last executing test programs: 6.872625385s ago: executing program 1 (id=692): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x64, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @broadcast}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @random="70b28a70c5dc"}, @HSR_A_IF1_AGE={0x8, 0x3, 0x36}, @HSR_A_IF2_SEQ={0x6, 0x7, 0xff}, @HSR_A_NODE_ADDR={0xa, 0x1, @remote}]}, 0x64}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x200000000004, 0x81, 0xdf, 0xeb1, 0x401, 0x8000) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0) write$auto(r0, 0x0, 0x2b6) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) madvise$auto(0x0, 0x2003f0, 0x14) 5.029091707s ago: executing program 2 (id=697): sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002dbd7000fbdbdf250200000008000700", @ANYRES32, @ANYBLOB='\b'], 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto_SO_REUSEPORT(r0, 0x4, 0xf, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) memfd_create$auto(0x0, 0xe) r1 = socket(0x2, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0x40) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop3\x00', 0x18dd01, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x4c0a, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x7}, 0x5, 0x20000000) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x80009}, 0x7}, 0x101, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x11f, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) connect$auto(0x3, 0x0, 0x51) ioctl$auto(0x3, 0x800890c, 0xffffffffffffffff) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x10dd40, 0x0) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000040)={{0x90, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3866691c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816203df562367fe6596824588a2e3d84ba165f", 0x8}) ioctl$auto_UI_DEV_CREATE(r4, 0x5501, 0x0) ioctl$auto_UI_DEV_SETUP(r4, 0x405c5503, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x44010) 4.640784871s ago: executing program 3 (id=698): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) ustat$auto(0x801, 0x0) sysfs$auto(0x3, 0x23, 0x0) 4.546792058s ago: executing program 2 (id=700): ioctl$auto(0xffffffffffffffff, 0x40046207, 0x9) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x101000, 0x0) ioctl$auto_UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000000)=0x0) r1 = signalfd$auto(r0, &(0x7f0000000140), 0x2) ioctl$auto_TUNSETLINK(r1, 0x400454cd, &(0x7f0000000180)) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000540)=ANY=[@ANYBLOB="d8249c000000", @ANYRES16=0x0, @ANYBLOB="010026bd7000fcdbdf2501000000bb000d807e79c0d272eb0b24ac26deb8a8c3316895de8d3c70c81a9f005780b0eff182b4270f1f3359d2e83925a09ac39294f399a787bedec4887fe93b77cfd21f65a02cd42c47687c1c76b93fa37fc1513b50eebacd6e659ad5481707b0f646e804f8d6b8b6f48390d8b88c68e894359bc5edfbff"], 0xd0}, 0x1, 0x0, 0x0, 0x4000}, 0x24040841) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="40000000fc2463926384a67f95ffcba8e19d17b2ca7533b5109c79f24de5c38712cc7ebc8dfd2d9f6fb29e4afb2179529e864727ae329c32f8217d2ec26ff5bc28b67f4545863ba997fa4aa09c42e1e50b6ee52cd49306ca788e21e81c7a25897707029447907aeaa65c6f7a30800a3f50952f3078de0845d50272ef89533883907c956e3f6bd6919b26e8481e9289af994840121e2847245ef5e38fb38707389ccf1822000000000ffdb6c091b4002bba30a9d983aa36857fef736738875d4653e7fe82088722564fc1e26fb712499f902ec699a3f9edf3ff8b38511c7afb894ab8e1c990b32afd1778cabef8652d66d0c67567e4093ede6299aeb664eb534c8b2958db472ffba04d7658fa86dd", @ANYRES16=r3, @ANYBLOB="1b0026bd7000fddbdf250300000004000800100003800c00038008001500", @ANYRES32, @ANYBLOB="12000100898771f1c19f1779048590828847000004000280"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1aea8974a9e22d77cb94cae6c89e239bacfe656d9b0948de480ce2ba3b4dbcb180089d5eb0f8f481e02f7d4628e9134b6e52881572a398e4edd6f01f90983826d721dddc7d4ba3f293288ba54f696fa25cc2f8721c3e380dd04bf05801f90019498601fcbcea6aa6a2d7983e6823f480185ef9c3b4ed19c4f94c108067c89d69bc4e0da0112280ecd0caff8a454fb3e6655dc6a35cdd053aef882e403458754f5e84bd2210f18a61106af8c5a2c18dc48ff87cfda6d545014009a167570f0550e5121d0bdf4b20a1177b708e5515ee33db3baf29633440999ddd36eb0299a1efcd8934ab60c1a88d9db6fa0d2b3f0bf12e87630e0dc5eddca8f291ad85141391e6f9fe56ee4ddb39a1ac7a573cb69ec14f012ea0b721df3ea40747d1130a61802e859519ae1bc5a3673105fa87485f88b8981a3a208a3576848c2df152a023f5e573c867b43b10247336b110956eb28e5288d7aa59219e8324857cdf6d17530385720afd5a1ffd23aa1bd061b73caafa05afdd1441040989d081814635347f1d55669b1c38be4698e3a085e2010e35d2747b4e39ef4920f58d6b4585d737c13221a44ad5543099bb0ab228722ef9cbc0d621178012495837d6a220eeaaf498ccc01", 0x4ba) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x3, 0x0) mount$auto(0x0, &(0x7f0000000140)='}[,&*}\x00', 0x0, 0xe770, &(0x7f00000001c0)='DJ') r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r4, 0x5412, &(0x7f00000010c0)="c2") write$auto_tty_fops_tty_io(r4, &(0x7f0000000080)="278346a179e0aee544d8cf8e3c7eb793e15862bb8cb45670db82540d102c4445c6f57b739a2fe5e2f87c7d06e10c4ebf17c3cf1b09ed1eeef9567cee325fd9549d13f987ea21ea6cde147b59e56ada542470c526064bd3f1088c6c37268e97ba6b1212bf484e24fb5f30cfabab10b480f4352a88b0323d6557cc1044301513b8562b087344820cef0a6e4c476e39eb4066995c664d77ea88a7134edf4f", 