last executing test programs: 16.017567299s ago: executing program 1 (id=75): unshare$auto(0x40000080) r0 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x68902, 0x0) write$auto(r0, &(0x7f00000006c0)='/sys/ernel/debug\xd4\x00\x04\x00/rin\xa3\xdfteback-1/edid_override\x00&\x9c\xabdj\xaa\x87\xe6[J!y\x80\x00\r\xb1\xee\xf9\xba\xbb\xd4\x14\xcbh\xb8\x8ar,\xbe\xdb0\xb4\x1f?\xe3\xc1=f$\x88\xd6\xf3\xa3\x8e\r\xf5\xb7{\xf44S\xfaQ\x87\x9ef\x8e\xed\xc0c\xff\xef\xb2\xf4\x93\x02\xeclc\xabI5\x96\"\x865\x00\n,F\f\x1c\xb5\ap<\xba\xcb\xc6U\xd3\x80Y\xb8\f\xa0\x03\xff\xe4\x88\x0e\xf4\x1c\xc1\xb0\x03\xb8\x12jpP\xbf+\xe27/\x94`\xf8\xd4\x00\x00\x00\x007@\xe3\xf4\xdd5\xe2Ta0\xe1\x8a4XT9\xbd+\x9f\xe4%\x9f0\x8d\x8f=\x837\xdb\xdalw\xc6\xdc\x12\xb8\xe7\xcd\x80\xc6a\xea\xa3\xd2\xc7\xec\xd7}\xc5\xcb\xa3\f<\xea\x1a8\xf7\xac\xe7H\x92\xbd\xbevp\x80\xb5\x12P\xbe8\x86\xa3I\xce\x8ay\x99zQ\xf5\xd2$\xe8\b\xabqD}\xf1F?e\xb2\xab\xdf\xbf\xcak\x84\xf2\x16\xca7\x1ae[\xb3\xb6\xc0\xd3\xc5\x82\x1aa\x87\x8c\xbf\xfbfjS\x0fa+\x0f9\xb5i}T\xf4\xb7#\x15\xae?46K\xde\x98\x99#V\x83\x87dVU\xa1\xf5\x18\x17\xa3\xf4\x05>\x82\xdc\x19\xf0\x15\xa1;\xe1\xa7/>\xb1.OjXo\xb7\xfd\xa8\xb2\x8e\x11\xb5\xc4ysF\x0f~>%\xef\t\x00\xbeZ\xb8\xbd\x86\xf1\xbcl\x83y^r\'\xa1Am\xe9F8|,\xc3\xd3=\xcd\b!\x8c\xf6\x9a\x9ew\x9aJ\xff~\xba\xe5\x86\xff\xfa\xbe\xfa5<% \xfe\xce\x86\'\xe9\f\x87\x8f\xac\xac\xd6\x04\x99!3\xa7\xdb~\xf7u|\xc2\xca{\xb7\x1bV\xf7\x0e\xa7W\x82\xe8\xa9y\x92R\x1f\'B\xaf\xc7?\x15D\xcb\x82\x11\xbb\x1f1l\t\xf0\x823\xfc0\xdf\xec\xcf$\xeb\x83d\x00\xcdo\xe7\x05Gp\xfd#q\x9c\x12b\xe3p\xfekP\x8e\xff\xc6}\v7\x9cF\xffXG\x19f\x85%\x9fA\xef\n\xec\x9f\xc2TW,\xe8a\xc8\x98\xaa\xb0;\xe1\xe4X\xf9)\xcb\x19\x93\x02i\xd9yj\x00\xe5\x01\xacH\x87\xa2I\x93\x95\xa9\xf9l\x01\x00\x00\x00(Bp\xd5pjAj\xe4\xb9W\bL\xe5b\xad\xc5\xfd\xa3Lh\xadu\x10*\x99\x91~\xcb\xe5\x11\x8e//-KE(/ V\xd5*9l\xcc\xd5+1\xc1\xfe\xd0\xd8<8\x86\xab\xdb\xd3\x7f\x173\"\xdd(\x1f\xe2\xddzC\xab\xbc\x8bH\xbf\x16FTYL\x15\xde\n\x12XmQM\xb0\x8f\x91S\x97\xdb\x03\x84\x8de=\nBH\xafo\xefA\xcb\xf1\xa0s\xf7\xbc\xfe\x87\v\xb9\x03+j\xe8u\x0f\xc3\x92)T\xc4\xb2C]\xe1\xb9\x819\xdb\xbf\x91\x9d\xc6\xc1/\x06\xc6\x97\x19[\x03\x14\xba\x12\x83,t\x97\x93<\xfd\x0f\xd4(\xc4\xc5\x92\x95\x95Ep>\xd0>[9\xf3\xd9\x1b\x12\xa8\x17\x89\xccP\xc8#\xb75\x81\x86\xb1\x15\x8b\x86xq\xa2\xf0U`\x83WS\x1b\xee\xa2\xf36\xa6.=\xe0\be\xe8\xd6ht\x94cN\xbcx\xba\xc7\x03\x7f\x1c\xea>\x980\x12+\xbb\x16\x12\x82\xcf*\b*\xdb\xf6\xa4\xae\xb6\f\xb8!\x14\x88\xa5l3\xff]\x96p\xce\xc2h\xc8\x04\x96\xd9:\xc3\xd0\xdd]d\x7f5\xe5\xb3\xb6\x91\xa1\x9a\xc9$9ny\x1f>\xabO\xb1E!\xd7\xa0\v\xba\xe3h\xc4]\n\"\xe9p\xa3\xda\xdb\xc1\xd2q\xee0\b$0\xd2W>UkCbM\xd39\xc3\xd0\xed\xa3\xb6\x8b4\t\xef\xc6\xbf}D\xf1w\xabv\x87\xd67\xb0\x91L\x9f\n\x10bP\xc7h\xbc\x8cG-)\xd4\xc7\xca\xeb^n\r\xf8#\xa8\t\x88\x89ST\xf4\xfd\x9ep?\x00X\xc7@\xf3\x86\xe3\n\xb9cT=\x8e.\xfby8\xb1\x90\xe03AzF?T\x81%\xee\xd9\xc9#B*\xff\xdd\x05=/\xb7\xc4\xa8\x06\x00W\\\xc0\xf5q\x81di\\\xc15GY\n0\xd5\xc1d\xf1\xa5+\xc7E\xb5w\x81\x04q\xb8\v\x84.f\x0f\x14\xd4\x98t`\x9e\x83\x99\'\nX\xfb\x94:\xe6\xdd&8\xfe\xd2\x88\x8b\x164{b\xc3\xa1qFK\x1fj?\x1eV\xc3\x03\xaa\x14\xc1\xc1\x10g\xab\xfe\xb8}\xab\x87\x0f\x82y\xfd\x18z|G1\xa5\xf5\x0f/p\xc6\x97\x0f\x8a\xcbe\xe3\xb8;\xd7R\x98\xa9\xab5\xb3\xf1i^BUMy\x11\xbe\xc9\r\x87\x1e1\xcc\x1cK\xa7C\xdb/\x9b\xec\xdd\x87\xda\xa4#\xb8\x19\t`\xf1\x1f\xa1pE\xfe\xceO\x1d\xb3\xd5\xd4\xd7M\xadt\x00\x00\x00\x00\x00\x00\x00', 0xb4a5) mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001003a66520008000200ed499fd9e45f2d43b917c30b27270f936b19721b3f69676dc0ccceed1edeb13a50b76aaafabe88f6219d5aae3c669269950e55af828e875b663e15ef9cedb982fa87920c7e3a0d7a07386beca941", @ANYRES32=0x9, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), r2) close_range$auto(r1, r1, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r4 = socket(0xa, 0x1, 0x84) sendfile$auto(r0, r4, &(0x7f0000000080)=0x6, 0x8) getsockopt$auto(r4, 0x84, 0x66, 0x0, &(0x7f0000000000)=0x7ffe) 14.294230335s ago: executing program 2 (id=77): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) capget$auto(0x0, 0x0) r1 = socket(0x2c, 0x3, 0x0) getsockopt$auto(r1, 0x11b, 0x7, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r4, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) 12.82654264s ago: executing program 1 (id=79): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) capget$auto(0x0, 0x0) r1 = socket(0x2c, 0x3, 0x0) getsockopt$auto(r1, 0x11b, 0x7, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r4, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) 12.242221135s ago: executing program 0 (id=80): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) capget$auto(0x0, 0x0) r1 = socket(0x2c, 0x3, 0x0) getsockopt$auto(r1, 0x11b, 0x7, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r4, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) 11.365696764s ago: executing program 3 (id=81): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) capget$auto(0x0, 0x0) r1 = socket(0x2c, 0x3, 0x0) getsockopt$auto(r1, 0x11b, 0x7, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) write$auto(0xffffffffffffffff, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) 11.018712895s ago: executing program 2 (id=82): mmap$auto(0x0, 0x20009, 0xde, 0xeb1, 0x40000000000a5, 0x20000000008000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) r0 = ioctl$auto_TUNSETDEBUG(0xffffffffffffffff, 0x400454c9, &(0x7f0000000140)=0xfffffffe) fspick$auto(r0, &(0x7f0000000180)='}[,&*}\x00', 0x9) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00', @ANYRES16, @ANYBLOB="e958e86e5bafd39a3f8aa96117ffbe687c"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ustat$auto(0x801, 0x0) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, 0x0, 0x8002, 0x0) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, 0x0) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0x40383d0c, 0x0) recvmmsg$auto(r1, 0x0, 0x5, 0x66a6, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) kexec_load$auto(0x8, 0x4, 0x0, 0x5) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='}[,&*}\x00', 0x505082, 0xa3fa447e9e7d3a09) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='}[,&*}\x00', &(0x7f00000000c0)={0x381000, 0x86}, 0x18) r5 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x40002, 0x0) sendfile$auto(r4, r5, &(0x7f0000000200)=0x8010, 0x788b) write$auto(r5, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0x5) unshare$auto(0x40000080) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r6, 0x0, 0x800000006) ioctl$auto_SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000180)="dd06d1574c0a1719baadf81f683297e8af14b4dad2728892c747c5e01a1b7165a54b36471475e5b56eef9a6bd918ceb4aef4e8bcdd0f2bd3802806ade24a889ac8e25bd16ed461f77747f93e2c4e9d6014a2c6208ecf3c9961f5be") 9.178449615s ago: executing program 1 (id=83): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8001, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x3, 0xb, 0x3132, 0x4008df3, 0x0) capget$auto(0x0, 0x0) r1 = socket(0x2c, 0x3, 0x0) getsockopt$auto(r1, 0x11b, 0x7, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r3 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r4, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) 8.874021254s ago: executing program 0 (id=84): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x30540, 0x0) ioctl$auto_SNDCTL_DSP_GETFMTS(r0, 0x8004500b, &(0x7f0000000040)="d1cfa89e6b581699403f2e707cd6") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r1, 0x7, 0x7, &(0x7f0000000000)='\x00', 0x3) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$auto_BATADV_CMD_GET_MESH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x54, r2, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_NEIGH_ADDRESS={0xa, 0x18, @multicast}, @BATADV_ATTR_BLA_ADDRESS={0xa, 0x1f, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040810}, 0xc040) msgrcv$auto(0x0, 0x0, 0xff9, 0xffffffffffffffff, 0x3) msgsnd$auto(0x0, &(0x7f00000000c0)={0x76, 0x5}, 0x8, 0x9) 8.788221844s ago: executing program 2 (id=85): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0xf44, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x4, &(0x7f0000000000)={0x5, 0x9, 0x36ec}, 0x10000000, 