last executing test programs: 12m44.986615418s ago: executing program 0 (id=25): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/rose10/addr_assign_type\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/124, 0x7c) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) r2 = socket(0xa, 0x3, 0x6) ioctl$auto(r2, 0x890c, 0x1) 12m43.67240217s ago: executing program 0 (id=30): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) write$auto(r0, &(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x01\xff\x00', 0x20) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0) ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000000000)=0x22) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) socket(0x28, 0x3, 0x10001) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2438d4cb2de063a3e5dcd4c26ee78d80042d81c37dd38221d4b71dbf365dce3d05bb18cbce0434ca5e8e47625d78635aad429f562712ec3f3d7159eed41db4a183bcf6c4d2a7027f0516a3e65afde6bbe0d0a364f3de6308fdc4ee20eae92fbee719e8d22f2d406e2962d8f5c0d5101308c6e84c356c7a112d5d01b9d22b7b13880100000061cba05cda6a3138c62a", @ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf2521000000"], 0x14}}, 0x4000000) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x2, 0x1, 0x3, 0x300000000000000, 0x7ffffffe, 0x5, 0x6d3c, 0x5, 0x2]}, 0x0) unshare$auto(0x40000080) open$auto(&(0x7f0000000200)='./file0\x00', 0x49193, 0xff90) mmap$auto(0xf0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1", 0x300) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYRESOCT, @ANYRES16=0x0, @ANYRESHEX=r2, @ANYBLOB="f6b22bba88ca377c6f72f93b44bc18c57ca71a77277fec2b2cc3d831e67785a6e28aaf1a36b452418382378cd407449892265433e62d71197685bcf555781402be9f031ae7037278056593424def863e0b03a9c907c0cbd0c7931b8f20aa80f2591e3d4e1393e9cd24b072476a686005665056abb3383b8f62cd67aff1ec55c190e70258ba50971006131d6448f8a6d988538193cd53ba8afb19b6b900e4e6cbfec1029ab37b26167bc7ba2a09a3c1961a9ce50d46d83d24798772e05973a6c8b5224f14e65704bf1ac59e56ec4032fd927a6d30", @ANYRES64=r1], 0x14}, 0x1, 0x0, 0x0, 0x4885}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) 12m42.062712176s ago: executing program 0 (id=34): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x10042, 0x0) r1 = fsopen$auto(0x0, 0x1) ioctl$auto(0x3, 0xae47, r1) ioctl$auto_TIOCGDEV2(r1, 0x80045432, &(0x7f0000000000)=0xfffffffb) readv$auto(0x3, &(0x7f0000000600)={0x0, 0xc}, 0x1da) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x1) 12m41.837080701s ago: executing program 0 (id=36): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x0, 0x2, 0x9, &(0x7f0000000080)=0xbc) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@link_update={0xa, @new_prog_fd=r0, 0x7, @old_map_fd}, 0x1ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) mmap$auto(0x7, 0x8, 0x7, 0x18, 0x42c8b44c, 0x0) mmap$auto(0x41, 0x2, 0x9, 0x111, 0x9, 0x7) open(0x0, 0x22240, 0x16c) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0xc07c, 0x2020009, 0xfffffffffffffffa, 0x19, 0xfffffffffffffffa, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r1 = open(&(0x7f0000000100)='.\x00', 0x591002, 0x408) linkat$auto(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mmap$auto(0x1000, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xc, 0x14) madvise$auto(0x0, 0x36, 0x1) msync$auto(0x0, 0x2000000005, 0x6) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) fstat$auto(0x2, 0x0) ioctl$auto(r2, 0x560a, 0x7) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyz4\x00', 0x0, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r3 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) write$auto(r3, 0x0, 0xeffd) 12m40.324845445s ago: executing program 0 (id=41): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x4100, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000280)='/dev/usbmon29\x00', 0x5f9000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0xa}, 0x5, 0x20000000) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x7}, 0x10) socket(0x11, 0x800, 0xfb11) mount$auto(&(0x7f0000000180)='xfrm0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='\x00', 0x6, &(0x7f0000000240)="e496433eeb34df08522bc6754c216c084e58d9ad5ebea1b0ec74fee049eb2494f7c7cbc32ce409a26374e4549474ea2edb417c4c501cef41fb17b0c3") memfd_create$auto(0x0, 0x4) seccomp$auto(0x2, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) tkill$auto(0x1, 0x7) write$auto(r0, &(0x7f0000000080)='/dev/sg0\x00', 0x8583) 12m39.681828166s ago: executing program 0 (id=43): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) (async) r3 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) (async) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) (async) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) socket(0x10, 0x2, 0x4) (async) r4 = socket(0x10, 0x2, 0x4) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x1, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) open(&(0x7f0000000280)='./cgroup\x00', 0x0, 0xef) (async) open(&(0x7f0000000280)='./cgroup\x00', 0x0, 0xef) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) close_range$auto(0xffffffffffffffff, 0xfffffffffffff000, 0x5) socket(0x1d, 0x80000, 0x104) (async) socket(0x1d, 0x80000, 0x104) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) mmap$auto(0x2, 0x2020009, 0x3, 0x12, 0xfffffffffffffffa, 0x4000008000) (async) mmap$auto(0x2, 0x2020009, 0x3, 0x12, 0xfffffffffffffffa, 0x4000008000) socket(0x11, 0x2, 0x88) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x20008000) socket(0x2, 0x801, 0x106) (async) socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x7, &(0x7f0000000300)={0x10000, 0x80, 0xe, 0x8, 0x1fd, 0x794, r3, [0xffffffff, 0x8, 0x80000000], {0x2, 0x800000a, 0x200, 0xffffffff, 0xfffffffb, 0x1ff, 0x7, 0x8, 0x226d}, {0x11363fe, 0x72, 0x1800000, 0x4, 0x8, 0x4, 0x6, 0x80, 0xffffffffffffffff}}) write$auto(0x3, 0x0, 0x3f00) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008007000fd0300000000000000000300", @ANYRES32=r2, @ANYBLOB="04002580"], 0x20}, 0x1, 0x0, 0x0, 0x4004081}, 0x20000084) 12m39.221431637s ago: executing program 32 (id=43): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) (async) r3 = socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) (async) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) (async) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) socket(0x10, 0x2, 0x4) (async) r4 = socket(0x10, 0x2, 0x4) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x1, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) open(&(0x7f0000000280)='./cgroup\x00', 0x0, 0xef) (async) open(&(0x7f0000000280)='./cgroup\x00', 0x0, 0xef) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) close_range$auto(0xffffffffffffffff, 0xfffffffffffff000, 0x5) socket(0x1d, 0x80000, 0x104) (async) socket(0x1d, 0x80000, 0x104) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) mmap$auto(0x2, 0x2020009, 0x3, 0x12, 0xfffffffffffffffa, 0x4000008000) (async) mmap$auto(0x2, 0x2020009, 0x3, 0x12, 0xfffffffffffffffa, 0x4000008000) socket(0x11, 0x2, 0x88) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x20008000) socket(0x2, 0x801, 0x106) (async) socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x7, &(0x7f0000000300)={0x10000, 0x80, 0xe, 0x8, 0x1fd, 0x794, r3, [0xffffffff, 0x8, 0x80000000], {0x2, 0x800000a, 0x200, 0xffffffff, 0xfffffffb, 0x1ff, 0x7, 0x8, 0x226d}, {0x11363fe, 0x72, 0x1800000, 0x4, 0x8, 0x4, 0x6, 0x80, 0xffffffffffffffff}}) write$auto(0x3, 0x0, 0x3f00) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008007000fd0300000000000000000300", @ANYRES32=r2, @ANYBLOB="04002580"], 0x20}, 0x1, 0x0, 0x0, 0x4004081}, 0x20000084) 16.930347305s ago: executing program 3 (id=3775): seccomp$auto(0x2, 0x10, &(0x7f0000000140)="c853de07b448085b68acac556e1e0000000000018c6e") unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ppoll$auto(&(0x7f0000000080)={r0, 0x7980, 0x6}, 0x2, 0x0, 0x0, 0x8) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0x4) removexattr$auto(0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r2 = socket(0x10, 0x2, 0x9) sendmsg$auto_NL80211_CMD_DEL_MPATH(r2, 0x0, 0x40010) ioctl$auto_TIOCGDEV2(r1, 0x542f, 0x0) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, 0x0, 0x55) socket(0x2a, 0x2, 0x1) unshare$auto(0x6) 14.346310174s ago: executing program 3 (id=3788): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) write$auto(r0, &(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x01\xff\x00', 0x20) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0) ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000000000)=0x22) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) socket(0x28, 0x3, 0x10001) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2438d4cb2de063a3e5dcd4c26ee78d80042d81c37dd38221d4b71dbf365dce3d05bb18cbce0434ca5e8e47625d78635aad429f562712ec3f3d7159eed41db4a183bcf6c4d2a7027f0516a3e65afde6bbe0d0a364f3de6308fdc4ee20eae92fbee719e8d22f2d406e2962d8f5c0d5101308c6e84c356c7a112d5d01b9d22b7b13880100000061cba05cda6a3138c62a", @ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf2521000000"], 0x14}}, 0x4000000) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x2, 0x1, 0x3, 0x300000000000000, 0x7ffffffe, 0x5, 0x6d3c, 0x5, 0x2]}, 0x0) unshare$auto(0x40000080) open$auto(0x0, 0x49193, 0xff90) mmap$auto(0xf0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1", 0x300) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYRESOCT, @ANYRES16=0x0, @ANYRESHEX=r2, @ANYBLOB="f6b22bba88ca377c6f72f93b44bc18c57ca71a77277fec2b2cc3d831e67785a6e28aaf1a36b452418382378cd407449892265433e62d71197685bcf555781402be9f031ae7037278056593424def863e0b03a9c907c0cbd0c7931b8f20aa80f2591e3d4e1393e9cd24b072476a686005665056abb3383b8f62cd67aff1ec55c190e70258ba50971006131d6448f8a6d988538193cd53ba8afb19b6b900e4e6cbfec1029ab37b26167bc7ba2a09a3c1961a9ce50d46d83d24798772e05973a6c8b5224f14e65704bf1ac59e56ec4032fd927a6d30", @ANYRES64=r1], 0x14}, 0x1, 0x0, 0x0, 0x4885}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) 11.158172047s ago: executing program 3 (id=3802): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0xc2a003, 0x1ea) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) r2 = io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f2b, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(r2, 0xffffffffffffffff, 0x0) renameat2$auto(r0, &(0x7f0000000200)='./file0\x00', r0, &(0x7f0000000240)='./file1\x00', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xfd) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fb0\x00', 0x20401, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kallsyms\x00', 0x541d02, 0x0) write$auto_msr_fops_msr(r2, &(0x7f0000000080)="18bf343d68e455128e3dec09884ef59e31397e0a1d8d9381fc4d21d3c0bfa3828b00c5beec0015c797128b8063e61992fd89315726c56960c7c2d4bbce00c8d1b37aa2dc79956f3e56c37ef71761b1b22af3eedf22303f95b5bebc1c6068ce5d7a504cb961c1ac5442a1b3591e6b64366a85b0563d74160cbc2e47e46a0834f0643ba07e1ab5e8cdd757c01aa31c6c4870587ebbcadefe8e665ea45b143204", 0x9f) pread64$auto(r3, 0x0, 0x100000000008, 0x8) ioctl$auto(0x3, 0xc0105512, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x4601, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mmap$auto(0x40, 0x400009, 0xb, 0x9b70, 0x2, 0x8000) madvise$auto(0x1, 0xce, 0x3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001500)='/sys/kernel/irq/5/actions\x00', 0x22040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000180)=""/109, 0x6d) clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) mknodat$auto(r4, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000000)={0xb099, 0x0, r4}) 10.353213046s ago: executing program 3 (id=3806): r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x101200, 0x0) sendmsg$auto(r0, &(0x7f00000002c0)={&(0x7f0000000080)="134243b9477f02fb30d6c8b99247b9843e626d1110d9d057a603f53d9cb50d858a9122fd204281098d9fe56d52a1d43a0eb15fa22b4ed94400aefb0dc816bf2c40bc30ff47dfd4b6cd09d8fb505a677ae10f49d2f6d137454bd05cb14d9bc4edb4f46b79723dfc5308db0964ef72f576fa1c751475e8671443e7dad3e00a2a82c43d329deb1172aed41ece8d9062254c8acbab8683b23f3a432ecdb19e619d93988255e48ef61a9173de9704df44c4161445a1bb3de275e753e5d0a3adecc0d46790b68997d83b146773923f6423f6fe8a29d3b3361d160f2aed3484ca03e5", 0x2, &(0x7f0000000200)={&(0x7f0000000180)="ec7bd02a5ba35846467bc612d718643870cd54be06e6c4aeec6e9c2cc6a770bed62614474953f313774d06b55eb713eda681fbea17b307c0da64b45a1f6556725d827e85756b705fe7b31ce82827e6852499c08b44f11bbe3932ca5b7a249fa544925bb9d0c99db1153bb4f1ad6a40d346f02f037a8a7e476826", 0x6}, 0x5e, &(0x7f0000000240)="d32fff39ed94048c1431e9964bdf91a45738fe331719850f48cb6fbfbc614909555bba297c8739fbafcc0bb4ffd6dc086831b51e17acb46b97df24edf721593839a75fa2bbcba4aa0c8763be0c82af64b5fb532b141e49d646", 0x8000, 0x25b1}, 0xa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.list\x00', 0x48a22, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'ipvlan0\x00'}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0xa, 0xa) sendmmsg$auto(r1, &(0x7f00000000c0)={{&(0x7f0000000140), 0x12, &(0x7f0000000280)={0x0, 0x10}, 0x7, 0x0, 0x7, 0x201}, 0x9}, 0x8, 0x7fff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6nA6\x1a\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\xcf\x00'/236, 0x4, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_nsim_nexthop_bucket_activity_fops_fib(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/fib/nexthop_bucket_activity\x00', 0x1, 0x0) pwrite64$auto(r3, 0x0, 0x0, 0x101) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000300), r2) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xfffffffffffffffc, 0x1000, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ptmx\x00', 0x189000, 0x0) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0) ioctl$auto_evdev_fops_evdev(r4, 0x80084502, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) unlink$auto(&(0x7f0000000100)='./file0\x00') recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) write$auto(0x3, 0x0, 0x3f00) mount_setattr$auto(0x5, 0x0, 0x8000, &(0x7f0000000640)={0x1f, 0xf6, 0x100000}, 0x283) 7.258413666s ago: executing program 4 (id=3817): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4008810}, 0x2000c041) r0 = socket(0x2a, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000080), 0x6b) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) socket(0xa, 0x3, 0x3a) epoll_wait$auto(r0, 0x0, 0x7ff, 0x6) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x567) 6.977035971s ago: executing program 2 (id=3818): syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, r1, 0x305, 0x70bd23, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8008}, 0x4000040) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nlbl_mgmt(&(0x7f0000000040), r4) sendmsg$auto_NLBL_MGMT_C_LISTDEF(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="918935a4718124000008", @ANYRES64=r5, @ANYBLOB="04002bbd7000fbdbdf250600000008000300080000000800020007000000"], 0x24}, 0x1, 0x0, 0x0, 0x4050}, 0x0) sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000009400)={0x2c, r5, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x10fd}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040300) 6.764910213s ago: executing program 4 (id=3819): openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x10b040, 0x0) r0 = socket(0x22, 0x3, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0) r1 = socket(0x2, 0x1, 0x0) sendmsg$auto_NFC_CMD_VENDOR(r1, 0x0, 0x40) sendmsg$auto_NFC_CMD_VENDOR(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x14, 0x0, 0x2, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) open(0x0, 0x2a4c0, 0x0) unshare$auto(0x40000080) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x1, 0x106) bind$auto(r2, 0x0, 0x5) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2d64a053", @ANYRES16=0x0, @ANYBLOB="00082cbd7000fedbdf250300000008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a000500aaaaaaaaaabb00000a00010000000000000000000a000100bbbbbbbbbbbb0000060006000f00000008000400010000880800030004000000"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x6004000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0xa, 0x0) close_range$auto(0x2, 0xa, 0x0) open(0x0, 0xa240, 0x15e) msync$auto(0x0, 0x2000000005, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) 5.836274163s ago: executing program 1 (id=3820): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/bMaxPacketSize0\x00', 0x12bc00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/203, 0xcb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20804, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) fstat$auto(0x2, 0x0) ioctl$auto(0x3, 0x4008af03, 0x0) 5.783677365s ago: executing program 2 (id=3821): r0 = prctl$auto(0x7, 0x10001, 0xffffffffffffffff, 0x6, 0x9) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REMOVE_LINK_STA(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_COLOR_CHANGE_ELEMS={0x14, 0x131, 0x0, 0x1, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x9bd}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0x3}]}, @NL80211_ATTR_CONTROL_PORT={0x4}]}, 0x2c}}, 0x0) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r3 = socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x43, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x2, &(0x7f0000000080)='+\x00\xc04\x95\x96XD\x11T\x11\xac@\xb9\'\xa8\x99\xf6\x99\xad\xa2w\xd55\xea|-&\v\xa9\xc5\xb1\xc6\n\xb0{\xe8', &(0x7f0000000100), 0xee01) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) capset$auto(&(0x7f0000000180)={0x497, 0x0}, &(0x7f00000001c0)={0x487d, 0x28, 0x2}) rt_sigqueueinfo$auto(r4, 0x800, &(0x7f0000000200)={@_si_pad}) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyprintk\x00', 0x82a80, 0x0) ioctl$auto_TIOCSTI2(r5, 0x5412, 0x0) getdents$auto(r0, &(0x7f0000000280)={0x4, 0x10000, 0x5, "aa544e6fa810233b0aa334846482f382d65d211edd0d0c8354898e3a61e8d6670fa9e2535aa49892600265ce440af06e45196dfe94cdf13e525a6334b21849357b5ebda6cb7bdc626a4b49eeedddd49b979d68dbf6fc290f59390253d5ee3d617195ae9f3240fcf2773a390811e12fc95c72e1888b3d7b13731289d1f30acaf0e7ee31cda3430f6dc343c23f3fc96f03e270de98f23c569555546d0787209728f78afbd615dd3cba5ec4d077d4b1b04d345d04d2c4191c53752d0d26c7aab7183bdce10f666c006a10beaad9e40f47416fd4786d0e4f885292ddb40dc1055c"}, 0xa2f5) ioctl$auto_CEC_S_MODE(r2, 0x40046109, &(0x7f0000002c40)=0xd0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/loop5/queue/discard_max_bytes\x00', 0x2, 0x0) sendfile$auto(r6, r6, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) 5.441001557s ago: executing program 1 (id=3822): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$auto(0x0, 0x0, 0x6f4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x11ebf3d8a6b518c5, 0x800, 0x1008001) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x4, 0x0, 0x8) r1 = openat$auto_check_wx_fops_(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0) readv$auto(r1, &(0x7f0000000080)={0x0, 0x14000000000}, 0x3) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/attr/exec\x00', 0x478d03, 0x0) mmap$auto(0x80, 0x4000b, 0x4, 0x9b72, r0, 0x28000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x7fff, 0xffffff7fffff0007, 0x8) mmap$auto(0x800000007, 0x4008, 0xd, 0x18, r1, 0x4) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x8cc002, 0x0) mmap$auto(0x1000, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x3, 0x0, 0x14) msync$auto(0x0, 0x2000000005, 0x6) socket$nl_generic(0x10, 0x3, 0x10) 4.80776621s ago: executing program 2 (id=3823): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) socket(0x10, 0x2, 0x0) socket(0x1, 0x5, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) sendmsg$auto_ETHTOOL_MSG_STATS_GET(0xffffffffffffffff, &(0x7f0000002100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2001}, 0x40000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptys5\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r0, 0x540b, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/swradio0\x00', 0x2ae640, 0x0) alarm$auto(0x2) alarm$auto(0x80000000) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r1, 0x402, 0x8000007fffffdf) r2 = openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/comm\x00', 0x48040, 0x0) read$auto(r2, &(0x7f0000000080)='#.