0x9d) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x481, 0x400, 0x9}]}) ioctl$auto_UI_DEV_DESTROY(r0, 0x5502, 0x0) socket(0x23, 0x6, 0x55) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x880) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x19) shmget$auto(0x400, 0x10563, 0x568c12f2) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00') 4.455354515s ago: executing program 3 (id=701): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) ustat$auto(0x801, 0x0) 4.442108785s ago: executing program 1 (id=702): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xf90000, 0x0, 0xfffffffffffffffd) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) 3.498100635s ago: executing program 1 (id=703): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio0/set\x00', 0x80302, 0x0) stat$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8, 0x3, 0x9, 0x100, 0x200, 0xb, 0x401, 0x8, 0x68, 0x9}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) keyctl$auto(0x17, 0x4, 0x7fffffffefff, 0x400, 0x0) r2 = getuid() r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010329bd700002dcdf2524"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40044010) r5 = geteuid() r6 = ioctl$auto_TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000180)={0x90b, &(0x7f0000000140)={0x794a, 0x5, 0x7, @raw=0x1ff}}) setsockopt$auto_SO_SNDTIMEO_NEW(r6, 0x3, 0x43, &(0x7f00000001c0)='/proc/self/oom_adj\x00', 0x2) setreuid$auto(r5, 0x0) setresuid$auto(r1, r2, r5) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/interrupts\x00', 0x10b402, 0x0) pread64$auto(r7, 0x0, 0x8100000041, 0x413e) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r8 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r8, 0x0, 0x1f40) r9 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r9, &(0x7f0000000200)={0x0, 0x7}, 0x3) kill$auto(0x0, 0x11) sendmmsg$auto(r8, 0x0, 0xfffff848, 0xfff) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) 3.485426016s ago: executing program 2 (id=704): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x59, &(0x7f00000001c0)={0x2, 0x800d, 0xd9, 0x6, 0x4, 0x8, 0xffffffffffffffff, [0x2], {0x8000006, 0x6, 0x2, 0x5, 0x100, 0x7f, 0x101, 0x8, 0x2}, {0x8000100, 0x1, 0x8000054, 0x5, 0x1, 0x40, 0x2, 0x9a, 0x100000000}}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x0, 0x0, 0x6f3) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="7201", @ANYBLOB="5b6e385dcaa6ff0ff87a7925e71a7e60e8ef62195ee7bb639cdd1fac8c94c11af8"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000280)={{0x0, 0x2, &(0x7f0000000080)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0xb, 0xdf, 0x58, r0, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) socket(0x2b, 0x1, 0x1) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x48058) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) connect$auto(0x3, 0x0, 0x55) io_uring_setup$auto(0x59, 0x0) r1 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon0\x00', 0x640, 0x0) read$auto_mon_fops_binary_mon_bin(r1, 0x0, 0x2f) ioctl$auto_MON_IOCG_STATS(r1, 0x80089203, 0x0) mmap$auto(0x2, 0x400009, 0x40000000080000df, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x14) read$auto_mon_fops_binary_mon_bin(r0, 0x0, 0x0) socket(0xa, 0x2, 0x0) 3.484688195s ago: executing program 3 (id=705): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x28802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) r1 = socket(0x17, 0x5, 0x0) r2 = socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="120087"], 0x1ac}}, 0x810) recvmmsg$auto(r3, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000180)={0x0, 0x800}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) setsockopt$auto(r2, 0x10000000084, 0x0, 0x0, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000f9dbdf250100000008000a00080000000500070000000000080009009c781e01060002000100000008001700", @ANYRES32, @ANYBLOB="de4abfc2f78bc539"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) sendmsg$auto_L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x58, r5, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x3d2}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0xd6b9}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0xf}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x2a8}, @L2TP_ATTR_SEND_SEQ={0x5}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x411}]}, 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x20040004) listen$auto(r1, 0x5ed) connect$auto(r1, &(0x7f00000018c0)=@phonet={0x23, 0x65, 0xd3, 0x5}, 0x55) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sg0\x00', 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dsp\x00', 0x20342, 0x0) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='E\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fcdbdf250f0000007c31117084ec83e19b3a40140691b02e9dd41d8e73d0ef5febd339d9675e5ec7c7b3427f498728304a9c9a8664bfd559"], 