51)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x0, 0x5, 0x0)
pipe$auto(0x0)
r2 = socket(0x11, 0x80003, 0x300)
sendfile$auto(0x1, r2, 0x0, 0x8fb5)
r3 = epoll_create$auto(0x3e)
epoll_ctl$auto(r3, 0x1, 0x8000000000000000, 0x0)
connect$auto(0x3, 0x0, 0x10)
unshare$auto(0x40000080)
lseek$auto(0xffffffffffffffff, 0x0, 0x2)
readv$auto(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1)
getsockopt$auto(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0)
msgctl$auto_MSG_STAT_ANY(0x803, 0xd, &(0x7f00000003c0)={{0x7fff, 0xee00, 0xffffffffffffffff, 0xffdf, 0xa8, 0x80, 0x9}, 0x0, &(0x7f0000000380)=0x2, 0x5, 0x1, 0x3, 0x0, 0x200000000008, 0x5, 0xfffc, 0x8c2, @inferred=0xffffffffffffffff, @raw=0x7fff})
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x3)
bpf$auto_BPF_MAP_CREATE(0x0, &(0x7f0000000180)=@info={r1, 0x0, 0x7ff}, 0x5)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
executing program 5:
mmap$auto(0x4, 0x2, 0xdf, 0x9b72, 0x2, 0x7)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) (async)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0)
ioctl$auto_SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000080)="ff03") (async)
ioctl$auto_SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000080)="ff03")
ioctl$auto_XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f0000000580)={{<r1=>0xffffffffffffffff, &(0x7f0000000000)="830264aa9a714112fe57effb122a619379d54890f614", 0x2, &(0x7f0000000440)="b5c7a7e41b4ffb8cb6800803ceccb23c4adffc9dce380c81f7233f3949e4a70c4712fb3f7d9b04dd97c449ad1d42fb20a958ddcf591febf996c7bda3008306b1834448891689bc8b9bdeabb0a11f2b830b6f877a9797e28f082db62473a881a4044919554183015eefb35ca9fb115fab66f316f7225f91710c2c0ecf1688308da5ce64bd76180722", 0xa, &(0x7f0000000280)="fc1c0add76e6a1c48f6822837ee9478a11989495bc3c1617c9ca8fd3a49cf059c47e8e1301037f97e34d46d7f0", &(0x7f0000000300)=0x80000000}, {[0x8, 0x6, 0x58a1, 0x9]}, 0x7, 0x2, &(0x7f0000000500)="034f8f61bf897d8cee2ad99b795b71278f22ce0270469b39b7aa12ad9214db8be88cdee9c94a75ca1d6b12cd8d8d58184944795df34916aaecb48d92f4e5c91f320f28daeedbaef8c70352f73af0fff54f29d4141d5f5b9fa121bfeaec62451b35f37d4c62ad7b93cc7a"})
r2 = bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000600)=@bpf_attr_7={@btf_id=0xf1, 0x10}, 0x7fff)
ioctl$auto_XFS_IOC_FREESP(r2, 0x4030580b, &(0x7f0000000340)={0xcb, 0x8, 0x3, 0x1, 0x4, 0xffffffffffffffff}) (async)
ioctl$auto_XFS_IOC_FREESP(r2, 0x4030580b, &(0x7f0000000340)={0xcb, 0x8, 0x3, 0x1, 0x4, <r3=>0xffffffffffffffff})
r4 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={r3, r0, 0x7, 0x7, 0x6dad, 0x254f, r1, 0x2d, 0x1000}, 0x10)
bpf$auto(0x18, &(0x7f0000000380)=@bpf_attr_11={0x0, 0x9, 0x866b, 0x100005, 0x80000009, 0xfffffe01, 0xe6d9, r4}, 0x92)
socket(0xa, 0x5, 0x0) (async)
r5 = socket(0xa, 0x5, 0x0)
writev$auto(r5, &(0x7f0000000100)={&(0x7f0000000080)="0d24c3d8456e33252772a97ea23163029b0af04651826ef4c36b09611510613aca4996e948e02213985a47824e9a4c219c4a48f62bc41e0fa094cb77de856dc6a99ae44147cdde583c55044b7e1b1dc523eef3c169927dad1a38e97c77c75866e3d24ce4becdab2b57", 0x3}, 0xc2)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x200400, 0x0) (async)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x200400, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000040)=0x5)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x20000081)
socket(0x10, 0x2, 0x4) (async)
socket(0x10, 0x2, 0x4)
r6 = socket(0x10, 0x3, 0x6)
lstat$auto(0x0, &(0x7f0000000180)={0xfff, 0x7ff, 0x0, 0x63, 0x0, 0x0, 0x0, 0x8, 0x200, 0x800000000100002, 0x40000406, 0x2, 0xc, 0x2, 0x12, 0x6, 0x7})
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xee46}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xee46}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 4:
statmount$auto(0x0, &(0x7f0000000380)={0x3, 0x1, 0x9, 0x7352, 0x41, 0x65f, 0x1ffde, 0x7, 0x3, 0x2, 0xb, 0x3, 0x5, 0x101, 0xb4, 0x9, 0x7fffffffffffffff, 0x7ff, 0x84, 0x4, 0xfffffffd, 0x4, 0x2000, 0x203, 0x0, 0xb4, 0x4, 0x0, 0x0, 0x0, 0x81, [0x7, 0x0, 0x68, 0x0, 0x100000000, 0x400000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x800, 0x0, 0x0, 0x80000000, 0x2000000000, 0x0, 0x0, 0x0, 0x9d, 0xfff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x200000000, 0x1000000000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3, 0x800000000000000, 0x7e30e0be], "ba714e8019191f689ef2348dc498f3c44263cec7ed9bc0ca8441e72f000001b60f97718d84bec93235058bb0188c194ab1327a4619c53ce26b8eae1f22b64f3b58dce947b43afd754d7cdd7613221c5302d31062600b8e064ae81fff7586d82833e3d49b1bf7512bd937d1d603daf81baf5df030ec11186984827afe16d881b71635801e83e9eb599070d10b9eaa237ad998c67e965f88"}, 0x1fe, 0x11)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/sit0/ifindex\x00', 0x80000, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x202, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x2)
mmap$auto(0x0, 0x20006, 0x4000000000dc, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x11, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54)
write$auto(0x3, 0x0, 0xfdef)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/9u\x00', 0x40000, 0x0)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0)
r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48980, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f00000000c0)={0x4, 0x7, 0x0, 0x400, 0x9a, "077c1315ff06c9cc9ff4956913870ef95ebcd43e985b110210346f7f05f8bd5d8b4458e71254da2aab17208e518d2a9b3c20bd53a710ce119b1b61b0"})
read$auto(0x3, 0x0, 0x7fffffff)
openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cec19\x00', 0x80840, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008004)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
executing program 0:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram3\x00', 0x44000, 0x0)
mprotect$auto(0x200000000000, 0x806121, 0x8)
mq_notify$auto(0xffffffffffffffff, &(0x7f0000000040)={@sival_int=0x375, @inferred, 0x1})
sysfs$auto(0x2, 0x10000000000002f, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x80002, 0x73)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @local}, 0x54)
sendmmsg$auto(r0, 0x0, 0x9a6, 0xe000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
connect$auto(0x3, &(0x7f0000000080)=@xdp={0x2c, 0x4, 0x0, 0xc}, 0x54)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0)
r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r2, 0x400454a4, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
pread64$auto(r1, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
unshare$auto(0x40000080)
write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00J:\xdd\xfc\xb6\xc6\x0f\xaf\xe3\x0f\xd1V\xb1yz\\\xa6\xed\ag+\xa3p(\xe2\x1b\xdc7\x1b\xc4TM}\xce\x90\xfa9\x957\xec\xd8\xe0TC\x86\xad\xe1G\xc7\xd4\x96\x12h\x84;Y\xe2\x03i\xa1)`\n\xc3\xfeR\x06\x03\xf5/@\xf0\'\xb9\xdf\xe1\xef\v\x19B\xc0\xe2\xac\xa5^\x01D\xef\xaf#\xbc\xa5\xf9J\xdc\xc3),=1\b\x05\x9d\x82\xd4\'\xe8\xfe\xfd\x9a\x9f\x00\x00\x00\x00\x00\x00\x00\x00', 0x7f)
mmap$auto(0x0, 0xe983, 0xdf, 0x400000000000eb1, 0xffffffffffffffff, 0x8000)
executing program 5:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
r0 = socket(0x2, 0x5, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000e500", @ANYRES16=r2, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003800c000980080001808847338012000100898771f1c19f17790485908286dd000004000280"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setresgid$auto(0x800, 0x0, 0xffffffffffffffff)
setresgid$auto(0x0, 0xffffffffffffffff, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x20)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x22b40, 0x0)
read$auto(r5, 0x0, 0x100000000)
close_range$auto(r3, r5, 0x5)
socket(0xa, 0x3, 0x3a)
mmap$auto(0x0, 0x20009, 0x6, 0xfffffffffffffffe, 0xffffffffffffffff, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8080, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r6 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mem\x00', 0x1a481, 0x0)