\x00', 0x2) r3 = socket(0x10, 0x2, 0xc) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000340)=ANY=[@ANYBLOB="13000300", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250a000000040002"], 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x40) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES8, @ANYRES8=r3], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) r4 = socket(0x10, 0x2, 0xc) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000804}, 0x4000000) 4.383964369s ago: executing program 2 (id=3824): r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) fallocate$auto(r0, 0x0, 0x1c00, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0xaaa, 0x100000000000007, 0x0) keyctl$auto(0x2000000000000017, 0x8000, 0x2d, 0xc4, 0x20803) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/fail-nth\x00', 0x24041, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/block/nbd5/hctx0/cpu1/read_rq_list\x00', 0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/pci/00/04.0\x00', 0xc8841, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0\x00'}) mmap$auto(0x0, 0x5, 0x10000, 0x9b72, r2, 0x8000) mmap$auto(0x20002000000, 0x20009, 0xfffffffffffffff8, 0x13, r1, 0x8000) mmap$auto(0x0, 0x2020008, 0x3, 0x200000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xf, 0x3, 0x2) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/security/tomoyo/profile\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) clone3$auto(0x0, 0x42) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), r2) sendmsg$auto_ETHTOOL_MSG_FEC_GET(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00082bbd7000ffdbdf251d00e8ff3300018014000200776730000000000000000000000000001400020064766d7270310000000000000000000008000300ff000000"], 0x48}, 0x1, 0x0, 0x0, 0x40001}, 0x8000) read$auto(0x3, 0x0, 0x8080) open(&(0x7f0000000800)='./file0\x00', 0x103c40, 0x50) lseek$auto(0x0, 0x0, 0x3) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/exception_policy\x00', 0x1, 0x0) socket(0x2, 0x801, 0x100) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x400c810}, 0x20000041) bpf$auto(0xfffff001, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x3ff, 0x7, 0x4, 0x5, 0x8, 0x28b, 0x3ff, 0x200, 0x0, 0x401, 0x3, 0x4, 0x0, 0x3ff}, 0xa3) 4.346197426s ago: executing program 4 (id=3825): seccomp$auto(0x2, 0x10, &(0x7f0000000140)="c853de07b448085b68acac556e1e0000000000018c6e") unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ppoll$auto(&(0x7f0000000080)={r0, 0x7980, 0x6}, 0x2, 0x0, 0x0, 0x8) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0x4) removexattr$auto(0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r1 = socket(0x10, 0x2, 0x9) sendmsg$auto_NL80211_CMD_DEL_MPATH(r1, 0x0, 0x40010) getrandom$auto(0x0, 0x6000000, 0x3) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, 0x0, 0x55) socket(0x2a, 0x2, 0x1) unshare$auto(0x6) 4.196912607s ago: executing program 3 (id=3826): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) write$auto(r0, &(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x01\xff\x00', 0x20) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0) ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000000000)=0x22) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) socket(0x28, 0x3, 0x10001) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2438d4cb2de063a3e5dcd4c26ee78d80042d81c37dd38221d4b71dbf365dce3d05bb18cbce0434ca5e8e47625d78635aad429f562712ec3f3d7159eed41db4a183bcf6c4d2a7027f0516a3e65afde6bbe0d0a364f3de6308fdc4ee20eae92fbee719e8d22f2d406e2962d8f5c0d5101308c6e84c356c7a112d5d01b9d22b7b13880100000061cba05cda6a3138c62a", @ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf2521000000"], 0x14}}, 0x4000000) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x2, 0x1, 0x3, 0x300000000000000, 0x7ffffffe, 0x5, 0x6d3c, 0x5, 0x2]}, 0x0) unshare$auto(0x40000080) open$auto(&(0x7f0000000200)='./file0\x00', 0x49193, 0xff90) mmap$auto(0xf0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1", 0x300) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYRESOCT, @ANYRES16=0x0, @ANYRESHEX=r2, @ANYBLOB="f6b22bba88ca377c6f72f93b44bc18c57ca71a77277fec2b2cc3d831e67785a6e28aaf1a36b452418382378cd407449892265433e62d71197685bcf555781402be9f031ae7037278056593424def863e0b03a9c907c0cbd0c7931b8f20aa80f2591e3d4e1393e9cd24b072476a686005665056abb3383b8f62cd67aff1ec55c190e70258ba50971006131d6448f8a6d988538193cd53ba8afb19b6b900e4e6cbfec1029ab37b26167bc7ba2a09a3c1961a9ce50d46d83d24798772e05973a6c8b5224f14e65704bf1ac59e56ec4032fd927a6d30", @ANYRES64=r1], 0x14}, 0x1, 0x0, 0x0, 0x4885}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) 3.319125997s ago: executing program 2 (id=3827): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0xc2a003, 0x1ea) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) r2 = io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x403c6f2b, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(r2, 0xffffffffffffffff, 0x0) renameat2$auto(r0, &(0x7f0000000200)='./file0\x00', r0, &(0x7f0000000240)='./file1\x00', 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xfd) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fb0\x00', 0x20401, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/kallsyms\x00', 0x541d02, 0x0) write$auto_msr_fops_msr(r2, &(0x7f0000000080)="18bf343d68e455128e3dec09884ef59e31397e0a1d8d9381fc4d21d3c0bfa3828b00c5beec0015c797128b8063e61992fd89315726c56960c7c2d4bbce00c8d1b37aa2dc79956f3e56c37ef71761b1b22af3eedf22303f95b5bebc1c6068ce5d7a504cb961c1ac5442a1b3591e6b64366a85b0563d74160cbc2e47e46a0834f0643ba07e1ab5e8cdd757c01aa31c6c4870587ebbcadefe8e665ea45b143204", 0x9f) pread64$auto(r3, 0x0, 0x100000000008, 0x8) ioctl$auto(0x3, 0xc0105512, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x4601, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) mmap$auto(0x40, 0x400009, 0xb, 0x9b70, 0x2, 0x8000) madvise$auto(0x1, 0xce, 0x3) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001500)='/sys/kernel/irq/5/actions\x00', 0x22040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000180)=""/109, 0x6d) clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) mknodat$auto(r4, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8) ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000000)={0xb099, 0x0, r4}) 3.16267406s ago: executing program 1 (id=3828): openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x400, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x28, 0x3, 0x10001) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2438d4cb2de063a3e5dcd4c26ee78d80042d81c37dd38221d4b71dbf365dce3d05bb18cbce0434ca5e8e47625d78635aad429f562712ec3f3d7159eed41db4a183bcf6c4d2a7027f", @ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf2521000000"], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r2, 0x0, 0x1) write$auto_proc_clear_refs_operations_internal(r1, 0x0, 0xffffff4b) write$auto(0x3, 0x0, 0xfffffdef) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x2, 0x1, 0x3, 0x300000000000000, 0x7ffffffe, 0x5, 0x6d3c, 0x5, 0x2]}, 0x0) unshare$auto(0x40000080) open$auto(&(0x7f0000000200)='./file0\x00', 0x49193, 0xff90) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1", 0x300) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 2.896170344s ago: executing program 4 (id=3829): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) memfd_create$auto(&(0x7f0000000000)='^[#@-\x00', 0x3) fcntl$auto(0xff80000000000000, 0x409, 0x13) mmap$auto(0x7ffffdfde000, 0x2020006, 0x9, 0x11, 0x8000000000000000, 0x8000) socket(0x10, 0x2, 0x0) socket(0xa, 0x2, 0x0) setsockopt$auto(0x4, 0x88, 0xb, &(0x7f0000000000)='!/*:(*\'\x00', 0xe) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$auto_UBI_IOCATT(r1, 0x40186f40, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000001540), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_STATUS(r2, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f00000015c0)={0x28, r3, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR={0xa, 0x1, @link_local}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) 1.465969984s ago: executing program 2 (id=3830): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, &(0x7f0000000000)=0x22) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x1, 0x0) socket(0x28, 0x3, 0x10001) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2438d4cb2de063a3e5dcd4c26ee78d80042d81c37dd38221d4b71dbf365dce3d05bb18cbce0434ca5e8e47625d78635aad429f562712ec3f3d7159eed41db4a183bcf6c4d2a7027f0516a3e65afde6bbe0d0a364f3de6308fdc4ee20eae92fbee719e8d22f2d406e2962d8f5c0d5101308c6e84c356c7a112d5d01b9d22b7b13880100000061cba05cda6a3138c62a", @ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf2521000000"], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r2, 0x0, 0x1) write$auto_proc_clear_refs_operations_internal(r1, 0x0, 0xffffff4b) write$auto(0x3, 0x0, 0xfffffdef) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x2, 0x1, 0x3, 0x300000000000000, 0x7ffffffe, 0x5, 0x6d3c, 0x5, 0x2]}, 0x0) unshare$auto(0x40000080) open$auto(&(0x7f0000000200)='./file0\x00', 0x49193, 0xff90) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1", 0x300) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 1.191229273s ago: executing program 4 (id=3831): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/bMaxPacketSize0\x00', 0x12bc00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20804, 0x0) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) fstat$auto(0x2, 0x0) ioctl$auto(0x3, 0x4008af03, 0x0) 601.695813ms ago: executing program 4 (id=3832): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) close_range$auto(0x2, 0x8, 0x0) mbind$auto(0x9, 0x84, 0x4, &(0x7f0000000000), 0x80000000, 0x7f) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x7fffffff) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/ns/cgroup\x00', 0x4, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) rseq$auto(0x0, 0x8000, 0x0, 0x6) socket(0xa, 0x2, 0x0) connect$auto(0x3, 0x0, 0x51) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) bpf$auto(0x0, 0x0, 0xfbf) shutdown$auto(0x200000003, 0x2) sendmsg$auto_NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, 0x0, 0x20048800) select$auto(0x1000009, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) socket(0xa, 0x2, 0x3a) recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0) 500.343035ms ago: executing program 1 (id=3833): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4008810}, 0x2000c041) r0 = socket(0x2a, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000080), 0x6b) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) socket(0xa, 0x3, 0x3a) epoll_wait$auto(r0, 0x0, 0x7ff, 0x6) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x400000000000003, 0x29, 0xca, 0x0, 0x567) 127.257351ms ago: executing program 1 (id=3834): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) socket(0x10, 0x2, 0x0) socket(0x1, 0x5, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) sendmsg$auto_ETHTOOL_MSG_STATS_GET(0xffffffffffffffff, &(0x7f0000002100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2001}, 0x40000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptys5\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r0, 0x540b, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/swradio0\x00', 0x2ae640, 0x0) alarm$auto(0x2) alarm$auto(0x80000000) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r1, 0x402, 0x8000007fffffdf) r2 = openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/comm\x00', 0x48040, 0x0) read$auto(r2, &(0x7f0000000080)='#.\x00', 0x2) r3 = socket(0x10, 0x2, 0xc) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000340)=ANY=[@ANYBLOB="13000300", @ANYRES16=0x0, @ANYBLOB="010027bd7000fcdbdf250a000000040002"], 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x40) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES8, @ANYRES8=r3], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) r4 = socket(0x10, 0x2, 0xc) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000804}, 0x4000000) 18.188227ms ago: executing program 3 (id=3835): openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x400, 0x0) ioctl$auto_CEC_S_MODE(r0, 0x40046109, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x28, 0x3, 0x10001) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2438d4cb2de063a3e5dcd4c26ee78d80042d81c37dd38221d4b71dbf365dce3d05bb18cbce0434ca5e8e47625d78635aad429f562712ec3f3d7159eed41db4a183bcf6c4d2a7027f", @ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf2521000000"], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r2, 0x0, 0x1) write$auto_proc_clear_refs_operations_internal(r1, 0x0, 0xffffff4b) write$auto(0x3, 0x0, 0xfffffdef) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x2, 0x1, 0x3, 0x300000000000000, 0x7ffffffe, 0x5, 0x6d3c, 0x5, 0x2]}, 0x0) unshare$auto(0x40000080) open$auto(&(0x7f0000000200)='./file0\x00', 0x49193, 0xff90) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r4, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1", 0x300) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 0s ago: executing program 1 (id=3836): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) close_range$auto(0x2, 0x8, 0x0) mbind$auto(0x9, 0x84, 0x4, &(0x7f0000000000), 0x80000000, 0x7f) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x7fffffff) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/ns/cgroup\x00', 0x4, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) rseq$auto(0x0, 0x8000, 0x0, 0x6) socket(0xa, 0x2, 0x0) connect$auto(0x3, 0x0, 0x51) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) bpf$auto(0x0, 0x0, 0xfbf) shutdown$auto(0x200000003, 0x2) sendmsg$auto_NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, 0x0, 0x20048800) select$auto(0x1000009, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x3b, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0) kernel console output (not intermixed with test programs): [ 524.101140][T15408] vivid-013: ================= START STATUS ================= [ 524.109596][T15408] vivid-013: Generate PTS: true [ 524.115598][T15408] vivid-013: Generate SCR: true [ 524.120710][T15408] tpg source WxH: 640x360 (Y'CbCr) [ 524.140978][T15408] tpg field: 1 [ 524.144835][T15408] tpg crop: 640x360@0x0 [ 524.149075][T15408] tpg compose: 640x360@0x0 [ 524.162826][T15408] tpg colorspace: 8 [ 524.169841][T15408] tpg transfer function: 0/0 [ 524.181996][T15408] tpg Y'CbCr encoding: 0/0 [ 524.192606][T15408] tpg quantization: 0/0 [ 524.202410][T15408] tpg RGB range: 0/2 [ 524.206438][T15408] vivid-013: ================== END STATUS ================== [ 524.530836][T15410] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(6) [ 525.206985][T15440] binder: 15437:15440 ioctl c0105512 1 returned -22 [ 525.414624][T15440] binder: 15437:15440 ioctl c0306201 9 returned -14 [ 525.642522][T15449] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2461'. [ 525.654426][T15449] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 525.664705][T15449] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 526.424085][T15457] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(6) [ 527.273113][T15481] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2468'. [ 527.319630][T15481] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 527.736565][T15495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2473'. [ 527.767316][T15495] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 527.782588][T15495] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 528.004970][T15500] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(6) [ 530.442257][T15542] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2484'. [ 530.577096][T15543] Process accounting resumed [ 531.179383][T15546] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 531.190078][T15546] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 531.222235][T15546] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 531.234061][T15546] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 531.241734][T15546] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 531.249346][T15546] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 531.606215][T15550] netlink: 3696 bytes leftover after parsing attributes in process `syz.1.2493'. [ 531.644067][T15545] chnl_net:caif_netlink_parms(): no params data found [ 531.652228][T15550] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 531.943003][T15545] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.950173][T15545] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.982221][T15545] bridge_slave_0: entered allmulticast mode [ 531.989443][T15545] bridge_slave_0: entered promiscuous mode [ 532.024483][T15545] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.031758][T15545] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.052129][T15545] bridge_slave_1: entered allmulticast mode [ 532.059250][T15545] bridge_slave_1: entered promiscuous mode [ 532.127302][T15545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 532.154827][T15545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 532.279714][T15545] team0: Port device team_slave_0 added [ 532.330592][T15545] team0: Port device team_slave_1 added [ 532.454813][T15545] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 532.461818][T15545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.532223][T15545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 532.550687][T15545] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 532.572138][T15545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.617995][T15545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 532.715930][T15545] hsr_slave_0: entered promiscuous mode [ 532.752351][T15545] hsr_slave_1: entered promiscuous mode [ 532.762197][T15545] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 532.769812][T15545] Cannot create hsr debugfs directory [ 533.045367][T15545] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.187193][T15545] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.292098][ T5837] Bluetooth: hci1: command tx timeout [ 