0x44}, 0x1, 0x0, 0x0, 0x8080}, 0x24040080) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/netfilter/nf_log/7\x00', 0xe0002, 0x0) read$auto(r6, &(0x7f00000001c0)='/\x80\xac\xcf2get\x00\x00\x00\x01\x00\x00\x00\x00', 0x3) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/projid_map\x00', 0x100000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x42, 0x0) select$auto(0x2, 0x0, 0x0, &(0x7f0000000080)={[0x1ff, 0xd5b, 0x9, 0x37, 0x9489, 0xfffffffffffffcfb, 0x15f4da0b, 0x1, 0x5, 0x300000000000600, 0x40080000001, 0x5, 0x6d3a, 0x8, 0x8, 0xfffffffffffffffc]}, 0x0) 3.069215501s ago: executing program 0 (id=706): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf) adjtimex$auto(0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) ustat$auto(0x801, 0x0) sysfs$auto(0x3, 0x23, 0x0) 2.535809896s ago: executing program 0 (id=707): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x80100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000600)={{@raw=0x9, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535"}, 0x1, @bytes=@data="b5f14ac58d7170cfc174e06a2e55281d77e160ac8864f19ca61da57f5088a92f7c41dcdda0a8903b3af2f8a4aaf6836a970794823c25cc86f8b1c636af763f13fe51b3adebc646ec3448e61f87f409dc1aa7adcdbd3d1441cd9f1a70265a1c96dfbcd28c48c4945b32a905fa58c5aaac54d94565b52c7aeaddaf058e748ee37bc98fb6a9376a57ab768d3158bda82384c5aa56ede86ad5848b79c79af3c9176123055a0421e2eca27fe07c700356446e226fd849b9ee1cb1ea8fd2b8e9ca1e8fbb7fb2060f14d33660244a8de277a75a4867111af2eb883f182839ca7715390701684f756de053e8f4147e15998f7c66d6e47151d38f6b85b5f9c9ff11e729558edf1f62971738e38d99e8ec42d9bda014703f1a46fcfdba8ab793deb167fa2d7e53b5ae7b07e60c3205d3f63a226592ed1555d6e55fa370b8987c626af5631a6b1c8d0b0b162aa06e6d6b9a749cf13e767780d70b2750b6ea8b60e337102ca14b212d5697e7cd98a60567b76cc89cb2b4b08e69c02bb4dec1db0579d0929aa1e0ed099ea8025beebb24659b6b2426f6801d1fe17a40c386fabb0438ffba16a3eab0322edc897150552fcd16c5f47faf2c5a7e4b37171a9fb7cc886c6ea7e58cc1e705e4953190e51fe03df2e8e5f907dcdeb7daad9d3bf9b0b3b3712aac7067e519586497b0ab1886e9aaac2b32c79e813fbcfd8954752567e9d0897303a713", "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) 2.4303941s ago: executing program 2 (id=708): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, 0x0, 0x5, 0x20000000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xf90000, 0x0, 0xfffffffffffffffd) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) 2.419197539s ago: executing program 1 (id=709): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) ustat$auto(0x801, 0x0) sysfs$auto(0x3, 0x23, 0x0) 2.373820886s ago: executing program 3 (id=710): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x80100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000600)={{@raw=0x9, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535"}, 0x1, @bytes=@data="b5f14ac58d7170cfc174e06a2e55281d77e160ac8864f19ca61da57f5088a92f7c41dcdda0a8903b3af2f8a4aaf6836a970794823c25cc86f8b1c636af763f13fe51b3adebc646ec3448e61f87f409dc1aa7adcdbd3d1441cd9f1a70265a1c96dfbcd28c48c4945b32a905fa58c5aaac54d94565b52c7aeaddaf058e748ee37bc98fb6a9376a57ab768d3158bda82384c5aa56ede86ad5848b79c79af3c9176123055a0421e2eca27fe07c700356446e226fd849b9ee1cb1ea8fd2b8e9ca1e8fbb7fb2060f14d33660244a8de277a75a4867111af2eb883f182839ca7715390701684f756de053e8f4147e15998f7c66d6e47151d38f6b85b5f9c9ff11e729558edf1f62971738e38d99e8ec42d9bda014703f1a46fcfdba8ab793deb167fa2d7e53b5ae7b07e60c3205d3f63a226592ed1555d6e55fa370b8987c626af5631a6b1c8d0b0b162aa06e6d6b9a749cf13e767780d70b2750b6ea8b60e337102ca14b212d5697e7cd98a60567b76cc89cb2b4b08e69c02bb4dec1db0579d0929aa1e0ed099ea8025beebb24659b6b2426f6801d1fe17a40c386fabb0438ffba16a3eab0322edc897150552fcd16c5f47faf2c5a7e4b37171a9fb7cc886c6ea7e58cc1e705e4953190e51fe03df2e8e5f907dcdeb7daad9d3bf9b0b3b3712aac7067e519586497b0ab1886e9aaac2b32c79e813fbcfd8954752567e9d0897303a713", "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) (fail_nth: 1) 2.301949849s ago: executing program 0 (id=711): ioctl$auto(0xffffffffffffffff, 0x40046207, 0x9) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x101000, 0x0) ioctl$auto_UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000000)=0x0) r1 = signalfd$auto(r0, &(0x7f0000000140), 0x2) ioctl$auto_TUNSETLINK(r1, 0x400454cd, &(0x7f0000000180)) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000540)=ANY=[@ANYBLOB="d8249c000000", @ANYRES16=0x0, @ANYBLOB="010026bd7000fcdbdf2501000000bb000d807e79c0d272eb0b24ac26deb8a8c3316895de8d3c70c81a9f005780b0eff182b4270f1f3359d2e83925a09ac39294f399a787bedec4887fe93b77cfd21f65a02cd42c47687c1c76b93fa37fc1513b50eebacd6e659ad5481707b0f646e804f8d6b8b6f48390d8b88c68e894359bc5edfbff"], 0xd0}, 0x1, 0x0, 0x0, 0x4000}, 