0x0) mkdir$auto(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x8cd) r0 = openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, &(0x7f00000002c0)=@bpf_attr_1={r0, 0x8, @value=0x5, 0x4}, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = inotify_init1$auto(0x3000000000000) socket$nl_generic(0x11, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x2, 0x1) unshare$auto(0x40000080) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/smaps_rollup\x00', 0x840, 0x0) read$auto(r1, 0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) write$auto(0x3, 0x0, 0xfdef) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x30541, 0x0) ioctl$auto_SNDCTL_DSP_GETFMTS(r2, 0x8004500b, &(0x7f0000000040)="d1cfa89e6b581699403f2e707cd6") madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r3, 0x7, 0x7, &(0x7f0000000000)='\x00', 0x3) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000100), 0xffffffffffffffff) 8.644066734s ago: executing program 3 (id=86): unshare$auto(0x40000080) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x100, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x82, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x800, 0x0) mmap$auto(0x0, 0xe87f, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0xfffffffffffffffc, 0x40000a, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x38}}, 0x54) getpriority$auto(0x100, 0xffffffffffffffff) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioctl$auto_SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000380)={0x1, 0xe1}) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x2, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x8) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/uprobe_events\x00', 0x800, 0x0) ioctl$auto_SNDCTL_MIDI_PRETIME(r1, 0xc0046d00, &(0x7f0000000280)="3c56e86300") openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) r3 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/netdevsim/netdevsim2/ports/0/ipsec\x00', 0x1950c2, 0x0) sendto$auto(r3, &(0x7f0000000400), 0x9, 0x1, &(0x7f00000004c0)=@ethernet={0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x100) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram9\x00', 0xc58a23f2944acfb, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000240), r2) 7.428751296s ago: executing program 0 (id=87): mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) gettid() socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000002340), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x18781, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x9, &(0x7f0000000000)={0x28, 0x17, 0x96, @inferred=r0}}) write$auto_cpu_latency_qos_fops_qos(r1, &(0x7f00000000c0)="c0219caba008", 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000000100)="fb", 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/vxlan/parameters/udp_port\x00', 0x2400, 0x0) read$auto(r3, 0x0, 0x20) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r4, 0x4001af84, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) madvise$auto(0x0, 0x200204, 0x15) close_range$auto(0x2, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 6.19574079s ago: executing program 2 (id=88): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x3, 0xffffffffffffffff, 0x3fda, 0x3, 0x7fffffffb000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x4, 0x5, 0x0, 0x1, 0xd) write$auto(r0, &(0x7f0000001380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xfc\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\r&\xec\xb8\xb1Z\\\xc9L\xb2\t\xddbH|\xffGP\x97)\xb9:nqn\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc$\xa0\xa5\xce\xca\xe1P\xf7\xe5_\xca\xd5\xd8\xa4g_\xb1\x88\x8cAJS\x11\x8b\xd1%a\xe5DPk\x8c\xf9\xfb\xe0+\xdb\x12\x10.F\x00\xc37\xc7\xbf\x80\xbeu\xe1V\xb2\xc5\xc9\x1a\xc7\xdc}!\x10\xb1\",1%\x0e\xeb\x15\x15me\xe1a\x03\x18{\xb03+\x93*vB\xc6\xf1\xc6\xff\xbbt\x04!\xb6\v\xde2\xc9\x89#\xbaR\xee\x13jF%\xf2\x15\x9a\x82&\x89o\xa9\xd9\xbfFY\x90\x8c\xa0\xe4\x9d\xa2\xcd\x9a\xb5TC\xc4\x9d\x9ePb]\xaa\xc7f\x06N\xc5\xfa{\x02Y\xae\xf4(\xaa\x06);{?\x1e\fu\x19b\xdf$,\x01\"\x94\x00\x00\x00\x00\x003\xcfZ\xaf~<\xba\xb7\xa03\x8c\n*krS\x19Q#\x8f\xfbW\xad\xe0\xb3o\xcb\xf7\xda\x87C\x99\x1a\xa8\xc1\xe3\xc6%\xac\x01@*\xa0\xc4\xedn-lT\xe6*?\'\x9dW=\xa7\x03\x06\x83 IT\xa3\x7ff\xb6\x95\xe5\xd2\n\xaf\x87`\xce%\xf6 &\xa7M5I\x9c\x17h\x8c\xa4\x98\x16\xe0\xd9?Y\x7f\xf6\x85_{\xfd9p$B9_\xd8\xf4\x0e\xd0\xfa\xe7\xb0\xb8\xa0\xd7\a\xff.\"\x81\b\xb0\xb4\x84\xac\xad\x1b\x93~_\xea\xfe7\x03\"\xd9\x1d.\xe5{bHX\x14\xa1\bO\x03[^\x85jP\x89\t\x06GI\xb7\x99\xb2zZf\xc8\xd4\x8d\x1c\x1e\x03\xb9\xa7Nt\xae\xfff\xf9\tx\xae\xa8\x05\xb14\xc6\x9b\x1f\xd3\x01#\xc6\nb\xd4\xb4\xc8?\xa7\xe2R\xc1\xcf\xd2\xbc\xae\xd1\xc2\x88\"\xf3\xf0\xc0uQy\xec\xfab\xd6\xcd\x16)\x19*E\vm\x8d\x1bG:\x80\'pJ', 0x4100000a3d7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYRES8=r0, @ANYRES16=r2, @ANYBLOB="01002bbd7000fedbdf25050000000c0001000300000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x14}, 0x4) madvise$auto(0x0, 0x200200007, 0x6) pread64$auto(0xffffffffffffffff, 0x0, 0x100000002, 0x100000001) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0x4000007, 0x3fd7, 0x0, 0x20000020000000) io_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r3, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x9, 0x2e) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) socket(0x29, 0x5, 0x0) close_range$auto(r3, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x41}}, 0x53) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, &(0x7f0000000200)={&(0x7f00000001c0)="afb7", 0x5}, 0x6, 0x9, 0x0) unshare$auto(0x40000080) 5.774933098s ago: executing program 3 (id=89): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000740)={0x30, r0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_HE_CAPABILITY={0x1a, 0x10d, "e2d1b2c3e0f4246df8a3901298f8aa701033e4ad8868"}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x40004) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x7, 0x0) futex_wait$auto(0x0, 0x4002, 0xb, 0x2, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6b) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0x55) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, 0x0, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001480)='/proc/self/net/rxrpc/locals\x00', 0x40, 0x0) pread64$auto(r3, 0x0, 0x200000000003, 0x2f4a3a23) mmap$auto(0x0, 0x4, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, 0x0, 0x902, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000004040)={&(0x7f0000000180)={0x18, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x80) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0x7b2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x38, r6, 0x1b, 0x70bd26, 0x25dfdbfb, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x5}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mremap$auto(0x0, 0x4, 0x6, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x19) 5.727410981s ago: executing program 1 (id=90): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) unshare$auto(0x40000080) ioctl$auto_RNDADDENTROPY2(0xffffffffffffffff, 0x40085203, &(0x7f0000000440)=[0xfff, 0xedc0]) sendmmsg$auto(0x3, 0x0, 0x4, 0x7000000) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x7}, 0x41) r0 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x5a7, &(0x7f0000000180)={&(0x7f0000000300)="669b0c0c4afa3aa5", 0x49}, 0x1, &(0x7f0000000040), 0x5, 0x3}, 0x3}, 0x2, 0x8) r1 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/format\x00', 0x40, 0x0) pread64$auto(r1, 0x0, 0xffffff7ffffffffe, 0xfdb) mmap$auto(0x9, 0x5, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x800000000000005) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x2b, 0x800, 0x0) mount$auto(0x0, 0x0, 0x0, 0x7, 0x0) setsockopt$auto(r2, 0x0, 0x27, 0x0, 0xc) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2a, 0x2, 0xfffffffe) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x1a9242, 0x0) sendfile$auto(r3, r3, 0x0, 0x5) io_setup$auto(0xffff, &(0x7f0000000580)) io_setup$auto(0xa, &(0x7f0000000040)) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x0, 0x0) ioctl$auto_PROCMAP_QUERY(r4, 