533.357808][T15545] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.484307][T15545] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.498572][T15579] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(6) [ 533.725005][T15545] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 533.838979][T15545] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 533.970003][T15545] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 534.045641][T15545] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 534.309737][T15545] 8021q: adding VLAN 0 to HW filter on device bond0 [ 534.330150][T15545] 8021q: adding VLAN 0 to HW filter on device team0 [ 534.354836][T10598] bridge0: port 1(bridge_slave_0) entered blocking state [ 534.362006][T10598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 534.390085][T10598] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.397287][T10598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 534.543619][T15545] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 535.145745][T15545] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 535.239618][T15545] veth0_vlan: entered promiscuous mode [ 535.256194][T15545] veth1_vlan: entered promiscuous mode [ 535.315720][T15545] veth0_macvtap: entered promiscuous mode [ 535.328276][T15545] veth1_macvtap: entered promiscuous mode [ 535.383046][ T5837] Bluetooth: hci1: command tx timeout [ 535.405573][T15545] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 535.461456][T15545] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 535.553901][T15545] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.618999][T15545] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.666142][T15545] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.707159][T15545] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.217346][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.240490][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.307610][T10598] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.318639][T10598] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.663203][T15672] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2512'. [ 536.693283][T15672] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 536.749858][T15672] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 536.809785][T15674] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2513'. [ 536.896974][ T5837] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 537.287784][T15691] netlink: 'syz.2.2517': attribute type 11 has an invalid length. [ 537.452228][ T5837] Bluetooth: hci1: command tx timeout [ 538.306528][T15546] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 538.329214][T15546] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 538.344688][T15546] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 538.360818][T15546] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 538.382554][T15546] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 538.390014][T15546] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 538.700950][T15711] chnl_net:caif_netlink_parms(): no params data found [ 538.711462][T15715] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 538.926309][T15711] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.942052][T15711] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.949450][T15711] bridge_slave_0: entered allmulticast mode [ 538.962474][T15711] bridge_slave_0: entered promiscuous mode [ 538.977416][T15711] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.985057][T15711] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.002248][T15711] bridge_slave_1: entered allmulticast mode [ 539.009407][T15711] bridge_slave_1: entered promiscuous mode [ 539.065229][T15711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.095727][T15711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 539.101138][T15727] binder: 15726:15727 ioctl 2284 ffffffffffffffff returned -22 [ 539.140667][T15732] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2527'. [ 539.165978][T15732] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 539.177491][T15732] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 539.194755][T15711] team0: Port device team_slave_0 added [ 539.205131][T15711] team0: Port device team_slave_1 added [ 539.279520][T15711] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.286770][T15711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.313982][T15711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.350398][T15711] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.360229][T15711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.412657][T15711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.531982][ T5837] Bluetooth: hci1: command tx timeout [ 539.715487][T15711] hsr_slave_0: entered promiscuous mode [ 539.733878][T15711] hsr_slave_1: entered promiscuous mode [ 539.746698][T15711] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 539.761973][T15711] Cannot create hsr debugfs directory [ 539.906532][T15736] binder: 15735:15736 ioctl 2284 ffffffffffffffff returned -22 [ 540.000598][T15711] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.336233][T15711] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.459457][T15711] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.492959][ T5837] Bluetooth: hci3: command tx timeout [ 540.564331][T15711] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.874407][T15711] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 540.898221][T15711] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 540.925259][T15711] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 540.988581][T15711] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 541.148675][T15711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.167738][T15711] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.186831][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.194033][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.226372][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.233574][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.415664][T15711] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 541.578619][T15711] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 541.653556][T15711] veth0_vlan: entered promiscuous mode [ 541.685428][T15711] veth1_vlan: entered promiscuous mode [ 541.703904][T15749] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 541.723655][T15711] veth0_macvtap: entered promiscuous mode [ 541.733272][T15711] veth1_macvtap: entered promiscuous mode [ 541.764620][T15711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.775818][T15711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.793158][T15711] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 541.811765][T15711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.831986][T15711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.853066][T15711] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 541.874815][T15711] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.892642][T15711] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.912036][T15711] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.920794][T15711] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.085384][T10607] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.102409][T10607] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.131268][T10607] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.142082][T10607] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.286480][T15766] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 542.572781][ T5837] Bluetooth: hci3: command tx timeout [ 543.403213][T15793] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2542'. [ 543.433978][T15793] vivid-013: ================= START STATUS ================= [ 543.441675][T15793] vivid-013: Generate PTS: true [ 543.462019][T15793] vivid-013: Generate SCR: true [ 543.466972][T15793] tpg source WxH: 640x360 (Y'CbCr) [ 543.491495][T15795] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2543'. [ 543.498439][T15793] tpg field: 1 [ 543.512305][T15793] tpg crop: 640x360@0x0 [ 543.522037][T15793] tpg compose: 640x360@0x0 [ 543.536874][T15793] tpg colorspace: 8 [ 543.546993][T15793] tpg transfer function: 0/0 [ 543.568180][T15793] tpg Y'CbCr encoding: 0/0 [ 543.582523][T15793] tpg quantization: 0/0 [ 543.602754][T15793] tpg RGB range: 0/2 [ 543.606714][T15793] vivid-013: ================== END STATUS ================== [ 543.725323][T15805] netlink: 'syz.2.2545': attribute type 1 has an invalid length. [ 543.914084][T15813] program syz.3.2548 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 543.915331][T15816] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2549'. [ 543.955688][T15811] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 544.572379][T15828] binder: 15827:15828 ioctl 2284 ffffffffffffffff returned -22 [ 544.644293][T15833] synth uevent: /bus/usb-serial/drivers/nokia: unknown uevent action string [ 544.654673][ T5837] Bluetooth: hci3: command tx timeout [ 545.876830][T15546] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 545.889204][T15546] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 545.899879][T15546] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 545.909575][ T6091] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 545.910364][T15546] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 545.928054][T15546] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 545.935833][T15546] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 546.441598][T15868] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 546.490690][T15853] chnl_net:caif_netlink_parms(): no params data found [ 546.666665][T15853] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.674179][T15853] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.681531][T15853] bridge_slave_0: entered allmulticast mode [ 546.689547][T15853] bridge_slave_0: entered promiscuous mode [ 546.698233][T15853] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.706259][T15853] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.713853][T15853] bridge_slave_1: entered allmulticast mode [ 546.721020][T15853] bridge_slave_1: entered promiscuous mode [ 546.732322][T15546] Bluetooth: hci3: command tx timeout [ 546.920924][T15853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 546.978684][T15853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 547.081319][T15853] team0: Port device team_slave_0 added [ 547.129024][T15853] team0: Port device team_slave_1 added [ 547.264161][T15853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 547.282117][T15853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.426736][T15886] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2561'. [ 547.444567][T15853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 547.549926][T15853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 547.595025][T15853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.716154][T15853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 547.946514][T15853] hsr_slave_0: entered promiscuous mode [ 547.972982][T15853] hsr_slave_1: entered promiscuous mode [ 547.979407][T15853] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 547.988806][T15853] Cannot create hsr debugfs directory [ 548.014393][T15546] Bluetooth: hci0: command tx timeout [ 548.248264][T15853] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.337946][T15853] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.447642][T15853] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.568291][T15853] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.571402][T15892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2566'. [ 548.611532][T15892] syz.2.2566: vmalloc error: size 4503599627371522, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 548.629829][T15892] CPU: 1 UID: 0 PID: 15892 Comm: syz.2.2566 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 548.640649][T15892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 548.650725][T15892] Call Trace: [ 548.654016][T15892] [ 548.656948][T15892] dump_stack_lvl+0x16c/0x1f0 [ 548.661633][T15892] warn_alloc+0x24d/0x3a0 [ 548.665993][T15892] ? __pfx_warn_alloc+0x10/0x10 [ 548.670916][T15892] ? __pfx_mark_lock+0x10/0x10 [ 548.675754][T15892] ? lock_acquire.part.0+0x11b/0x380 [ 548.681107][T15892] __vmalloc_node_range_noprof+0x10df/0x1530 [ 548.687150][T15892] ? rcu_is_watching+0x12/0xc0 [ 548.691967][T15892] ? trace_contention_end+0xee/0x140 [ 548.697315][T15892] ? dvb_demux_do_ioctl+0x54d/0x1340 [ 548.702659][T15892] ? dvb_demux_do_ioctl+0x496/0x1340 [ 548.708004][T15892] ? __pfx___mutex_lock+0x10/0x10 [ 548.713080][T15892] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 548.719466][T15892] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 548.725417][T15892] ? dvb_demux_do_ioctl+0x54d/0x1340 [ 548.730773][T15892] vmalloc_noprof+0x6b/0x90 [ 548.735335][T15892] ? dvb_demux_do_ioctl+0x54d/0x1340 [ 548.740680][T15892] dvb_demux_do_ioctl+0x54d/0x1340 [ 548.745858][T15892] dvb_usercopy+0x165/0x320 [ 548.750416][T15892] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 548.756001][T15892] ? __pfx_dvb_usercopy+0x10/0x10 [ 548.761034][T15892] ? __pfx_lock_release+0x10/0x10 [ 548.766080][T15892] ? __fget_files+0x206/0x3a0 [ 548.770777][T15892] dvb_demux_ioctl+0x29/0x40 [ 548.775374][T15892] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 548.780666][T15892] __x64_sys_ioctl+0x190/0x200 [ 548.785442][T15892] do_syscall_64+0xcd/0x250 [ 548.789956][T15892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.795856][T15892] RIP: 0033:0x7f9019b85d29 [ 548.800303][T15892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.819972][T15892] RSP: 002b:00007f901a9ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 548.828440][T15892] RAX: ffffffffffffffda RBX: 00007f9019d75fa0 RCX: 00007f9019b85d29 [ 548.836458][T15892] RDX: 0010000000000402 RSI: 0000000000006f2d RDI: 0000000000000003 [ 548.844470][T15892] RBP: 00007f9019c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 548.852474][T15892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.860477][T15892] R13: 0000000000000000 R14: 00007f9019d75fa0 R15: 00007ffd05e73fd8 [ 548.868506][T15892] [ 548.883574][T15892] Mem-Info: [ 548.886800][T15892] active_anon:22927 inactive_anon:0 isolated_anon:0 [ 548.886800][T15892] active_file:5252 inactive_file:44912 isolated_file:0 [ 548.886800][T15892] unevictable:801 dirty:704 writeback:0 [ 548.886800][T15892] slab_reclaimable:11580 slab_unreclaimable:108733 [ 548.886800][T15892] mapped:24980 shmem:1941 pagetables:780 [ 548.886800][T15892] sec_pagetables:0 bounce:0 [ 548.886800][T15892] kernel_misc_reclaimable:0 [ 548.886800][T15892] free:1313944 free_pcp:387 free_cma:0 [ 548.938191][T15892] Node 0 active_anon:91708kB inactive_anon:0kB active_file:21104kB inactive_file:179644kB unevictable:1668kB isolated(anon):0kB isolated(file):0kB mapped:99920kB dirty:2812kB writeback:0kB shmem:6228kB shmem_thp:2048kB shmem_pmdmapped:2048kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12032kB pagetables:3120kB sec_pagetables:0kB all_unreclaimable? no [ 549.118369][T15892] Node 1 active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 549.342778][T15892] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 549.385087][T15892] lowmem_reserve[]: 0 2491 2492 0 0 [ 549.390395][T15892] Node 0 DMA32 free:1332556kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:91636kB inactive_anon:0kB active_file:21212kB inactive_file:178788kB unevictable:1668kB writepending:2940kB present:3129332kB managed:2551312kB mlocked:0kB bounce:0kB free_pcp:1976kB local_pcp:792kB free_cma:0kB [ 549.405470][T15853] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 549.424256][T15892] lowmem_reserve[]: 0 0 0 0 0 [ 549.438049][T15892] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:4kB inactive_file:820kB unevictable:0kB writepending:4kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:8kB free_cma:0kB [ 549.469707][T15892] lowmem_reserve[]: 0 0 0 0 0 [ 549.475005][T15892] Node 1 Normal free:3906036kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 549.505014][T15892] lowmem_reserve[]: 0 0 0 0 0 [ 549.510913][T15892] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 549.526773][T15892] Node 0 DMA32: 4499*4kB (UME) 2136*8kB (UME) 1858*16kB (UME) 1647*32kB (UME) 1172*64kB (UME) 624*128kB (UME) 311*256kB (UME) 139*512kB (UME) 60*1024kB (UME) 22*2048kB (UME) 196*4096kB (UM) = 1332492kB [ 549.529373][T15853] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 549.555961][T15892] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 549.570304][T15853] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 549.579929][T15892] Node 1 Normal: 233*4kB (UME) 64*8kB (UME) 41*16kB (UME) 214*32kB (UME) 88*64kB (UME) 30*128kB (UME) 14*256kB (UME) 8*512kB (UM) 5*1024kB (UME) 6*2048kB (UE) 943*4096kB (M) = 3906036kB [ 549.601072][T15892] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 549.603268][T15853] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 549.610805][T15892] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 549.627829][T15892] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 549.672415][T15892] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 549.699463][T15892] 52214 total pagecache pages [ 549.710181][T15892] 29 pages in swap cache [ 549.716061][T15892] Free swap = 124340kB [ 549.720421][T15892] Total swap = 124996kB [ 549.725802][T15892] 2097051 pages RAM [ 549.729887][T15892] 0 pages HighMem/MovableOnly [ 549.735140][T15892] 427373 pages reserved [ 549.739771][T15892] 0 pages cma reserved [ 549.990893][T15913] netlink: 'syz.2.2572': attribute type 1 has an invalid length. [ 550.012545][T15853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 550.092286][T15546] Bluetooth: hci0: command tx timeout [ 550.131335][T15853] 8021q: adding VLAN 0 to HW filter on device team0 [ 550.173301][T10602] bridge0: port 1(bridge_slave_0) entered blocking state [ 550.181677][T10602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 550.298784][T10602] bridge0: port 2(bridge_slave_1) entered blocking state [ 550.306017][T10602] bridge0: port 2(bridge_slave_1) entered forwarding state [ 550.397708][T15853] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 550.428020][T15853] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 550.805025][T15853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 550.939171][T15940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2576'. [ 550.978767][T15940] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 551.017936][T15940] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 551.595356][T15853] veth0_vlan: entered promiscuous mode [ 551.639458][T15853] veth1_vlan: entered promiscuous mode [ 551.696123][T15853] veth0_macvtap: entered promiscuous mode [ 551.733962][T15853] veth1_macvtap: entered promiscuous mode [ 551.811537][T15853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 