write$auto_proc_mem_operations_base(r6, &(0x7f0000001100)="a7c1f7", 0x3)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0xfff, &(0x7f00000000c0)={0x0, 0x1feff}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311)
executing program 4:
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x100000, 0x2b1, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x400008, 0x5, 0x9b72, 0x2, 0x6)
r1 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
sendmmsg$auto(r1, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x9, 0xfffffffd}, 0x1}, 0x5, 0x20000000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x1, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xc834, 0xfffffffffffffffa, 0x8000)
pwrite64$auto(0xffffffffffffffff, 0x0, 0xb, 0x8000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/ieee80211/phy0/hwsim/ps\x00', 0x100, 0x0)
ioctl$auto(0x3, 0x80108907, 0x38)
setsockopt$auto(0x3, 0x6, 0x3, 0x0, 0xd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x0, 0x2091d1, 0x1, 0x0, 0x6, 0x2)
write$auto(0x3, 0x0, 0xfffffdef)
madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000280), r1)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000800)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r2, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r2, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_BEACON_INTERVAL={0x5, 0x26, 0x4}, @NL802154_ATTR_COORDINATOR={0x8, 0x1e, 0x0, 0x1, [@generic="25d3500a"]}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8804}, 0x4000040)
prctl$auto_SECCOMP_MODE_STRICT(0x3, 0x1, 0x0, 0x9, 0x1)
executing program 5:
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0)
mmap$auto(0x7, 0x400008, 0xdf, 0x91, 0x7, 0x800008000)
socket(0xa, 0x3, 0x3a)
ioctl$auto_TIOCMSET2(0xffffffffffffffff, 0x5418, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
io_uring_setup$auto(0x2, 0x0)
lseek$auto(0xffffffffffffffff, 0x9, 0x0)
setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567)
unshare$auto(0x40000080)
pread64$auto(0xffffffffffffffff, &(0x7f00000002c0)='\x00', 0xffff, 0xb2)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
r1 = socket(0x2, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_FS_IOC_UNRESVSP64(r1, 0x4030582b, 0x2)
socket(0x1d, 0x3, 0x1)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x20009, 0x7, 0x12, 0xffffffffffffffff, 0xf4e)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
getsockopt$auto_SO_NO_CHECK(r2, 0x3ff, 0xb, &(0x7f0000000040)='*%\x00', &(0x7f00000000c0)=0xc9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/ati_remote2/parameters/mode_mask\x00', 0x80401, 0x0)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x84080801}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000328bd7000fedbdf25020000000800010010000000080003002000000008000200010000000800010048000003000000000004002f6465762f7474793000000008000200020000000000000000"], 0x36}}, 0x14000014)
write$auto(r3, 0x0, 0x800f)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000300)={'\x00', 0x7, 0x77, 0x1, 0x4, 0x2, "17ac1bffa6dae494eae3a0eecef41b", "fbcbed61", "09f9abf8", "404da8fb", ["aa1c0321183ca593c1e2db91", "34864d3d6b5ab550f58b7d18", "ee143090c321017daf8c9491", "6a377a79102f3fd37ed75847"]})
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_11={0x7, 0x3d, 0x16d7, 0x1000, 0xecb, 0x8, 0x3}, 0x9)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x23, &(0x7f00000000c0), 0x0)
executing program 4:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})
clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) (fail_nth: 10)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 8 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY-clone$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})
clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) (fail_nth: 10)