0x24040841) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="40000000fc2463926384a67f95ffcba8e19d17b2ca7533b5109c79f24de5c38712cc7ebc8dfd2d9f6fb29e4afb2179529e864727ae329c32f8217d2ec26ff5bc28b67f4545863ba997fa4aa09c42e1e50b6ee52cd49306ca788e21e81c7a25897707029447907aeaa65c6f7a30800a3f50952f3078de0845d50272ef89533883907c956e3f6bd6919b26e8481e9289af994840121e2847245ef5e38fb38707389ccf1822000000000ffdb6c091b4002bba30a9d983aa36857fef736738875d4653e7fe82088722564fc1e26fb712499f902ec699a3f9edf3ff8b38511c7afb894ab8e1c990b32afd1778cabef8652d66d0c67567e4093ede6299aeb664eb534c8b2958db472ffba04d7658fa86dd", @ANYRES16=r3, @ANYBLOB="1b0026bd7000fddbdf250300000004000800100003800c00038008001500", @ANYRES32, @ANYBLOB="12000100898771f1c19f1779048590828847000004000280"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1aea8974a9e22d77cb94cae6c89e239bacfe656d9b0948de480ce2ba3b4dbcb180089d5eb0f8f481e02f7d4628e9134b6e52881572a398e4edd6f01f90983826d721dddc7d4ba3f293288ba54f696fa25cc2f8721c3e380dd04bf05801f90019498601fcbcea6aa6a2d7983e6823f480185ef9c3b4ed19c4f94c108067c89d69bc4e0da0112280ecd0caff8a454fb3e6655dc6a35cdd053aef882e403458754f5e84bd2210f18a61106af8c5a2c18dc48ff87cfda6d545014009a167570f0550e5121d0bdf4b20a1177b708e5515ee33db3baf29633440999ddd36eb0299a1efcd8934ab60c1a88d9db6fa0d2b3f0bf12e87630e0dc5eddca8f291ad85141391e6f9fe56ee4ddb39a1ac7a573cb69ec14f012ea0b721df3ea40747d1130a61802e859519ae1bc5a3673105fa87485f88b8981a3a208a3576848c2df152a023f5e573c867b43b10247336b110956eb28e5288d7aa59219e8324857cdf6d17530385720afd5a1ffd23aa1bd061b73caafa05afdd1441040989d081814635347f1d55669b1c38be4698e3a085e2010e35d2747b4e39ef4920f58d6b4585d737c13221a44ad5543099bb0ab228722ef9cbc0d621178012495837d6a220eeaaf498ccc01", 0x4ba) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x3, 0x0) mount$auto(0x0, &(0x7f0000000140)='}[,&*}\x00', 0x0, 0xe770, &(0x7f00000001c0)='DJ') r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r4, 0x5412, &(0x7f00000010c0)="c2") write$auto_tty_fops_tty_io(r4, &(0x7f0000000080)="278346a179e0aee544d8cf8e3c7eb793e15862bb8cb45670db82540d102c4445c6f57b739a2fe5e2f87c7d06e10c4ebf17c3cf1b09ed1eeef9567cee325fd9549d13f987ea21ea6cde147b59e56ada542470c526064bd3f1088c6c37268e97ba6b1212bf484e24fb5f30cfabab10b480f4352a88b0323d6557cc1044301513b8562b087344820cef0a6e4c476e39eb4066995c664d77ea88a7134edf4f", 0x9d) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x481, 0x400, 0x9}]}) ioctl$auto_UI_DEV_DESTROY(r0, 0x5502, 0x0) socket(0x23, 0x6, 0x55) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x880) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x19) shmget$auto(0x400, 0x10563, 0x568c12f2) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00') 2.266550981s ago: executing program 1 (id=712): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_trace_dev_match\x00', 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) ustat$auto(0x801, 0x0) 1.725843608s ago: executing program 3 (id=713): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) msgctl$auto_MSG_STAT_ANY(0x4, 0xd, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000180), 0x2a80, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket(0x11, 0x3, 0x9) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) adjtimex$auto(&(0x7f00000001c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0xfffffffffffffffe, {0x2100000000, 0x10000}, 0x3, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x2}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x521202, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendfile$auto(0xffffffffffffffff, r0, &(0x7f00000003c0)=0x1b7e46a, 0x1) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x1000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2, 0x3f]}, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) fcntl$auto_F_GET_SEALS(0xffffffffffffffff, 0x40a, 0x800) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x8000001, 0x2020009, 0x9, 0x9b04217, 0xfffffffffffffffa, 0x3) socket(0x2, 0x4, 0x0) 1.469598623s ago: executing program 2 (id=714): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) msgctl$auto_MSG_STAT_ANY(0x4, 0xd, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000180), 0x2a80, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket(0x11, 0x3, 0x9) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) adjtimex$auto(&(0x7f00000001c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd0, 0x3, 0x6, 0x0, 0x10000, 0x1, 0xfffffffffffffffe, {0x2100000000, 0x10000}, 0x3, 0x4, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x2}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x521202, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) sendfile$auto(0xffffffffffffffff, r0, &(0x7f00000003c0)=0x1b7e46a, 0x1) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x1000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) fcntl$auto_F_GET_SEALS(0xffffffffffffffff, 0x40a, 0x800) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) connect$auto(0x4, 0x0, 0x10) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x8000001, 0x2020009, 0x9, 0x9b04217, 0xfffffffffffffffa, 0x3) socket(0x2, 0x4, 0x0) 1.468683902s ago: executing program 1 (id=715): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x64, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @broadcast}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @random="70b28a70c5dc"}, @HSR_A_IF1_AGE={0x8, 0x3, 0x36}, @HSR_A_IF2_SEQ={0x6, 