551.824484][T15959] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2580'. [ 551.839223][T15853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 551.853446][T15853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 551.864931][T15853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 551.877835][T15853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 551.886770][T15959] ipvlan0: entered promiscuous mode [ 551.893872][T15963] vivid-013: ================= START STATUS ================= [ 551.902603][T15959] ipvlan0: entered allmulticast mode [ 551.907948][T15959] veth0_vlan: entered allmulticast mode [ 551.914702][T15963] vivid-013: Generate PTS: true [ 551.919706][T15963] vivid-013: Generate SCR: true [ 551.925528][T15963] tpg source WxH: 640x360 (Y'CbCr) [ 551.930691][T15963] tpg field: 1 [ 551.943315][T15963] tpg crop: 640x360@0x0 [ 551.951486][T15963] tpg compose: 640x360@0x0 [ 551.962559][T15964] netlink: 1204 bytes leftover after parsing attributes in process `syz.1.2582'. [ 551.963514][T15853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 551.992309][T15963] tpg colorspace: 8 [ 551.995960][T15853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 551.996152][T15963] tpg transfer function: 0/0 [ 552.009633][T15853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 552.032018][T15853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 552.051177][T15967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2582'. [ 552.063048][T15853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 552.074635][T15963] tpg Y'CbCr encoding: 0/0 [ 552.080692][T15963] tpg quantization: 0/0 [ 552.101282][T15963] tpg RGB range: 0/2 [ 552.148690][T15963] vivid-013: ================== END STATUS ================== [ 552.173041][T15546] Bluetooth: hci0: command tx timeout [ 552.209806][T15853] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.245465][T15853] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.294293][T15853] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.323971][T15853] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 552.752296][T10598] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 552.760182][T10598] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 552.804328][T15975] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 552.834039][T10607] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 552.848900][T10607] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 552.983785][T15976] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 553.471679][T15988] HfR: entered promiscuous mode [ 553.517687][T15991] delete_channel: no stack [ 553.518367][T15988] binder: 15987:15988 ioctl 2284 ffffffffffffffff returned -22 [ 554.260029][T15546] Bluetooth: hci0: command tx timeout [ 555.090634][T16019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2594'. [ 555.142673][T16019] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 555.202058][T16019] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 556.494544][T16053] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2604'. [ 556.621309][T16053] vivid-013: ================= START STATUS ================= [ 556.639402][T16053] vivid-013: Generate PTS: true [ 556.672230][T16053] vivid-013: Generate SCR: true [ 556.677188][T16053] tpg source WxH: 640x360 (Y'CbCr) [ 556.704489][T16053] tpg field: 1 [ 556.712250][T16053] tpg crop: 640x360@0x0 [ 556.727682][T16053] tpg compose: 640x360@0x0 [ 556.742353][T16053] tpg colorspace: 8 [ 556.746217][T16053] tpg transfer function: 0/0 [ 556.750833][T16053] tpg Y'CbCr encoding: 0/0 [ 556.766679][T16053] tpg quantization: 0/0 [ 556.770968][T16053] tpg RGB range: 0/2 [ 556.802625][T16053] vivid-013: ================== END STATUS ================== [ 557.220923][T16071] [U]  [ 557.223784][T16071] [U] [ 557.226513][T16071] [U] [ 557.229237][T16071] [U] [ 557.243559][T16071] [U] [ 557.246328][T16071] [U] [ 557.249059][T16071] [U] [ 557.251787][T16071] [U] [ 557.352834][T16062] [U] [ 557.719813][T16069] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 558.435559][T16092] FAULT_INJECTION: forcing a failure. [ 558.435559][T16092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 558.483141][T16092] CPU: 0 UID: 0 PID: 16092 Comm: syz.3.2616 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 558.493975][T16092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 558.504064][T16092] Call Trace: [ 558.507375][T16092] [ 558.510330][T16092] dump_stack_lvl+0x16c/0x1f0 [ 558.515057][T16092] should_fail_ex+0x497/0x5b0 [ 558.519785][T16092] _copy_to_user+0x32/0xd0 [ 558.524252][T16092] simple_read_from_buffer+0xd0/0x160 [ 558.529669][T16092] proc_fail_nth_read+0x198/0x270 [ 558.534771][T16092] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 558.540378][T16092] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 558.545981][T16092] vfs_read+0x1df/0xbe0 [ 558.550192][T16092] ? __pfx_vfs_read+0x10/0x10 [ 558.554923][T16092] ? __pfx_do_sys_openat2+0x10/0x10 [ 558.560189][T16092] ksys_read+0x12b/0x250 [ 558.564477][T16092] ? __pfx_ksys_read+0x10/0x10 [ 558.569343][T16092] do_syscall_64+0xcd/0x250 [ 558.574080][T16092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.580031][T16092] RIP: 0033:0x7f26ef38473c [ 558.584479][T16092] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 558.604122][T16092] RSP: 002b:00007f26f01b0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 558.612546][T16092] RAX: ffffffffffffffda RBX: 00007f26ef575fa0 RCX: 00007f26ef38473c [ 558.620522][T16092] RDX: 000000000000000f RSI: 00007f26f01b00a0 RDI: 0000000000000007 [ 558.628497][T16092] RBP: 00007f26f01b0090 R08: 0000000000000000 R09: 0000000000000000 [ 558.636480][T16092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 558.644462][T16092] R13: 0000000000000000 R14: 00007f26ef575fa0 R15: 00007ffdce84e798 [ 558.652465][T16092] [ 559.443522][T16110] sp0: Synchronizing with TNC [ 559.796048][T16112] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 563.149605][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.156678][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.585182][T16197] netlink: 11 bytes leftover after parsing attributes in process `syz.4.2643'. [ 564.057346][T16207] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2645'. [ 564.142260][T16207] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 564.177838][T16207] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 564.744619][T16218] binder: 16217:16218 ioctl 2284 ffffffffffffffff returned -22 [ 565.133276][T16227] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2651'. [ 565.144499][T16227] ipvlan0: entered promiscuous mode [ 565.149751][T16227] ipvlan0: entered allmulticast mode [ 565.255357][T16230] vivid-013: ================= START STATUS ================= [ 565.268898][T16227] veth0_vlan: entered allmulticast mode [ 565.292042][T16230] vivid-013: Generate PTS: true [ 565.311982][T16230] vivid-013: Generate SCR: true [ 565.316922][T16230] tpg source WxH: 640x360 (Y'CbCr) [ 565.392613][T16230] tpg field: 1 [ 565.403194][T16230] tpg crop: 640x360@0x0 [ 565.407606][T16230] tpg compose: 640x360@0x0 [ 565.417786][T16230] tpg colorspace: 8 [ 565.430570][T16230] tpg transfer function: 0/0 [ 565.435325][T16230] tpg Y'CbCr encoding: 0/0 [ 565.441042][T16230] tpg quantization: 0/0 [ 565.445301][T16230] tpg RGB range: 0/2 [ 565.449215][T16230] vivid-013: ================== END STATUS ================== [ 565.920906][T16241] nbd: must specify at least one socket [ 566.204492][T16254] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2659'. [ 566.226233][T16254] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 566.246112][T16254] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 566.359935][T16256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2660'. [ 568.447660][T16286] binder: 16285:16286 ioctl 2284 ffffffffffffffff returned -22 [ 569.319622][T16302] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2673'. [ 569.358198][T16302] vivid-013: ================= START STATUS ================= [ 569.383492][T16302] vivid-013: Generate PTS: true [ 569.388497][T16302] vivid-013: Generate SCR: true [ 569.394071][T16302] tpg source WxH: 640x360 (Y'CbCr) [ 569.411212][T16302] tpg field: 1 [ 569.415094][T16302] tpg crop: 640x360@0x0 [ 569.419290][T16302] tpg compose: 640x360@0x0 [ 569.424428][T16302] tpg colorspace: 8 [ 569.428282][T16302] tpg transfer function: 0/0 [ 569.437855][T16302] tpg Y'CbCr encoding: 0/0 [ 569.447357][T16302] tpg quantization: 0/0 [ 569.451656][T16302] tpg RGB range: 0/2 [ 569.456124][T16302] vivid-013: ================== END STATUS ================== [ 569.836949][T16317] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2679'. [ 569.849218][T16317] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 569.862093][T16317] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 569.956442][T16322] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2680'. [ 569.989041][T16322] vivid-013: ================= START STATUS ================= [ 570.030184][T16322] vivid-013: Generate PTS: true [ 570.039089][T16322] vivid-013: Generate SCR: true [ 570.072824][T16322] tpg source WxH: 640x360 (Y'CbCr) [ 570.092958][T16322] tpg field: 1 [ 570.096891][T16322] tpg crop: 640x360@0x0 [ 570.101093][T16322] tpg compose: 640x360@0x0 [ 570.116228][T16322] tpg colorspace: 8 [ 570.120096][T16322] tpg transfer function: 0/0 [ 570.142423][T16322] tpg Y'CbCr encoding: 0/0 [ 570.147028][T16322] tpg quantization: 0/0 [ 570.151223][T16322] tpg RGB range: 0/2 [ 570.187517][T16322] vivid-013: ================== END STATUS ================== [ 570.314815][T16340] FAULT_INJECTION: forcing a failure. [ 570.314815][T16340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 570.336751][T16340] CPU: 0 UID: 0 PID: 16340 Comm: syz.3.2685 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 570.347592][T16340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 570.357685][T16340] Call Trace: [ 570.360994][T16340] [ 570.363954][T16340] dump_stack_lvl+0x16c/0x1f0 [ 570.368681][T16340] should_fail_ex+0x497/0x5b0 [ 570.373419][T16340] _copy_to_user+0x32/0xd0 [ 570.377890][T16340] simple_read_from_buffer+0xd0/0x160 [ 570.383311][T16340] proc_fail_nth_read+0x198/0x270 [ 570.388394][T16340] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 570.394007][T16340] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 570.399612][T16340] vfs_read+0x1df/0xbe0 [ 570.403816][T16340] ? __fget_files+0x1fc/0x3a0 [ 570.408540][T16340] ? __pfx___mutex_lock+0x10/0x10 [ 570.413615][T16340] ? __pfx_vfs_read+0x10/0x10 [ 570.418349][T16340] ? __fget_files+0x206/0x3a0 [ 570.423086][T16340] ksys_read+0x12b/0x250 [ 570.427378][T16340] ? __pfx_ksys_read+0x10/0x10 [ 570.432193][T16340] do_syscall_64+0xcd/0x250 [ 570.436743][T16340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.442686][T16340] RIP: 0033:0x7f26ef38473c [ 570.447136][T16340] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 570.466775][T16340] RSP: 002b:00007f26f01b0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 570.475204][T16340] RAX: ffffffffffffffda RBX: 00007f26ef575fa0 RCX: 00007f26ef38473c [ 570.483183][T16340] RDX: 000000000000000f RSI: 00007f26f01b00a0 RDI: 0000000000000003 [ 570.491162][T16340] RBP: 00007f26f01b0090 R08: 0000000000000000 R09: 0000000000000000 [ 570.499142][T16340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 570.507121][T16340] R13: 0000000000000000 R14: 00007f26ef575fa0 R15: 00007ffdce84e798 [ 570.515117][T16340] [ 571.118448][T16363] netlink: 11 bytes leftover after parsing attributes in process `syz.3.2691'. [ 571.709427][T16370] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 573.919635][T16419] Invalid ELF header magic: != ELF [ 575.452063][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 576.142581][T16462] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2717'. [ 576.162197][T16462] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 576.171736][T16462] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 576.298225][T16453] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 576.754293][T16448] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 580.321137][T16545] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2741'. [ 580.629986][T16545] netlink: 346 bytes leftover after parsing attributes in process `syz.2.2741'. [ 580.814264][T16549] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2743'. [ 580.870569][T16549] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.879546][T16549] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.914701][T16551] ubi0: attaching mtd0 [ 580.922295][T16549] bridge0: entered allmulticast mode [ 580.938486][T16551] ubi0: scanning is finished [ 580.958817][T16551] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 581.389920][T16551] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 581.421599][T16553] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2744'. [ 581.549098][T16553] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.558110][T16553] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.602504][T16555] ubi0: attaching mtd0 [ 581.609052][T16555] ubi0: scanning is finished [ 581.612278][T16553] bridge0: entered allmulticast mode [ 581.646183][T16555] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 581.863496][T16555] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 581.891850][T16557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2745'. [ 581.950781][T16557] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 581.974049][T16557] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 584.154550][T16594] binder: 16590:16594 ioctl 2284 ffffffffffffffff returned -22 [ 584.387095][T16591] HfR: entered promiscuous mode [ 584.966473][T16597] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 586.009644][T16620] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2760'. [ 586.055891][T16622] vivid-013: ================= START STATUS ================= [ 586.082447][T16620] ipvlan0: entered promiscuous mode [ 586.088957][T16620] ipvlan0: entered allmulticast mode [ 586.112824][T16622] vivid-013: Generate PTS: true [ 586.134211][T16622] vivid-013: Generate SCR: true [ 586.153233][T16622] tpg source WxH: 640x360 (Y'CbCr) [ 586.182215][T16620] veth0_vlan: entered allmulticast mode [ 586.207700][T16622] tpg field: 1 [ 586.211135][T16622] tpg crop: 640x360@0x0 [ 586.265948][T16622] tpg compose: 640x360@0x0 [ 586.285412][T16622] tpg colorspace: 8 [ 586.289287][T16622] tpg transfer function: 0/0 [ 586.342050][T16622] tpg Y'CbCr encoding: 0/0 [ 586.347116][T16622] tpg quantization: 0/0 [ 586.351385][T16622] tpg RGB range: 0/2 [ 586.356255][T16622] vivid-013: ================== END STATUS ================== [ 587.530791][T16643] openvswitch: HfR: Dropping previously announced user features [ 587.592615][T16643] binder: 16639:16643 ioctl 2284 ffffffffffffffff returned -22 [ 588.305789][T16654] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2771'. [ 588.812648][T16654] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 588.942126][T16654] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 589.283480][T16657] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2770'. [ 589.405682][T16665] ubi0: attaching mtd0 [ 589.511687][T16665] ubi0: scanning is finished [ 589.527395][T16665] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 589.663137][T16657] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.670680][T16657] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.776670][T16657] bridge0: entered allmulticast mode [ 590.126527][T16665] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 590.736823][T16687] openvswitch: HfR: Dropping previously announced user features [ 590.997606][T16684] binder: 16683:16684 ioctl 2284 ffffffffffffffff returned -22 [ 591.393039][T16700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2782'. [ 591.456391][T16700] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 591.485170][T16700] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 593.313052][T16721] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2788'. [ 593.358989][T16721] vivid-013: ================= START STATUS ================= [ 593.375846][T16721] vivid-013: Generate PTS: true [ 593.380785][T16721] vivid-013: Generate SCR: true [ 593.392703][T16721] tpg source WxH: 640x360 (Y'CbCr) [ 593.397876][T16721] tpg field: 1 [ 593.401276][T16721] tpg crop: 640x360@0x0 [ 593.422043][T16721] tpg compose: 640x360@0x0 [ 593.427801][T16721] tpg colorspace: 8 [ 593.431673][T16721] tpg transfer function: 0/0 [ 593.459947][T16721] tpg Y'CbCr encoding: 0/0 [ 593.477566][T16721] tpg quantization: 0/0 [ 593.483196][T16721] tpg RGB range: 0/2 [ 593.487150][T16721] vivid-013: ================== END STATUS ================== [ 595.309020][T16756] FAULT_INJECTION: forcing a failure. [ 595.309020][T16756] name failslab, interval 1, probability 0, space 0, times 0 [ 595.372151][T16756] CPU: 0 UID: 0 PID: 16756 Comm: syz.2.2798 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 595.382988][T16756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 595.393082][T16756] Call Trace: [ 595.396390][T16756] [ 595.399347][T16756] dump_stack_lvl+0x16c/0x1f0 [ 595.404071][T16756] should_fail_ex+0x497/0x5b0 [ 595.408790][T16756] ? fs_reclaim_acquire+0xae/0x150 [ 595.413954][T16756] should_failslab+0xc2/0x120 [ 595.418705][T16756] __kmalloc_noprof+0xce/0x4f0 [ 595.423521][T16756] ? d_absolute_path+0x137/0x1b0 [ 595.428510][T16756] ? tomoyo_encode2+0x100/0x3e0 [ 595.433407][T16756] tomoyo_encode2+0x100/0x3e0 [ 595.438124][T16756] tomoyo_realpath_from_path+0x1a7/0x710 [ 595.443802][T16756] tomoyo_path_number_perm+0x248/0x5b0 [ 595.449310][T16756] ? tomoyo_path_number_perm+0x235/0x5b0 [ 595.455002][T16756] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 595.461072][T16756] ? __pfx_lock_release+0x10/0x10 [ 595.466136][T16756] ? trace_lock_acquire+0x14e/0x1f0 [ 595.471383][T16756] ? lock_acquire+0x2f/0xb0 [ 595.475920][T16756] ? __fget_files+0x40/0x3a0 [ 595.480557][T16756] ? __fget_files+0x206/0x3a0 [ 595.485284][T16756] security_file_ioctl+0x9b/0x240 [ 595.490353][T16756] __x64_sys_ioctl+0xb7/0x200 [ 595.495074][T16756] do_syscall_64+0xcd/0x250 [ 595.499629][T16756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.505571][T16756] RIP: 0033:0x7f9019b85d29 [ 595.510022][T16756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.529682][T16756] RSP: 002b:00007f901a9ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 595.538143][T16756] RAX: ffffffffffffffda RBX: 00007f9019d75fa0 RCX: 00007f9019b85d29 [ 595.546158][T16756] RDX: 0000000000000000 RSI: 0000000040046f41 RDI: 0000000000000003 [ 595.554167][T16756] RBP: 00007f901a9ba090 R08: 0000000000000000 R09: 0000000000000000 [ 595.562176][T16756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 595.570180][T16756] R13: 0000000000000000 R14: 00007f9019d75fa0 R15: 00007ffd05e73fd8 [ 595.578208][T16756] [ 595.622231][T16756] ERROR: Out of memory at tomoyo_realpath_from_path. [ 