last executing test programs: 4.43157974s ago: executing program 1 (id=1035): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x48083, 0x0) sendmmsg$auto(r0, &(0x7f00000002c0)={{&(0x7f0000000080)="67e0a9a3ddf285e985c3814b5252c21a5c7ad249739bcc2621333a034ef3003b5e4fa654fe77b99599812d3f38c17aa906b396b8e5769a554993e72382c8f7775f3f488ffd40880ae131ebaeabfa5a4b748f9d634bec3e55475916615db75e00ec65f1f89fc178e8ae3fbf6ac467abc6a640e50102417277b87711a0e7e6e9685f5b0c6d62ebb2c8a1a33520c3297356f04ebe663cc1bb3377220ea73de82d3f542661cd722667b4d87c5477e5e1ca4ad5dba236e9302bc2d05c5625ee005d7bb65f1a27ec171b7c", 0xffffffc8, &(0x7f0000000180)={&(0x7f0000000000)="235c32fc4365a341d0526c009a1285480f4515e0c0dc57ddfa7b182b406ce8b1", 0x7}, 0x0, &(0x7f00000001c0)="039378d76c0612c14337ab4fff44de34c668c1c9fc53a095024e0c70088d1bf5cf38f875f9e66559e84f54d48bc22b04c4891f311b8b72b676ace1fc47387481f21d2bd9337a5a66541b343b4fea213992e05e3a210ad4f7ae77f52ed3b775ba013c24d02b5d3c84352df0fb95af6712cb69b44879fe3a8c6f71d7a4060c8ebce49e16b9df798f2b743b00e39ec8469c0d1067b226d898f90871f57edf1c49ce511c6c55c5709bfc186a8016dc166dbbd1e6254cae4b26b038fca1db12979a9a1ed2248f0b9318a93ccffe43d473603ab35e51b93a0b53f4e40c812230397190f0bb5eed52b6c619667ec356b6a62aed", 0x8c, 0x8}, 0x8}, 0x5, 0x2) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r1, 0x84, 0x9, 0x0, &(0x7f0000000000)=0x9b) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) epoll_ctl$auto(r1, 0x0, r1, &(0x7f0000000300)={0x1, 0x9bf}) close_range$auto(r0, 0xffffffffffffffff, 0x0) 4.001277632s ago: executing program 1 (id=1038): madvise$auto(0x4d0, 0xdb, 0x7fff) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x6) socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x3, 0x5, 0x7, 0x0) r1 = openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) open(0x0, 0x1a1043, 0x2a) ioctl$auto_vsock_device_ops_af_vsock(r1, 0x7b9, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0) ioctl$auto(r2, 0x40085112, 0x3) syz_clone(0x0, 0x0, 0xffffffffffffff19, 0x0, 0x0, 0x0) 3.723746722s ago: executing program 2 (id=1039): msgctl$auto(0x6, 0x944, &(0x7f0000000440)={{0xe025, 0x0, 0x0, 0xef5, 0x0, 0x5, 0x56a}, 0x0, &(0x7f0000000280)=0x7f, 0x9, 0x4, 0x541c, 0x6, 0x1, 0xfff7, 0x8, 0x7, @inferred, @raw=0xa6}) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x9}, 0x3) mmap$auto(0x0, 0x1, 0xdf, 0x7932, 0x2, 0x8000) lstat$auto(0x0, &(0x7f00000004c0)={0x4, 0x4da, 0xfffb, 0x39b, r0, r1, 0x0, 0x80000081, 0xfec1, 0x0, 0x97, 0xfffffffffffffff9, 0xffffffffffffffff, 0x3, 0x1005, 0x4, 0x9}) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x10000008}, 0x800}, 0x107, 0x8, 0x0) 3.454377928s ago: executing program 3 (id=1040): close_range$auto(0x2, 0x8, 0x0) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000000c0), 0x480001, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r0, 0x20e, 0x6}, 0x6, 0x100000) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) rseq$auto(&(0x7f0000000300)={0x0, 0x9, 0x0, 0x4, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/size\x00', 0x0, 0x0) socket(0x29, 0x3, 0x0) getpriority$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@ethernet, 0x55) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, 0x0, 0x44001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x4, 0x0) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002240)='/dev/cec17\x00', 0x181680, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.055457071s ago: executing program 3 (id=1042): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub4/hw_params\x00', 0x240400, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) socket(0xa, 0x2, 0x88) clock_getres$auto(0x8, 0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000004680)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x502, 0x0) socket$nl_generic(0x10, 0x3, 0x10) fanotify_init$auto(0x5, 0x2) io_uring_setup$auto(0x6, 0x0) ioctl$auto_evdev_fops_evdev(0xffffffffffffffff, 0x40084502, 0x0) socket(0xa, 0x801, 0x106) epoll_create$auto(0x4) flistxattr$auto(0x3, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x109140, 0x0) sysfs$auto(0x2, 0x4, 0x4) socket(0x2, 0x5, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x80043, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) mincore$auto(0x1000, 0x8001, 0x0) io_uring_setup$auto(0x877, 0x0) r0 = io_uring_setup$auto(0x877, 0x0) io_uring_enter$auto(r0, 0xcd00, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) 2.792365354s ago: executing program 1 (id=1043): mmap$auto(0x3, 0x3, 0xdf, 0x14, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x7) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, 0x0, 0x4000000) write$auto(0x1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) capget$auto(0x0, 0xfffffffffffffffe) readv$auto(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x8}, 0x49) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x10007, 0x6}) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x6, r0) 2.717735014s ago: executing program 2 (id=1044): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0xfeff0000) 2.643404449s ago: executing program 0 (id=1045): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x840, 0x0) ioctl$auto(r0, 0xc10c5541, 0xffffffffffffffff) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x40, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000932c14", @ANYRES64=r0], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) 2.529175365s ago: executing program 2 (id=1046): r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x400000000005b8, 0xc, 0x3, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xfffffffffffffffa, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000]}, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r1 = openat$auto__dev_ioctl_fops_dev_ioctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$auto(0x3, 0x4008af03, 0x0) socket(0xa, 0x801, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x4, 0x2020009, 0x4, 0xeb1, 0xfffffffffffffffa, 0x8000) msync$auto(0x0, 0x5, 0x6) mmap$auto(0x618e66dd, 0x8c, 0x80000000, 0x13, r1, 0x1) delete_module$auto(0x0, 0x5) socket$nl_generic(0x10, 0x3, 0x10) poll$auto(0x0, 0x5, 0xfff) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x4040, 0x75) mmap$auto(0x0, 0x200008, 0x1000000004, 0x9b72, 0x2, 0x8000) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x84, 0x84, 0x0, &(0x7f0000000000)=0x9b) socket(0xa, 0x2, 0x3a) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab00"}, 0x55) socket(0x28, 0x6, 0x0) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(0xffffffffffffffff, &(0x7f0000001f00)={0x0, 0x0, &(0x7f0000001ec0)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0xc000) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) 2.470072489s ago: executing program 3 (id=1047): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0x82040, 0x0) close_range$auto(r0, 0x8, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_CFG(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=ANY=[@ANYBLOB="0800d4374f96d451193e1dcff5272285fb87067d23e7ded0454c1cef217ad8e856b252c452157e1ddbc0de70e3e69dad83b46371f6ac3cffefd68d2c9ab52b4420ee9ac4f1926c7e15561294c597abb5ba42ef22f33ced773cb86e2d4ff5ff79a0c0838737aabf742b831bf51c084e935249893d18fdacd52d9c7780d43d5efe9ccf0c7a68e3cf69d2b204021fb97267c27b6a5bc3365c4954b67debea66f2803a48", @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf25270000002000018008000400050000001400020076657468315f766972745f7769666900"], 0x34}, 0x1, 0x0, 0x0, 0x885}, 0x40) mmap$auto(0x0, 0x8, 0x72, 0x8b72, 0x8f1, 0x8000) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x20000000003, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) sysfs$auto(0x2, 0x4, 0x4) mincore$auto(0x1000, 0x8001, 0x0) r3 = io_uring_setup$auto(0x2, 0x0) r4 = socket(0x1d, 0x2, 0x7) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), r4) open(0x0, 0x80842, 0x91) io_uring_enter$auto(r3, 0x1, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) io_submit$auto(0x1, 0x3, 0x0) sendmsg$auto_NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="38040000", @ANYRES16=0x0, @ANYBLOB="020025bd7000ffdbdf253f00000080016e804ee829d005b3d3076a938c8c45d132000eae56ed204612d089d1e755de5d349197939110414be151e56aca3bc2ec4a643137ae8215fb88417fc4bbe9c21573525769ae95265165ab25327a036f5c9371606f7bde10e620bc249f874d2292b3d8ccb16e5065b119a2d3c4264640b7463d75d645f5d7577124fb1d9ed7d9ef7950f214c436fd45190a3a39045cfdc087954995ab73ab15692b7e712428aff82d04e4a052727383247c669f6221c3ebe871040293c35a4c63416f0d67f963312425dd311c93c7e96965bc0e53f95fac48d0e946a79c1ad1e135c5f5f3af62ca25bc262d45e5e6feb3141e543405c277a79a385cbf6a20af8d6d8400b0807d0074005af0f7356c9658f2c38739e317dd543757a7d85f17b70d7a630ed7f6107b58a6abacfcabb43906e90f6e96031cd3df0b11bee8ebe1a2a579527b95b85701b2e121434f8f7818632f72a6ed29c5f38a1f5c31614f39eb7be151650b70f2dccc59fc904c222e73e7b69e4fc955b042e0422ef9ef1c0a1a93aa5a0000000900cd004ab459024f00000006001000070000006102b2004bf459d3737d8f9d82c84c880e9c1b32e89304440089ad8a739e0c9e2f9c85eccd0113d04597153dc44e56306ab8b262c480318b564edfe3d6cf950a003840082800c5d6dcad075bb3fe58986032c02ba34734ad0813e82e89cbd2e7c02c00746f506557fa1af16d796a75b7ab819bd8ef1e3cc966e1205ae19948fdea5785af25f3b331b052402383988b231d6a6255c07558b96a732f9f25752de0c1fbf809aabe877fb15d4494af99eaf94eed552fd79ebf7219a76eb69fa08bf87bd412fa1c643db9633b9d77a1e868e246ad57bd5280d0f08e3170fe90d99b2763359442d931abb73021e4b5c08329027fa1aec07a7ea22e785d2054b99ca9a5e20f417427c15d9aa7ef727fb4dfdaab68fa9eaf7e3dc054f71f5cae661e6dd27a0718f85ac19f22505a94fef75e01cd4c8a67c96a47c964d1b013e3e42474dd5ef1fd316e1c7004b714406af4a0b6f87ccebb6a8fb24ca06b6b182bb573e45571547f37fb055dff89b7e3f8ebd2a6434f20aed41029d7d416fbd0d57a84864dd7b0bf72bef37d23919f47a7d43f48844255da4b1c5f41cca2b1828fa5867256915bb8a9255fb50b4940bfb86802516109d593acee6f35a746c0ae899f2b1ba89617605ee979870f66fb4de19f58e68a930f56e46096bf2eb199a733d094acf01b29c5351292d877c9ee49270b0a3caafe5a45109b80dc58b3dcd51ebba992979882be819f858f6117643fc3fa33ee243b9a7c422608e2a0ea36688ae2e352809891c0923a9d9af1b646594829476fd2ddebf9f4c5b3bd2f6e738908e6adfc5196a23baaa9ad75c353edbb2e768e7e439f0e5dd5cbf4500e1fcc1a8b1e4ea30571f9d2f4bb8716fa9caa5758880000002b00c800f3b48aa2e0c7d640f19507058fd75464ae5dbeb44a732399ff720071534eeb810409d3314171e800"], 0x438}, 0x1, 0x0, 0x0, 0x20000050}, 0x4008801) r5 = socket(0x2, 0x5, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001180)='/dev/input/mice\x00', 0x1a1382, 0x0) read$auto_mousedev_fops_mousedev(r6, 0x0, 0x0) write$auto_mousedev_fops_mousedev(r6, &(0x7f0000001380), 0x0) sendmsg$auto_BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000ffdbdf250300000005002d000100000005001100f80000000a000500aaaaaaaaaabb00000000040069703665727370616e3000000000000008002300e000000208002300ac1e0101"], 0xfffffffffffffe4e}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0x8) ioctl$auto(r1, 0x4b31, 0xffffffffffffffff) 2.117567629s ago: executing program 0 (id=1048): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$auto(r0, 0x4b68, 0xffffffffffffffff) 1.907572717s ago: executing program 3 (id=1049): socket(0x2b, 0x1, 0x1) socket(0x18, 0x3, 0x400) socket(0xa, 0x3, 0x3a) r0 = socket(0x1a, 0xa, 0x60088) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) iopl$auto(0x0) setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x9) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x1801, @old_map_fd=0x3ff}, 0xa3) mmap$auto(0x0, 0x2020009, 0x4, 0xeb1, r2, 0x8000) madvise$auto(0x2000000000, 0xffffffffffff0005, 0x17) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto(0x0, 0x5c5, 0x0, 0x4, 0x0) setpgid$auto(r4, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff7ea8, 0x19) newfstatat$auto(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', &(0x7f0000000900)={0x8, 0xfffffffffffffff9, 0x9, 0x3, 0xee00, 0xee00, 0x0, 0x2ce6, 0xe7, 0x8b, 0x0, 0x8, 0x7f, 0x401, 0x6, 0x7, 0x2}, 0x5) fstat$auto(r1, &(0x7f0000000300)={0x9, 0x5, 0x7, 0x74, 0xee00, 0xffffffffffffffff, 0x0, 0x3, 0x6, 0xfffffffffffffbd3, 0x9, 0x63, 0x8000000000000001, 0x6d3785ca, 0x6, 0x4, 