0xc0686611, &(0x7f0000000080)={0x68, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x9, 0x5, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x7ff, 0x7, 0x9}) r5 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/loginuid\x00', 0x309c02, 0x0) r6 = waitid$auto_P_ALL(0x0, 0x1, &(0x7f0000000300)={@_si_pad}, 0x20, &(0x7f0000000380)={{0x7fff, 0x4}, {0x8, 0x7}, 0x39b10f36, 0x7, 0x5, 0xe02, 0x7fff, 0x6, 0x7, 0x7, 0xffffffffffffffc1, 0xb791, 0x0, 0x8, 0x4f53, 0x236d}) bpf$auto(0x5, &(0x7f00000001c0)=@task_fd_query={r6, r5, 0x4, 0x0, 0x80, 0x1000007, r5, 0x5, 0x8001}, 0xffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) 4.966830616s ago: executing program 0 (id=91): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) unshare$auto(0x40000080) ioctl$auto_RNDADDENTROPY2(0xffffffffffffffff, 0x40085203, &(0x7f0000000440)=[0xfff, 0xedc0]) sendmmsg$auto(0x3, 0x0, 0x4, 0x7000000) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x7}, 0x41) r0 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x5a7, &(0x7f0000000180)={&(0x7f0000000300)="669b0c0c4afa3aa5", 0x49}, 0x1, &(0x7f0000000040), 0x5, 0x3}, 0x3}, 0x2, 0x8) r1 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/format\x00', 0x40, 0x0) pread64$auto(r1, 0x0, 0xffffff7ffffffffe, 0xfdb) mmap$auto(0x9, 0x5, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x800000000000005) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x2b, 0x800, 0x0) mount$auto(0x0, 0x0, &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) setsockopt$auto(r2, 0x0, 0x27, 0x0, 0xc) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2a, 0x2, 0xfffffffe) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x1a9242, 0x0) sendfile$auto(r3, r3, 0x0, 0x5) io_setup$auto(0xffff, &(0x7f0000000580)) io_setup$auto(0xa, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x0, 0x0) ioctl$auto_PROCMAP_QUERY(r4, 0xc0686611, &(0x7f0000000080)={0x68, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x9, 0x5, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x7ff, 0x7, 0x9}) r5 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/loginuid\x00', 0x309c02, 0x0) r6 = waitid$auto_P_ALL(0x0, 0x1, &(0x7f0000000300)={@_si_pad}, 0x20, &(0x7f0000000380)={{0x7fff, 0x4}, {0x8, 0x7}, 0x39b10f36, 0x7, 0x5, 0xe02, 0x7fff, 0x6, 0x7, 0x7, 0xffffffffffffffc1, 0xb791, 0x0, 0x8, 0x4f53, 0x236d}) bpf$auto(0x5, &(0x7f00000001c0)=@task_fd_query={r6, r5, 0x4, 0x0, 0x80, 0x1000007, r5, 0x5, 0x8001}, 0xffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) 4.92864959s ago: executing program 3 (id=92): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), r1) sendmsg$auto_NETDEV_CMD_NAPI_GET2(r1, &(0x7f0000003f40)={0x0, 0x0, &(0x7f0000003f00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="09032bbd7000fedbdf250b000000080001002f7a"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$auto_BLKTRACETEARDOWN(r0, 0x1276, 0x0) 4.272330928s ago: executing program 3 (id=93): socket(0x29, 0x5, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/snd/pcmC0D0c\x00', 0x80900, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS2(r0, 0xc2604111, &(0x7f0000000600)={0x10001, [{[0x4, 0x9, 0x1, 0x80000001, 0x1, 0x1, 0x3, 0x5]}, {[0xffffffff, 0x8, 0xffffffff, 0x200, 0xfffffffa, 0xffff8000, 0x3, 0x2]}, {[0x1334000, 0x1, 0x7, 0x1, 0xcb0, 0x4, 0x5, 0x8]}], [{[0x63, 0x8, 0x9, 0x3, 0x3, 0x2, 0x781, 0x6]}, {[0x3, 0x200, 0x514be123, 0x1, 0x1, 0x7, 0x4, 0x81]}, {[0x5, 0x8001, 0x4, 0x7, 0x5, 0x80, 0x1, 0x9]}, {[0x6124, 0x8, 0x4, 0x800, 0x10001, 0x7, 0x3, 0x7fffffff]}, {[0x6, 0x5, 0x5, 0x104, 0x4, 0x0, 0x3]}], [{0x7f, 0x315e, 0x1, 0x0, 0x1}, {0x35b22e9c, 0x4, 0x1, 0x1, 0x1, 0x1}, {0x2, 0x79e2, 0x1, 0x0, 0x0, 0x1}, {0x400, 0x18, 0x1, 0x0, 0x0, 0x1}, {0x2, 0x3, 0x0, 0x0, 0x1}, {0x9, 0x6, 0x0, 0x0, 0x1, 0x1}, {0xa, 0x0, 0x0, 0x1, 0x0, 0x1}, {0xffffffff, 0x4, 0x1, 0x1, 0x1, 0x1}, {0x3, 0x8, 0x0, 0x1}, {0x1, 0x3, 0x0, 0x1, 0x1, 0x1}, {0x9, 0xfcfa, 0x0, 0x1, 0x1, 0x1}, {0x401, 0x401, 0x0, 0x1, 0x0, 0x1}], [{0x0, 0x4, 0x1, 0x1, 0x1, 0x1}, {0x3}, {0x0, 0x81, 0x0, 0x1, 0x1, 0x1}, {0x1df, 0x3, 0x0, 0x1, 0x1, 0x1}, {0x2, 0x5, 0x0, 0x1, 0x1}, {0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0xffff0001, 0x8, 0x1, 0x1, 0x1}, {0x2, 0xdad4, 0x1, 0x0, 0x1}, {0x0, 0x7, 0x0, 0x1, 0x0, 0x1}], 0x101, 0x9, 0x7, 0x2, 0x6, 0x7, 0x1000, "4053c497e8da8420f7601310f6ca3464", "ebd82fd2742103b4779e2c8334ab7ecfd1c4fc6197b76b5cf37ed3776f42a82b829c87af8c19d402cbf98aa045e1f364"}) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) statmount$auto(&(0x7f0000000040)={0x1f, @raw, 0x80000002, 0xf5ff, 0x8}, 0x0, 0x7ffffffff000, 0x0) accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd) 3.743033868s ago: executing program 1 (id=94): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x8001, 0x0) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x2020209, 0x1, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) execve$auto(0x0, &(0x7f0000000440)=&(0x7f00000003c0)='/dev/dri/card1\x00', &(0x7f00000004c0)=&(0x7f0000000480)='wlan1\x00') setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) setsockopt$auto(r3, 0x0, 0x13, 0x0, 0x8009) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 2.948892139s ago: executing program 0 (id=95): close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x4, 0x0) r0 = socket(0x1d, 0x2, 0x20000007) mmap$auto(0x2, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) clock_nanosleep$auto(0x2, 0x6, &(0x7f0000000840)={0x0, 0xc025}, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x2, 0xa, 0x0) rename$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='./cgroup\x00') landlock_create_ruleset$auto(&(0x7f0000000000)={0x81, 0x8000000000001, 0xa}, 0xb, 0x0) landlock_restrict_self$auto(0xffffffffffffffff, 0x8) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) r1 = socket(0x2, 0x3, 0xa) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), r0) sendmsg$auto_NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xf4, r2, 0x4, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_S1G_CAPABILITY={0x5a, 0x128, "c224a813b056c1e9c13daafca3565cfc87649facf26a783471c249900bf9f4a78be7b656a1d94a23e8b215e0fbc1c72ce609bf2c01e482fc6a88acf56079d21909191330f0322496da97fba168d4d01850600be4c69c"}, @NL80211_ATTR_REG_ALPHA2={0x63, 0x21, "ff9e54d35a70ee5d54741febf725c593e8df1b159ffe82b59f7be2c05324a2dd8a1e743d8f9627be86153c3fe7befd29b7d4449b15bde027c39d9ec8f43cbb210a8f71f59bc72a1cda5920ef5ae9b999cc57ee6095e4f50e533c2d5c11ea8a"}, @NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x9}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x5}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x3}}]}, 0xf4}, 0x1, 0x0, 0x0, 0x8010}, 0x20000005) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x0, 0x0) shmctl$auto_IPC_RMID(0x7f, 0x0, &(0x7f00000001c0)={{0x5, 0x0, 0x0, 0x7, 0x6, 0x6, 0x1}, 0x400000, 0x5, 0x4, 0x6, @raw=0x1, @raw=0x7, 0x0, 0x0, &(0x7f0000000100)="ea5e8df7c8336b8b315ec4bbcffaef6239d054a71a9b537f8eed6cb3d58e7f75a3b621cba7afb10c97da9f2f669105f3dc3c831542b6edf15d1fff71288247068fc602b420634ea629af1ed55df2248088021ba5cceb4f9b9ca83b90953abf88ff632133102ef003", &(0x7f0000000180)="285108a1b8b73c1ee29057b82a"}) setfsuid$auto(r4) pread64$auto(r3, &(0x7f00000000c0)='/sys/bus/netdevsim/new_device\x00', 0xd30f, 0xca) 2.653333692s ago: executing program 2 (id=96): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x10001, 0x8, 0xc, 0xffffffffffffffff, 0x6, 0x801}, 0xee) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x301483, 0x0) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/buffer_total_size_kb\x00', 0x400000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x3) setsockopt$auto(r2, 0x100, 0x5, &(0x7f0000000040)='#)@$$:]+)]\x00', 0x8001) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) 1.695756474s ago: executing program 3 (id=97): mmap$auto(0x0, 0x20009, 0xde, 0xeb1, 0x40000000000a5, 0x20000000008000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) r0 = ioctl$auto_TUNSETDEBUG(0xffffffffffffffff, 0x400454c9, &(0x7f0000000140)=0xfffffffe) fspick$auto(r0, &(0x7f0000000180)='}[,&*}\x00', 