program crashed: KASAN: slab-use-after-free Read in __schedule
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})

program crashed: KASAN: slab-use-after-free Read in __schedule
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal
detailed listing:
executing program 0:
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
program crashed: WARNING in __mmdrop
a never seen crash title: WARNING in __mmdrop, ignore
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})

program crashed: WARNING in __mmdrop
a never seen crash title: WARNING in __mmdrop, ignore
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})

program crashed: WARNING in __mmdrop
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})

program crashed: WARNING in __mmdrop
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_pid_maps_operations_internal-ioctl$auto_PROCMAP_QUERY
detailed listing:
executing program 0:
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5})

program crashed: KASAN: slab-use-after-free Read in __schedule
validation run: crashed=true
reproducing took 47m4.326342612s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
BUG: KASAN: slab-use-after-free in membarrier_switch_mm kernel/sched/sched.h:3666 [inline]
BUG: KASAN: slab-use-after-free in context_switch kernel/sched/core.c:5230 [inline]
BUG: KASAN: slab-use-after-free in __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867
Read of size 4 at addr ffff88801db4e2c0 by task kworker/u8:1/13

CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x156/0x4c9 mm/kasan/report.c:482
 kasan_report+0xdf/0x1a0 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:186 [inline]
 kasan_check_range+0x10f/0x1e0 mm/kasan/generic.c:200
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 membarrier_switch_mm kernel/sched/sched.h:3666 [inline]
 context_switch kernel/sched/core.c:5230 [inline]
 __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:6964
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 addrconf_dad_work+0x11f/0x1360 net/ipv6/addrconf.c:4194
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>

Allocated by task 5942:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270
 dup_mm kernel/fork.c:1519 [inline]
 copy_mm kernel/fork.c:1581 [inline]
 copy_process+0x73df/0x7890 kernel/fork.c:2221
 kernel_clone+0xfc/0x930 kernel/fork.c:2651
 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 6090:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6674 [inline]
 kmem_cache_free+0x143/0x720 mm/slub.c:6789
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x76e/0xb70 kernel/sched/core.c:5143
 context_switch kernel/sched/core.c:5263 [inline]
 __schedule+0xfee/0x5fa0 kernel/sched/core.c:6867
 preempt_schedule_common+0x42/0xc0 kernel/sched/core.c:7051
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 anon_pipe_write+0xdaa/0x1d40 fs/pipe.c:596
 new_sync_write fs/read_write.c:593 [inline]
 vfs_write+0x6ac/0x1070 fs/read_write.c:686
 ksys_write+0x1f8/0x250 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88801db4e200
 which belongs to the cache mm_struct of size 2968
The buggy address is located 192 bytes inside of
 freed 2968-byte region [ffff88801db4e200, ffff88801db4ed98)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1db48
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff888031ddb901
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88813ff30b40 dead000000000100 dead000000000122
raw: 0000000000000000 00000000800a000a 00000000f5000000 ffff888031ddb901
head: 00fff00000000040 ffff88813ff30b40 dead000000000100 dead000000000122
head: 0000000000000000 00000000800a000a 00000000f5000000 ffff888031ddb901
head: 00fff00000000003 ffffea000076d201 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5202, tgid 5202 (udevd), ts 49764882375, free_ts 49738398245
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1e1/0x250 mm/page_alloc.c:1884
 prep_new_page mm/page_alloc.c:1892 [inline]
 get_page_from_freelist+0xe3d/0x2e10 mm/page_alloc.c:3945
 __alloc_frozen_pages_noprof+0x26c/0x2410 mm/page_alloc.c:5240
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2486
 alloc_slab_page mm/slub.c:3075 [inline]
 allocate_slab mm/slub.c:3248 [inline]
 new_slab+0x2c4/0x440 mm/slub.c:3302
 ___slab_alloc+0xda3/0x1ca0 mm/slub.c:4656
 __slab_alloc.isra.0+0x63/0x110 mm/slub.c:4779
 __slab_alloc_node mm/slub.c:4855 [inline]
 slab_alloc_node mm/slub.c:5251 [inline]
 kmem_cache_alloc_noprof+0x4ec/0x780 mm/slub.c:5270
 dup_mm kernel/fork.c:1519 [inline]
 copy_mm kernel/fork.c:1581 [inline]
 copy_process+0x73df/0x7890 kernel/fork.c:2221
 kernel_clone+0xfc/0x930 kernel/fork.c:2651
 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5349 tgid 5349 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0x822/0x1130 mm/page_alloc.c:2973
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270
 vm_area_dup+0x27/0x8e0 mm/vma_init.c:123
 __split_vma+0x18c/0xe30 mm/vma.c:513
 vms_gather_munmap_vmas+0x3aa/0x1320 mm/vma.c:1423
 __mmap_setup mm/vma.c:2405 [inline]
 __mmap_region+0x46e/0x2820 mm/vma.c:2734
 mmap_region+0x180/0x3e0 mm/vma.c:2830
 do_mmap+0xc63/0x12f0 mm/mmap.c:558
 vm_mmap_pgoff+0x29e/0x470 mm/util.c:581
 ksys_mmap_pgoff+0x328/0x5b0 mm/mmap.c:604
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff88801db4e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88801db4e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88801db4e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff88801db4e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88801db4e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
BUG: KASAN: slab-use-after-free in membarrier_switch_mm kernel/sched/sched.h:3666 [inline]
BUG: KASAN: slab-use-after-free in context_switch kernel/sched/core.c:5230 [inline]
BUG: KASAN: slab-use-after-free in __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867
Read of size 4 at addr ffff88801db4e2c0 by task kworker/u8:1/13

CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x156/0x4c9 mm/kasan/report.c:482
 kasan_report+0xdf/0x1a0 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:186 [inline]
 kasan_check_range+0x10f/0x1e0 mm/kasan/generic.c:200
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 membarrier_switch_mm kernel/sched/sched.h:3666 [inline]
 context_switch kernel/sched/core.c:5230 [inline]
 __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:6964
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 addrconf_dad_work+0x11f/0x1360 net/ipv6/addrconf.c:4194
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>

Allocated by task 5942:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270
 dup_mm kernel/fork.c:1519 [inline]
 copy_mm kernel/fork.c:1581 [inline]
 copy_process+0x73df/0x7890 kernel/fork.c:2221
 kernel_clone+0xfc/0x930 kernel/fork.c:2651
 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 6090:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6674 [inline]
 kmem_cache_free+0x143/0x720 mm/slub.c:6789
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x76e/0xb70 kernel/sched/core.c:5143
 context_switch kernel/sched/core.c:5263 [inline]
 __schedule+0xfee/0x5fa0 kernel/sched/core.c:6867
 preempt_schedule_common+0x42/0xc0 kernel/sched/core.c:7051
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 anon_pipe_write+0xdaa/0x1d40 fs/pipe.c:596
 new_sync_write fs/read_write.c:593 [inline]
 vfs_write+0x6ac/0x1070 fs/read_write.c:686
 ksys_write+0x1f8/0x250 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88801db4e200
 which belongs to the cache mm_struct of size 2968
The buggy address is located 192 bytes inside of
 freed 2968-byte region [ffff88801db4e200, ffff88801db4ed98)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1db48
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff888031ddb901
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88813ff30b40 dead000000000100 dead000000000122
raw: 0000000000000000 00000000800a000a 00000000f5000000 ffff888031ddb901
head: 00fff00000000040 ffff88813ff30b40 dead000000000100 dead000000000122
head: 0000000000000000 00000000800a000a 00000000f5000000 ffff888031ddb901
head: 00fff00000000003 ffffea000076d201 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5202, tgid 5202 (udevd), ts 49764882375, free_ts 49738398245
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1e1/0x250 mm/page_alloc.c:1884
 prep_new_page mm/page_alloc.c:1892 [inline]
 get_page_from_freelist+0xe3d/0x2e10 mm/page_alloc.c:3945
 __alloc_frozen_pages_noprof+0x26c/0x2410 mm/page_alloc.c:5240
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2486
 alloc_slab_page mm/slub.c:3075 [inline]
 allocate_slab mm/slub.c:3248 [inline]
 new_slab+0x2c4/0x440 mm/slub.c:3302
 ___slab_alloc+0xda3/0x1ca0 mm/slub.c:4656
 __slab_alloc.isra.0+0x63/0x110 mm/slub.c:4779
 __slab_alloc_node mm/slub.c:4855 [inline]
 slab_alloc_node mm/slub.c:5251 [inline]
 kmem_cache_alloc_noprof+0x4ec/0x780 mm/slub.c:5270
 dup_mm kernel/fork.c:1519 [inline]
 copy_mm kernel/fork.c:1581 [inline]
 copy_process+0x73df/0x7890 kernel/fork.c:2221
 kernel_clone+0xfc/0x930 kernel/fork.c:2651
 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5349 tgid 5349 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0x822/0x1130 mm/page_alloc.c:2973
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270
 vm_area_dup+0x27/0x8e0 mm/vma_init.c:123
 __split_vma+0x18c/0xe30 mm/vma.c:513
 vms_gather_munmap_vmas+0x3aa/0x1320 mm/vma.c:1423
 __mmap_setup mm/vma.c:2405 [inline]
 __mmap_region+0x46e/0x2820 mm/vma.c:2734
 mmap_region+0x180/0x3e0 mm/vma.c:2830
 do_mmap+0xc63/0x12f0 mm/mmap.c:558
 vm_mmap_pgoff+0x29e/0x470 mm/util.c:581
 ksys_mmap_pgoff+0x328/0x5b0 mm/mmap.c:604
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff88801db4e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88801db4e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88801db4e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff88801db4e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88801db4e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================