0xffffffffffffffff}) newfstatat$auto(r3, &(0x7f0000000100)='./file0\x00', &(0x7f00000003c0)={0x9, 0x1, 0x1ff, 0x1, r5, r6, 0x0, 0xe, 0x100000001, 0xffffffffffffffff, 0x6, 0x0, 0x23, 0x4, 0x7f, 0x1, 0x4}, 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r7 = socket(0x2, 0x5, 0x0) semctl$auto(0x7, 0x2, 0x13, 0x1) socket(0xa, 0x801, 0x84) getsockopt$auto(r7, 0x84, 0x85, 0x0, &(0x7f00000000c0)=0x1000c) r8 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/meminfo\x00', 0x0, 0x0) ppoll$auto(&(0x7f00000000c0)={r8, 0xf81, 0x27f}, 0x3, 0x0, 0x0, 0x8) r10 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv6/conf/ip6gre0/ignore_routes_with_linkdown\x00', 0x202, 0x0) sendfile$auto(r10, r9, 0x0, 0x401) madvise$auto(0x0, 0x1000000000053, 0x9) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800100}, 0xc, &(0x7f0000000880)={&(0x7f00000009c0)=ANY=[@ANYBLOB="f8030000", @ANYRES16=0x0, @ANYBLOB="00032cbd7000ffdbdf250300000005000900090000000400060008020180c601f08004007b005988716ccdd72099b2bee399600fc87246eb7bb251071af8c8965b44467b7893d6c2813cf222533cde96e24425984a83776c96898592863411d887243e204a81abf00d999c53226262e97f7f055157d388cd0f045acf8aa0a5cfe8d2d507262597d8443fecce187df9ef91ea9add2d667ef01f1bafc2bf2c95de1e8d506ce4af57b60d3f69ced85ed53890d9ddef11df784efdc6d081b176af30941e79871ca51b4f9b0a48a193730c2bee2a03b56451c98db2ed77464914e1ac1e3bcb157549d2673792af3ec77122fefffcff95658c9428ddd2155c3c1e5422948374d5c8a08b34e039d2eb654aa67bbdce870221b9c7458e9bec44f00c56ba827752714c700697b678bee6b85d66443cb4170ab2e4d1bd6d1d21670af25db390d9fd8c563192c7f859fbfca66f1dad1aa85485aee1220737cde188530729ed67008a0036a4ec93ca50cf02c43dca18275fb8f245c6d0d02cc98b2b946de6fb7bee085cc4d6b2d3eee78c84329528832a757dc5216a538b9746b7eedd8319814ba4021765f5f18a1ed605f53702e43b5256c1ed8b7f2f3bba76854522d38d215b8c03e84502eb00fe324298703700258f34edd83625399f63362e3682f5beef450d51e900000d005d005e262b242d245b7b000000000800270007000000080028006b6ea48c7bea1c39bd9a335a067cb5837ee0b06da0788a5d207caff07154e45bc1c03cd1a53aa10aebc2b151ba141535e07c343e8fcafb9669c67f42398cef1a1c4e270193e4ca03e7a59099290dfb16773f6f2286a98d7ddd981d7350599661da8027381c115311ffc7d53749984c27f7cef70e674013f1c54a487f30cbb4e658df65a71faf289d35dfeee2e283da32d599bdd2c0f59e6a3efef44fb5aba50c780f578ebd76b4ad9cf52602", @ANYRES32=r5, @ANYBLOB="14001900fc00000000000000000000000000000008001b000200000004000800cc0102804c3f4d1367bbfd4e9f1ffa25057b29aa5874310ba139c01276d5df27df989f0f77a747bfed1573b79eb8081d3f4b82bd4f066e884bd7665314a7658fecd51abe24856708ab0880b6db9f8a3412d4a081f602d09e375db4b8aa6c0a8480938efe5354272d6cacfb31d2d118d8f36f9c55b082b4d67781843e50081e7fc5d87214530400fc00e63310a8fb44806d37cc732e0e4ec065b8def33e1a4710c5d67982ea347f2d27b9fc01bc2bd44b27f96e5480e760d8e1d1007f0ffb0d8275ac98fb4aa8668105e9f157eed31478b59dab1a3927afe34a813d9483f54e8a26a7ffd28f63eeba8ff83c95d859da3f0970aa22854d2ef5badaa7b413a14ffd7d2d2643d0cdbc45e5cadf79e407fc853f62ba93345c3c45ee79be5a271c693392b8b9962b66a8390eb84611705d0ed5b638e8a0076b312876c019b8eea71bd0520400a5808b1dff62a3a24633cde9c59716a7fe703ddbb0491fb993c03a22a95ab558f6a995ecc6dafc218846ab3701ecff4a5fba5caa160c9061f1d7b99f9ff94cfeaaaadc0e4202e42f05fb86740b3df4fd337a73bc27ad52b851e1eae2c144e2dc841d3392384f03e00632b170bf29338ce1bb0839ff30938e204a96061853f53efe0800b300", @ANYRES32=r7, @ANYBLOB], 0x3f8}}, 0x800) 1.777438507s ago: executing program 0 (id=1050): close_range$auto(0x2, 0x8, 0x0) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000000c0), 0x480001, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r0, 0x20e, 0x6}, 0x6, 0x100000) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) rseq$auto(&(0x7f0000000300)={0x0, 0x9, 0x0, 0x4, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/size\x00', 0x0, 0x0) socket(0x29, 0x3, 0x0) getpriority$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@ethernet, 0x55) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, 0x0, 0x44001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x4, 0x0) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002240)='/dev/cec17\x00', 0x181680, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.672399054s ago: executing program 1 (id=1051): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r0, &(0x7f0000001c80)={0x0, 0x2000, &(0x7f0000001c40)={&(0x7f0000002400)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@MACSEC_ATTR_SA_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000804}, 0x8880) 1.531484136s ago: executing program 1 (id=1052): msgctl$auto(0x6, 0x944, &(0x7f0000000440)={{0xe025, 0x0, 0x0, 0xef5, 0x0, 0x5, 0x56a}, 0x0, &(0x7f0000000280)=0x7f, 0x9, 0x4, 0x541c, 0x6, 0x1, 0xfff7, 0x8, 0x7, @inferred, @raw=0xa6}) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x9}, 0x3) mmap$auto(0x0, 0x1, 0xdf, 0x7932, 0x2, 0x8000) lstat$auto(0x0, &(0x7f00000004c0)={0x4, 0x4da, 0xfffb, 0x39b, r0, r1, 0x0, 0x80000081, 0xfec1, 0x0, 0x97, 0xfffffffffffffff9, 0xffffffffffffffff, 0x3, 0x1005, 0x4, 0x9}) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x4, 0x0, 0x5, 0x0, 0x2, 0x10000008}, 0x800}, 0x107, 0x8, 0x0) 1.32494382s ago: executing program 0 (id=1053): mmap$auto(0x0, 0x20009, 0x4000000000e1, 0xab1, 0xffffffffffffffff, 0x7) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x3, 0x0) socket(0x2, 0x3, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x48000) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/o2hb/livenodes\x00', 0x0, 0x0) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0xa, 0x2, 0x73) sendto$auto(r1, 0x0, 0x402, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) mprotect$auto(0xa, 0x40, 0xd) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000540), 0x2000, 0x0) readv$auto(r1, &(0x7f0000000040)={0x0, 0xffff}, 0x1) getsockopt$auto(r0, 0x6, 0x24, 0x0, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0x7) io_uring_setup$auto(0x6, 0x0) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x0, 0x2, 0x5) socketpair$auto(0x3, 0x7, 0xfff, 0x0) 1.139071588s ago: executing program 2 (id=1054): socket(0xb, 0x2, 0x8) mmap$auto(0x0, 0x8000000000000000, 0x1000000000000, 0xfffffffffffffffd, 0x404, 0x8004) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) madvise$auto(0x0, 0x53, 0x9) ioctl$auto(0x3, 0x80084d17, 0x38) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) madvise$auto(0x2, 0x0, 0x6) bpf$auto(0x3, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x8, 0x30017, 0x8020000000a, 0x2, 0x5f, 0x20000000000803, 0xffffffffffffffff}, 0x6f0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.136961136s ago: executing program 3 (id=1055): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub4/hw_params\x00', 0x240400, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) socket(0xa, 0x2, 0x88) clock_getres$auto(0x8, 0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000004680)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x502, 0x0) socket$nl_generic(0x10, 0x3, 0x10) fanotify_init$auto(0x5, 0x2) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0) ioctl$auto_evdev_fops_evdev(r0, 0x40084502, 0x0) socket(0xa, 0x801, 0x106) epoll_create$auto(0x4) flistxattr$auto(0x3, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x109140, 0x0) sysfs$auto(0x2, 0x4, 0x4) socket(0x2, 0x5, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x80043, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) mincore$auto(0x1000, 0x8001, 0x0) io_uring_setup$auto(0x877, 0x0) r1 = io_uring_setup$auto(0x877, 0x0) io_uring_enter$auto(r1, 0xcd00, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) 934.512905ms ago: executing program 0 (id=1056): socket(0x2b, 0x1, 0x1) socket(0x18, 0x3, 0x400) socket(0xa, 0x3, 0x3a) r0 = socket(0x1a, 0xa, 0x60088) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) iopl$auto(0x0) setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x9) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x1801, @old_map_fd=0x3ff}, 0xa3) mmap$auto(0x0, 0x2020009, 0x4, 0xeb1, r2, 0x8000) madvise$auto(0x2000000000, 0xffffffffffff0005, 0x17) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto(0x0, 0x5c5, 0x0, 0x4, 0x0) setpgid$auto(r4, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff7ea8, 0x19) newfstatat$auto(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', &(0x7f0000000900)={0x8, 0xfffffffffffffff9, 0x9, 0x3, 0xee00, 0xee00, 0x0, 0x2ce6, 0xe7, 0x8b, 0x0, 0x8, 0x7f, 0x401, 0x6, 0x7, 0x2}, 0x5) fstat$auto(r1, &(0x7f0000000300)={0x9, 0x5, 0x7, 0x74, 0xee00, 0xffffffffffffffff, 0x0, 0x3, 0x6, 0xfffffffffffffbd3, 0x9, 0x63, 0x8000000000000001, 0x6d3785ca, 0x6, 0x4, 0xffffffffffffffff}) newfstatat$auto(r3, &(0x7f0000000100)='./file0\x00', &(0x7f00000003c0)={0x9, 0x1, 0x1ff, 0x1, r5, r6, 0x0, 0xe, 0x100000001, 0xffffffffffffffff, 0x6, 0x0, 0x23, 0x4, 0x7f, 0x1, 0x4}, 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r7 = socket(0x2, 0x5, 0x0) semctl$auto(0x7, 0x2, 0x13, 0x1) r8 = getsockopt$auto(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) getsockopt$auto(r7, 0x84, 0x85, 0x0, &(0x7f00000000c0)=0x1000c) r9 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/meminfo\x00', 0x0, 0x0) ppoll$auto(&(0x7f00000000c0)={r9, 0xf81, 0x27f}, 0x3, 0x0, 0x0, 0x8) r11 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv6/conf/ip6gre0/ignore_routes_with_linkdown\x00', 0x202, 0x0) sendfile$auto(r11, r10, 0x0, 0x401) madvise$auto(0x0, 0x1000000000053, 0x9) sendmsg$auto_OVS_FLOW_CMD_GET(r8, &(0x7f00000008c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800100}, 0xc, &(0x7f0000000880)={&(0x7f00000009c0)=ANY=[@ANYBLOB="f8030000", @ANYRES16=0x0, @ANYBLOB="00032cbd7000ffdbdf250300000005000900090000000400060008020180c601f08004007b005988716ccdd72099b2bee399600fc87246eb7bb251071af8c8965b44467b7893d6c2813cf222533cde96e24425984a83776c96898592863411d887243e204a81abf00d999c53226262e97f7f055157d388cd0f045acf8aa0a5cfe8d2d507262597d8443fecce187df9ef91ea9add2d667ef01f1bafc2bf2c95de1e8d506ce4af57b60d3f69ced85ed53890d9ddef11df784efdc6d081b176af30941e79871ca51b4f9b0a48a193730c2bee2a03b56451c98db2ed77464914e1ac1e3bcb157549d2673792af3ec77122fefffcff95658c9428ddd2155c3c1e5422948374d5c8a08b34e039d2eb654aa67bbdce870221b9c7458e9bec44f00c56ba827752714c700697b678bee6b85d66443cb4170ab2e4d1bd6d1d21670af25db390d9fd8c563192c7f859fbfca66f1dad1aa85485aee1220737cde188530729ed67008a0036a4ec93ca50cf02c43dca18275fb8f245c6d0d02cc98b2b946de6fb7bee085cc4d6b2d3eee78c84329528832a757dc5216a538b9746b7eedd8319814ba4021765f5f18a1ed605f53702e43b5256c1ed8b7f2f3bba76854522d38d215b8c03e84502eb00fe324298703700258f34edd83625399f63362e3682f5beef450d51e900000d005d005e262b242d245b7b000000000800270007000000080028006b6ea48c7bea1c39bd9a335a067cb5837ee0b06da0788a5d207caff07154e45bc1c03cd1a53aa10aebc2b151ba141535e07c343e8fcafb9669c67f42398cef1a1c4e270193e4ca03e7a59099290dfb16773f6f2286a98d7ddd981d7350599661da8027381c115311ffc7d53749984c27f7cef70e674013f1c54a487f30cbb4e658df65a71faf289d35dfeee2e283da32d599bdd2c0f59e6a3efef44fb5aba50c780f578ebd76b4ad9cf52602", @ANYRES32=r5, @ANYBLOB="14001900fc00000000000000000000000000000008001b000200000004000800cc0102804c3f4d1367bbfd4e9f1ffa25057b29aa5874310ba139c01276d5df27df989f0f77a747bfed1573b79eb8081d3f4b82bd4f066e884bd7665314a7658fecd51abe24856708ab0880b6db9f8a3412d4a081f602d09e375db4b8aa6c0a8480938efe5354272d6cacfb31d2d118d8f36f9c55b082b4d67781843e50081e7fc5d87214530400fc00e63310a8fb44806d37cc732e0e4ec065b8def33e1a4710c5d67982ea347f2d27b9fc01bc2bd44b27f96e5480e760d8e1d1007f0ffb0d8275ac98fb4aa8668105e9f157eed31478b59dab1a3927afe34a813d9483f54e8a26a7ffd28f63eeba8ff83c95d859da3f0970aa22854d2ef5badaa7b413a14ffd7d2d2643d0cdbc45e5cadf79e407fc853f62ba93345c3c45ee79be5a271c693392b8b9962b66a8390eb84611705d0ed5b638e8a0076b312876c019b8eea71bd0520400a5808b1dff62a3a24633cde9c59716a7fe703ddbb0491fb993c03a22a95ab558f6a995ecc6dafc218846ab3701ecff4a5fba5caa160c9061f1d7b99f9ff94cfeaaaadc0e4202e42f05fb86740b3df4fd337a73bc27ad52b851e1eae2c144e2dc841d3392384f03e00632b170bf29338ce1bb0839ff30938e204a96061853f53efe0800b300", @ANYRES32=r7, @ANYBLOB], 0x3f8}}, 0x800) 793.143636ms ago: executing program 2 (id=1057): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0x82040, 