596.090703][T16767] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2804'. [ 596.164003][T16767] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 596.191513][T16767] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 596.761101][T16781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2805'. [ 596.963977][T16781] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 597.036875][T16781] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 598.565640][T16812] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2814'. [ 598.586849][T16812] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2814'. [ 598.665947][T16807] HfR: entered promiscuous mode [ 598.685863][T16807] binder: 16806:16807 ioctl 2284 ffffffffffffffff returned -22 [ 599.479249][T16824] Falling back ldisc for ptm0. [ 600.504931][T16848] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2826'. [ 600.647564][T16848] ubi0: attaching mtd0 [ 600.653083][T16848] ubi0: scanning is finished [ 600.657765][T16848] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 600.749756][T16851] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2827'. [ 600.771363][T16851] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 600.792081][T16851] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 600.863189][T16848] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 601.913515][T16883] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2836'. [ 601.976711][T16883] vivid-013: ================= START STATUS ================= [ 602.015777][T16883] vivid-013: Generate PTS: true [ 602.020722][T16883] vivid-013: Generate SCR: true [ 602.053247][T16883] tpg source WxH: 640x360 (Y'CbCr) [ 602.082212][T16883] tpg field: 1 [ 602.085656][T16883] tpg crop: 640x360@0x0 [ 602.089844][T16883] tpg compose: 640x360@0x0 [ 602.123883][T16883] tpg colorspace: 8 [ 602.127765][T16883] tpg transfer function: 0/0 [ 602.133170][T16883] tpg Y'CbCr encoding: 0/0 [ 602.137644][T16883] tpg quantization: 0/0 [ 602.141837][T16883] tpg RGB range: 0/2 [ 602.227848][T16883] vivid-013: ================== END STATUS ================== [ 603.023514][T16896] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2839'. [ 603.107338][T16902] mkiss: ax0: crc mode is auto. [ 603.120442][T16896] hsr_slave_0: entered allmulticast mode [ 604.368186][T16936] FAULT_INJECTION: forcing a failure. [ 604.368186][T16936] name failslab, interval 1, probability 0, space 0, times 0 [ 604.455846][T16934] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2851'. [ 604.489531][T16936] CPU: 1 UID: 0 PID: 16936 Comm: syz.4.2850 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 604.496872][T16934] bridge0: port 2(bridge_slave_1) entered disabled state [ 604.500340][T16936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 604.507862][T16934] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.517415][T16936] Call Trace: [ 604.517432][T16936] [ 604.517443][T16936] dump_stack_lvl+0x16c/0x1f0 [ 604.517478][T16936] should_fail_ex+0x497/0x5b0 [ 604.517508][T16936] ? fs_reclaim_acquire+0xae/0x150 [ 604.545274][T16936] should_failslab+0xc2/0x120 [ 604.550009][T16936] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 604.555438][T16936] ? __pfx___might_resched+0x10/0x10 [ 604.560771][T16936] ? __anon_vma_prepare+0x344/0x5e0 [ 604.563543][T16941] ubi0: attaching mtd0 [ 604.566003][T16936] __anon_vma_prepare+0x344/0x5e0 [ 604.570317][T16934] bridge0: entered allmulticast mode [ 604.575063][T16936] ? __filemap_get_folio+0x2a5/0xaf0 [ 604.575104][T16936] __vmf_anon_prepare+0x11c/0x240 [ 604.581502][T16941] ubi0: scanning is finished [ 604.585660][T16936] hugetlb_fault+0x1f3b/0x2fb0 [ 604.585704][T16936] ? __pfx_hugetlb_fault+0x10/0x10 [ 604.585742][T16936] ? find_vma+0xc0/0x140 [ 604.609556][T16936] ? __pfx_find_vma+0x10/0x10 [ 604.612430][T16941] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 604.614263][T16936] handle_mm_fault+0x930/0xaa0 [ 604.614310][T16936] do_user_addr_fault+0x7a3/0x13f0 [ 604.632273][T16936] exc_page_fault+0x5c/0xc0 [ 604.636818][T16936] asm_exc_page_fault+0x26/0x30 [ 604.641705][T16936] RIP: 0010:__get_user_4+0x1a/0x30 [ 604.646865][T16936] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 ba 00 f0 ff ff ff 7f 00 00 48 39 c2 48 19 d2 48 09 d0 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 [ 604.666508][T16936] RSP: 0018:ffffc9000561fe38 EFLAGS: 00050246 [ 604.672592][T16936] RAX: 0000000000000000 RBX: 0000000040046f41 RCX: ffffc9000561fda0 [ 604.680572][T16936] RDX: 0000000000000000 RSI: ffffffff861fc98a RDI: ffffffff8bb19b80 [ 604.688552][T16936] RBP: 1ffff92000ac3fc8 R08: 0000000000000000 R09: fffffbfff203a53a [ 604.696534][T16936] R10: ffffffff901d29d7 R11: 0000000000000000 R12: 0000000000000000 [ 604.704515][T16936] R13: 0000000000000001 R14: 0000000000000003 R15: 0000000000000000 [ 604.712508][T16936] ? ctrl_cdev_ioctl+0x1ba/0x3d0 [ 604.717466][T16936] ctrl_cdev_ioctl+0x1c2/0x3d0 [ 604.722242][T16936] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 604.727545][T16936] ? __fget_files+0x206/0x3a0 [ 604.732243][T16936] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 604.737544][T16936] __x64_sys_ioctl+0x190/0x200 [ 604.742329][T16936] do_syscall_64+0xcd/0x250 [ 604.746868][T16936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.752785][T16936] RIP: 0033:0x7f839bf85d29 [ 604.757207][T16936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 604.776830][T16936] RSP: 002b:00007f839ce76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 604.785259][T16936] RAX: ffffffffffffffda RBX: 00007f839c176080 RCX: 00007f839bf85d29 [ 604.793239][T16936] RDX: 0000000000000000 RSI: 0000000040046f41 RDI: 0000000000000003 [ 604.801217][T16936] RBP: 00007f839ce76090 R08: 0000000000000000 R09: 0000000000000000 [ 604.809196][T16936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.817175][T16936] R13: 0000000000000000 R14: 00007f839c176080 R15: 00007ffc28b321e8 [ 604.825167][T16936] [ 604.964539][T16941] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 606.564569][T16955] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(6) [ 606.663596][T16961] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2858'. [ 606.752794][T16960] vivid-013: ================= START STATUS ================= [ 606.795923][T16960] vivid-013: Generate PTS: true [ 606.800868][T16960] vivid-013: Generate SCR: true [ 606.850933][T16960] tpg source WxH: 640x360 (Y'CbCr) [ 606.892329][T16960] tpg field: 1 [ 606.895756][T16960] tpg crop: 640x360@0x0 [ 606.961987][T16960] tpg compose: 640x360@0x0 [ 606.976946][T16960] tpg colorspace: 8 [ 606.981130][T16960] tpg transfer function: 0/0 [ 607.218852][T16960] tpg Y'CbCr encoding: 0/0 [ 607.245471][T16960] tpg quantization: 0/0 [ 607.249699][T16960] tpg RGB range: 0/2 [ 607.311964][T16960] vivid-013: ================== END STATUS ================== [ 607.573543][T16973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2862'. [ 607.583609][T16973] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 607.612094][T16973] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 608.199020][T16979] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2863'. [ 608.965798][T16995] openvswitch: HfR: Dropping previously announced user features [ 608.976965][T16995] binder: 16990:16995 ioctl 2284 ffffffffffffffff returned -22 [ 609.281687][T16994] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(6) [ 610.386101][T17021] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2875'. [ 611.121077][T17021] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 611.287370][T17021] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 612.970655][T17071] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2892'. [ 613.025233][T17067] openvswitch: HfR: Dropping previously announced user features [ 613.039366][T17067] binder: 17066:17067 ioctl 2284 ffffffffffffffff returned -22 [ 614.049863][T17095] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2900'. [ 614.060562][T17095] vivid-013: ================= START STATUS ================= [ 614.069288][T17095] vivid-013: Generate PTS: true [ 614.074344][T17095] vivid-013: Generate SCR: true [ 614.079247][T17095] tpg source WxH: 640x360 (Y'CbCr) [ 614.086781][T17095] tpg field: 1 [ 614.090319][T17095] tpg crop: 640x360@0x0 [ 614.094801][T17095] tpg compose: 640x360@0x0 [ 614.099254][T17095] tpg colorspace: 8 [ 614.103250][T17095] tpg transfer function: 0/0 [ 614.107878][T17095] tpg Y'CbCr encoding: 0/0 [ 614.112452][T17095] tpg quantization: 0/0 [ 614.121253][T17095] tpg RGB range: 0/2 [ 614.125444][T17095] vivid-013: ================== END STATUS ================== [ 614.667072][T17102] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2901'. [ 614.731677][T17104] mkiss: ax0: crc mode is auto. [ 614.744464][T17101] netlink: 338 bytes leftover after parsing attributes in process `syz.2.2901'. [ 614.780124][T17108] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2902'. [ 614.889669][T17101] netlink: 110 bytes leftover after parsing attributes in process `syz.2.2901'. [ 615.836991][T17139] openvswitch: HfR: Dropping previously announced user features [ 615.855484][T17139] binder: 17138:17139 ioctl 2284 ffffffffffffffff returned -22 [ 616.379009][T17144] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 617.837142][T17170] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2918'. [ 617.917503][T17172] vivid-013: ================= START STATUS ================= [ 617.972128][T17172] vivid-013: Generate PTS: true [ 618.015756][T17172] vivid-013: Generate SCR: true [ 618.093314][T17172] tpg source WxH: 640x360 (Y'CbCr) [ 618.104968][T17172] tpg field: 1 [ 618.111993][T17172] tpg crop: 640x360@0x0 [ 618.121256][T17172] tpg compose: 640x360@0x0 [ 618.130300][T17172] tpg colorspace: 8 [ 618.138674][T17172] tpg transfer function: 0/0 [ 618.152146][T17172] tpg Y'CbCr encoding: 0/0 [ 618.157836][T17172] tpg quantization: 0/0 [ 618.183389][T17172] tpg RGB range: 0/2 [ 618.206180][T17172] vivid-013: ================== END STATUS ================== [ 618.884354][T17196] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2925'. [ 618.975676][T17200] FAULT_INJECTION: forcing a failure. [ 618.975676][T17200] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 619.040117][T17200] CPU: 0 UID: 0 PID: 17200 Comm: syz.2.2927 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 619.050952][T17200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 619.061045][T17200] Call Trace: [ 619.064398][T17200] [ 619.067361][T17200] dump_stack_lvl+0x16c/0x1f0 [ 619.072088][T17200] should_fail_ex+0x497/0x5b0 [ 619.076815][T17200] _copy_to_user+0x32/0xd0 [ 619.081284][T17200] simple_read_from_buffer+0xd0/0x160 [ 619.086702][T17200] proc_fail_nth_read+0x198/0x270 [ 619.091781][T17200] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 619.097383][T17200] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 619.102994][T17200] vfs_read+0x1df/0xbe0 [ 619.107186][T17200] ? __fget_files+0x1fc/0x3a0 [ 619.111900][T17200] ? __pfx___mutex_lock+0x10/0x10 [ 619.116977][T17200] ? __pfx_vfs_read+0x10/0x10 [ 619.121710][T17200] ? __fget_files+0x206/0x3a0 [ 619.126446][T17200] ksys_read+0x12b/0x250 [ 619.130739][T17200] ? __pfx_ksys_read+0x10/0x10 [ 619.135564][T17200] do_syscall_64+0xcd/0x250 [ 619.140123][T17200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.146068][T17200] RIP: 0033:0x7f9019b8473c [ 619.150527][T17200] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 619.170177][T17200] RSP: 002b:00007f901a9ba030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 619.178638][T17200] RAX: ffffffffffffffda RBX: 00007f9019d75fa0 RCX: 00007f9019b8473c [ 619.186652][T17200] RDX: 000000000000000f RSI: 00007f901a9ba0a0 RDI: 0000000000000006 [ 619.194663][T17200] RBP: 00007f901a9ba090 R08: 0000000000000000 R09: 0000000000000000 [ 619.202672][T17200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 619.210681][T17200] R13: 0000000000000000 R14: 00007f9019d75fa0 R15: 00007ffd05e73fd8 [ 619.218710][T17200] [ 620.118662][T17228] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2935'. [ 620.455741][T17228] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 620.516940][T17228] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 620.954721][T17237] binder: 17235:17237 ioctl 2284 ffffffffffffffff returned -22 [ 621.465597][T17244] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2939'. [ 623.748618][T17293] binder: 17292:17293 ioctl 2284 ffffffffffffffff returned -22 [ 623.774455][T17297] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2956'. [ 624.575335][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.581683][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.679158][T17306] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 625.788061][T17328] ptrace attach of "./syz-executor exec"[15545] was attempted by "./syz-executor exec"[17328] [ 626.092868][T17353] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2972'. [ 626.272949][T17355] vivid-013: ================= START STATUS ================= [ 626.314100][T17355] vivid-013: Generate PTS: true [ 626.319057][T17355] vivid-013: Generate SCR: true [ 626.806072][T17355] tpg source WxH: 640x360 (Y'CbCr) [ 626.811247][T17355] tpg field: 1 [ 626.970038][T17355] tpg crop: 640x360@0x0 [ 626.975247][T17355] tpg compose: 640x360@0x0 [ 626.979733][T17355] tpg colorspace: 8 [ 626.983675][T17355] tpg transfer function: 0/0 [ 626.988305][T17355] tpg Y'CbCr encoding: 0/0 [ 626.992937][T17355] tpg quantization: 0/0 [ 626.997116][T17355] tpg RGB range: 0/2 [ 627.001035][T17355] vivid-013: ================== END STATUS ================== [ 628.018056][T17366] openvswitch: HfR: Dropping previously announced user features [ 628.073385][T17367] binder: 17365:17367 ioctl 2284 ffffffffffffffff returned -22 [ 629.439981][T17384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2979'. [ 631.942658][T17422] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2991'. [ 631.986463][T17422] ubi0: attaching mtd0 [ 631.993453][T17422] ubi0: scanning is finished [ 632.002016][T17422] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 632.126083][T17422] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 632.599570][T17440] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2993'. [ 632.634766][T17440] vivid-013: ================= START STATUS ================= [ 632.641815][T17439] openvswitch: HfR: Dropping previously announced user features [ 632.657766][T17439] binder: 17438:17439 ioctl 2284 ffffffffffffffff returned -22 [ 632.665753][T17440] vivid-013: Generate PTS: true [ 632.670814][T17440] vivid-013: Generate SCR: true [ 632.681011][T17440] tpg source WxH: 640x360 (Y'CbCr) [ 632.688842][T17440] tpg field: 1 [ 632.701990][T17440] tpg crop: 640x360@0x0 [ 632.706204][T17440] tpg compose: 640x360@0x0 [ 632.710661][T17440] tpg colorspace: 8 [ 632.739817][T17440] tpg transfer function: 0/0 [ 632.745322][T17440] tpg Y'CbCr encoding: 0/0 [ 632.763962][T17440] tpg quantization: 0/0 [ 632.785088][T17440] tpg RGB range: 0/2 [ 632.789208][T17440] vivid-013: ================== END STATUS ================== [ 633.311041][T17455] openvswitch: HfR: Dropping previously announced user features [ 633.327850][T17455] binder: 17454:17455 ioctl 2284 ffffffffffffffff returned -22 [ 633.539018][T17460] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3003'. [ 633.577270][T17460] ubi0: attaching mtd0 [ 633.582641][T17460] ubi0: scanning is finished [ 633.587304][T17460] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 633.712349][T17460] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 634.434208][T17486] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(6) [ 635.041479][T17502] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3015'. [ 635.078904][T17502] ubi0: attaching mtd0 [ 635.096239][T17502] ubi0: scanning is finished [ 635.100917][T17502] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 635.402938][T17502] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 636.055109][T17531] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3025'. [ 636.074923][T17531] vivid-013: ================= START STATUS ================= [ 636.092455][T17531] vivid-013: Generate PTS: true [ 636.102613][T17531] vivid-013: Generate SCR: true [ 636.122057][T17531] tpg source WxH: 640x360 (Y'CbCr) [ 636.144129][T17531] tpg field: 1 [ 636.155370][T17531] tpg crop: 640x360@0x0 [ 636.178498][T17531] tpg compose: 640x360@0x0 [ 636.201998][T17531] tpg colorspace: 8 [ 636.205854][T17531] tpg transfer function: 0/0 [ 636.277039][T17531] tpg Y'CbCr encoding: 0/0 [ 636.283294][T17531] tpg quantization: 0/0 [ 636.287514][T17531] tpg RGB range: 0/2 [ 636.291430][T17531] vivid-013: ================== END STATUS ================== [ 636.456688][T17536] queue_state_write: unsupported operation '"' [ 636.492626][T17536] queue_state_write: use 'run', 'start' or 'kick' [ 636.642696][T17548] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3028'. [ 636.659138][T17548] ubi0: attaching mtd0 [ 636.665915][T17548] ubi0: scanning is finished [ 636.670571][T17548] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 636.878867][T17548] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 637.079702][T17558] openvswitch: HfR: Dropping previously announced user features [ 637.093547][T17558] binder: 17557:17558 ioctl 2284 ffffffffffffffff returned -22 [ 637.992742][T17593] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3043'. [ 638.047564][T17593] ubi0: attaching mtd0 [ 638.053912][T17593] ubi0: scanning is finished [ 638.058564][T17593] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 638.194734][T17593] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 638.415351][T17596] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3044'. [ 638.431515][T17596] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 639.066304][T17629] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3053'. [ 640.180658][T17663] openvswitch: HfR: Dropping previously announced user features [ 640.205607][T17663] binder: 17662:17663 ioctl 2284 ffffffffffffffff returned -22 [ 640.428754][T17674] can: request_module (can-proto-0) failed. [ 641.328985][T17698] mkiss: ax0: crc mode is auto. [ 641.662349][T17707] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3076'. [ 641.698401][T17707] vivid-013: ================= START STATUS ================= [ 641.740688][T17707] vivid-013: Generate PTS: true [ 641.763089][T17707] vivid-013: Generate SCR: true [ 641.768016][T17707] tpg source WxH: 640x360 (Y'CbCr) [ 641.844089][T17707] tpg field: 1 [ 641.847522][T17707] tpg crop: 640x360@0x0 [ 641.851704][T17707] tpg compose: 640x360@0x0 [ 641.875592][T17707] tpg colorspace: 8 [ 641.944828][T17707] tpg transfer function: 0/0 [ 641.958071][T17707] tpg Y'CbCr encoding: 0/0 [ 641.971516][T17707] tpg quantization: 0/0 [ 641.990580][T17707] tpg RGB range: 0/2 [ 642.020405][T17707] vivid-013: ================== END STATUS ================== [ 642.375714][T17720] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3078'. [ 