0x7, 0xff}, @HSR_A_NODE_ADDR={0xa, 0x1, @remote}]}, 0x64}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x200000000004, 0x81, 0xdf, 0xeb1, 0x401, 0x8000) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0) write$auto(r0, 0x0, 0x2b6) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) madvise$auto(0x0, 0x2003f0, 0x14) 937.583445ms ago: executing program 0 (id=716): ioctl$auto_UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000000)=0x0) ioctl$auto_UI_DEV_DESTROY(0xffffffffffffffff, 0x5502, 0x0) 497.945652ms ago: executing program 0 (id=717): mmap$auto(0x0, 0x2, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/pids.events.local\x00', 0x103042, 0x0) syz_genetlink_get_family_id$auto_batadv(&(0x7f00000002c0), 0xffffffffffffffff) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f00000000c0)={@siginfo_0_0={0xa, 0xb92, 0x9}}, 0x4) r0 = pipe$auto(&(0x7f00000000c0)) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x1f, 0x940, 0x1ffde, 0x3, 0x6, 0x8000003, 0x9, 0x5, 0x0, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x205, 0x7, 0x0, 0x40000, 0x0, 0x3}, 0x1ff, 0x7d) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) connect$auto(r0, &(0x7f0000000000)=@phonet={0x23, 0xa0, 0x3, 0x30}, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0xffffe000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 509.662µs ago: executing program 0 (id=718): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/i8042/serio0/set\x00', 0x80302, 0x0) stat$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8, 0x3, 0x9, 0x100, 0x200, 0xb, 0x401, 0x8, 0x68, 0x9}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) keyctl$auto(0x17, 0x4, 0x7fffffffefff, 0x400, 0x0) r2 = getuid() r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010329bd700002dcdf2524"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40044010) r5 = geteuid() r6 = ioctl$auto_TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000180)={0x90b, &(0x7f0000000140)={0x794a, 0x5, 0x7, @raw=0x1ff}}) setsockopt$auto_SO_SNDTIMEO_NEW(r6, 0x3, 0x43, &(0x7f00000001c0)='/proc/self/oom_adj\x00', 0x2) setreuid$auto(r5, 0x0) setresuid$auto(r1, r2, r5) r7 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/interrupts\x00', 0x10b402, 0x0) pread64$auto(r7, 0x0, 0x8100000041, 0x413e) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r8 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r8, 0x0, 0x1f40) r9 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r9, &(0x7f0000000200)={0x0, 0x7}, 0x3) kill$auto(0x0, 0x11) sendmmsg$auto(r8, 0x0, 0xfffff848, 0xfff) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) 234.85µs ago: executing program 2 (id=719): socket(0x2, 0x2, 0x0) mmap$auto(0x8, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x100000000) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000003680)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000003680)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_NEW_KEY(r1, &(0x7f00000048c0)={0x0, 0x0, &(0x7f0000004880)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029a27000fddbdf0900000000000000a9144b9ac5595134f4edd5ae00", @ANYRES32=r2, @ANYBLOB="05003901"], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20000094) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) lsm_list_modules$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0x10, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0x10, 0x401, 0x8000) r3 = syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3d, 0x870, r3, 0x2, 0x0) (async) r4 = prctl$auto(0x3d, 0x870, r3, 0x2, 0x0) mmap$auto(0x0, 0xe983, 0x4000000000000e1, 0x17, 0xffffffffffffffff, 0x7fff) r5 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x89\x06s\x1cJ\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x10, 0x6) (async) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x89\x06s\x1cJ\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x10, 0x6) ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x5412, &(0x7f00000002c0)="12915edfc1c0b95caa8aed7a921f3d6b429df7973f3cb7d3f65627940112588c448a1639f194be388e679f5084810e5d1488ebd5217c2a87630ef8ea35125471ce443c7270732d086fb9e6c37d61") recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), r4) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x3222b14561ab0a8b}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="00082cbb7000fcdbdf25020000000400245be9ee757d9aebdfb5544f930fa73b01"], 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x4080) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f00000001c0), r5) (async) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f00000001c0), r5) unshare$auto(0x40000080) r7 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r7) mkdir$auto(0x0, 0x6) socket(0x2, 0x1, 0x0) (async) socket(0x2, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/cgroup.type\x00', 0x103042, 0x0) mmap$auto(0x8, 0x40009, 0x3, 0x8009b72, 0x7, 0x28000) 0s ago: executing program 3 (id=720): openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x1c, r1, 0x305, 