0x0) close_range$auto(r0, 0x8, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_CFG(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=ANY=[@ANYBLOB="0800d4374f96d451193e1dcff5272285fb87067d23e7ded0454c1cef217ad8e856b252c452157e1ddbc0de70e3e69dad83b46371f6ac3cffefd68d2c9ab52b4420ee9ac4f1926c7e15561294c597abb5ba42ef22f33ced773cb86e2d4ff5ff79a0c0838737aabf742b831bf51c084e935249893d18fdacd52d9c7780d43d5efe9ccf0c7a68e3cf69d2b204021fb97267c27b6a5bc3365c4954b67debea66f2803a48", @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf25270000002000018008000400050000001400020076657468315f766972745f7769666900"], 0x34}, 0x1, 0x0, 0x0, 0x885}, 0x40) mmap$auto(0x0, 0x8, 0x72, 0x8b72, 0x8f1, 0x8000) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x20000000003, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000) sysfs$auto(0x2, 0x4, 0x4) mincore$auto(0x1000, 0x8001, 0x0) r3 = io_uring_setup$auto(0x2, 0x0) r4 = socket(0x1d, 0x2, 0x7) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), r4) open(0x0, 0x80842, 0x91) io_uring_enter$auto(r3, 0x1, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) io_submit$auto(0x1, 0x3, 0x0) sendmsg$auto_NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="38040000", @ANYRES16=0x0, @ANYBLOB="020025bd7000ffdbdf253f00000080016e804ee829d005b3d3076a938c8c45d132000eae56ed204612d089d1e755de5d349197939110414be151e56aca3bc2ec4a643137ae8215fb88417fc4bbe9c21573525769ae95265165ab25327a036f5c9371606f7bde10e620bc249f874d2292b3d8ccb16e5065b119a2d3c4264640b7463d75d645f5d7577124fb1d9ed7d9ef7950f214c436fd45190a3a39045cfdc087954995ab73ab15692b7e712428aff82d04e4a052727383247c669f6221c3ebe871040293c35a4c63416f0d67f963312425dd311c93c7e96965bc0e53f95fac48d0e946a79c1ad1e135c5f5f3af62ca25bc262d45e5e6feb3141e543405c277a79a385cbf6a20af8d6d8400b0807d0074005af0f7356c9658f2c38739e317dd543757a7d85f17b70d7a630ed7f6107b58a6abacfcabb43906e90f6e96031cd3df0b11bee8ebe1a2a579527b95b85701b2e121434f8f7818632f72a6ed29c5f38a1f5c31614f39eb7be151650b70f2dccc59fc904c222e73e7b69e4fc955b042e0422ef9ef1c0a1a93aa5a0000000900cd004ab459024f00000006001000070000006102b2004bf459d3737d8f9d82c84c880e9c1b32e89304440089ad8a739e0c9e2f9c85eccd0113d04597153dc44e56306ab8b262c480318b564edfe3d6cf950a003840082800c5d6dcad075bb3fe58986032c02ba34734ad0813e82e89cbd2e7c02c00746f506557fa1af16d796a75b7ab819bd8ef1e3cc966e1205ae19948fdea5785af25f3b331b052402383988b231d6a6255c07558b96a732f9f25752de0c1fbf809aabe877fb15d4494af99eaf94eed552fd79ebf7219a76eb69fa08bf87bd412fa1c643db9633b9d77a1e868e246ad57bd5280d0f08e3170fe90d99b2763359442d931abb73021e4b5c08329027fa1aec07a7ea22e785d2054b99ca9a5e20f417427c15d9aa7ef727fb4dfdaab68fa9eaf7e3dc054f71f5cae661e6dd27a0718f85ac19f22505a94fef75e01cd4c8a67c96a47c964d1b013e3e42474dd5ef1fd316e1c7004b714406af4a0b6f87ccebb6a8fb24ca06b6b182bb573e45571547f37fb055dff89b7e3f8ebd2a6434f20aed41029d7d416fbd0d57a84864dd7b0bf72bef37d23919f47a7d43f48844255da4b1c5f41cca2b1828fa5867256915bb8a9255fb50b4940bfb86802516109d593acee6f35a746c0ae899f2b1ba89617605ee979870f66fb4de19f58e68a930f56e46096bf2eb199a733d094acf01b29c5351292d877c9ee49270b0a3caafe5a45109b80dc58b3dcd51ebba992979882be819f858f6117643fc3fa33ee243b9a7c422608e2a0ea36688ae2e352809891c0923a9d9af1b646594829476fd2ddebf9f4c5b3bd2f6e738908e6adfc5196a23baaa9ad75c353edbb2e768e7e439f0e5dd5cbf4500e1fcc1a8b1e4ea30571f9d2f4bb8716fa9caa5758880000002b00c800f3b48aa2e0c7d640f19507058fd75464ae5dbeb44a732399ff720071534eeb810409d3314171e800"], 0x438}, 0x1, 0x0, 0x0, 0x20000050}, 0x4008801) r5 = socket(0x2, 0x5, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001180)='/dev/input/mice\x00', 0x1a1382, 0x0) read$auto_mousedev_fops_mousedev(r6, 0x0, 0x0) write$auto_mousedev_fops_mousedev(r6, &(0x7f0000001380), 0x0) sendmsg$auto_BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000ffdbdf250300000005002d000100000005001100f80000000a000500aaaaaaaaaabb00000000040069703665727370616e3000000000000008002300e000000208002300ac1e0101"], 0xfffffffffffffe4e}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0x8) ioctl$auto(r1, 0x4b31, 0xffffffffffffffff) 444.654831ms ago: executing program 1 (id=1058): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x840, 0x0) ioctl$auto(r0, 0xc10c5541, 0xffffffffffffffff) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x40, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) 391.069356ms ago: executing program 0 (id=1059): mmap$auto(0x3, 0x3, 0xdf, 0x14, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x7) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, 0x0, 0x4000000) write$auto(0x1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) readv$auto(r0, &(0x7f00000011c0)={0x0, 0x8}, 0x49) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x10007, 0x6}) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x6, r1) 285.463701ms ago: executing program 3 (id=1060): openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x2100, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid$auto(r0, 0x0) fstat$auto(0xffffffffffffffff, &(0x7f0000000140)={0x400, 0x7, 0x66ecc7bf, 0xe, 0x0, 0xffffffffffffffff, 0x0, 0xb, 0x7, 0x8000000000000001, 0x5, 0x9, 0x402, 0x5, 0x9, 0xb5, 0x3}) ioctl$auto_UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f00000000c0)={0xffffffffffffffff, 0xb, 0x6, 0x5}) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000200), 0x2400, 0x0) semctl$auto(0xfff, 0xfffffff5, 0x2, 0x1) r1 = socket(0x2, 0x6, 0x0) getsockopt$auto(r1, 0x10d, 0xc0, 0x0, &(0x7f0000000040)=0x800b) r2 = gettid() tkill$auto(r2, 0x6) r3 = socket(0x9, 0x2, 0x3a) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000dc0), r4) sendmsg$auto_IPVS_CMD_GET_DEST(r4, &(0x7f0000003a40)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="000225bd7000fedbdf650800c3503449c8319700000500fb5d6e682c41da3e4e411818c2ce0b5bc64b99e0ae9650ce693ab378dfa3356f0149d12329b1fa572267774a13c514fd72430000124b5934e978da74ef9d49da59a95b0050109433a228fea7a03fc509e22367cfd9cc2daca8d618e56825e8eadd7d5b908ba483dc5a415be0c2cfc7fe262e250ab213c7bbc7a378ebcc242359f9a6c3f046674b840dc20f46019dcd25c6a85529998b6bd62f853a2b1708ccb5729072c3dfe628ec3fbd5a162604033a6b29833773b9ef7e0a4978491affdcd78e86a5c4070c3c186e660b9b3a849bd3e89e55d62c2b67070169f6a8f9e21814d73ed144e1cce7f08ce2012551e506daed6f75ef2ba3ddfd05ac96"], 0x1c}, 0x1, 0x0, 0x0, 0x4008840}, 0x40014) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = socket(0x0, 0x3, 0x0) open(0x0, 0x22b77da92db68159, 0x17d) unshare$auto(0x40000080) open(0x0, 0xa41c2, 0x84) syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000000), r6) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/thread-self/net/igmp\x00', 0x20000, 0x0) epoll_wait$auto(0xffffffffffffffff, &(0x7f0000000100)={0xfffff62c, 0x8000}, 0x2, 0x1) pread64$auto(r7, 0x0, 0x5, 0xe8f) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r3, 0x8000) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, 0x0, 0x8800, 0x0) mmap$auto(0x0, 0x8, 0x6, 0x9b72, 0x2, 0x8000) setuid$auto(0xe) setsockopt$auto(0x3, 0x1, 0x24, 0x0, 0xa) socket(0xa, 0x5, 0x0) 0s ago: executing program 2 (id=1061): close_range$auto(0x2, 0x8, 0x0) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f00000000c0), 0x480001, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r0, 0x20e, 0x6}, 0x6, 0x100000) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) rseq$auto(&(0x7f0000000300)={0x0, 0x9, 0x0, 0x4, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/size\x00', 0x0, 0x0) socket(0x29, 0x3, 0x0) getpriority$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0x5, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@ethernet, 0x55) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, 0x0, 0x44001) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x4, 0x0) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002240)='/dev/cec17\x00', 0x181680, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, 0x0) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts. [ 65.010858][ T5815] cgroup: Unknown subsys name 'net' [ 65.147895][ T5815] cgroup: Unknown subsys name 'cpuset' [ 65.155753][ T5815] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.494936][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.180278][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.188212][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.197851][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.205819][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.213986][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.221694][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.245116][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.262831][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.267782][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.277914][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.283890][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.285905][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.293724][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.300109][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.307119][ T5837] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.314506][ T5838] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.320233][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.327192][ T5833] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.336971][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.341128][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.356743][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.376601][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.384417][ T5831] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.391776][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.671772][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 68.762062][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 68.821076][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 68.833827][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.841971][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.849876][ T5828] bridge_slave_0: entered allmulticast mode [ 68.856680][ T5828] bridge_slave_0: entered promiscuous mode [ 68.865347][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.872461][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.879816][ T5828] bridge_slave_1: entered allmulticast mode [ 68.886403][ T5828] bridge_slave_1: entered promiscuous mode [ 68.973480][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.985304][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.008604][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.015948][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.023089][ T5830] bridge_slave_0: entered allmulticast mode [ 69.030583][ T5830] bridge_slave_0: entered promiscuous mode [ 69.057220][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.064551][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.071713][ T5830] bridge_slave_1: entered allmulticast mode [ 69.078565][ T5830] bridge_slave_1: entered promiscuous mode [ 69.101650][ T5828] team0: Port device team_slave_0 added [ 69.145651][ T5828] team0: Port device team_slave_1 added [ 69.169032][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.190642][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.198034][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.225155][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.236960][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.244067][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.251518][ T5824] bridge_slave_0: entered allmulticast mode [ 69.258581][ T5824] bridge_slave_0: entered promiscuous mode [ 69.267103][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.284889][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 69.299824][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.306810][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.332804][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.348980][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.356391][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.363535][ T5824] bridge_slave_1: entered allmulticast mode [ 69.370926][ T5824] bridge_slave_1: entered promiscuous mode [ 69.391263][ T5830] team0: Port device team_slave_0 added [ 69.433190][ T5830] team0: Port device team_slave_1 added [ 69.449708][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.472910][ T5828] hsr_slave_0: entered promiscuous mode [ 69.480555][ T5828] hsr_slave_1: entered promiscuous mode [ 69.490015][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.534688][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.541670][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.567621][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.585945][ T5824] team0: Port device team_slave_0 added [ 69.608441][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.615701][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.641679][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.665905][ T5824] team0: Port device team_slave_1 added [ 69.671786][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.679896][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.687344][ T5827] bridge_slave_0: entered allmulticast mode [ 69.693976][ T5827] bridge_slave_0: entered promiscuous mode [ 69.701976][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.709163][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.716395][ T5827] bridge_slave_1: entered allmulticast mode [ 69.722984][ T5827] bridge_slave_1: entered promiscuous mode [ 69.760718][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.767904][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.793898][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.822754][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.834190][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.860822][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.895975][ T5830] hsr_slave_0: entered promiscuous mode [ 69.902237][ T5830] hsr_slave_1: entered promiscuous mode [ 69.909472][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.917438][ T5830] Cannot create hsr debugfs directory [ 69.926334][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.951797][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.008114][ T5824] hsr_slave_0: entered promiscuous mode [ 70.014957][ T5824] hsr_slave_1: entered promiscuous mode [ 70.020945][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.031314][ T5824] Cannot create hsr debugfs directory [ 70.077183][ T5827] team0: Port device team_slave_0 added [ 70.101573][ T5827] team0: Port device team_slave_1 added [ 70.150170][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.157301][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.184249][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.197047][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.204133][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.230387][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.318434][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.348098][ T5827] hsr_slave_0: entered promiscuous mode [ 70.354704][ T5827] hsr_slave_1: entered promiscuous mode [ 70.360973][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.368975][ T5827] Cannot create hsr debugfs directory [ 70.385326][ T5825] Bluetooth: hci2: command tx timeout [ 70.386595][ T5831] Bluetooth: hci0: command tx timeout [ 70.397888][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.407913][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.437978][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.466857][ T5831] Bluetooth: hci3: command tx timeout [ 70.469470][ T5825] Bluetooth: hci1: command tx timeout [ 70.527158][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.549912][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.562634][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.585402][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.617376][ T5824] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.629607][ T5824] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.658171][ T5824] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.668266][ T5824] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.703773][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.723726][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.732992][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.745774][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.877775][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.902643][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.940436][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.957215][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.969850][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.987358][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.001875][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.009182][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.031802][ T3456] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.038962][ T3456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.051924][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.064008][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.071174][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.095753][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.102869][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.116803][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.130628][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.137731][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.162941][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.170098][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.182452][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.189576][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.219707][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.226950][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.253587][ T5828] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 71.265800][ T5828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.400512][ T5827] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 71.444174][ T5827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.553695][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.636862][ T5828] veth0_vlan: entered promiscuous mode [ 71.657066][ T5828] veth1_vlan: entered promiscuous mode [ 71.678095][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.685071][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.697475][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.772070][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.782024][ T5828] veth0_macvtap: entered promiscuous mode [ 71.807389][ T5828] veth1_macvtap: entered promiscuous mode [ 71.825080][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.837871][ T5830] veth0_vlan: entered promiscuous mode [ 71.859623][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.877327][ T5830] veth1_vlan: entered promiscuous mode [ 71.891296][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.901816][ T5828] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.911985][ T5828] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.921304][ T5828] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.931278][ T5828] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.963731][ T5824] veth0_vlan: entered promiscuous mode [ 71.998181][ T5830] veth0_macvtap: entered promiscuous mode [ 72.028433][ T5830] veth1_macvtap: entered promiscuous mode [ 72.046000][ T5824] veth1_vlan: entered promiscuous mode [ 72.078810][ T5827] veth0_vlan: entered promiscuous mode [ 72.111811][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.123465][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.135032][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.150544][ T5827] veth1_vlan: entered promiscuous mode [ 72.158092][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.170509][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.186504][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.197226][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.211755][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.240500][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.250002][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.259635][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.269401][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.300586][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.316327][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.318535][ T5824] veth0_macvtap: entered promiscuous mode [ 72.349828][ T5827] veth0_macvtap: entered promiscuous mode [ 72.376010][ T5827] veth1_macvtap: entered promiscuous mode [ 72.383494][ T5824] veth1_macvtap: entered promiscuous mode [ 72.431226][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 72.437337][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.459695][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.464411][ T5825] Bluetooth: hci2: command tx timeout [ 72.470208][ T5831] Bluetooth: hci0: command tx timeout [ 72.480380][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.491062][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.502427][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.519212][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.530553][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.540866][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.551470][ T5831] Bluetooth: hci1: command tx timeout [ 72.554958][ T5831] Bluetooth: hci3: command tx timeout [ 72.558275][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.573337][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.594854][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.619111][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.631092][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.635343][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.651357][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.665375][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.680168][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.691875][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.714931][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.728309][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.740242][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.756213][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.770664][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.782089][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.797937][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.809141][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.858409][ T5824] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.870709][ T5824] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.880409][ T5824] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.890047][ T5824] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.910018][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.910837][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.926866][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.928663][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.962752][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.974717][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.153416][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.164383][ T3456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.172233][ T3456] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.186190][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.288692][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.298442][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.456800][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.511722][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.801801][ T5897] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 74.544203][ T5831] Bluetooth: hci2: command tx timeout [ 74.554494][ T5831] Bluetooth: hci0: command