642.433633][T17720] ubi0: attaching mtd0 [ 642.444566][T17720] ubi0: scanning is finished [ 642.449231][T17720] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 642.668815][T17720] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 642.668981][T17723] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3079'. [ 642.714349][T17724] vivid-003: ================= START STATUS ================= [ 642.749172][T17724] vivid-003: Radio HW Seek Mode: Bounded [ 642.755182][T17723] ubi0: attaching mtd0 [ 642.761202][T17723] ubi0: scanning is finished [ 642.766064][T17723] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 642.794030][T17724] vivid-003: Radio Programmable HW Seek: false [ 642.800771][T17724] vivid-003: RDS Rx I/O Mode: Block I/O [ 642.851321][T17723] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 642.934464][T17724] vivid-003: Generate RBDS Instead of RDS: false [ 642.997014][T17724] vivid-003: RDS Reception: true [ 643.065142][T17724] vivid-003: RDS Program Type: 0 inactive [ 643.070966][T17724] vivid-003: RDS PS Name: inactive [ 643.172004][T17724] vivid-003: RDS Radio Text: inactive [ 643.196947][T17724] vivid-003: RDS Traffic Announcement: false inactive [ 643.236311][T17724] vivid-003: RDS Traffic Program: false inactive [ 643.267600][T17724] vivid-003: RDS Music: false inactive [ 643.316762][T17724] vivid-003: ================== END STATUS ================== [ 643.942723][T17750] openvswitch: HfR: Dropping previously announced user features [ 643.964894][T17750] binder: 17749:17750 ioctl 2284 ffffffffffffffff returned -22 [ 644.847449][T17765] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3089'. [ 644.925540][T17765] ubi0: attaching mtd0 [ 645.028427][T17765] ubi0: scanning is finished [ 645.042053][T17765] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 645.166578][T17765] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 645.244650][T17773] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3090'. [ 645.277631][T17773] vivid-013: ================= START STATUS ================= [ 645.290100][T17773] vivid-013: Generate PTS: true [ 645.314186][T17773] vivid-013: Generate SCR: true [ 645.319159][T17773] tpg source WxH: 640x360 (Y'CbCr) [ 645.346128][T17773] tpg field: 1 [ 645.349545][T17773] tpg crop: 640x360@0x0 [ 645.360390][T17773] tpg compose: 640x360@0x0 [ 645.375097][T17773] tpg colorspace: 8 [ 645.391527][T17773] tpg transfer function: 0/0 [ 645.411418][T17773] tpg Y'CbCr encoding: 0/0 [ 645.416771][T17773] tpg quantization: 0/0 [ 645.433795][T17773] tpg RGB range: 0/2 [ 645.437788][T17773] vivid-013: ================== END STATUS ================== [ 647.625911][T17810] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3100'. [ 647.766680][T17810] ubi0: attaching mtd0 [ 647.819368][T17810] ubi0: scanning is finished [ 647.845551][T17810] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 648.313853][T17810] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 649.971670][T17856] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3114'. [ 649.988976][T17856] ubi0: attaching mtd0 [ 649.994207][T17856] ubi0: scanning is finished [ 649.999651][T17856] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 650.131096][T17865] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3116'. [ 650.173969][T17856] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 650.610244][T17878] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3121'. [ 650.671497][T17882] vivid-013: ================= START STATUS ================= [ 650.679634][T17882] vivid-013: Generate PTS: true [ 650.695716][T17875] openvswitch: HfR: Dropping previously announced user features [ 650.710464][T17882] vivid-013: Generate SCR: true [ 650.720459][T17881] binder: 17874:17881 ioctl 2284 ffffffffffffffff returned -22 [ 650.729357][T17882] tpg source WxH: 640x360 (Y'CbCr) [ 650.749836][T17882] tpg field: 1 [ 650.802255][T17882] tpg crop: 640x360@0x0 [ 650.824722][T17882] tpg compose: 640x360@0x0 [ 650.832422][T17882] tpg colorspace: 8 [ 650.837446][T17882] tpg transfer function: 0/0 [ 650.842172][T17882] tpg Y'CbCr encoding: 0/0 [ 650.849138][T17882] tpg quantization: 0/0 [ 650.853490][T17882] tpg RGB range: 0/2 [ 650.857542][T17882] vivid-013: ================== END STATUS ================== [ 652.409412][T17904] ubi0: attaching mtd0 [ 652.476446][T17904] ubi0: scanning is finished [ 652.481116][T17904] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 652.908701][T17904] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 653.912565][T17932] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3134'. [ 653.992892][T17932] ubi0: attaching mtd0 [ 654.007889][T17932] ubi0: scanning is finished [ 654.032028][T17932] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 654.207935][T17932] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 655.737085][T17980] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3150'. [ 655.883642][T17984] vivid-013: ================= START STATUS ================= [ 655.954719][T17984] vivid-013: Generate PTS: true [ 655.959653][T17984] vivid-013: Generate SCR: true [ 655.972995][T17984] tpg source WxH: 640x360 (Y'CbCr) [ 655.982029][T17984] tpg field: 1 [ 655.997457][T17984] tpg crop: 640x360@0x0 [ 656.001659][T17984] tpg compose: 640x360@0x0 [ 656.171205][T17984] tpg colorspace: 8 [ 656.191615][T17984] tpg transfer function: 0/0 [ 656.208256][T17984] tpg Y'CbCr encoding: 0/0 [ 656.217028][T17984] tpg quantization: 0/0 [ 656.227987][T17984] tpg RGB range: 0/2 [ 656.236185][T17984] vivid-013: ================== END STATUS ================== [ 657.353902][T18015] openvswitch: HfR: Dropping previously announced user features [ 657.372035][T15546] Bluetooth: hci1: command 0x0406 tx timeout [ 657.385024][T18015] binder: 18013:18015 ioctl 2284 ffffffffffffffff returned -22 [ 657.921795][T18029] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 659.314452][T18055] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3175'. [ 659.325986][T18055] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 659.375591][T18055] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 660.417548][T18074] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3173'. [ 661.067211][T18083] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3176'. [ 661.102785][T18083] ubi0: attaching mtd0 [ 661.107959][T18083] ubi0: scanning is finished [ 661.119738][T18083] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 661.322843][T18083] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 662.492194][T15546] Bluetooth: hci3: command 0x0406 tx timeout [ 663.654067][T18123] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3187'. [ 663.678070][T18123] ubi0: attaching mtd0 [ 663.690595][T18123] ubi0: scanning is finished [ 663.712112][T18123] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 663.885752][T18123] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 666.514641][T18178] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3197'. [ 666.645226][T18179] ubi0: attaching mtd0 [ 666.649918][T18179] ubi0: scanning is finished [ 666.723277][T18179] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 667.216920][T18179] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 669.647634][T18218] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3208'. [ 669.704518][T18218] ubi0: attaching mtd0 [ 669.739495][T18218] ubi0: scanning is finished [ 669.764692][T18218] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 669.837000][T18217] binder: 18215:18217 ioctl 2284 ffffffffffffffff returned -22 [ 669.914637][T18218] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 671.113353][T18244] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3216'. [ 671.747464][T18254] openvswitch: HfR: Dropping previously announced user features [ 671.840836][T18256] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3220'. [ 671.902295][T18256] ubi0: attaching mtd0 [ 671.907705][T18256] ubi0: scanning is finished [ 671.943025][T18251] binder: 18250:18251 ioctl 2284 ffffffffffffffff returned -22 [ 671.950700][T18256] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 672.368616][T18256] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 672.736661][T15546] Bluetooth: hci0: command 0x0406 tx timeout [ 674.863461][T18281] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3226'. [ 674.902702][T18281] ubi0: attaching mtd0 [ 674.909274][T18281] ubi0: scanning is finished [ 674.922050][T18281] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 675.043939][T18281] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 676.037121][T18300] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3230'. [ 676.082997][T18300] ubi0: attaching mtd0 [ 676.103621][T18300] ubi0: scanning is finished [ 676.118549][T18300] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 676.323026][T18300] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 677.353364][T18309] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3233'. [ 677.471608][T18310] ubi0: attaching mtd0 [ 677.481255][T18310] ubi0: scanning is finished [ 677.507520][T18310] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 677.976719][T18310] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 678.512059][T18314] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3235'. [ 678.566629][T18314] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 678.936863][T18336] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3245'. [ 679.008171][T18336] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 679.062373][T18336] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 680.196845][T18347] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3240'. [ 680.233167][T18347] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 680.269076][T18347] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 681.529522][T18362] openvswitch: HfR: Dropping previously announced user features [ 681.710630][T18359] binder: 18357:18359 ioctl 2284 ffffffffffffffff returned -22 [ 682.287073][T18371] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3248'. [ 682.356638][T18371] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 682.605326][T18367] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3247'. [ 682.722558][T18367] ubi0: attaching mtd0 [ 682.727725][T18367] ubi0: scanning is finished [ 682.782667][T18367] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 683.516391][T18367] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 684.381254][T18386] ubi0: attaching mtd0 [ 684.431541][T18386] ubi0: scanning is finished [ 684.454753][T18386] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 684.515398][T18395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3253'. [ 684.579903][T18395] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 684.617117][T18395] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 684.762058][T18386] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 685.662512][T18405] sctp: [Deprecated]: syz.4.3257 (pid 18405) Use of int in maxseg socket option. [ 685.662512][T18405] Use struct sctp_assoc_value instead [ 685.972945][T18407] openvswitch: HfR: Dropping previously announced user features [ 685.980931][T18413] binder: 18406:18413 ioctl 2284 ffffffffffffffff returned -22 [ 686.015674][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.022360][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.229122][T18415] ubi0: attaching mtd0 [ 686.238950][T18415] ubi0: scanning is finished [ 686.245324][T18415] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 686.850430][T18415] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 687.343349][T18428] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3262'. [ 687.477285][T18428] ubi0: attaching mtd0 [ 687.488165][T18428] ubi0: scanning is finished [ 687.497819][T18428] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 687.614976][T18428] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 688.587424][T18446] binder: 18442:18446 ioctl 2284 ffffffffffffffff returned -22 [ 688.665296][T18444] openvswitch: HfR: Dropping previously announced user features [ 689.269218][T18461] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3269'. [ 689.498198][T18461] hsr_slave_0 (unregistering): left promiscuous mode [ 690.074104][T18477] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3274'. [ 690.109081][T18477] ubi0: attaching mtd0 [ 690.114517][T18477] ubi0: scanning is finished [ 690.119174][T18477] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 690.219308][T18477] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 690.859046][T18490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3280'. [ 690.910677][T18488] openvswitch: HfR: Dropping previously announced user features [ 690.922609][T18490] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 690.954434][T18488] binder: 18487:18488 ioctl 2284 ffffffffffffffff returned -22 [ 690.962354][T18490] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 693.329714][T18521] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(1986356271.1835300143.1718968929), cmd(6) [ 693.845569][T18536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3299'. [ 693.872852][T18536] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 693.904127][T18536] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 694.792389][T18542] openvswitch: HfR: Dropping previously announced user features [ 694.832101][T18542] binder: 18541:18542 ioctl 2284 ffffffffffffffff returned -22 [ 697.554869][T18596] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3304'. [ 698.204029][T18596] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 698.304645][T18596] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 698.973037][T18610] erspan0: entered allmulticast mode [ 698.998795][T18608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3316'. [ 699.036665][T18608] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 699.054750][T18608] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 700.305443][T18635] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3313'. [ 700.315874][T18635] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 700.339950][T18635] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 700.629827][T18644] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3315'. [ 701.206130][T18659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3319'. [ 701.333136][T18659] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 701.392547][T18659] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 701.497578][T18672] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3323'. [ 701.524363][T18672] ubi0: attaching mtd0 [ 701.529776][T18672] ubi0: scanning is finished [ 701.535038][T18672] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 701.776140][T18672] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 702.257458][T18686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3327'. [ 702.302749][T18686] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 702.342527][T18686] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 702.844705][T18719] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3337'. [ 703.320729][T18730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3350'. [ 703.349212][T18730] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 703.368858][T18730] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 704.451050][T18756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3345'. [ 704.835861][T18756] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 704.853427][T18756] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 706.362234][T18787] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3356'. [ 706.543474][T18787] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 706.592106][T18787] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 706.778544][T18796] openvswitch: HfR: Dropping previously announced user features [ 706.782432][T18799] binder: 18795:18799 ioctl 2284 ffffffffffffffff returned -22 [ 706.829720][T18794] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3358'. [ 706.930822][T18794] ubi0: attaching mtd0 [ 706.939690][T18794] ubi0: scanning is finished [ 706.950671][T18794] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 707.198282][T18794] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 707.300445][T18807] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3360'. [ 707.312619][T18807] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 707.368054][T18807] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 709.998457][T18844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3369'. [ 710.195938][T18844] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 710.250480][T18844] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 710.741046][T18856] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3372'. [ 710.872549][T18859] ubi0: attaching mtd0 [ 710.899337][T18859] ubi0: scanning is finished [ 710.907482][T18859] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 711.394754][T18861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3373'. [ 711.534393][T18859] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 711.561416][T18861] ubi0: attaching mtd0 [ 711.573675][T18861] ubi0: scanning is finished [ 711.578334][T18861] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 711.862862][T18861] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 715.817959][T18916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3385'. [ 715.852972][T18916] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 716.002483][T18916] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 719.942486][T18970] FAULT_INJECTION: forcing a failure. [ 719.942486][T18970] name failslab, interval 1, probability 0, space 0, times 0 [ 720.048324][T18970] CPU: 1 UID: 0 PID: 18970 Comm: syz.3.3398 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 720.059143][T18970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 720.069224][T18970] Call Trace: [ 720.072520][T18970] [ 720.075475][T18970] dump_stack_lvl+0x16c/0x1f0 [ 720.080189][T18970] should_fail_ex+0x497/0x5b0 [ 720.084902][T18970] ? fs_reclaim_acquire+0xae/0x150 [ 720.090045][T18970] should_failslab+0xc2/0x120 [ 720.094757][T18970] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 720.100167][T18970] ? getname_flags.part.0+0x4c/0x550 [ 720.105487][T18970] ? vfs_write+0x306/0x1150 [ 720.110001][T18970] getname_flags.part.0+0x4c/0x550 [ 720.115126][T18970] getname+0x8d/0xe0 [ 720.119030][T18970] do_sys_openat2+0x104/0x1e0 [ 720.123719][T18970] ? __pfx_do_sys_openat2+0x10/0x10 [ 720.128934][T18970] ? __fget_files+0x206/0x3a0 [ 720.133623][T18970] __x64_sys_openat+0x175/0x210 [ 720.138494][T18970] ? __pfx___x64_sys_openat+0x10/0x10 [ 720.143873][T18970] ? ksys_write+0x1ba/0x250 [ 720.148386][T18970] do_syscall_64+0xcd/0x250 [ 720.152902][T18970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.158808][T18970] RIP: 0033:0x7f26ef385d29 [ 720.163223][T18970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.182831][T18970] RSP: 