0x9) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^', @ANYRES16, @ANYBLOB="e958e86e5bafd39a3f8aa96117ffbe687c"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ustat$auto(0x801, 0x0) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, 0x0, 0x8002, 0x0) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, 0x0) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0x40383d0c, 0x0) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x1, &(0x7f00000000c0)={&(0x7f0000000340), 0xfff}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) kexec_load$auto(0x8, 0x4, 0x0, 0x5) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='}[,&*}\x00', 0x505082, 0xa3fa447e9e7d3a09) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='}[,&*}\x00', &(0x7f00000000c0)={0x381000, 0x86}, 0x18) r5 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x40002, 0x0) sendfile$auto(r4, r5, &(0x7f0000000200)=0x8010, 0x788b) write$auto(r5, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0x5) unshare$auto(0x40000080) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r6, 0x0, 0x800000006) ioctl$auto_SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000180)="dd06d1574c0a1719baadf81f683297e8af14b4dad2728892c747c5e01a1b7165a54b36471475e5b56eef9a6bd918ceb4aef4e8bcdd0f2bd3802806ade24a889ac8e25bd16ed461f77747f93e2c4e9d6014a2c6208ecf3c9961f5be") 1.37422977s ago: executing program 0 (id=98): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) io_uring_setup$auto(0x59, 0x0) getpid() unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) getcpu$auto(0xfffffffffffffffc, 0xffffffffffffffff, 0xfffffffffffffffd) fanotify_init$auto(0x65, 0x2) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) unshare$auto(0x20000080) syz_clone3(&(0x7f0000000380)={0x2c022000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x181000, 0x0) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00\x00\x00\x00\xf4\x00'/21, 0x100000002, 0x100000001) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x153c80, 0x0) 29.019483ms ago: executing program 1 (id=99): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) unshare$auto(0x40000080) ioctl$auto_RNDADDENTROPY2(0xffffffffffffffff, 0x40085203, &(0x7f0000000440)=[0xfff, 0xedc0]) sendmmsg$auto(0x3, 0x0, 0x4, 0x7000000) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x7}, 0x41) r0 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x5a7, &(0x7f0000000180)={&(0x7f0000000300)="669b0c0c4afa3aa5", 0x49}, 0x1, &(0x7f0000000040), 0x5, 0x3}, 0x3}, 0x2, 0x8) r1 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/format\x00', 0x40, 0x0) pread64$auto(r1, 0x0, 0xffffff7ffffffffe, 0xfdb) mmap$auto(0x9, 0x5, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mlockall$auto(0x800000000000005) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x2b, 0x800, 0x0) mount$auto(0x0, 0x0, 0x0, 0x7, 0x0) setsockopt$auto(r2, 0x0, 0x27, 0x0, 0xc) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2a, 0x2, 0xfffffffe) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x1a9242, 0x0) sendfile$auto(r3, r3, 0x0, 0x5) io_setup$auto(0xffff, &(0x7f0000000580)) io_setup$auto(0xa, &(0x7f0000000040)) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) r4 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x0, 0x0) ioctl$auto_PROCMAP_QUERY(r4, 0xc0686611, &(0x7f0000000080)={0x68, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x9, 0x5, 0x5, 0x7f93, 0xfffffffe, 0x7ffffffd, 0x7ff, 0x7, 0x9}) r5 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/loginuid\x00', 0x309c02, 0x0) r6 = waitid$auto_P_ALL(0x0, 0x1, &(0x7f0000000300)={@_si_pad}, 0x20, &(0x7f0000000380)={{0x7fff, 0x4}, {0x8, 0x7}, 0x39b10f36, 0x7, 0x5, 0xe02, 0x7fff, 0x6, 0x7, 0x7, 0xffffffffffffffc1, 0xb791, 0x0, 0x8, 0x4f53, 0x236d}) bpf$auto(0x5, &(0x7f00000001c0)=@task_fd_query={r6, r5, 0x4, 0x0, 0x80, 0x1000007, r5, 0x5, 0x8001}, 0xffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) 0s ago: executing program 2 (id=100): mmap$auto(0x0, 0x4020007, 0xdf, 0xebf, 0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) r0 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mmap$auto(0x5, 0x1bbf, 0x1ff, 0x19, r0, 0x8020000007ffd) close_range$auto(0x2, r0, 0x0) socket(0x2b, 0x4, 0x10000033) r1 = socket(0xa, 0x1, 0x84) capset$auto(0x0, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/fail-nth\x00', 0x1c9c82, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x1bf8c0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(r3, &(0x7f0000000100)={0x0, 0x9}, 0x2) mmap$auto(0x0, 0x400008, 0x8000000000000df, 0x9b72, r2, 0x6) socketpair$auto(0x21, 0x7, 0x8000000000000000, 0x0) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40000, 0x0) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r4, 0xc004510e, 0x0) connect$auto(0x3, 0x0, 0xd1) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/fail-nth\x00', 0x10d9c0, 0x0) write$auto(r1, &(0x7f00000001c0)='7\x1b|\x1c\xe5k\x00\x00\x00\x11\xa0\xd6\xd4Z', 0x8083a) getrandom$auto(&(0x7f0000000200)='+\x00^rp\xcb\" \x81u5z\b\x06m7\x84\xc8\xd8\\\x12GM\x02G\xda(\x7f\xe0\x8b\n\n\a\x9f\xcd\xa9\x97i\xe2\xa0\xdd4/^\x13\xde5\x96j\xf4\xcc\xc6g8\xe5\xf6k\xe4\xa0\xc5XF\xd9R5\x81\xa8\xc5\x11\x1a\x8b\xb3Y\xa4\xa1d\xe0\xbe.&\x7f\xd9o*\"\x1c\xe3\xe9%y\xf7\x8ffm\f\xe5\xb0\x13\x16\xa0\x8b>\x7f\xcea\x9b\xe4\x8e\xd4\xf2\xeb\xa5\xb7\xf4\xef\x90\xea\xd4\xa5$\\\x03\a\xf76\xa6z~,7\xccH\xac,\xb4\x8b\xa5\x8b\xcc\xedRFp[h\x14\rn\x1c\x17\x03\x80:\xcaDS\x8b\x01ssn\xc3a\xa8\xfb\x97\xf4\xb0\f\x99\xe2\x16m\v\x9aa\xb8R', 0x6, 0x3c5f) mmap$auto(0x9000, 0x3fffff, 0x7, 0x11, r2, 0x20000040) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 62.433411][ T5288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.446451][ T5288] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.136' (ED25519) to the list of known hosts. syzkaller login: [ 90.327000][ T5615] cgroup: Unknown subsys name 'net' [ 90.433571][ T5615] cgroup: Unknown subsys name 'cpuset' [ 90.443387][ T5615] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.145350][ T10] cfg80211: failed to load regulatory.db [ 92.324327][ T5615] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 94.829857][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.838315][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.846880][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.856494][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.865194][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.901998][ T5635] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.927310][ T5630] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.935643][ T5630] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.946036][ T5630] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.955254][ T5630] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.955738][ T5639] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.965176][ T5630] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.978448][ T5630] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.981850][ T5639] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.992866][ T5630] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.000377][ T5630] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.012255][ T5630] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.020250][ T5642] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.029997][ T5642] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.043127][ T5640] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 96.830638][ T5633] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.838502][ T5633] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.845969][ T5633] bridge_slave_0: entered allmulticast mode [ 96.853595][ T5633] bridge_slave_0: entered promiscuous mode [ 96.896963][ T5633] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.904296][ T5633] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.911693][ T5633] bridge_slave_1: entered allmulticast mode [ 96.919469][ T5633] bridge_slave_1: entered promiscuous mode [ 96.926837][ T5629] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.934041][ T5629] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.942310][ T5642] Bluetooth: hci0: command tx