tx timeout [ 74.624601][ T5831] Bluetooth: hci3: command tx timeout [ 74.629356][ T5825] Bluetooth: hci1: command tx timeout [ 76.191626][ T5943] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 76.466759][ T5947] Zero length message leads to an empty skb [ 76.634925][ T5831] Bluetooth: hci0: command tx timeout [ 76.640986][ T5831] Bluetooth: hci2: command tx timeout [ 76.712433][ T5831] Bluetooth: hci1: command tx timeout [ 76.718189][ T5838] Bluetooth: hci3: command tx timeout [ 77.854782][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 78.068479][ T5971] Invalid ELF header magic: != ELF [ 78.731923][ T5986] vivid-013: ================= START STATUS ================= [ 78.751880][ T5986] vivid-013: Generate PTS: true [ 78.764198][ T5986] vivid-013: Generate SCR: true [ 78.769120][ T5986] tpg source WxH: 640x360 (Y'CbCr) [ 78.794165][ T5986] tpg field: 1 [ 78.797585][ T5986] tpg crop: 640x360@0x0 [ 78.801779][ T5986] tpg compose: 640x360@0x0 [ 78.835895][ T5986] tpg colorspace: 8 [ 78.839752][ T5986] tpg transfer function: 0/0 [ 78.848100][ T5986] tpg Y'CbCr encoding: 0/0 [ 78.858088][ T5986] tpg quantization: 0/0 [ 78.894919][ T5986] tpg RGB range: 0/2 [ 78.898856][ T5986] vivid-013: ================== END STATUS ================== [ 79.145204][ T5986] mmap: syz.0.28 (5986) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 79.227779][ T5976] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 84.267295][ T6072] netlink: 330 bytes leftover after parsing attributes in process `syz.1.53'. [ 85.281681][ T57] cfg80211: failed to load regulatory.db [ 87.085080][ T6097] bridge0: port 3(team0) entered blocking state [ 87.158487][ T6097] bridge0: port 3(team0) entered disabled state [ 87.331331][ T6097] team0: entered allmulticast mode [ 87.460120][ T6097] team_slave_0: entered allmulticast mode [ 87.688976][ T6097] team_slave_1: entered allmulticast mode [ 87.814263][ T6115] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 87.875147][ T6097] team0: entered promiscuous mode [ 87.935567][ T6097] team_slave_0: entered promiscuous mode [ 88.010405][ T6097] team_slave_1: entered promiscuous mode [ 88.070561][ T6097] bridge0: port 3(team0) entered blocking state [ 88.077246][ T6097] bridge0: port 3(team0) entered forwarding state [ 88.828969][ T6128] syz.1.66 uses obsolete (PF_INET,SOCK_PACKET) [ 89.613565][ T6137] netlink: 28 bytes leftover after parsing attributes in process `syz.2.67'. [ 93.874438][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.014288][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.034300][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.042982][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 97.051688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.060217][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.069767][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.078246][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.086807][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.512008][ T29] audit: type=1804 audit(6031603091.382:2): pid=6264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.101" name="/newroot/sys/kernel/tracing/buffer_total_size_kb" dev="tracefs" ino=133 res=1 errno=0 [ 102.182004][ T6328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.120'. [ 102.233254][ T6330] netlink: 12 bytes leftover after parsing attributes in process `syz.0.120'. [ 102.313576][ T6339] netlink: 146 bytes leftover after parsing attributes in process `syz.1.123'. [ 102.761929][ T6350] process 'syz.1.127' launched ':,' with NULL argv: empty string added [ 103.149605][ T6363] FAULT_INJECTION: forcing a failure. [ 103.149605][ T6363] name failslab, interval 1, probability 0, space 0, times 1 [ 103.304325][ T6363] CPU: 1 UID: 0 PID: 6363 Comm: syz.1.131 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 103.314967][ T6363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 103.325323][ T6363] Call Trace: [ 103.328621][ T6363] [ 103.331565][ T6363] dump_stack_lvl+0x16c/0x1f0 [ 103.336276][ T6363] should_fail_ex+0x497/0x5b0 [ 103.340979][ T6363] ? fs_reclaim_acquire+0xae/0x150 [ 103.346123][ T6363] should_failslab+0xc2/0x120 [ 103.350897][ T6363] __kmalloc_cache_noprof+0x68/0x420 [ 103.356223][ T6363] ? snd_seq_port_use_ptr+0x3c/0x1a0 [ 103.361543][ T6363] snd_seq_port_connect+0x61/0x550 [ 103.366683][ T6363] ? _raw_read_unlock+0x28/0x50 [ 103.371564][ T6363] ? check_subscription_permission.isra.0+0xf5/0x240 [ 103.378274][ T6363] snd_seq_ioctl_subscribe_port+0x1fe/0x3f0 [ 103.384217][ T6363] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 103.390667][ T6363] ? mark_held_locks+0x9f/0xe0 [ 103.395476][ T6363] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 103.401160][ T6363] snd_seq_oss_midi_open+0x5c5/0x6b0 [ 103.406491][ T6363] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 103.412349][ T6363] ? rcu_is_watching+0x12/0xc0 [ 103.417143][ T6363] ? trace_contention_end+0xee/0x140 [ 103.422464][ T6363] snd_seq_oss_synth_reset+0x484/0x890 [ 103.427960][ T6363] ? odev_release+0x44/0x70 [ 103.432495][ T6363] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 103.438513][ T6363] ? __pfx___fsnotify_parent+0x10/0x10 [ 103.444025][ T6363] snd_seq_oss_reset+0x73/0x290 [ 103.448903][ T6363] ? __pfx_odev_release+0x10/0x10 [ 103.453956][ T6363] snd_seq_oss_release+0x7c/0x180 [ 103.459096][ T6363] odev_release+0x4c/0x70 [ 103.463452][ T6363] __fput+0x3f8/0xb60 [ 103.467480][ T6363] task_work_run+0x14e/0x250 [ 103.472110][ T6363] ? __pfx_task_work_run+0x10/0x10 [ 103.477267][ T6363] ? __pfx___do_sys_close_range+0x10/0x10 [ 103.483035][ T6363] syscall_exit_to_user_mode+0x27b/0x2a0 [ 103.488794][ T6363] do_syscall_64+0xda/0x250 [ 103.493335][ T6363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.499349][ T6363] RIP: 0033:0x7f7424b85d29 [ 103.503802][ T6363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.523628][ T6363] RSP: 002b:00007f7425a59038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 103.532083][ T6363] RAX: 0000000000000000 RBX: 00007f7424d76080 RCX: 00007f7424b85d29 [ 103.540089][ T6363] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 103.548091][ T6363] RBP: 00007f7425a59090 R08: 0000000000000000 R09: 0000000000000000 [ 103.556091][ T6363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.564114][ T6363] R13: 0000000000000000 R14: 00007f7424d76080 R15: 00007ffff7c998d8 [ 103.572117][ T6363] [ 104.974929][ T6397] netlink: 28 bytes leftover after parsing attributes in process `syz.1.138'. [ 107.142987][ T6442] syz.0.149 (6442) used obsolete PPPIOCDETACH ioctl [ 108.544493][ T5831] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 110.121951][ T6495] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 110.176087][ T6498] syz.1.166 (6498): attempted to duplicate a private mapping with mremap. This is not supported. [ 110.180880][ T6495] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 111.688015][ T6529] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò95N™øô¥3„yù*›"¤l- [ 112.108175][ T6536] netlink: 28 bytes leftover after parsing attributes in process `syz.3.179'. [ 113.963744][ T6582] netlink: 28 bytes leftover after parsing attributes in process `syz.0.194'. [ 116.053902][ T6613] vivid-013: ================= START STATUS ================= [ 116.094223][ T6613] vivid-013: Generate PTS: true [ 116.103928][ T6613] vivid-013: Generate SCR: true [ 116.120741][ T6613] tpg source WxH: 640x360 (Y'CbCr) [ 116.152053][ T6613] tpg field: 1 [ 116.177551][ T6613] tpg crop: 640x360@0x0 [ 116.189751][ T6613] tpg compose: 640x360@0x0 [ 116.214256][ T6613] tpg colorspace: 8 [ 116.218246][ T6613] tpg transfer function: 0/0 [ 116.234294][ T6613] tpg Y'CbCr encoding: 0/0 [ 116.243837][ T6613] tpg quantization: 0/0 [ 116.255396][ T6613] tpg RGB range: 0/2 [ 116.270350][ T6613] vivid-013: ================== END STATUS ================== [ 118.674716][ T6653] FAULT_INJECTION: forcing a failure. [ 118.674716][ T6653] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 118.714115][ T6653] CPU: 0 UID: 0 PID: 6653 Comm: syz.3.216 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 118.724762][ T6653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 118.734844][ T6653] Call Trace: [ 118.738147][ T6653] [ 118.741100][ T6653] dump_stack_lvl+0x16c/0x1f0 [ 118.745819][ T6653] should_fail_ex+0x497/0x5b0 [ 118.750541][ T6653] _copy_to_user+0x32/0xd0 [ 118.755005][ T6653] simple_read_from_buffer+0xd0/0x160 [ 118.760412][ T6653] proc_fail_nth_read+0x198/0x270 [ 118.765475][ T6653] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 118.771160][ T6653] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 118.776751][ T6653] vfs_read+0x1df/0xbe0 [ 118.780938][ T6653] ? __fget_files+0x1fc/0x3a0 [ 118.785674][ T6653] ? __pfx___mutex_lock+0x10/0x10 [ 118.790742][ T6653] ? __pfx_vfs_read+0x10/0x10 [ 118.795465][ T6653] ? __fget_files+0x206/0x3a0 [ 118.800187][ T6653] ksys_read+0x12b/0x250 [ 118.804472][ T6653] ? __pfx_ksys_read+0x10/0x10 [ 118.809282][ T6653] do_syscall_64+0xcd/0x250 [ 118.813829][ T6653] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.819762][ T6653] RIP: 0033:0x7fbbf2d8473c [ 118.824210][ T6653] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 118.843836][ T6653] RSP: 002b:00007fbbf3b88030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 118.852260][ T6653] RAX: ffffffffffffffda RBX: 00007fbbf2f75fa0 RCX: 00007fbbf2d8473c [ 118.860236][ T6653] RDX: 000000000000000f RSI: 00007fbbf3b880a0 RDI: 0000000000000005 [ 118.868210][ T6653] RBP: 00007fbbf3b88090 R08: 0000000000000000 R09: 0000000000000000 [ 118.876183][ T6653] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 118.884156][ T6653] R13: 0000000000000000 R14: 00007fbbf2f75fa0 R15: 00007ffdde8fe2e8 [ 118.892141][ T6653] [ 120.039381][ T6669] Process accounting resumed [ 120.583803][ T6683] netlink: 338 bytes leftover after parsing attributes in process `syz.0.226'. [ 120.640314][ T6686] netlink: 338 bytes leftover after parsing attributes in process `syz.0.226'. [ 120.704029][ T6683] netlink: 170 bytes leftover after parsing attributes in process `syz.0.226'. [ 121.838178][ T6705] random: crng reseeded on system resumption [ 126.017417][ T6802] netlink: 8 bytes leftover after parsing attributes in process `syz.2.264'. [ 126.507277][ T6816] netlink: 28 bytes leftover after parsing attributes in process `syz.2.271'. [ 127.074468][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.458326][ T6843] netlink: 342 bytes leftover after parsing attributes in process `syz.0.277'. [ 129.480155][ T6883] netlink: 28 bytes leftover after parsing attributes in process `syz.3.289'. [ 129.823332][ T29] audit: type=1804 audit(6031603122.692:3): pid=6889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.290" name="/newroot/sys/kernel/tracing/buffer_total_size_kb" dev="tracefs" ino=133 res=1 errno=0 [ 131.345852][ T6919] netlink: 619 bytes leftover after parsing attributes in process `syz.0.299'. [ 131.368792][ T6920] netlink: 619 bytes leftover after parsing attributes in process `syz.0.299'. [ 131.657046][ T5831] Bluetooth: hci1: unexpected event 0x02 length: 0 < 1 [ 131.776736][ T29] audit: type=1804 audit(6031603124.652:4): pid=6929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.300" name="/newroot/sys/kernel/tracing/buffer_total_size_kb" dev="tracefs" ino=133 res=1 errno=0 [ 132.058135][ T6928] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 132.111900][ T6928] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 132.368659][ T6928] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 132.518530][ T6928] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 132.562492][ T6928] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 132.621064][ T6928] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 132.704284][ T6928] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 132.717998][ T6928] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 132.762203][ T6928] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 