002b:00007f26f01b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 720.191247][T18970] RAX: ffffffffffffffda RBX: 00007f26ef575fa0 RCX: 00007f26ef385d29 [ 720.199219][T18970] RDX: 0000000000000000 RSI: 0000000020000540 RDI: ffffffffffffff9c [ 720.207190][T18970] RBP: 00007f26f01b0090 R08: 0000000000000000 R09: 0000000000000000 [ 720.215159][T18970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 720.223130][T18970] R13: 0000000000000001 R14: 00007f26ef575fa0 R15: 00007ffdce84e798 [ 720.231108][T18970] [ 723.188001][T19003] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3408'. [ 723.244184][T19005] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3407'. [ 723.309092][T19007] vivid-013: ================= START STATUS ================= [ 723.317376][T19007] vivid-013: Generate PTS: true [ 723.322380][T19007] vivid-013: Generate SCR: true [ 723.327279][T19007] tpg source WxH: 640x360 (Y'CbCr) [ 723.333144][T19007] tpg field: 1 [ 723.336548][T19007] tpg crop: 640x360@0x0 [ 723.340749][T19007] tpg compose: 640x360@0x0 [ 723.351085][T19007] tpg colorspace: 8 [ 723.358630][T19007] tpg transfer function: 0/0 [ 723.389093][T19007] tpg Y'CbCr encoding: 0/0 [ 723.422046][T19007] tpg quantization: 0/0 [ 723.426251][T19007] tpg RGB range: 0/2 [ 723.430166][T19007] vivid-013: ================== END STATUS ================== [ 723.586066][T19015] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 723.907917][T19020] openvswitch: HfR: Dropping previously announced user features [ 723.961571][T19020] binder: 19019:19020 ioctl 2284 ffffffffffffffff returned -22 [ 724.087573][T19024] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3413'. [ 724.218289][T19024] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 724.242086][T19024] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 727.214614][T19063] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3421'. [ 728.312502][T19090] FAULT_INJECTION: forcing a failure. [ 728.312502][T19090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 728.323014][T19083] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3428'. [ 728.382777][T19083] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 728.390196][T19090] CPU: 1 UID: 0 PID: 19090 Comm: syz.1.3431 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 728.403030][T19090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 728.413106][T19090] Call Trace: [ 728.416406][T19090] [ 728.419357][T19090] dump_stack_lvl+0x16c/0x1f0 [ 728.424073][T19090] should_fail_ex+0x497/0x5b0 [ 728.428787][T19090] strncpy_from_user+0x3b/0x2d0 [ 728.433678][T19090] getname_flags.part.0+0x8f/0x550 [ 728.438828][T19090] getname+0x8d/0xe0 [ 728.442764][T19090] do_sys_openat2+0x104/0x1e0 [ 728.447479][T19090] ? __pfx_do_sys_openat2+0x10/0x10 [ 728.452717][T19090] ? __fget_files+0x206/0x3a0 [ 728.457429][T19090] __x64_sys_openat+0x175/0x210 [ 728.462319][T19090] ? __pfx___x64_sys_openat+0x10/0x10 [ 728.467725][T19090] ? ksys_write+0x1ba/0x250 [ 728.472268][T19090] do_syscall_64+0xcd/0x250 [ 728.476808][T19090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.482731][T19090] RIP: 0033:0x7f01f9585d29 [ 728.487166][T19090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 728.506798][T19090] RSP: 002b:00007f01fa3c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 728.515240][T19090] RAX: ffffffffffffffda RBX: 00007f01f9775fa0 RCX: 00007f01f9585d29 [ 728.523233][T19090] RDX: 0000000000000000 RSI: 0000000020000540 RDI: ffffffffffffff9c [ 728.531224][T19090] RBP: 00007f01fa3c6090 R08: 0000000000000000 R09: 0000000000000000 [ 728.539215][T19090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 728.547207][T19090] R13: 0000000000000001 R14: 00007f01f9775fa0 R15: 00007ffcf715a3c8 [ 728.555219][T19090] [ 728.773161][T19083] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 729.177033][T19093] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3433'. [ 729.233109][T19098] ubi0: attaching mtd0 [ 729.238336][T19098] ubi0: scanning is finished [ 729.263785][T19098] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 729.977052][T19102] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3434'. [ 729.985921][T19098] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 730.108617][T19102] ubi0: attaching mtd0 [ 730.140011][T19102] ubi0: scanning is finished [ 730.214441][T19102] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 730.562832][T19102] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 730.642092][T19095] erspan0: entered allmulticast mode [ 730.865377][T19109] netlink: 287 bytes leftover after parsing attributes in process `syz.1.3435'. [ 732.701739][T19143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3443'. [ 733.230479][T19149] Invalid ELF header magic: != ELF [ 734.524476][T19149] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 735.147070][T19168] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3448'. [ 735.166808][T19168] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 735.288502][T19168] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 736.372099][T19183] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3452'. [ 736.425315][T19183] vivid-013: ================= START STATUS ================= [ 736.462120][T19183] vivid-013: Generate PTS: true [ 736.467049][T19183] vivid-013: Generate SCR: true [ 736.532150][T19183] tpg source WxH: 640x360 (Y'CbCr) [ 736.542234][T19183] tpg field: 1 [ 736.545648][T19183] tpg crop: 640x360@0x0 [ 736.637007][T19183] tpg compose: 640x360@0x0 [ 736.641459][T19183] tpg colorspace: 8 [ 736.662743][T19183] tpg transfer function: 0/0 [ 736.667375][T19183] tpg Y'CbCr encoding: 0/0 [ 736.681928][T19183] tpg quantization: 0/0 [ 736.686113][T19183] tpg RGB range: 0/2 [ 736.690027][T19183] vivid-013: ================== END STATUS ================== [ 738.285301][T19196] [U] ^@ [ 738.509271][T19208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3459'. [ 738.543722][T19208] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 738.556658][T19208] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 743.107354][T19258] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 743.641186][T19278] FAULT_INJECTION: forcing a failure. [ 743.641186][T19278] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 743.662476][T19278] CPU: 1 UID: 0 PID: 19278 Comm: syz.4.3476 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 743.673288][T19278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 743.683372][T19278] Call Trace: [ 743.686670][T19278] [ 743.689622][T19278] dump_stack_lvl+0x16c/0x1f0 [ 743.694347][T19278] should_fail_ex+0x497/0x5b0 [ 743.699063][T19278] _copy_to_iter+0x4a5/0x1400 [ 743.703788][T19278] ? __pfx__copy_to_iter+0x10/0x10 [ 743.708935][T19278] ? __virt_addr_valid+0x1a4/0x590 [ 743.714088][T19278] ? __virt_addr_valid+0x5e/0x590 [ 743.719143][T19278] ? __phys_addr_symbol+0x30/0x80 [ 743.724199][T19278] ? __check_object_size+0x488/0x710 [ 743.729524][T19278] seq_read_iter+0xd00/0x12b0 [ 743.734250][T19278] seq_read+0x39f/0x4e0 [ 743.738437][T19278] ? __pfx_seq_read+0x10/0x10 [ 743.743170][T19278] ? __pfx_seq_read+0x10/0x10 [ 743.747873][T19278] vfs_read+0x1df/0xbe0 [ 743.752065][T19278] ? __fget_files+0x1fc/0x3a0 [ 743.756776][T19278] ? __pfx___mutex_lock+0x10/0x10 [ 743.761832][T19278] ? __pfx_vfs_read+0x10/0x10 [ 743.766549][T19278] ? __fget_files+0x206/0x3a0 [ 743.771264][T19278] ksys_read+0x12b/0x250 [ 743.775537][T19278] ? __pfx_ksys_read+0x10/0x10 [ 743.780343][T19278] do_syscall_64+0xcd/0x250 [ 743.784884][T19278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.790815][T19278] RIP: 0033:0x7f839bf85d29 [ 743.795263][T19278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 743.814903][T19278] RSP: 002b:00007f839ce97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 743.823351][T19278] RAX: ffffffffffffffda RBX: 00007f839c175fa0 RCX: 00007f839bf85d29 [ 743.831346][T19278] RDX: 0000000000000058 RSI: 0000000020008340 RDI: 0000000000000004 [ 743.839344][T19278] RBP: 00007f839ce97090 R08: 0000000000000000 R09: 0000000000000000 [ 743.847344][T19278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 743.855344][T19278] R13: 0000000000000000 R14: 00007f839c175fa0 R15: 00007ffc28b321e8 [ 743.863360][T19278] [ 743.906918][T19280] Invalid ELF header magic: != ELF [ 744.901689][T19298] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3481'. [ 744.993537][T19298] ubi0: attaching mtd0 [ 744.998659][T19298] ubi0: scanning is finished [ 745.021981][T19298] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 745.114583][T19298] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 745.531943][T19280] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 746.074997][T19302] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 747.424272][T19332] [U] ^@ [ 747.458162][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.464568][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.674992][T19358] erspan0: entered allmulticast mode [ 749.042631][T19353] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 750.773262][T19379] [U] ^@ [ 753.737477][T19413] ubi0: attaching mtd0 [ 753.757471][T19413] ubi0: scanning is finished [ 753.772178][T19413] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 753.970292][T19413] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 755.287879][T19432] openvswitch: HfR: Dropping previously announced user features [ 755.307882][T19432] binder: 19431:19432 ioctl 2284 ffffffffffffffff returned -22 [ 755.858803][T19445] FAULT_INJECTION: forcing a failure. [ 755.858803][T19445] name fail_futex, interval 1, probability 0, space 0, times 1 [ 755.882980][T19445] CPU: 0 UID: 0 PID: 19445 Comm: syz.1.3515 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 755.893787][T19445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 755.903850][T19445] Call Trace: [ 755.907146][T19445] [ 755.910082][T19445] dump_stack_lvl+0x16c/0x1f0 [ 755.914778][T19445] should_fail_ex+0x497/0x5b0 [ 755.919481][T19445] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 755.925302][T19445] get_futex_key+0x4a3/0x1000 [ 755.930002][T19445] ? __pfx_get_futex_key+0x10/0x10 [ 755.935133][T19445] ? hlock_class+0x4e/0x130 [ 755.939652][T19445] ? mark_lock+0xb5/0xc60 [ 755.943996][T19445] ? __kasan_slab_free+0x51/0x70 [ 755.948951][T19445] ? kfree+0x14f/0x4b0 [ 755.953032][T19445] ? scsi_partsize+0x91/0x520 [ 755.957716][T19445] ? scsicam_bios_param+0x2a/0x5b0 [ 755.962839][T19445] futex_wait_setup+0x72/0x290 [ 755.967630][T19445] __futex_wait+0x267/0x3c0 [ 755.972157][T19445] ? __pfx___futex_wait+0x10/0x10 [ 755.977195][T19445] ? __pfx_futex_wake_mark+0x10/0x10 [ 755.982511][T19445] futex_wait+0xe9/0x380 [ 755.986764][T19445] ? __pfx_futex_wait+0x10/0x10 [ 755.991626][T19445] ? __might_fault+0x13b/0x190 [ 755.996397][T19445] ? __pfx_lock_release+0x10/0x10 [ 756.001431][T19445] do_futex+0x22b/0x350 [ 756.005604][T19445] ? __pfx_do_futex+0x10/0x10 [ 756.010301][T19445] __x64_sys_futex+0x1e1/0x4c0 [ 756.015082][T19445] ? __pfx_blkdev_ioctl+0x10/0x10 [ 756.020122][T19445] ? __pfx___x64_sys_futex+0x10/0x10 [ 756.025431][T19445] do_syscall_64+0xcd/0x250 [ 756.029955][T19445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.035859][T19445] RIP: 0033:0x7f01f9585d29 [ 756.040278][T19445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.059896][T19445] RSP: 002b:00007f01fa3c60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 756.068322][T19445] RAX: ffffffffffffffda RBX: 00007f01f9775fa8 RCX: 00007f01f9585d29 [ 756.076305][T19445] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f01f9775fa8 [ 756.084282][T19445] RBP: 00007f01f9775fa0 R08: 0000000000000000 R09: 0000000000000000 [ 756.092257][T19445] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01f9775fac [ 756.100237][T19445] R13: 0000000000000000 R14: 00007ffcf715a2e0 R15: 00007ffcf715a3c8 [ 756.108248][T19445] [ 759.922702][T19510] [U] ^@ [ 760.266153][T19523] Invalid ELF header magic: != ELF [ 762.387059][T19523] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 764.163101][T19573] [U] ^@ [ 767.213478][T19616] [U] ^@ [ 768.571549][T19623] Process accounting resumed [ 769.030897][T19659] openvswitch: HfR: Dropping previously announced user features [ 769.208988][T19659] binder: 19657:19659 ioctl 2284 ffffffffffffffff returned -22 [ 769.325301][T19661] [U] ^@ [ 769.539383][T19665] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 770.294797][T19692] Process accounting resumed [ 770.593942][T19698] FAULT_INJECTION: forcing a failure. [ 770.593942][T19698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 770.661100][T19698] CPU: 1 UID: 0 PID: 19698 Comm: syz.1.3575 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 770.671924][T19698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 770.682005][T19698] Call Trace: [ 770.685300][T19698] [ 770.688250][T19698] dump_stack_lvl+0x16c/0x1f0 [ 770.692964][T19698] should_fail_ex+0x497/0x5b0 [ 770.697683][T19698] _copy_from_user+0x2e/0xd0 [ 770.702312][T19698] copy_msghdr_from_user+0x99/0x160 [ 770.707546][T19698] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 770.713404][T19698] ___sys_sendmsg+0xff/0x1e0 [ 770.718019][T19698] ? __pfx____sys_sendmsg+0x10/0x10 [ 770.723243][T19698] ? __pfx_lock_release+0x10/0x10 [ 770.728268][T19698] ? trace_lock_acquire+0x14e/0x1f0 [ 770.733479][T19698] ? __fget_files+0x206/0x3a0 [ 770.738168][T19698] __sys_sendmsg+0x16e/0x220 [ 770.742770][T19698] ? __pfx___sys_sendmsg+0x10/0x10 [ 770.747911][T19698] do_syscall_64+0xcd/0x250 [ 770.752423][T19698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 770.758323][T19698] RIP: 0033:0x7f01f9585d29 [ 770.762739][T19698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 770.782350][T19698] RSP: 002b:00007f01fa3c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 770.790771][T19698] RAX: ffffffffffffffda RBX: 00007f01f9775fa0 RCX: 00007f01f9585d29 [ 770.798740][T19698] RDX: 0000000000000844 RSI: 0000000020000040 RDI: 0000000000000003 [ 770.806708][T19698] RBP: 00007f01fa3c6090 R08: 0000000000000000 R09: 0000000000000000 [ 770.814679][T19698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 770.822651][T19698] R13: 0000000000000000 R14: 00007f01f9775fa0 R15: 00007ffcf715a3c8 [ 770.830634][T19698] [ 771.096195][T19703] Invalid ELF header magic: != ELF [ 772.625585][T19719] ubi0: attaching mtd0 [ 772.630731][T19719] ubi0: scanning is finished [ 772.635794][T19719] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 772.906843][T19719] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 773.095002][T19703] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 774.523107][T19735] [U] ^@ [ 776.194537][T19756] ubi0: attaching mtd0 [ 776.199755][T19756] ubi0: scanning is finished [ 776.217771][T19756] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 776.336581][T19758] Invalid ELF header magic: != ELF [ 776.467956][T19756] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 777.779830][T19784] [U] ^@ [ 778.461058][T19764] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 778.952835][T19801] FAULT_INJECTION: forcing a failure. [ 778.952835][T19801] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 779.014562][T19801] CPU: 0 UID: 0 PID: 19801 Comm: syz.4.3599 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 779.025379][T19801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 779.035463][T19801] Call Trace: [ 779.038764][T19801] [ 779.041714][T19801] dump_stack_lvl+0x16c/0x1f0 [ 779.046431][T19801] should_fail_ex+0x497/0x5b0 [ 779.051144][T19801] _copy_to_user+0x32/0xd0 [ 779.055606][T19801] simple_read_from_buffer+0xd0/0x160 [ 779.061014][T19801] proc_fail_nth_read+0x198/0x270 [ 779.066083][T19801] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 779.071674][T19801] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 779.077259][T19801] vfs_read+0x1df/0xbe0 [ 779.081444][T19801] ? __fget_files+0x1fc/0x3a0 [ 779.086153][T19801] ? __pfx___mutex_lock+0x10/0x10 [ 779.091214][T19801] ? __pfx_vfs_read+0x10/0x10 [ 779.095932][T19801] ? __fget_files+0x206/0x3a0 [ 779.100648][T19801] ksys_read+0x12b/0x250 [ 779.104917][T19801] ? __pfx_ksys_read+0x10/0x10 [ 779.109717][T19801] do_syscall_64+0xcd/0x250 [ 779.114247][T19801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.120153][T19801] RIP: 0033:0x7f839bf8473c [ 779.124576][T19801] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 779.144185][T19801] RSP: 002b:00007f839ce97030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 779.152599][T19801] RAX: ffffffffffffffda RBX: 00007f839c175fa0 RCX: 00007f839bf8473c [ 779.160570][T19801] RDX: 000000000000000f RSI: 00007f839ce970a0 RDI: 0000000000000005 [ 779.168539][T19801] RBP: 00007f839ce97090 R08: 0000000000000000 R09: 0000000000000000 [ 779.176508][T19801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 779.184476][T19801] R13: 0000000000000000 R14: 00007f839c175fa0 R15: 00007ffc28b321e8 [ 779.192460][T19801] [ 783.453734][T19874] netlink: 'syz.1.3618': attribute type 27 has an invalid length. [ 783.472053][T19874] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3618'. [ 784.244510][T19884] FAULT_INJECTION: forcing a failure. [ 784.244510][T19884] name failslab, interval 1, probability 0, space 0, times 0 [ 784.291183][T19884] CPU: 1 UID: 0 PID: 19884 Comm: syz.1.3620 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 784.301991][T19884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 784.312068][T19884] Call Trace: [ 784.315366][T19884] [ 784.318310][T19884] dump_stack_lvl+0x16c/0x1f0 [ 784.323022][T19884] should_fail_ex+0x497/0x5b0 [ 784.327734][T19884] ? fs_reclaim_acquire+0xae/0x150 [ 784.332915][T19884] should_failslab+0xc2/0x120 [ 784.337632][T19884] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 784.343477][T19884] ? __alloc_skb+0x2b3/0x380 [ 784.348099][T19884] __alloc_skb+0x2b3/0x380 [ 784.352531][T19884] ? __pfx___alloc_skb+0x10/0x10 [ 784.357480][T19884] ? lock_acquire+0x2f/0xb0 [ 784.362002][T19884] netlink_alloc_large_skb+0x69/0x130 [ 784.367382][T19884] netlink_sendmsg+0x689/0xd70 [ 784.372154][T19884] ? __pfx_netlink_sendmsg+0x10/0x10 [ 784.377453][T19884] ____sys_sendmsg+0x9ae/0xb40 [ 784.382221][T19884] ? copy_msghdr_from_user+0x10b/0x160 [ 784.387690][T19884] ? __pfx_____sys_sendmsg+0x10/0x10 [ 784.393008][T19884] ___sys_sendmsg+0x135/0x1e0 [ 784.397709][T19884] ? __pfx____sys_sendmsg+0x10/0x10 [ 784.402936][T19884] ? __pfx_lock_release+0x10/0x10 [ 784.407968][T19884] ? trace_lock_acquire+0x14e/0x1f0 [ 784.413197][T19884] ? __fget_files+0x206/0x3a0 [ 784.417894][T19884] __sys_sendmsg+0x16e/0x220 [ 784.422499][T19884] ? __pfx___sys_sendmsg+0x10/0x10 [ 784.427651][T19884] do_syscall_64+0xcd/0x250 [ 784.432177][T19884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.438083][T19884] RIP: 0033:0x7f01f9585d29 [ 784.442504][T19884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 784.462125][T19884] RSP: 002b:00007f01fa3c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 784.470558][T19884] RAX: ffffffffffffffda RBX: 00007f01f9775fa0 RCX: 00007f01f9585d29 [ 784.478535][T19884] RDX: 0000000000000084 RSI: 0000000020000180 RDI: 0000000000000003 [ 784.486510][T19884] RBP: 00007f01fa3c6090 R08: 0000000000000000 R09: 0000000000000000 [ 784.494485][T19884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 784.502458][T19884] R13: 0000000000000000 R14: 00007f01f9775fa0 R15: 00007ffcf715a3c8 [ 784.510449][T19884] [ 785.287430][T19890] ubi0: attaching mtd0 [ 785.385646][T19890] ubi0: scanning is finished [ 785.414405][T19890] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 785.874056][T19890] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 787.503415][T19919] [U] ^@ [ 789.508650][T19941] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 789.518208][T19939] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 789.888894][T19945] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3634'. [ 790.030652][T19946] ubi0: attaching mtd0 [ 790.038487][T19946] ubi0: scanning is finished [ 790.124321][T19946] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 790.514813][T19946] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 791.465669][T19960] [U] ^@ [ 793.302895][T19990] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3646'. [ 793.385003][T19990] ubi0: attaching mtd0 [ 793.390166][T19990] ubi0: scanning is finished [ 793.411676][T19990] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 793.786280][T20003] [U] ^@ [ 794.079269][T19990] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 794.742354][T20030] netlink: 146 bytes leftover after parsing attributes in process `syz.1.3660'. [ 794.873520][T20033] openvswitch: HfR: Dropping previously announced user features [ 794.926521][T20042] binder: 20032:20042 ioctl 2284 ffffffffffffffff returned -22 [ 795.176880][T20049] FAULT_INJECTION: forcing a failure. [ 795.176880][T20049] name failslab, interval 1, probability 0, space 0, times 0 [ 795.217451][T20049] CPU: 0 UID: 0 PID: 20049 Comm: syz.4.3661 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 795.228269][T20049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 795.238351][T20049] Call Trace: [ 795.241650][T20049] [ 795.244599][T20049] dump_stack_lvl+0x16c/0x1f0 [ 795.249314][T20049] should_fail_ex+0x497/0x5b0 [ 795.254024][T20049] ? fs_reclaim_acquire+0xae/0x150 [ 795.259170][T20049] should_failslab+0xc2/0x120 [ 795.263885][T20049] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 795.269762][T20049] ? __alloc_skb+0x2b3/0x380 [ 795.274401][T20049] __alloc_skb+0x2b3/0x380 [ 795.278850][T20049] ? __pfx___alloc_skb+0x10/0x10 [ 795.283822][T20049] ? lock_acquire+0x2f/0xb0 [ 795.288357][T20049] netlink_alloc_large_skb+0x69/0x130 [ 795.293764][T20049] netlink_sendmsg+0x689/0xd70 [ 795.298564][T20049] ? __pfx_netlink_sendmsg+0x10/0x10 [ 795.303889][T20049] ____sys_sendmsg+0x9ae/0xb40 [ 795.308679][T20049] ? copy_msghdr_from_user+0x10b/0x160 [ 795.314186][T20049] ? __pfx_____sys_sendmsg+0x10/0x10 [ 795.319516][T20049] ___sys_sendmsg+0x135/0x1e0 [ 795.324235][T20049] ? __pfx____sys_sendmsg+0x10/0x10 [ 795.329483][T20049] ? __pfx_lock_release+0x10/0x10 [ 795.334529][T20049] ? trace_lock_acquire+0x14e/0x1f0 [ 795.339771][T20049] ? __fget_files+0x206/0x3a0 [ 795.344484][T20049] __sys_sendmsg+0x16e/0x220 [ 795.349110][T20049] ? __pfx___sys_sendmsg+0x10/0x10 [ 795.354279][T20049] do_syscall_64+0xcd/0x250 [ 795.358817][T20049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.364741][T20049] RIP: 0033:0x7f839bf85d29 [ 795.369199][T20049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 795.388830][T20049] RSP: 002b:00007f839ce97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 795.397271][T20049] RAX: ffffffffffffffda RBX: 00007f839c175fa0 RCX: 00007f839bf85d29 [ 795.405270][T20049] RDX: 0000000000000844 RSI: 0000000020000040 RDI: 0000000000000003 [ 795.413263][T20049] RBP: 00007f839ce97090 R08: 0000000000000000 R09: 0000000000000000 [ 795.421262][T20049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 795.429253][T20049] R13: 0000000000000000 R14: 00007f839c175fa0 R15: 00007ffc28b321e8 [ 795.437260][T20049] [ 795.808246][T20052] [U] ^@ [ 796.022760][T20057] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3664'. [ 796.052487][T20057] vivid-013: ================= START STATUS ================= [ 796.060167][T20057] vivid-013: Generate PTS: true [ 796.098271][T20057] vivid-013: Generate SCR: true [ 796.118831][T20057] tpg source WxH: 640x360 (Y'CbCr) [ 796.159202][T20057] tpg field: 1 [ 796.197380][T20057] tpg crop: 640x360@0x0 [ 796.242181][T20057] tpg compose: 640x360@0x0 [ 796.262296][T20057] tpg colorspace: 8 [ 796.275850][T20057] tpg transfer function: 0/0 [ 796.280479][T20057] tpg Y'CbCr encoding: 0/0 [ 796.346466][T20057] tpg quantization: 0/0 [ 796.350689][T20057] tpg RGB range: 0/2 [ 796.368464][T20057] vivid-013: ================== END STATUS ================== [ 797.098297][T20073] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3668'. [ 797.195356][T20079] ubi0: attaching mtd0 [ 797.200519][T20079] ubi0: scanning is finished [ 797.267975][T20079] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 797.792720][T20079] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 798.049556][T20090] [U] ^@ [ 799.058588][T20100] Process accounting paused [ 801.311772][T20131] ubi0: attaching mtd0 [ 801.334420][T20131] ubi0: scanning is finished [ 801.350312][T20131] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 801.543907][T20138] [U] ^@ [ 801.863001][T20131] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 804.457976][T20173] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3695'. [ 805.322905][T20183] ubi0: attaching mtd0 [ 805.331127][T20183] ubi0: scanning is finished [ 805.356531][T20183] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 805.603987][T20190] FAULT_INJECTION: forcing a failure. [ 805.603987][T20190] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 805.620113][T20190] CPU: 0 UID: 0 PID: 20190 Comm: syz.1.3699 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 805.630921][T20190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 805.641000][T20190] Call Trace: [ 805.644293][T20190] [ 805.647241][T20190] dump_stack_lvl+0x16c/0x1f0 [ 805.651948][T20190] should_fail_ex+0x497/0x5b0 [ 805.656661][T20190] _copy_from_user+0x2e/0xd0 [ 805.661289][T20190] copy_msghdr_from_user+0x99/0x160 [ 805.666524][T20190] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 805.672391][T20190] ___sys_sendmsg+0xff/0x1e0 [ 805.677024][T20190] ? __pfx____sys_sendmsg+0x10/0x10 [ 805.682268][T20190] ? __pfx_lock_release+0x10/0x10 [ 805.687317][T20190] ? trace_lock_acquire+0x14e/0x1f0 [ 805.692557][T20190] ? __fget_files+0x206/0x3a0 [ 805.697274][T20190] __sys_sendmsg+0x16e/0x220 [ 805.701894][T20190] ? __pfx___sys_sendmsg+0x10/0x10 [ 805.707060][T20190] do_syscall_64+0xcd/0x250 [ 805.711596][T20190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.717521][T20190] RIP: 0033:0x7f01f9585d29 [ 805.721960][T20190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 805.741593][T20190] RSP: 002b:00007f01fa3c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 805.750034][T20190] RAX: ffffffffffffffda RBX: 00007f01f9775fa0 RCX: 00007f01f9585d29 [ 805.758027][T20190] RDX: 00000000040080c0 RSI: 0000000020000240 RDI: 0000000000000006 [ 805.766020][T20190] RBP: 00007f01fa3c6090 R08: 0000000000000000 R09: 0000000000000000 [ 805.774009][T20190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 805.781999][T20190] R13: 0000000000000000 R14: 00007f01f9775fa0 R15: 00007ffcf715a3c8 [ 805.790007][T20190] [ 805.994220][T20176] [U] ^@ [ 806.030928][T20193] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3700'. [ 806.203076][T20183] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 806.604542][T20200] Invalid ELF header magic: != ELF [ 806.660210][T20210] Invalid ELF header magic: != ELF [ 808.370203][T20199] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 808.907062][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.915078][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.254194][T20210] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 810.063843][T20243] ubi0: attaching mtd0 [ 810.123297][T20243] ubi0: scanning is finished [ 810.179015][T20243] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 810.425121][T20236] [U] ^@ [ 810.456186][T20243] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 810.931541][T20261] Invalid ELF header magic: != ELF [ 813.429754][T20261] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 813.823266][T20291] [U] ^@ [ 814.080322][T20297] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3724'. [ 814.158949][T20297] ubi0: attaching mtd0 [ 814.168472][T20297] ubi0: scanning is finished [ 814.197894][T20297] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 814.377178][T20297] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 815.165036][T20323] Invalid ELF header magic: != ELF [ 815.732572][T20319] ptrace attach of "./syz-executor exec"[13981] was attempted by "./syz-executor exec"[20319] [ 816.853950][T20323] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 818.556057][T20363] Invalid ELF header magic: != ELF [ 818.758869][T20361] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3740'. [ 818.775031][T20361] ubi0: attaching mtd0 [ 818.780255][T20361] ubi0: scanning is finished [ 818.785119][T20361] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 819.125357][T20361] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 819.516502][T20373] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3744'. [ 819.748149][T20373] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 819.881811][T20373] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 820.450688][T20363] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 821.192920][T20401] [U] ^@ [ 821.431698][T20412] Invalid ELF header magic: != ELF [ 822.391992][T20421] erspan0: entered allmulticast mode [ 822.858871][T20427] Invalid ELF header magic: != ELF [ 823.646080][T20437] FAULT_INJECTION: forcing a failure. [ 823.646080][T20437] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 823.662612][T20437] CPU: 0 UID: 0 PID: 20437 Comm: syz.3.3759 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 823.673416][T20437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 823.683502][T20437] Call Trace: [ 823.686790][T20437] [ 823.687366][T20427] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 823.689713][T20437] dump_stack_lvl+0x16c/0x1f0 [ 823.701674][T20437] should_fail_ex+0x497/0x5b0 [ 823.706392][T20437] _copy_from_user+0x2e/0xd0 [ 823.711023][T20437] copy_msghdr_from_user+0x99/0x160 [ 823.716259][T20437] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 823.722121][T20437] ___sys_sendmsg+0xff/0x1e0 [ 823.726749][T20437] ? __pfx____sys_sendmsg+0x10/0x10 [ 823.731994][T20437] ? __pfx_lock_release+0x10/0x10 [ 823.737041][T20437] ? trace_lock_acquire+0x14e/0x1f0 [ 823.742280][T20437] ? __fget_files+0x206/0x3a0 [ 823.746995][T20437] __sys_sendmsg+0x16e/0x220 [ 823.751625][T20437] ? __pfx___sys_sendmsg+0x10/0x10 [ 823.756796][T20437] do_syscall_64+0xcd/0x250 [ 823.761335][T20437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.767264][T20437] RIP: 0033:0x7f26ef385d29 [ 823.771698][T20437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 823.791328][T20437] RSP: 002b:00007f26f01b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 823.799772][T20437] RAX: ffffffffffffffda RBX: 00007f26ef575fa0 RCX: 00007f26ef385d29 [ 823.807765][T20437] RDX: 0000000004008000 RSI: 0000000020000280 RDI: 0000000000000002 [ 823.815756][T20437] RBP: 00007f26f01b0090 R08: 0000000000000000 R09: 0000000000000000 [ 823.823748][T20437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 823.831740][T20437] R13: 0000000000000000 R14: 00007f26ef575fa0 R15: 00007ffdce84e798 [ 823.839755][T20437] [ 824.534615][T20448] [U] ^@ [ 825.261352][T20470] Invalid ELF header magic: != ELF [ 826.479468][T20470] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 826.886998][T20496] [U] ^@ [ 827.207227][T20503] binder: 20502:20503 ioctl 2284 ffffffffffffffff returned -22 [ 828.480499][T20528] Invalid ELF header magic: != ELF [ 828.774255][T20532] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3786'. [ 828.836268][T20532] vivid-013: ================= START STATUS ================= [ 828.868182][T20532] vivid-013: Generate PTS: true [ 828.901175][T20532] vivid-013: Generate SCR: true [ 828.940278][T20532] tpg source WxH: 640x360 (Y'CbCr) [ 828.992138][T20532] tpg field: 1 [ 828.995565][T20532] tpg crop: 640x360@0x0 [ 828.999759][T20532] tpg compose: 640x360@0x0 [ 829.056710][T20532] tpg colorspace: 8 [ 829.060909][T20532] tpg transfer function: 0/0 [ 829.076016][T20532] tpg Y'CbCr encoding: 0/0 [ 829.108603][T20532] tpg quantization: 0/0 [ 829.108690][T20534] [U] ^@ [ 829.142072][T20532] tpg RGB range: 0/2 [ 829.146021][T20532] vivid-013: ================== END STATUS ================== [ 829.703287][T20303] Process accounting resumed [ 830.186149][T20528] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 831.916896][T20578] [U] ^@ [ 832.979899][T20591] Invalid ELF header magic: != ELF [ 834.788180][T20591] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 834.895175][T20616] [U] ^@ [ 837.766842][T20647] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3819'. [ 838.103940][T20647] : renamed from bond0 (while UP) [ 838.109020][T20662] Invalid ELF header magic: != ELF [ 839.629297][T20671] could not allocate digest TFM handle [ 839.982014][T20662] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 841.622633][T20694] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3829'. [ 841.699224][T20698] ubi0: attaching mtd0 [ 841.704468][T20698] ubi0: scanning is finished [ 841.709181][T20698] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 842.053672][T20698] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 843.529071][T20587] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000025: 0000 [#1] PREEMPT SMP KASAN PTI [ 843.541697][T20587] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] [ 843.550120][T20587] CPU: 0 UID: 0 PID: 20587 Comm: syz.3.3802 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0 [ 843.560902][T20587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 843.570975][T20587] RIP: 0010:vidtv_mux_stop_thread+0x26/0x80 [ 843.576898][T20587] Code: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 32 f7 c7 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8 [ 843.596526][T20587] RSP: 0018:ffffc90003d6f9d0 EFLAGS: 00010202 [ 843.602613][T20587] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfe6a5 [ 843.610599][T20587] RDX: 0000000000000025 RSI: ffffffff87d1564e RDI: 0000000000000128 [ 843.618583][T20587] RBP: ffff88802a269220 R08: 0000000000000005 R09: 0000000000000000 [ 843.626565][T20587] R10: 0000000000000000 R11: 0000000000000003 R12: ffff88802a269188 [ 843.634553][T20587] R13: ffffffff8f593ae0 R14: ffffc90005e2cb38 R15: ffff888029be7710 [ 843.642541][T20587] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 843.651488][T20587] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 843.658091][T20587] CR2: 00007f26f01aff98 CR3: 000000003c81a000 CR4: 00000000003526f0 [ 843.666083][T20587] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 843.674070][T20587] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 843.682053][T20587] Call Trace: [ 843.685340][T20587] [ 843.688281][T20587] ? die_addr+0x3b/0xa0 [ 843.692461][T20587] ? exc_general_protection+0x155/0x230 [ 843.698036][T20587] ? asm_exc_general_protection+0x26/0x30 [ 843.703787][T20587] ? vidtv_stop_feed+0xb5/0x250 [ 843.708666][T20587] ? vidtv_mux_stop_thread+0xe/0x80 [ 843.713898][T20587] ? vidtv_mux_stop_thread+0x26/0x80 [ 843.719211][T20587] vidtv_stop_feed+0x151/0x250 [ 843.723997][T20587] ? __pfx_vidtv_stop_feed+0x10/0x10 [ 843.729302][T20587] dmx_section_feed_stop_filtering+0x90/0x160 [ 843.735397][T20587] dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 [ 843.741228][T20587] dvb_dmxdev_filter_stop+0x22a/0x3a0 [ 843.746634][T20587] dvb_demux_release+0x92/0x550 [ 843.751520][T20587] ? evm_file_release+0xd0/0x200 [ 843.756481][T20587] ? __pfx_dvb_demux_release+0x10/0x10 [ 843.761969][T20587] __fput+0x3f8/0xb60 [ 843.765981][T20587] task_work_run+0x14e/0x250 [ 843.770599][T20587] ? __pfx_task_work_run+0x10/0x10 [ 843.775740][T20587] ? do_raw_spin_unlock+0x172/0x230 [ 843.780962][T20587] do_exit+0xad8/0x2d70 [ 843.785141][T20587] ? __pfx_do_exit+0x10/0x10 [ 843.789761][T20587] do_group_exit+0xd3/0x2a0 [ 843.794292][T20587] get_signal+0x2576/0x2610 [ 843.798818][T20587] ? __pfx_get_signal+0x10/0x10 [ 843.803690][T20587] ? __pfx_force_sig+0x10/0x10 [ 843.808473][T20587] arch_do_signal_or_restart+0x90/0x7e0 [ 843.814046][T20587] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 843.820226][T20587] ? trace_irq_disable.constprop.0+0xea/0x140 [ 843.826318][T20587] irqentry_exit_to_user_mode+0x13f/0x280 [ 843.832062][T20587] asm_exc_stack_segment+0x26/0x30 [ 843.837203][T20587] RIP: 0033:0x7f26ef385d31 [ 843.841631][T20587] Code: Unable to access opcode bytes at 0x7f26ef385d07. [ 843.848659][T20587] RSP: 002b:7fffffffffffffff EFLAGS: 00010217 [ 843.854748][T20587] RAX: 0000000000000000 RBX: 00007f26ef575fa0 RCX: 00007f26ef385d29 [ 843.862735][T20587] RDX: ffffffffffffffff RSI: 7fffffffffffffff RDI: 0000000000000007 [ 843.870723][T20587] RBP: 00007f26ef401b08 R08: 0000000000000001 R09: 0000000000000000 [ 843.878708][T20587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 843.886700][T20587] R13: 0000000000000000 R14: 00007f26ef575fa0 R15: 00007ffdce84e798 [ 843.894697][T20587] [ 843.897727][T20587] Modules linked in: [ 843.902539][T20587] ---[ end trace 0000000000000000 ]--- [ 843.925674][T20587] RIP: 0010:vidtv_mux_stop_thread+0x26/0x80 [ 843.934747][T20587] Code: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 32 f7 c7 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8 [ 843.992107][T20587] RSP: 0018:ffffc90003d6f9d0 EFLAGS: 00010202 [ 844.008407][T20587] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfe6a5 [ 844.016781][T20587] RDX: 0000000000000025 RSI: ffffffff87d1564e RDI: 0000000000000128 [ 844.028196][T20587] RBP: ffff88802a269220 R08: 0000000000000005 R09: 0000000000000000 [ 844.062922][T20587] R10: 0000000000000000 R11: 0000000000000003 R12: ffff88802a269188 [ 844.094503][T20587] R13: ffffffff8f593ae0 R14: ffffc90005e2cb38 R15: ffff888029be7710 [ 844.102653][T20587] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 844.111677][T20587] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 844.118377][T20587] CR2: 0000001b322eeff8 CR3: 0000000033c9e000 CR4: 00000000003526f0 [ 844.126473][T20587] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 844.134727][T20587] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 844.144486][T20587] Kernel panic - not syncing: Fatal exception [ 844.150799][T20587] Kernel Offset: disabled [ 844.155109][T20587] Rebooting in 86400 seconds..