timeout [ 96.948894][ T5629] bridge_slave_0: entered allmulticast mode [ 96.956436][ T5629] bridge_slave_0: entered promiscuous mode [ 96.995950][ T5629] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.003438][ T5629] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.010762][ T5629] bridge_slave_1: entered allmulticast mode [ 97.019438][ T5629] bridge_slave_1: entered promiscuous mode [ 97.086055][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.093489][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.101255][ T5632] bridge_slave_0: entered allmulticast mode [ 97.108782][ T5642] Bluetooth: hci2: command tx timeout [ 97.110054][ T4943] Bluetooth: hci3: command tx timeout [ 97.115363][ T5642] Bluetooth: hci1: command tx timeout [ 97.124248][ T5632] bridge_slave_0: entered promiscuous mode [ 97.134128][ T5634] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.141387][ T5634] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.148744][ T5634] bridge_slave_0: entered allmulticast mode [ 97.156503][ T5634] bridge_slave_0: entered promiscuous mode [ 97.167474][ T5633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.188508][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.197053][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.204635][ T5632] bridge_slave_1: entered allmulticast mode [ 97.212224][ T5632] bridge_slave_1: entered promiscuous mode [ 97.220228][ T5634] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.227429][ T5634] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.236638][ T5634] bridge_slave_1: entered allmulticast mode [ 97.244409][ T5634] bridge_slave_1: entered promiscuous mode [ 97.253706][ T5633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.265906][ T5629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.312835][ T5629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.371656][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.388258][ T5634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.400037][ T5633] team0: Port device team_slave_0 added [ 97.420137][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.431963][ T5634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.443393][ T5633] team0: Port device team_slave_1 added [ 97.451368][ T5629] team0: Port device team_slave_0 added [ 97.493215][ T5629] team0: Port device team_slave_1 added [ 97.547598][ T5632] team0: Port device team_slave_0 added [ 97.555907][ T5634] team0: Port device team_slave_0 added [ 97.562965][ T5633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.570063][ T5633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.596620][ T5633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.621990][ T5632] team0: Port device team_slave_1 added [ 97.630366][ T5634] team0: Port device team_slave_1 added [ 97.636773][ T5633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.644048][ T5633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.670270][ T5633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.692375][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.699543][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.725576][ T5629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.774361][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.782066][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.808272][ T5634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.820279][ T5629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.827388][ T5629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.853427][ T5629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.889919][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.897025][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.923264][ T5634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.942227][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.949320][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.975541][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.009273][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.016313][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.042737][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.061109][ T5633] hsr_slave_0: entered promiscuous mode [ 98.067870][ T5633] hsr_slave_1: entered promiscuous mode [ 98.171562][ T5634] hsr_slave_0: entered promiscuous mode [ 98.178075][ T5634] hsr_slave_1: entered promiscuous mode [ 98.184901][ T5634] debugfs: 'hsr0' already exists in 'hsr' [ 98.190842][ T5634] Cannot create hsr debugfs directory [ 98.213681][ T5629] hsr_slave_0: entered promiscuous mode [ 98.220321][ T5629] hsr_slave_1: entered promiscuous mode [ 98.226818][ T5629] debugfs: 'hsr0' already exists in 'hsr' [ 98.232684][ T5629] Cannot create hsr debugfs directory [ 98.257985][ T5632] hsr_slave_0: entered promiscuous mode [ 98.264772][ T5632] hsr_slave_1: entered promiscuous mode [ 98.271320][ T5632] debugfs: 'hsr0' already exists in 'hsr' [ 98.277123][ T5632] Cannot create hsr debugfs directory [ 98.773433][ T5633] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.797602][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.806222][ T5633] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.818423][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.829807][ T5633] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.841753][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.862453][ T5633] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.872693][ T5633] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.945571][ T5629] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.957708][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.967384][ T5629] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.982186][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.999377][ T5629] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 99.009667][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.018174][ T5629] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 99.025968][ T5642] Bluetooth: hci0: command tx timeout [ 99.036150][ T5629] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.126945][ T5632] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 99.145439][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.162697][ T5632] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 99.174858][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.182423][ T5642] Bluetooth: hci1: command tx timeout [ 99.188799][ T5642] Bluetooth: hci3: command tx timeout [ 99.190364][ T50] Bluetooth: hci2: command tx timeout [ 99.202731][ T5632] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 99.212713][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.221564][ T5632] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 99.233865][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.341753][ T5634] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.353902][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 99.362886][ T5634] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.374972][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 99.394359][ T5634] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.404429][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 99.417938][ T5634] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.428220][ T5634] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 99.515731][ T5633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.591460][ T5633] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.624904][ T5629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.642865][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.650655][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.675007][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.682335][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.733341][ T5629] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.745096][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.774422][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.781664][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.806498][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.813707][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.844171][ T5634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.875564][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.923585][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.930801][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.945255][ T5634] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.963402][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.970653][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.002169][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.009436][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.043580][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.050901][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.101815][ T50] Bluetooth: hci0: command tx timeout [ 101.135662][ T5633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.202768][ T5629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.260482][ T50] Bluetooth: hci3: command tx timeout [ 101.261883][ T4943] Bluetooth: hci2: command tx timeout [ 101.272567][ T5642] Bluetooth: hci1: command tx timeout [ 101.374581][ T5633] veth0_vlan: entered promiscuous mode [ 101.388165][ T5629] veth0_vlan: entered promiscuous mode [ 101.422667][ T5633] veth1_vlan: entered promiscuous mode [ 101.477623][ T5629] veth1_vlan: entered promiscuous mode [ 101.503662][ T5634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.553847][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.573788][ T5633] veth0_macvtap: entered promiscuous mode [ 101.591140][ T5633] veth1_macvtap: entered promiscuous mode [ 101.634759][ T5629] veth0_macvtap: entered promiscuous mode [ 101.663328][ T5629] veth1_macvtap: entered promiscuous mode [ 101.674890][ T5633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.713593][ T5633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.732589][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.768388][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.780525][ T5629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.795121][ T5634] veth0_vlan: entered promiscuous mode [ 101.812368][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.846563][ T48] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.855977][ T48] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.873316][ T5632] veth0_vlan: entered promiscuous mode [ 101.889942][ T5634] veth1_vlan: entered promiscuous mode [ 101.909997][ T123] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.923494][ T123] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.942531][ T123] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.951619][ T123] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.984631][ T5632] veth1_vlan: entered promiscuous mode [ 102.126034][ T5634] veth0_macvtap: entered promiscuous mode [ 102.134272][ T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.150992][ T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.186499][ T5634] veth1_macvtap: entered promiscuous mode [ 102.206955][ T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.216740][ T5632] veth0_macvtap: entered promiscuous mode [ 102.223492][ T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.270498][ T5632] veth1_macvtap: entered promiscuous mode [ 102.321142][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.330738][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.356482][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.359747][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.372450][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.400705][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.434157][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.444498][ T150] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.456095][ T150] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.465765][ T150] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.497645][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.508210][ T123] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.564092][ T150] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.581246][ T5629] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.609905][ T150] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.619482][ T150] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.631903][ T150] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.854847][ T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.887415][ T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.971875][ T150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.993546][ T150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.006265][ T5783] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 103.179302][ T5642] Bluetooth: hci0: command tx timeout [ 103.220076][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.241553][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.335834][ T150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.344701][ T5642] Bluetooth: hci2: command tx timeout [ 103.346982][ T50] Bluetooth: hci1: command tx timeout [ 103.355691][ T4943] Bluetooth: hci3: command tx timeout [ 103.386448][ T150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.826956][ T5792] syz.0.1 (5792) used greatest stack depth: 19720 bytes left [ 105.755182][ T5812] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.457516][ T5831] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 109.369927][ T5842] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 109.479088][ T5843] Zero length message leads to an empty skb [ 113.730018][ T5882] usb usb37: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 113.774682][ T5882] vhci_hcd vhci_hcd.2: invalid port number 0 [ 113.888826][ T5882] mmap: syz.3.20 (5882) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 115.487450][ T5897] can: request_module (can-proto-0) failed. [ 117.652379][ T5912] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 123.546182][ T5972] futex_wake_op: syz.0.35 tries to shift op by -1; fix this program [ 123.754002][ T5973] smpboot: CPU 1 is now offline [ 123.997092][ T5972] i2c i2c-0: delete_device: Can't find device in list [ 124.097519][ T5973] netlink: 342 bytes leftover after parsing attributes in process `syz.1.36'. [ 124.630605][ T5983] kvm: vcpu 4: requested lapic timer restore with starting count register 0x390=4294967104 (137438947328 ns) > initial count (6624 ns). Using initial count to start timer. [ 126.155098][ T5995] "mq-deadline" elevator initialization, failed -12, falling back to "none" [ 126.991017][ T6010] random: crng reseeded on system resumption [ 127.636408][ T6016] hub 1-0:1.0: USB hub found [ 127.719283][ T6016] hub 1-0:1.0: 1 port detected [ 131.730794][ T6062] FAULT_INJECTION: forcing a failure. [ 131.730794][ T6062] name failslab, interval 1, probability 0, space 0, times 1 [ 131.744459][ T6062] CPU: 0 UID: 0 PID: 6062 Comm: syz.3.51 Tainted: G L syzkaller #0 PREEMPT(full) [ 131.744495][ T6062] Tainted: [L]=SOFTLOCKUP [ 131.744503][ T6062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 131.744523][ T6062] Call Trace: [ 131.744531][ T6062] [ 131.744540][ T6062] dump_stack_lvl+0x100/0x190 [ 131.744571][ T6062] should_fail_ex.cold+0x5/0xa [ 131.744603][ T6062] should_failslab+0xc2/0x120 [ 131.744632][ T6062] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 131.744673][ T6062] ? __alloc_skb+0x140/0x710 [ 131.744695][ T6062] ? find_held_lock+0x2b/0x80 [ 131.744730][ T6062] __alloc_skb+0x140/0x710 [ 131.744753][ T6062] ? __pfx___alloc_skb+0x10/0x10 [ 131.744779][ T6062] ? do_raw_write_lock+0x11e/0x260 [ 131.744818][ T6062] tipc_buf_acquire+0x26/0xe0 [ 131.744847][ T6062] named_prepare_buf+0x29/0x170 [ 131.744879][ T6062] tipc_named_publish+0x1f2/0x760 [ 131.744914][ T6062] tipc_nametbl_publish+0x17b/0x260 [ 131.744955][ T6062] tipc_sk_publish+0x1d8/0x430 [ 131.744995][ T6062] ? __pfx_tipc_sk_publish+0x10/0x10 [ 131.745041][ T6062] tipc_setsockopt+0x7af/0xe30 [ 131.745081][ T6062] ? __pfx_tipc_setsockopt+0x10/0x10 [ 131.745131][ T6062] ? __pfx_tipc_setsockopt+0x10/0x10 [ 131.745174][ T6062] do_sock_setsockopt+0xf3/0x1d0 [ 131.745208][ T6062] __sys_setsockopt+0x119/0x190 [ 131.745237][ T6062] __x64_sys_setsockopt+0xbd/0x160 [ 131.745261][ T6062] ? do_syscall_64+0x90/0xf80 [ 131.745291][ T6062] ? lockdep_hardirqs_on+0x78/0x100 [ 131.745323][ T6062] do_syscall_64+0x10b/0xf80 [ 131.745353][ T6062] ? clear_bhb_loop+0x40/0x90 [ 131.745382][ T6062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.745407][ T6062] RIP: 0033:0x7fab5379cdd9 [ 131.745431][ T6062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 131.745454][ T6062] RSP: 002b:00007fab5471a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 131.745477][ T6062] RAX: ffffffffffffffda RBX: 00007fab53a15fa0 RCX: 00007fab5379cdd9 [ 131.745493][ T6062] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000008 [ 131.745508][ T6062] RBP: 00007fab53832d69 R08: 0000000000000014 R09: 0000000000000000 [ 131.745522][ T6062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.745536][ T6062] R13: 00007fab53a16038 R14: 00007fab53a15fa0 R15: 00007ffe6d011b68 [ 131.745566][ T6062] [ 131.746121][ T6062] tipc: Publication distribution failure [ 132.134907][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.145254][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.457403][ T6046] kexec: Could not allocate control_code_buffer [ 141.784069][ T6150] NFSD: Failed to start, no listeners configured. [ 148.730972][ T6341] FAULT_INJECTION: forcing a failure. [ 148.730972][ T6341] name failslab, interval 1, probability 0, space 0, times 0 [ 148.751451][ T6336] netlink: 4 bytes leftover after parsing attributes in process `syz.0.67'. [ 148.838896][ T6341] CPU: 0 UID: 0 PID: 6341 Comm: syz.3.68 Tainted: G L syzkaller #0 PREEMPT(full) [ 148.838934][ T6341] Tainted: [L]=SOFTLOCKUP [ 148.838942][ T6341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 148.838956][ T6341] Call Trace: [ 148.838963][ T6341] [ 148.838972][ T6341] dump_stack_lvl+0x100/0x190 [ 148.839003][ T6341] should_fail_ex.cold+0x5/0xa [ 148.839035][ T6341] should_failslab+0xc2/0x120 [ 148.839063][ T6341] __kmalloc_cache_noprof+0x7a/0x6f0 [ 148.839099][ T6341] ? can_pernet_init+0xb7/0x370 [ 148.839133][ T6341] ? __pfx_can_pernet_init+0x10/0x10 [ 148.839163][ T6341] can_pernet_init+0xb7/0x370 [ 148.839194][ T6341] ? __pfx_can_pernet_init+0x10/0x10 [ 148.839223][ T6341] ops_init+0x1e2/0x5f0 [ 148.839270][ T6341] setup_net+0x118/0x3a0 [ 148.839302][ T6341] ? __pfx_setup_net+0x10/0x10 [ 148.839330][ T6341] ? mutex_init_lockdep+0xf1/0x120 [ 148.839361][ T6341] copy_net_ns+0x46f/0x7c0 [ 148.839394][ T6341] create_new_namespaces+0x3ea/0xac0 [ 148.839434][ T6341] unshare_nsproxy_namespaces+0xf2/0x220 [ 148.839469][ T6341] ksys_unshare+0x438/0xab0 [ 148.839508][ T6341] ? __pfx_ksys_unshare+0x10/0x10 [ 148.839542][ T6341] ? xfd_validate_state+0x129/0x190 [ 148.839577][ T6341] __x64_sys_unshare+0x31/0x40 [ 148.839613][ T6341] do_syscall_64+0x10b/0xf80 [ 148.839648][ T6341] ? clear_bhb_loop+0x40/0x90 [ 148.839677][ T6341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.839702][ T6341] RIP: 0033:0x7fab5379cdd9 [ 148.839721][ T6341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 148.839744][ T6341] RSP: 002b:00007fab5471a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 148.839768][ T6341] RAX: ffffffffffffffda RBX: 00007fab53a15fa0 RCX: 00007fab5379cdd9 [ 148.839784][ T6341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 148.839798][ T6341] RBP: 00007fab53832d69 R08: 0000000000000000 R09: 0000000000000000 [ 148.839812][ T6341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.839826][ T6341] R13: 00007fab53a16038 R14: 00007fab53a15fa0 R15: 00007ffe6d011b68 [ 148.839856][ T6341] [ 151.420901][ T6393] ubi0: attaching mtd0 [ 151.613056][ T6393] ubi0: scanning is finished [ 151.683440][ T6393] ubi0: empty MTD device detected [ 153.221750][ T6393] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 153.478129][ T6393] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 153.747094][ T6393] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 154.045269][ T6393] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 154.281375][ T6393] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 154.463520][ T6393] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 154.704486][ T6393] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1149499548 [ 155.032698][ T6393] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 155.420011][ T6457] ubi0: background thread "ubi_bgt0d" started, PID 6457 [ 155.537735][ T6397] ubi0: detaching mtd0 [ 156.040433][ T6397] ubi0: mtd0 is detached [ 161.602692][ T6616] zswap: compressor û not available [ 168.708238][ T6865] Console: switching to colour VGA+ 80x25 [ 168.890061][ T6881] ================================================================== [ 168.890085][ T6881] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 168.890120][ T6881] Read of size 26 at addr ffff88807c99edea by task syz.2.100/6881 [ 168.890141][ T6881] [ 168.890155][ T6881] CPU: 0 UID: 0 PID: 6881 Comm: syz.2.100 Tainted: G L syzkaller #0 PREEMPT(full) [ 168.890187][ T6881] Tainted: [L]=SOFTLOCKUP [ 168.890195][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 168.890210][ T6881] Call Trace: [ 168.890217][ T6881] [ 168.890226][ T6881] dump_stack_lvl+0x100/0x190 [ 168.890252][ T6881] print_report+0x13d/0x4b0 [ 168.890287][ T6881] ? __virt_addr_valid+0x239/0x430 [ 168.890328][ T6881] ? fbcon_prepare_logo+0x94e/0xc60 [ 168.890353][ T6881] kasan_report+0xdf/0x1d0 [ 168.890380][ T6881] ? fbcon_prepare_logo+0x94e/0xc60 [ 168.890409][ T6881] kasan_check_range+0x10f/0x1e0 [ 168.890441][ T6881] __asan_memcpy+0x23/0x60 [ 168.890485][ T6881] fbcon_prepare_logo+0x94e/0xc60 [ 168.890517][ T6881] fbcon_init+0x1065/0x1830 [ 168.890547][ T6881] visual_init+0x320/0x620 [ 168.890575][ T6881] do_bind_con_driver.isra.0+0x636/0x9c0 [ 168.890613][ T6881] store_bind+0x609/0x730 [ 168.890648][ T6881] ? __pfx_store_bind+0x10/0x10 [ 168.890679][ T6881] dev_attr_store+0x58/0x80 [ 168.890708][ T6881] ? __pfx_dev_attr_store+0x10/0x10 [ 168.890736][ T6881] sysfs_kf_write+0xf2/0x150 [ 168.890775][ T6881] kernfs_fop_write_iter+0x3e0/0x5f0 [ 168.890808][ T6881] ? __pfx_sysfs_kf_write+0x10/0x10 [ 168.890848][ T6881] vfs_write+0x6ac/0x1070 [ 168.890874][ T6881] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 168.890910][ T6881] ? __pfx_vfs_write+0x10/0x10 [ 168.890945][ T6881] ksys_write+0x12a/0x250 [ 168.890971][ T6881] ? __pfx_ksys_write+0x10/0x10 [ 168.890999][ T6881] ? rcu_is_watching+0x12/0xc0 [ 168.891034][ T6881] do_syscall_64+0x10b/0xf80 [ 168.891065][ T6881] ? clear_bhb_loop+0x40/0x90 [ 168.891093][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.891119][ T6881] RIP: 0033:0x7f183b19cdd9 [ 168.891137][ T6881] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.891166][ T6881] RSP: 002b:00007f18393f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.891190][ T6881] RAX: ffffffffffffffda RBX: 00007f183b416180 RCX: 00007f183b19cdd9 [ 168.891206][ T6881] RDX: 000000000008083a RSI: 00002000000001c0 RDI: 0000000000000002 [ 168.891220][ T6881] RBP: 00007f183b232d69 R08: 0000000000000000 R09: 0000000000000000 [ 168.891235][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.891249][ T6881] R13: 00007f183b416218 R14: 00007f183b416180 R15: 00007ffc2214beb8 [ 168.891273][ T6881] [ 168.891281][ T6881] [ 168.891286][ T6881] Allocated by task 6823: [ 168.891304][ T6881] kasan_save_stack+0x30/0x50 [ 168.891326][ T6881] kasan_save_track+0x14/0x30 [ 168.891348][ T6881] __kasan_kmalloc+0xaa/0xb0 [ 168.891368][ T6881] call_usermodehelper_setup+0xaf/0x360 [ 168.891393][ T6881] kobject_uevent_env+0x17c1/0x18b0 [ 168.891414][ T6881] net_rx_queue_update_kobjects+0x1dd/0x760 [ 168.891446][ T6881] netdev_register_kobject+0x290/0x3d0 [ 168.891481][ T6881] register_netdevice+0x151c/0x24b0 [ 168.891507][ T6881] register_netdev+0x34/0x50 [ 168.891530][ T6881] vti6_init_net+0x2c7/0x440 [ 168.891557][ T6881] ops_init+0x1e2/0x5f0 [ 168.891580][ T6881] setup_net+0x118/0x3a0 [ 168.891603][ T6881] copy_net_ns+0x46f/0x7c0 [ 168.891630][ T6881] create_new_namespaces+0x3ea/0xac0 [ 168.891659][ T6881] unshare_nsproxy_namespaces+0xf2/0x220 [ 168.891689][ T6881] ksys_unshare+0x438/0xab0 [ 168.891723][ T6881] __x64_sys_unshare+0x31/0x40 [ 168.891756][ T6881] do_syscall_64+0x10b/0xf80 [ 168.891785][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.891807][ T6881] [ 168.891813][ T6881] Freed by task 6886: [ 168.891823][ T6881] kasan_save_stack+0x30/0x50 [ 168.891843][ T6881] kasan_save_track+0x14/0x30 [ 168.891864][ T6881] kasan_save_free_info+0x3b/0x70 [ 168.891895][ T6881] __kasan_slab_free+0x5f/0x80 [ 168.891917][ T6881] kfree+0x223/0x6c0 [ 168.891948][ T6881] umh_complete+0x7f/0xa0 [ 168.891970][ T6881] call_usermodehelper_exec_async+0x36a/0x4b0 [ 168.891997][ T6881] ret_from_fork+0x72b/0xd50 [ 168.892020][ T6881] ret_from_fork_asm+0x1a/0x30 [ 168.892050][ T6881] [ 168.892061][ T6881] Last potentially related work creation: [ 168.892069][ T6881] kasan_save_stack+0x30/0x50 [ 168.892089][ T6881] kasan_record_aux_stack+0xa7/0xc0 [ 168.892121][ T6881] insert_work+0x36/0x230 [ 168.892140][ T6881] __queue_work+0x9a2/0x1130 [ 168.892162][ T6881] queue_work_on+0x180/0x1e0 [ 168.892183][ T6881] call_usermodehelper_exec+0x1d6/0x4e0 [ 168.892209][ T6881] kobject_uevent_env+0x17dd/0x18b0 [ 168.892235][ T6881] net_rx_queue_update_kobjects+0x1dd/0x760 [ 168.892266][ T6881] netdev_register_kobject+0x290/0x3d0 [ 168.892296][ T6881] register_netdevice+0x151c/0x24b0 [ 168.892321][ T6881] register_netdev+0x34/0x50 [ 168.892344][ T6881] vti6_init_net+0x2c7/0x440 [ 168.892371][ T6881] ops_init+0x1e2/0x5f0 [ 168.892393][ T6881] setup_net+0x118/0x3a0 [ 168.892416][ T6881] copy_net_ns+0x46f/0x7c0 [ 168.892443][ T6881] create_new_namespaces+0x3ea/0xac0 [ 168.892476][ T6881] unshare_nsproxy_namespaces+0xf2/0x220 [ 168.892506][ T6881] ksys_unshare+0x438/0xab0 [ 168.892540][ T6881] __x64_sys_unshare+0x31/0x40 [ 168.892573][ T6881] do_syscall_64+0x10b/0xf80 [ 168.892609][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.892631][ T6881] [ 168.892636][ T6881] The buggy address belongs to the object at ffff88807c99ed00 [ 168.892636][ T6881] which belongs to the cache kmalloc-192 of size 192 [ 168.892655][ T6881] The buggy address is located 42 bytes to the right of [ 168.892655][ T6881] allocated 192-byte region [ffff88807c99ed00, ffff88807c99edc0) [ 168.892679][ T6881] [ 168.892685][ T6881] The buggy address belongs to the physical page: [ 168.892695][ T6881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c99e [ 168.892720][ T6881] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 168.892741][ T6881] page_type: f5(slab) [ 168.892761][ T6881] raw: 00fff00000000000 ffff88813fe2e3c0 dead000000000122 0000000000000000 [ 168.892786][ T6881] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 168.892800][ T6881] page dumped because: kasan: bad access detected [ 168.892813][ T6881] page_owner tracks the page as allocated [ 168.892821][ T6881] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6815, tgid 6814 (syz.3.97), ts 168798402367, free_ts 168797948112 [ 168.892862][ T6881] post_alloc_hook+0x153/0x170 [ 168.892895][ T6881] get_page_from_freelist+0x11a6/0x33b0 [ 168.892932][ T6881] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 168.892970][ T6881] new_slab+0xa6/0x6c0 [ 168.893000][ T6881] refill_objects+0x277/0x420 [ 168.893034][ T6881] __pcs_replace_empty_main+0x375/0x650 [ 168.893071][ T6881] __kmalloc_noprof+0x688/0x850 [ 168.893107][ T6881] __register_sysctl_table+0xbe4/0x1650 [ 168.893137][ T6881] __devinet_sysctl_register+0x1b9/0x360 [ 168.893167][ T6881] devinet_sysctl_register+0x17b/0x210 [ 168.893196][ T6881] inetdev_init+0x2b8/0x570 [ 168.893223][ T6881] inetdev_event+0x7fa/0x17f0 [ 168.893251][ T6881] notifier_call_chain+0x99/0x400 [ 168.893286][ T6881] call_netdevice_notifiers_info+0xbe/0x110 [ 168.893316][ T6881] register_netdevice+0x18fe/0x24b0 [ 168.893340][ T6881] register_netdev+0x34/0x50 [ 168.893363][ T6881] page last free pid 6881 tgid 6861 stack trace: [ 168.893376][ T6881] __free_frozen_pages+0x747/0x1040 [ 168.893406][ T6881] vfree+0x15f/0x8d0 [ 168.893433][ T6881] vc_do_resize+0xc6b/0xeb0 [ 168.893469][ T6881] fbcon_startup+0x42c/0xc10 [ 168.893493][ T6881] do_bind_con_driver.isra.0+0x2ac/0x9c0 [ 168.893525][ T6881] store_bind+0x609/0x730 [ 168.893555][ T6881] dev_attr_store+0x58/0x80 [ 168.893581][ T6881] sysfs_kf_write+0xf2/0x150 [ 168.893617][ T6881] kernfs_fop_write_iter+0x3e0/0x5f0 [ 168.893649][ T6881] vfs_write+0x6ac/0x1070 [ 168.893673][ T6881] ksys_write+0x12a/0x250 [ 168.893697][ T6881] do_syscall_64+0x10b/0xf80 [ 168.893726][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.893749][ T6881] [ 168.893754][ T6881] Memory state around the buggy address: [ 168.893766][ T6881] ffff88807c99ec80: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 168.893782][ T6881] ffff88807c99ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 168.893799][ T6881] >ffff88807c99ed80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 168.893812][ T6881] ^ [ 168.893832][ T6881] ffff88807c99ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 168.893849][ T6881] ffff88807c99ee80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 168.893862][ T6881] ================================================================== [ 168.909645][ T6881] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 168.909668][ T6881] CPU: 0 UID: 0 PID: 6881 Comm: syz.2.100 Tainted: G L syzkaller #0 PREEMPT(full) [ 168.909706][ T6881] Tainted: [L]=SOFTLOCKUP [ 168.909715][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 168.909730][ T6881] Call Trace: [ 168.909738][ T6881] [ 168.909746][ T6881] dump_stack_lvl+0x100/0x190 [ 168.909775][ T6881] vpanic+0x552/0x970 [ 168.909799][ T6881] ? __pfx_vpanic+0x10/0x10 [ 168.909825][ T6881] ? fbcon_prepare_logo+0x94e/0xc60 [ 168.909851][ T6881] panic+0xd1/0xe0 [ 168.909872][ T6881] ? __pfx_panic+0x10/0x10 [ 168.909896][ T6881] ? fbcon_prepare_logo+0x94e/0xc60 [ 168.909921][ T6881] ? preempt_schedule_common+0x42/0xc0 [ 168.909955][ T6881] check_panic_on_warn.cold+0x19/0x34 [ 168.909988][ T6881] end_report.part.0+0x3a/0x90 [ 168.910023][ T6881] kasan_report.cold+0xe/0x18 [ 168.910059][ T6881] ? fbcon_prepare_logo+0x94e/0xc60 [ 168.910088][ T6881] kasan_check_range+0x10f/0x1e0 [ 168.910122][ T6881] __asan_memcpy+0x23/0x60 [ 168.910158][ T6881] fbcon_prepare_logo+0x94e/0xc60 [ 168.910190][ T6881] fbcon_init+0x1065/0x1830 [ 168.910220][ T6881] visual_init+0x320/0x620 [ 168.910249][ T6881] do_bind_con_driver.isra.0+0x636/0x9c0 [ 168.910288][ T6881] store_bind+0x609/0x730 [ 168.910324][ T6881] ? __pfx_store_bind+0x10/0x10 [ 168.910356][ T6881] dev_attr_store+0x58/0x80 [ 168.910393][ T6881] ? __pfx_dev_attr_store+0x10/0x10 [ 168.910422][ T6881] sysfs_kf_write+0xf2/0x150 [ 168.910469][ T6881] kernfs_fop_write_iter+0x3e0/0x5f0 [ 168.910504][ T6881] ? __pfx_sysfs_kf_write+0x10/0x10 [ 168.910544][ T6881] vfs_write+0x6ac/0x1070 [ 168.910570][ T6881] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 168.910608][ T6881] ? __pfx_vfs_write+0x10/0x10 [ 168.910644][ T6881] ksys_write+0x12a/0x250 [ 168.910670][ T6881] ? __pfx_ksys_write+0x10/0x10 [ 168.910698][ T6881] ? rcu_is_watching+0x12/0xc0 [ 168.910729][ T6881] do_syscall_64+0x10b/0xf80 [ 168.910760][ T6881] ? clear_bhb_loop+0x40/0x90 [ 168.910787][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.910812][ T6881] RIP: 0033:0x7f183b19cdd9 [ 168.910831][ T6881] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.910855][ T6881] RSP: 002b:00007f18393f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 168.910878][ T6881] RAX: ffffffffffffffda RBX: 00007f183b416180 RCX: 00007f183b19cdd9 [ 168.910894][ T6881] RDX: 000000000008083a RSI: 00002000000001c0 RDI: 0000000000000002 [ 168.910909][ T6881] RBP: 00007f183b232d69 R08: 0000000000000000 R09: 0000000000000000 [ 168.910924][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.910939][ T6881] R13: 00007f183b416218 R14: 00007f183b416180 R15: 00007ffc2214beb8 [ 168.910963][ T6881] [ 168.911030][ T6881] Kernel Offset: disabled