132.881446][ T6928] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 132.954529][ T6928] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 133.000524][ T6928] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 133.107099][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.113470][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.330009][ T6953] random: crng reseeded on system resumption [ 134.144475][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 134.544258][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 134.703472][ T6970] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 134.704960][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 134.944183][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 134.990071][ T6989] FAULT_INJECTION: forcing a failure. [ 134.990071][ T6989] name failslab, interval 1, probability 0, space 0, times 0 [ 135.138179][ T6989] CPU: 1 UID: 0 PID: 6989 Comm: syz.1.318 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 135.148837][ T6989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 135.158920][ T6989] Call Trace: [ 135.162215][ T6989] [ 135.165179][ T6989] dump_stack_lvl+0x16c/0x1f0 [ 135.169910][ T6989] should_fail_ex+0x497/0x5b0 [ 135.174639][ T6989] ? fs_reclaim_acquire+0xae/0x150 [ 135.179795][ T6989] should_failslab+0xc2/0x120 [ 135.184531][ T6989] __kmalloc_cache_noprof+0x68/0x420 [ 135.189858][ T6989] ? snd_seq_port_use_ptr+0x3c/0x1a0 [ 135.195196][ T6989] snd_seq_port_connect+0x61/0x550 [ 135.200348][ T6989] ? _raw_read_unlock+0x28/0x50 [ 135.205236][ T6989] ? check_subscription_permission.isra.0+0xf5/0x240 [ 135.212217][ T6989] snd_seq_ioctl_subscribe_port+0x1fe/0x3f0 [ 135.218160][ T6989] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 135.224634][ T6989] ? mark_held_locks+0x9f/0xe0 [ 135.229453][ T6989] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 135.235140][ T6989] snd_seq_oss_midi_open+0x49f/0x6b0 [ 135.240485][ T6989] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 135.246360][ T6989] ? rcu_is_watching+0x12/0xc0 [ 135.251184][ T6989] ? trace_contention_end+0xee/0x140 [ 135.256524][ T6989] snd_seq_oss_synth_reset+0x484/0x890 [ 135.262042][ T6989] ? odev_release+0x44/0x70 [ 135.266603][ T6989] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 135.272644][ T6989] ? __pfx___fsnotify_parent+0x10/0x10 [ 135.278169][ T6989] snd_seq_oss_reset+0x73/0x290 [ 135.283077][ T6989] ? __pfx_odev_release+0x10/0x10 [ 135.288141][ T6989] snd_seq_oss_release+0x7c/0x180 [ 135.293208][ T6989] odev_release+0x4c/0x70 [ 135.297575][ T6989] __fput+0x3f8/0xb60 [ 135.301610][ T6989] task_work_run+0x14e/0x250 [ 135.306251][ T6989] ? __pfx_task_work_run+0x10/0x10 [ 135.311410][ T6989] ? __pfx___do_sys_close_range+0x10/0x10 [ 135.317180][ T6989] syscall_exit_to_user_mode+0x27b/0x2a0 [ 135.322859][ T6989] do_syscall_64+0xda/0x250 [ 135.327416][ T6989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.333358][ T6989] RIP: 0033:0x7f7424b85d29 [ 135.337826][ T6989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.357479][ T6989] RSP: 002b:00007f7425a59038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 135.365928][ T6989] RAX: 0000000000000000 RBX: 00007f7424d76080 RCX: 00007f7424b85d29 [ 135.373930][ T6989] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 135.381933][ T6989] RBP: 00007f7425a59090 R08: 0000000000000000 R09: 0000000000000000 [ 135.389924][ T6989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.397915][ T6989] R13: 0000000000000000 R14: 00007f7424d76080 R15: 00007ffff7c998d8 [ 135.405925][ T6989] [ 136.224805][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 136.624204][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 136.784566][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 137.027884][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 137.280517][ T7029] netlink: 28 bytes leftover after parsing attributes in process `syz.2.329'. [ 138.304796][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 138.704464][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 138.866451][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 139.105850][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 143.264242][ T5831] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 143.978496][ T7161] FAULT_INJECTION: forcing a failure. [ 143.978496][ T7161] name failslab, interval 1, probability 0, space 0, times 0 [ 144.124128][ T7161] CPU: 1 UID: 0 PID: 7161 Comm: syz.0.366 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 144.134786][ T7161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 144.144870][ T7161] Call Trace: [ 144.148167][ T7161] [ 144.151122][ T7161] dump_stack_lvl+0x16c/0x1f0 [ 144.155838][ T7161] should_fail_ex+0x497/0x5b0 [ 144.160556][ T7161] ? fs_reclaim_acquire+0xae/0x150 [ 144.165703][ T7161] should_failslab+0xc2/0x120 [ 144.170420][ T7161] __kmalloc_noprof+0xce/0x4f0 [ 144.175230][ T7161] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 144.180889][ T7161] ? tomoyo_realpath_from_path+0xbf/0x710 [ 144.186646][ T7161] tomoyo_realpath_from_path+0xbf/0x710 [ 144.192228][ T7161] ? tomoyo_path_number_perm+0x235/0x5b0 [ 144.197906][ T7161] tomoyo_path_number_perm+0x248/0x5b0 [ 144.203406][ T7161] ? tomoyo_path_number_perm+0x235/0x5b0 [ 144.209088][ T7161] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 144.215146][ T7161] ? __pfx_lock_release+0x10/0x10 [ 144.220196][ T7161] ? trace_lock_acquire+0x14e/0x1f0 [ 144.225455][ T7161] ? lock_acquire+0x2f/0xb0 [ 144.229976][ T7161] ? __fget_files+0x40/0x3a0 [ 144.234588][ T7161] ? __fget_files+0x206/0x3a0 [ 144.239276][ T7161] security_file_ioctl+0x9b/0x240 [ 144.244311][ T7161] __x64_sys_ioctl+0xb7/0x200 [ 144.248995][ T7161] do_syscall_64+0xcd/0x250 [ 144.253511][ T7161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.259433][ T7161] RIP: 0033:0x7fd484385d29 [ 144.263956][ T7161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.283583][ T7161] RSP: 002b:00007fd4852a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 144.292010][ T7161] RAX: ffffffffffffffda RBX: 00007fd484575fa0 RCX: 00007fd484385d29 [ 144.299987][ T7161] RDX: 0000000020000000 RSI: 0000000040081271 RDI: 0000000000000003 [ 144.307979][ T7161] RBP: 00007fd4852a0090 R08: 0000000000000000 R09: 0000000000000000 [ 144.315960][ T7161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.323935][ T7161] R13: 0000000000000000 R14: 00007fd484575fa0 R15: 00007ffd8e9ed7d8 [ 144.331925][ T7161] [ 144.364240][ T29] audit: type=1804 audit(6031603137.232:5): pid=7163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.358" name="/newroot/sys/kernel/tracing/buffer_total_size_kb" dev="tracefs" ino=133 res=1 errno=0 [ 144.454205][ T7161] ERROR: Out of memory at tomoyo_realpath_from_path. [ 145.821805][ T5831] Bluetooth: hci0: unexpected event 0x02 length: 0 < 1 [ 145.825204][ T7188] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 145.922108][ T7188] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 146.225385][ T7193] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 146.233954][ T7193] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 146.265735][ T7193] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 146.308103][ T7193] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 148.269091][ T7228] bridge0: port 3(vlan1) entered blocking state [ 148.284532][ T7228] bridge0: port 3(vlan1) entered disabled state [ 148.291001][ T7228] vlan1: entered allmulticast mode [ 148.297035][ T7228] veth0_vlan: entered allmulticast mode [ 148.304181][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 148.304202][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 148.310195][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 148.344268][ T7228] vlan1: entered promiscuous mode [ 148.349954][ T7228] bridge0: port 3(vlan1) entered blocking state [ 148.356369][ T7228] bridge0: port 3(vlan1) entered forwarding state [ 148.385680][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 148.702160][ T7236] netlink: 4763 bytes leftover after parsing attributes in process `syz.3.379'. [ 148.718376][ T7241] program syz.0.380 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 149.148227][ T7246] netlink: 8 bytes leftover after parsing attributes in process `syz.0.389'. [ 149.240694][ T7247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.389'. [ 149.288235][ T5825] Bluetooth: hci3: unexpected event 0x02 length: 0 < 1 [ 154.836326][ T7345] vivid-013: ================= START STATUS ================= [ 154.844020][ T7345] vivid-013: Generate PTS: true [ 154.870188][ T7345] vivid-013: Generate SCR: true [ 154.884219][ T7345] tpg source WxH: 640x360 (Y'CbCr) [ 154.889385][ T7345] tpg field: 1 [ 154.914133][ T7345] tpg crop: 640x360@0x0 [ 154.937390][ T7345] tpg compose: 640x360@0x0 [ 154.941877][ T7345] tpg colorspace: 8 [ 154.956087][ T7345] tpg transfer function: 0/0 [ 154.960745][ T7345] tpg Y'CbCr encoding: 0/0 [ 154.987544][ T7345] tpg quantization: 0/0 [ 154.999788][ T7345] tpg RGB range: 0/2 [ 155.003733][ T7345] vivid-013: ================== END STATUS ================== [ 156.254114][ T7358] mkiss: ax0: crc mode is auto. [ 156.464253][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 162.304180][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 162.635089][ T7444] netlink: 28 bytes leftover after parsing attributes in process `syz.2.439'. [ 165.773930][ T7504] netlink: 4 bytes leftover after parsing attributes in process `syz.1.458'. [ 167.160625][ T29] audit: type=1800 audit(6031603160.032:6): pid=7536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=FFFFF2FFFFFFF2FFFFFFF2FFFFFFF2 name="features" dev="configfs" ino=13775 res=0 errno=0 [ 167.183820][ T29] audit: type=1804 audit(6031603160.032:7): pid=7536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm=FFFFF2FFFFFFF2FFFFFFF2FFFFFFF2 name="/newroot/sys/kernel/tracing/buffer_total_size_kb" dev="tracefs" ino=133 res=1 errno=0 [ 172.234288][ T7644] netlink: 12 bytes leftover after parsing attributes in process `syz.0.502'. [ 172.699250][ T7662] netlink: 28 bytes leftover after parsing attributes in process `syz.0.508'. [ 176.399405][ T7773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.544'. [ 178.526499][ T7847] FAULT_INJECTION: forcing a failure. [ 178.526499][ T7847] name failslab, interval 1, probability 0, space 0, times 0 [ 178.539400][ T7847] CPU: 1 UID: 0 PID: 7847 Comm: syz.2.565 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 178.550030][ T7847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 178.560126][ T7847] Call Trace: [ 178.563427][ T7847] [ 178.566378][ T7847] dump_stack_lvl+0x16c/0x1f0 [ 178.571096][ T7847] should_fail_ex+0x497/0x5b0 [ 178.575809][ T7847] ? fs_reclaim_acquire+0xae/0x150 [ 178.580958][ T7847] should_failslab+0xc2/0x120 [ 178.585677][ T7847] __kmalloc_noprof+0xce/0x4f0 [ 178.590476][ T7847] ? d_absolute_path+0x137/0x1b0 [ 178.595450][ T7847] ? tomoyo_encode2+0x100/0x3e0 [ 178.600342][ T7847] tomoyo_encode2+0x100/0x3e0 [ 178.605069][ T7847] tomoyo_realpath_from_path+0x1a7/0x710 [ 178.610735][ T7847] tomoyo_path_number_perm+0x248/0x5b0 [ 178.616210][ T7847] ? tomoyo_path_number_perm+0x235/0x5b0 [ 178.621862][ T7847] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 178.627875][ T7847] ? __pfx_lock_release+0x10/0x10 [ 178.632997][ T7847] ? trace_lock_acquire+0x14e/0x1f0 [ 178.638213][ T7847] ? lock_acquire+0x2f/0xb0 [ 178.642718][ T7847] ? __fget_files+0x40/0x3a0 [ 178.647317][ T7847] ? __fget_files+0x206/0x3a0 [ 178.652013][ T7847] security_file_ioctl+0x9b/0x240 [ 178.657047][ T7847] __x64_sys_ioctl+0xb7/0x200 [ 178.661729][ T7847] do_syscall_64+0xcd/0x250 [ 178.666246][ T7847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.672148][ T7847] RIP: 0033:0x7f12dc585d29 [ 178.676563][ T7847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.696170][ T7847] RSP: 002b:00007f12dd3c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 178.704585][ T7847] RAX: ffffffffffffffda RBX: 00007f12dc775fa0 RCX: 00007f12dc585d29 [ 178.712555][ T7847] RDX: 0000000020000000 RSI: 0000000040081271 RDI: 0000000000000003 [ 178.720527][ T7847] RBP: 00007f12dd3c9090 R08: 0000000000000000 R09: 0000000000000000 [ 178.728499][ T7847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.736470][ T7847] R13: 0000000000000000 R14: 00007f12dc775fa0 R15: 00007ffd19ef27e8 [ 178.744454][ T7847] [ 178.751471][ T7847] ERROR: Out of memory at tomoyo_realpath_from_path. [ 182.864342][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 191.380472][ T8088] program syz.2.632 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 194.558605][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.564998][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.664422][ T8199] vivid-013: ================= START STATUS ================= [ 198.672971][ T8199] vivid-013: Generate PTS: true [ 198.678017][ T8199] vivid-013: Generate SCR: true [ 198.682923][ T8199] tpg source WxH: 640x360 (Y'CbCr) [ 198.688971][ T8199] tpg field: 1 [ 198.692382][ T8199] tpg crop: 640x360@0x0 [ 198.702070][ T8199] tpg compose: 640x360@0x0 [ 198.737892][ T8199] tpg colorspace: 8 [ 198.741762][ T8199] tpg transfer function: 0/0 [ 198.764143][ T8199] tpg Y'CbCr encoding: 0/0 [ 198.795569][ T8199] tpg quantization: 0/0 [ 198.799782][ T8199] tpg RGB range: 0/2 [ 198.803703][ T8199] vivid-013: ================== END STATUS ================== [ 199.524761][ T8216] bridge0: port 3(macsec0) entered blocking state [ 199.544208][ T8216] bridge0: port 3(macsec0) entered disabled state [ 199.559383][ T8216] macsec0: entered allmulticast mode [ 199.597206][ T8216] veth1_macvtap: entered allmulticast mode [ 199.689821][ T8216] macsec0: entered promiscuous mode [ 199.762798][ T8216] bridge0: port 3(macsec0) entered blocking state [ 199.769440][ T8216] bridge0: port 3(macsec0) entered forwarding state [ 202.997258][ T8287] program syz.1.684 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 205.763939][ T8355] netlink: 326 bytes leftover after parsing attributes in process `syz.1.704'. [ 205.781320][ T8355] veth0_macvtap: left promiscuous mode [ 207.265216][ T8403] CIFS: VFS: Invalid SecurityFlags: [ 208.296790][ T8418] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 211.614279][ T8490] netlink: 'syz.2.743': attribute type 1 has an invalid length. [ 211.651649][ T8490] ======================================================= [ 211.651649][ T8490] WARNING: The mand mount option has been deprecated and [ 211.651649][ T8490] and is ignored by this kernel. Remove the mand [ 211.651649][ T8490] option from the mount to silence this warning. [ 211.651649][ T8490] ======================================================= [ 213.343232][ T8536] FAULT_INJECTION: forcing a failure. [ 213.343232][ T8536] name failslab, interval 1, probability 0, space 0, times 0 [ 213.357623][ T8536] CPU: 0 UID: 0 PID: 8536 Comm: syz.0.758 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 213.368260][ T8536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 213.378350][ T8536] Call Trace: [ 213.381651][ T8536] [ 213.384608][ T8536] dump_stack_lvl+0x16c/0x1f0 [ 213.389325][ T8536] should_fail_ex+0x497/0x5b0 [ 213.394036][ T8536] ? fs_reclaim_acquire+0xae/0x150 [ 213.399182][ T8536] should_failslab+0xc2/0x120 [ 213.403900][ T8536] __kmalloc_noprof+0xce/0x4f0 [ 213.408697][ T8536] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 213.414359][ T8536] ? tomoyo_realpath_from_path+0xbf/0x710 [ 213.420114][ T8536] tomoyo_realpath_from_path+0xbf/0x710 [ 213.425698][ T8536] ? tomoyo_path_number_perm+0x235/0x5b0 [ 213.431382][ T8536] tomoyo_path_number_perm+0x248/0x5b0 [ 213.436882][ T8536] ? tomoyo_path_number_perm+0x235/0x5b0 [ 213.442564][ T8536] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 213.448613][ T8536] ? __pfx_lock_release+0x10/0x10 [ 213.453665][ T8536] ? trace_lock_acquire+0x14e/0x1f0 [ 213.458899][ T8536] ? lock_acquire+0x2f/0xb0 [ 213.463428][ T8536] ? __fget_files+0x40/0x3a0 [ 213.468056][ T8536] ? __fget_files+0x206/0x3a0 [ 213.472770][ T8536] security_file_ioctl+0x9b/0x240 [ 213.478986][ T8536] __x64_sys_ioctl+0xb7/0x200 [ 213.479025][ T8536] do_syscall_64+0xcd/0x250 [ 213.479058][ T8536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.479091][ T8536] RIP: 0033:0x7fd484385d29 [ 213.498658][ T8536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.518293][ T8536] RSP: 002b:00007fd4852a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 213.526744][ T8536] RAX: ffffffffffffffda RBX: 00007fd484575fa0 RCX: 00007fd484385d29 [ 213.534740][ T8536] RDX: 0000000020000100 RSI: 000000004024700a RDI: 0000000000000003 [ 213.542738][ T8536] RBP: 00007fd4852a0090 R08: 0000000000000000 R09: 0000000000000000 [ 213.550733][ T8536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.558731][ T8536] R13: 0000000000000000 R14: 00007fd484575fa0 R15: 00007ffd8e9ed7d8 [ 213.566745][ T8536] [ 213.576804][ T8536] ERROR: Out of memory at tomoyo_realpath_from_path. [ 215.780900][ T8611] netlink: 28 bytes leftover after parsing attributes in process `syz.2.777'. [ 215.889513][ T8614] Dead loop on virtual device ip6_vti0, fix it urgently! [ 215.935536][ T8614] Dead loop on virtual device ip6_vti0, fix it urgently! [ 215.963719][ T8617] misc userio: Invalid payload size [ 215.966083][ T8614] Dead loop on virtual device ip6_vti0, fix it urgently! [ 216.005076][ T8614] Dead loop on virtual device ip6_vti0, fix it urgently! [ 216.031287][ T8614] Dead loop on virtual device ip6_vti0, fix it urgently! [ 216.059407][ T8614] Dead loop on virtual device ip6_vti0, fix it urgently! [ 217.892063][ T8649] FAULT_INJECTION: forcing a failure. [ 217.892063][ T8649] name failslab, interval 1, probability 0, space 0, times 0 [ 217.905235][ T8649] CPU: 0 UID: 0 PID: 8649 Comm: syz.2.792 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 217.915866][ T8649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 217.925952][ T8649] Call Trace: [ 217.929263][ T8649] [ 217.932217][ T8649] dump_stack_lvl+0x16c/0x1f0 [ 217.936937][ T8649] should_fail_ex+0x497/0x5b0 [ 217.941654][ T8649] ? fs_reclaim_acquire+0xae/0x150 [ 217.946801][ T8649] should_failslab+0xc2/0x120 [ 217.951521][ T8649] __kmalloc_noprof+0xce/0x4f0 [ 217.956337][ T8649] ? d_absolute_path+0x137/0x1b0 [ 217.961329][ T8649] ? tomoyo_encode2+0x100/0x3e0 [ 217.966217][ T8649] tomoyo_encode2+0x100/0x3e0 [ 217.970933][ T8649] tomoyo_realpath_from_path+0x1a7/0x710 [ 217.976615][ T8649] tomoyo_path_number_perm+0x248/0x5b0 [ 217.982115][ T8649] ? tomoyo_path_number_perm+0x235/0x5b0 [ 217.987796][ T8649] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 217.993852][ T8649] ? __pfx_lock_release+0x10/0x10 [ 217.998906][ T8649] ? trace_lock_acquire+0x14e/0x1f0 [ 218.004150][ T8649] ? lock_acquire+0x2f/0xb0 [ 218.008675][ T8649] ? __fget_files+0x40/0x3a0 [ 218.013310][ T8649] ? __fget_files+0x206/0x3a0 [ 218.018035][ T8649] security_file_ioctl+0x9b/0x240 [ 218.023110][ T8649] __x64_sys_ioctl+0xb7/0x200 [ 218.027825][ T8649] do_syscall_64+0xcd/0x250 [ 218.032365][ T8649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.038299][ T8649] RIP: 0033:0x7f12dc585d29 [ 218.042746][ T8649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.062472][ T8649] RSP: 002b:00007f12dd3c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.070924][ T8649] RAX: ffffffffffffffda RBX: 00007f12dc775fa0 RCX: 00007f12dc585d29 [ 218.078930][ T8649] RDX: ffffffffffffffff RSI: 0000000000004b62 RDI: 0000000000000003 [ 218.086935][ T8649] RBP: 00007f12dd3c9090 R08: 0000000000000000 R09: 0000000000000000 [ 218.094938][ T8649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.102934][ T8649] R13: 0000000000000000 R14: 00007f12dc775fa0 R15: 00007ffd19ef27e8 [ 218.110950][ T8649] [ 218.130894][ T8649] ERROR: Out of memory at tomoyo_realpath_from_path. [ 218.684552][ T8663] netlink: 'syz.3.796': attribute type 1 has an invalid length. [ 218.923157][ T8676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.800'. [ 222.628059][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 223.802597][ T8786] CIFS: VFS: Invalid SecurityFlags: [ 224.227532][ T29] audit: type=1800 audit(6031603217.102:8): pid=8790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.830" name="dbroot" dev="configfs" ino=18353 res=0 errno=0 [ 224.255741][ T8790] db_root: cannot open: Ž [ 227.234901][ T8835] Dead loop on virtual device ip6_vti0, fix it urgently! [ 227.284544][ T8835] Dead loop on virtual device ip6_vti0, fix it urgently! [ 227.331713][ T8835] Dead loop on virtual device ip6_vti0, fix it urgently! [ 227.443343][ T8835] Dead loop on virtual device ip6_vti0, fix it urgently! [ 227.463946][ T8835] Dead loop on virtual device ip6_vti0, fix it urgently! [ 227.474369][ T8835] Dead loop on virtual device ip6_vti0, fix it urgently! [ 229.600237][ T29] audit: type=1800 audit(6031603222.472:9): pid=8878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.851" name="dbroot" dev="configfs" ino=19516 res=0 errno=0 [ 229.605407][ T8878] db_root: cannot open: Ž [ 232.123893][ T29] audit: type=1800 audit(6031603224.992:10): pid=8941 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.868" name="dbroot" dev="configfs" ino=18816 res=0 errno=0 [ 232.149033][ T8941] db_root: cannot open: Ž [ 232.542789][ T8953] netlink: 'syz.3.872': attribute type 11 has an invalid length. [ 233.378482][ T8977] FAULT_INJECTION: forcing a failure. [ 233.378482][ T8977] name failslab, interval 1, probability 0, space 0, times 0 [ 233.427158][ T8977] CPU: 0 UID: 0 PID: 8977 Comm: syz.1.879 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 233.437806][ T8977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 233.447900][ T8977] Call Trace: [ 233.451207][ T8977] [ 233.454158][ T8977] dump_stack_lvl+0x16c/0x1f0 [ 233.458874][ T8977] should_fail_ex+0x497/0x5b0 [ 233.463591][ T8977] ? fs_reclaim_acquire+0xae/0x150 [ 233.468744][ T8977] should_failslab+0xc2/0x120 [ 233.473458][ T8977] __kmalloc_cache_noprof+0x68/0x420 [ 233.478789][ T8977] ? snd_seq_port_use_ptr+0x3c/0x1a0 [ 233.484108][ T8977] snd_seq_port_connect+0x61/0x550 [ 233.489245][ T8977] ? _raw_read_unlock+0x28/0x50 [ 233.494131][ T8977] ? check_subscription_permission.isra.0+0xf5/0x240 [ 233.500848][ T8977] snd_seq_ioctl_subscribe_port+0x1fe/0x3f0 [ 233.506789][ T8977] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 233.513249][ T8977] ? mark_held_locks+0x9f/0xe0 [ 233.518061][ T8977] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 233.523730][ T8977] snd_seq_oss_midi_open+0x49f/0x6b0 [ 233.529051][ T8977] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 233.534969][ T8977] ? rcu_is_watching+0x12/0xc0 [ 233.539741][ T8977] ? trace_contention_end+0xee/0x140 [ 233.545031][ T8977] snd_seq_oss_synth_reset+0x484/0x890 [ 233.550505][ T8977] ? odev_release+0x44/0x70 [ 233.555015][ T8977] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 233.561003][ T8977] ? __pfx___fsnotify_parent+0x10/0x10 [ 233.566480][ T8977] snd_seq_oss_reset+0x73/0x290 [ 233.571337][ T8977] ? __pfx_odev_release+0x10/0x10 [ 233.576365][ T8977] snd_seq_oss_release+0x7c/0x180 [ 233.581397][ T8977] odev_release+0x4c/0x70 [ 233.585731][ T8977] __fput+0x3f8/0xb60 [ 233.589732][ T8977] task_work_run+0x14e/0x250 [ 233.594355][ T8977] ? __pfx_task_work_run+0x10/0x10 [ 233.599503][ T8977] ? __pfx___do_sys_close_range+0x10/0x10 [ 233.605234][ T8977] syscall_exit_to_user_mode+0x27b/0x2a0 [ 233.610876][ T8977] do_syscall_64+0xda/0x250 [ 233.615398][ T8977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.621303][ T8977] RIP: 0033:0x7f7424b85d29 [ 233.625726][ T8977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.645340][ T8977] RSP: 002b:00007f7425a59038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 233.653759][ T8977] RAX: 0000000000000000 RBX: 00007f7424d76080 RCX: 00007f7424b85d29 [ 233.661729][ T8977] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 233.669698][ T8977] RBP: 00007f7425a59090 R08: 0000000000000000 R09: 0000000000000000 [ 233.677671][ T8977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.685640][ T8977] R13: 0000000000000000 R14: 00007f7424d76080 R15: 00007ffff7c998d8 [ 233.693623][ T8977] [ 233.754176][ T29] audit: type=1107 audit(6031603226.622:11): pid=8980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 238.273582][ T9096] netlink: 338 bytes leftover after parsing attributes in process `syz.2.914'. [ 238.294741][ T9096] netlink: 338 bytes leftover after parsing attributes in process `syz.2.914'. [ 238.307526][ T9096] netlink: 210 bytes leftover after parsing attributes in process `syz.2.914'. [ 241.550194][ T9186] netlink: 28 bytes leftover after parsing attributes in process `syz.2.942'. [ 245.324787][ T9267] netlink: 28 bytes leftover after parsing attributes in process `syz.0.964'. [ 245.532099][ T9267] hsr_slave_1 (unregistering): left promiscuous mode [ 249.155622][ T9346] netlink: 346 bytes leftover after parsing attributes in process `syz.1.981'. [ 253.219411][ T9420] netlink: 206 bytes leftover after parsing attributes in process `syz.2.999'. [ 253.682600][ T9429] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 253.746804][ T9429] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 255.986744][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.993180][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.516761][ T9514] can0: slcan on ptm0. [ 259.136674][ T9513] can0 (unregistered): slcan off ptm0. [ 260.493225][ T9569] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 262.780817][ T9627] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1046'. [ 262.822544][ T9627] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1046'. [ 265.521461][ T9681] ================================================================== [ 265.529562][ T9681] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 265.537294][ T9681] Read of size 8 at addr ffff888140eb0a18 by task syz.3.1060/9681 [ 265.545091][ T9681] [ 265.547419][ T9681] CPU: 1 UID: 0 PID: 9681 Comm: syz.3.1060 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 265.558094][ T9681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 265.568159][ T9681] Call Trace: [ 265.571430][ T9681] [ 265.574356][ T9681] dump_stack_lvl+0x116/0x1f0 [ 265.579041][ T9681] print_report+0xc3/0x620 [ 265.583464][ T9681] ? __virt_addr_valid+0x5e/0x590 [ 265.588494][ T9681] ? __phys_addr+0xc6/0x150 [ 265.593005][ T9681] kasan_report+0xd9/0x110 [ 265.597430][ T9681] ? dvb_device_open+0x36a/0x3b0 [ 265.602371][ T9681] ? dvb_device_open+0x36a/0x3b0 [ 265.607311][ T9681] ? __pfx_dvb_device_open+0x10/0x10 [ 265.612598][ T9681] dvb_device_open+0x36a/0x3b0 [ 265.617360][ T9681] ? __pfx_dvb_device_open+0x10/0x10 [ 265.622647][ T9681] chrdev_open+0x237/0x6a0 [ 265.627067][ T9681] ? __pfx_apparmor_file_open+0x10/0x10 [ 265.632612][ T9681] ? __pfx_chrdev_open+0x10/0x10 [ 265.637560][ T9681] do_dentry_open+0xf59/0x1ea0 [ 265.642326][ T9681] ? __pfx_chrdev_open+0x10/0x10 [ 265.647266][ T9681] ? inode_permission+0xdd/0x5f0 [ 265.652210][ T9681] vfs_open+0x82/0x3f0 [ 265.656287][ T9681] ? may_open+0x1f2/0x400 [ 265.660618][ T9681] path_openat+0x1e6a/0x2d60 [ 265.665213][ T9681] ? __pfx_path_openat+0x10/0x10 [ 265.670157][ T9681] do_filp_open+0x20c/0x470 [ 265.674660][ T9681] ? __pfx_do_filp_open+0x10/0x10 [ 265.680045][ T9681] ? alloc_fd+0x41f/0x760 [ 265.684381][ T9681] do_sys_openat2+0x17a/0x1e0 [ 265.689066][ T9681] ? __pfx_do_sys_openat2+0x10/0x10 [ 265.694280][ T9681] ? __pfx___schedule+0x10/0x10 [ 265.699139][ T9681] __x64_sys_openat+0x175/0x210 [ 265.704007][ T9681] ? __pfx___x64_sys_openat+0x10/0x10 [ 265.709396][ T9681] do_syscall_64+0xcd/0x250 [ 265.713906][ T9681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.719807][ T9681] RIP: 0033:0x7fbbf2d85d29 [ 265.724226][ T9681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.744352][ T9681] RSP: 002b:00007fbbf3b88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 265.752760][ T9681] RAX: ffffffffffffffda RBX: 00007fbbf2f75fa0 RCX: 00007fbbf2d85d29 [ 265.760725][ T9681] RDX: 0000000000002400 RSI: 0000000020000200 RDI: ffffffffffffff9c [ 265.768709][ T9681] RBP: 00007fbbf2e01b08 R08: 0000000000000000 R09: 0000000000000000 [ 265.776675][ T9681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.784639][ T9681] R13: 0000000000000000 R14: 00007fbbf2f75fa0 R15: 00007ffdde8fe2e8 [ 265.792617][ T9681] [ 265.795631][ T9681] [ 265.797944][ T9681] Allocated by task 1: [ 265.801999][ T9681] kasan_save_stack+0x33/0x60 [ 265.806679][ T9681] kasan_save_track+0x14/0x30 [ 265.811355][ T9681] __kasan_kmalloc+0xaa/0xb0 [ 265.815944][ T9681] dvb_register_device+0x1e2/0x2380 [ 265.821143][ T9681] dvb_register_frontend+0x5a7/0x880 [ 265.826428][ T9681] vidtv_bridge_probe+0x45e/0xa90 [ 265.831448][ T9681] platform_probe+0xff/0x1f0 [ 265.836038][ T9681] really_probe+0x23e/0xa90 [ 265.840539][ T9681] __driver_probe_device+0x1de/0x440 [ 265.845832][ T9681] driver_probe_device+0x4c/0x1b0 [ 265.850859][ T9681] __driver_attach+0x283/0x580 [ 265.855623][ T9681] bus_for_each_dev+0x13c/0x1d0 [ 265.860469][ T9681] bus_add_driver+0x2e9/0x690 [ 265.865144][ T9681] driver_register+0x15c/0x4b0 [ 265.869914][ T9681] vidtv_bridge_init+0x45/0x80 [ 265.874680][ T9681] do_one_initcall+0x128/0x630 [ 265.879445][ T9681] kernel_init_freeable+0x58f/0x8b0 [ 265.884644][ T9681] kernel_init+0x1c/0x2b0 [ 265.888978][ T9681] ret_from_fork+0x45/0x80 [ 265.893393][ T9681] ret_from_fork_asm+0x1a/0x30 [ 265.898164][ T9681] [ 265.900482][ T9681] Freed by task 9569: [ 265.904449][ T9681] kasan_save_stack+0x33/0x60 [ 265.909131][ T9681] kasan_save_track+0x14/0x30 [ 265.913813][ T9681] kasan_save_free_info+0x3b/0x60 [ 265.918836][ T9681] __kasan_slab_free+0x51/0x70 [ 265.923611][ T9681] kfree+0x14f/0x4b0 [ 265.927504][ T9681] dvb_device_put.part.0+0x60/0x90 [ 265.932628][ T9681] dvb_device_open+0x2a4/0x3b0 [ 265.937391][ T9681] chrdev_open+0x237/0x6a0 [ 265.941808][ T9681] do_dentry_open+0xf59/0x1ea0 [ 265.946570][ T9681] vfs_open+0x82/0x3f0 [ 265.950639][ T9681] path_openat+0x1e6a/0x2d60 [ 265.955226][ T9681] do_filp_open+0x20c/0x470 [ 265.959723][ T9681] do_sys_openat2+0x17a/0x1e0 [ 265.964401][ T9681] __x64_sys_openat+0x175/0x210 [ 265.969255][ T9681] do_syscall_64+0xcd/0x250 [ 265.973760][ T9681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.979657][ T9681] [ 265.981970][ T9681] The buggy address belongs to the object at ffff888140eb0a00 [ 265.981970][ T9681] which belongs to the cache kmalloc-256 of size 256 [ 265.996014][ T9681] The buggy address is located 24 bytes inside of [ 265.996014][ T9681] freed 256-byte region [ffff888140eb0a00, ffff888140eb0b00) [ 266.009716][ T9681] [ 266.012035][ T9681] The buggy address belongs to the physical page: [ 266.018444][ T9681] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x140eb0 [ 266.027281][ T9681] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 266.035770][ T9681] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 266.043410][ T9681] page_type: f5(slab) [ 266.047396][ T9681] raw: 057ff00000000040 ffff88801ac41b40 dead000000000122 0000000000000000 [ 266.055982][ T9681] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 266.064568][ T9681] head: 057ff00000000040 ffff88801ac41b40 dead000000000122 0000000000000000 [ 266.073237][ T9681] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 266.081902][ T9681] head: 057ff00000000001 ffffea000503ac01 ffffffffffffffff 0000000000000000 [ 266.090566][ T9681] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 266.099228][ T9681] page dumped because: kasan: bad access detected [ 266.105656][ T9681] page_owner tracks the page as allocated [ 266.111360][ T9681] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13761270945, free_ts 0 [ 266.131082][ T9681] post_alloc_hook+0x2d1/0x350 [ 266.135857][ T9681] get_page_from_freelist+0xfce/0x2f80 [ 266.141325][ T9681] __alloc_pages_noprof+0x223/0x25b0 [ 266.146701][ T9681] alloc_pages_mpol_noprof+0x2c9/0x610 [ 266.152159][ T9681] new_slab+0x2c9/0x410 [ 266.156316][ T9681] ___slab_alloc+0xce2/0x1650 [ 266.160997][ T9681] __slab_alloc.constprop.0+0x56/0xb0 [ 266.166367][ T9681] __kmalloc_cache_noprof+0xf6/0x420 [ 266.171652][ T9681] bus_add_driver+0x92/0x690 [ 266.176253][ T9681] driver_register+0x15c/0x4b0 [ 266.181037][ T9681] usb_register_driver+0x216/0x4d0 [ 266.186153][ T9681] au0828_init+0xb7/0x1a0 [ 266.190498][ T9681] do_one_initcall+0x128/0x630 [ 266.195273][ T9681] kernel_init_freeable+0x58f/0x8b0 [ 266.200481][ T9681] kernel_init+0x1c/0x2b0 [ 266.204821][ T9681] ret_from_fork+0x45/0x80 [ 266.209238][ T9681] page_owner free stack trace missing [ 266.214600][ T9681] [ 266.216917][ T9681] Memory state around the buggy address: [ 266.222539][ T9681] ffff888140eb0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 266.230612][ T9681] ffff888140eb0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 266.238684][ T9681] >ffff888140eb0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 266.246748][ T9681] ^ [ 266.251593][ T9681] ffff888140eb0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 266.259657][ T9681] ffff888140eb0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 266.267709][ T9681] ================================================================== [ 266.338119][ T9681] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 266.345344][ T9681] CPU: 0 UID: 0 PID: 9681 Comm: syz.3.1060 Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 [ 266.356057][ T9681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 266.366125][ T9681] Call Trace: [ 266.369411][ T9681] [ 266.372357][ T9681] dump_stack_lvl+0x3d/0x1f0 [ 266.376976][ T9681] panic+0x71d/0x800 [ 266.380898][ T9681] ? __pfx_panic+0x10/0x10 [ 266.385340][ T9681] ? irqentry_exit+0x3b/0x90 [ 266.389958][ T9681] ? lockdep_hardirqs_on+0x7c/0x110 [ 266.395182][ T9681] ? preempt_schedule_thunk+0x1a/0x30 [ 266.400579][ T9681] ? preempt_schedule_common+0x44/0xc0 [ 266.406066][ T9681] check_panic_on_warn+0xab/0xb0 [ 266.411037][ T9681] end_report+0x117/0x180 [ 266.415404][ T9681] kasan_report+0xe9/0x110 [ 266.419849][ T9681] ? dvb_device_open+0x36a/0x3b0 [ 266.424826][ T9681] ? dvb_device_open+0x36a/0x3b0 [ 266.429785][ T9681] ? __pfx_dvb_device_open+0x10/0x10 [ 266.435094][ T9681] dvb_device_open+0x36a/0x3b0 [ 266.439883][ T9681] ? __pfx_dvb_device_open+0x10/0x10 [ 266.445198][ T9681] chrdev_open+0x237/0x6a0 [ 266.449636][ T9681] ? __pfx_apparmor_file_open+0x10/0x10 [ 266.455204][ T9681] ? __pfx_chrdev_open+0x10/0x10 [ 266.460166][ T9681] do_dentry_open+0xf59/0x1ea0 [ 266.464949][ T9681] ? __pfx_chrdev_open+0x10/0x10 [ 266.469913][ T9681] ? inode_permission+0xdd/0x5f0 [ 266.474881][ T9681] vfs_open+0x82/0x3f0 [ 266.478976][ T9681] ? may_open+0x1f2/0x400 [ 266.483323][ T9681] path_openat+0x1e6a/0x2d60 [ 266.488056][ T9681] ? __pfx_path_openat+0x10/0x10 [ 266.493016][ T9681] do_filp_open+0x20c/0x470 [ 266.497542][ T9681] ? __pfx_do_filp_open+0x10/0x10 [ 266.502577][ T9681] ? alloc_fd+0x41f/0x760 [ 266.506917][ T9681] do_sys_openat2+0x17a/0x1e0 [ 266.511616][ T9681] ? __pfx_do_sys_openat2+0x10/0x10 [ 266.516828][ T9681] ? __pfx___schedule+0x10/0x10 [ 266.521692][ T9681] __x64_sys_openat+0x175/0x210 [ 266.526552][ T9681] ? __pfx___x64_sys_openat+0x10/0x10 [ 266.531931][ T9681] do_syscall_64+0xcd/0x250 [ 266.536440][ T9681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.542336][ T9681] RIP: 0033:0x7fbbf2d85d29 [ 266.546753][ T9681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.566364][ T9681] RSP: 002b:00007fbbf3b88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 266.574779][ T9681] RAX: ffffffffffffffda RBX: 00007fbbf2f75fa0 RCX: 00007fbbf2d85d29 [ 266.582743][ T9681] RDX: 0000000000002400 RSI: 0000000020000200 RDI: ffffffffffffff9c [ 266.590709][ T9681] RBP: 00007fbbf2e01b08 R08: 0000000000000000 R09: 0000000000000000 [ 266.598680][ T9681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 266.606645][ T9681] R13: 0000000000000000 R14: 00007fbbf2f75fa0 R15: 00007ffdde8fe2e8 [ 266.614624][ T9681] [ 266.617780][ T9681] Kernel Offset: disabled [ 266.622100][ T9681] Rebooting in 86400 seconds..