0x70bd23, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40008}, 0x4000040) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x4) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) socket(0x1e, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) getpid() setsockopt$auto(0x3, 0x6a, 0x7, 0xffffffffffffffff, 0x3) mmap$auto(0xfffffffffffffffc, 0x400005, 0xe3, 0x18, 0x2, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) mincore$auto(0x1000, 0x8001, 0x0) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x101402, 0x0) kernel console output (not intermixed with test programs): DUID 00:04:b7:d5:f8:ee:8b:f8:ce:c6:f2:e0:c5:17:b2:3a:e2:85 forked to background, child pid 5507 [ 65.813410][ T5508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.832688][ T5508] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts. syzkaller login: [ 90.796775][ T5829] cgroup: Unknown subsys name 'net' [ 90.929515][ T5829] cgroup: Unknown subsys name 'cpuset' [ 90.938839][ T5829] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.844617][ T5829] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.074377][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.085264][ T5154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.094025][ T5154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.101580][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.109685][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.125732][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.134406][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.142304][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.166249][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.178417][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.308076][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.316472][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.324292][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.324553][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.338978][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.347676][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.355803][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.361745][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.365957][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.370902][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.712756][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 95.763058][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 95.918797][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.926649][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.933963][ T5843] bridge_slave_0: entered allmulticast mode [ 95.941717][ T5843] bridge_slave_0: entered promiscuous mode [ 96.003597][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.010957][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.018896][ T5843] bridge_slave_1: entered allmulticast mode [ 96.027000][ T5843] bridge_slave_1: entered promiscuous mode [ 96.071146][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.078559][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.085834][ T5839] bridge_slave_0: entered allmulticast mode [ 96.093612][ T5839] bridge_slave_0: entered promiscuous mode [ 96.106576][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.123304][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.130689][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.137942][ T5839] bridge_slave_1: entered allmulticast mode [ 96.145684][ T5839] bridge_slave_1: entered promiscuous mode [ 96.163732][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.258949][ T5843] team0: Port device team_slave_0 added [ 96.270015][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.287194][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.314270][ T5843] team0: Port device team_slave_1 added [ 96.387946][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.397293][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.426740][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.475729][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.482728][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.509021][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.537715][ T5839] team0: Port device team_slave_0 added [ 96.544032][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 96.571053][ T5839] team0: Port device team_slave_1 added [ 96.679395][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.686962][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.713099][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.724340][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 96.745404][ T5843] hsr_slave_0: entered promiscuous mode [ 96.751859][ T5843] hsr_slave_1: entered promiscuous mode [ 96.772509][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.779720][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.806218][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.887446][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.894668][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.902430][ T5851] bridge_slave_0: entered allmulticast mode [ 96.910452][ T5851] bridge_slave_0: entered promiscuous mode [ 96.920045][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.927496][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.935054][ T5851] bridge_slave_1: entered allmulticast mode [ 96.942553][ T5851] bridge_slave_1: entered promiscuous mode [ 97.067712][ T5839] hsr_slave_0: entered promiscuous mode [ 97.074182][ T5839] hsr_slave_1: entered promiscuous mode [ 97.080632][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.089641][ T5839] Cannot create hsr debugfs directory [ 97.099037][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.111637][ T979] cfg80211: failed to load regulatory.db [ 97.158740][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.185593][ T5154] Bluetooth: hci1: command tx timeout [ 97.210383][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.218172][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.226037][ T5850] bridge_slave_0: entered allmulticast mode [ 97.233361][ T5850] bridge_slave_0: entered promiscuous mode [ 97.265402][ T5154] Bluetooth: hci0: command tx timeout [ 97.274572][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.282284][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.289592][ T5850] bridge_slave_1: entered allmulticast mode [ 97.297519][ T5850] bridge_slave_1: entered promiscuous mode [ 97.322394][ T5851] team0: Port device team_slave_0 added [ 97.331540][ T5851] team0: Port device team_slave_1 added [ 97.375808][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.421193][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.434937][ T55] Bluetooth: hci3: command tx timeout [ 97.440826][ T5154] Bluetooth: hci2: command tx timeout [ 97.490947][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.498520][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.524617][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.539129][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.546460][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.572842][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.630548][ T5850] team0: Port device team_slave_0 added [ 97.640350][ T5850] team0: Port device team_slave_1 added [ 97.752440][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.759635][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.786138][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.828088][ T5851] hsr_slave_0: entered promiscuous mode [ 97.834451][ T5851] hsr_slave_1: entered promiscuous mode [ 97.841176][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.848940][ T5851] Cannot create hsr debugfs directory [ 97.855356][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.862357][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.888442][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.033054][ T5850] hsr_slave_0: entered promiscuous mode [ 98.039864][ T5850] hsr_slave_1: entered promiscuous mode [ 98.046532][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.054125][ T5850] Cannot create hsr debugfs directory [ 98.075442][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.088690][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.108962][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.122244][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.296945][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.315140][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.339604][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.357103][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.563407][ T5851] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.574642][ T5851] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.586768][ T5851] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.614813][ T5851] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.699837][ T5850] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.717103][ T5850] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.741488][ T5850] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.753306][ T5850] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.803895][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.860322][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.872933][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.893258][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.900621][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.951461][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.966491][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.973637][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.041173][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.048425][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.076743][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.083914][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.098186][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.161196][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.189308][ T1056] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.196480][ T1056] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.230675][ T1056] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.237851][ T1056] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.265243][ T5154] Bluetooth: hci1: command tx timeout [ 99.324108][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.345218][ T5154] Bluetooth: hci0: command tx timeout [ 99.394297][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.460969][ T5851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 99.488374][ T4562] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.495610][ T4562] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.508020][ T5154] Bluetooth: hci2: command tx timeout [ 99.513487][ T5154] Bluetooth: hci3: command tx timeout [ 99.521761][ T4562] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.529049][ T4562] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.643925][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.812516][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.844321][ T5843] veth0_vlan: entered promiscuous mode [ 99.909096][ T5843] veth1_vlan: entered promiscuous mode [ 100.012580][ T5839] veth0_vlan: entered promiscuous mode [ 100.033395][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.069513][ T5839] veth1_vlan: entered promiscuous mode [ 100.101852][ T5843] veth0_macvtap: entered promiscuous mode [ 100.121642][ T5843] veth1_macvtap: entered promiscuous mode [ 100.147630][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.202636][ T5851] veth0_vlan: entered promiscuous mode [ 100.234495][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.248586][ T5839] veth0_macvtap: entered promiscuous mode [ 100.262292][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.274435][ T5843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.285031][ T5843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.293775][ T5843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.302998][ T5843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.320911][ T5839] veth1_macvtap: entered promiscuous mode [ 100.347277][ T5851] veth1_vlan: entered promiscuous mode [ 100.367419][ T5850] veth0_vlan: entered promiscuous mode [ 100.401561][ T5850] veth1_vlan: entered promiscuous mode [ 100.423298][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.437244][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.449519][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.460633][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.473208][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.487211][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.513559][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.523300][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.532624][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.541561][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.576068][ T5851] veth0_macvtap: entered promiscuous mode [ 100.622925][ T5851] veth1_macvtap: entered promiscuous mode [ 100.682222][ T5850] veth0_macvtap: entered promiscuous mode [ 100.697021][ T1056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.711993][ T1056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.722585][ T5850] veth1_macvtap: entered promiscuous mode [ 100.733495][ T5851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.745801][ T5851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.755762][ T5851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.767595][ T5851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.779921][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.817826][ T5851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.828736][ T5851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.840420][ T5851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.851154][ T5851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.862601][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.913443][ T5851] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.923942][ T5851] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.932903][ T5851] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.942063][ T5851] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.960407][ T1056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.972433][ T3003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.977023][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.984929][ T1056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.990873][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.012737][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.012891][ T3003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.023946][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.048873][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 101.059423][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.071447][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.095960][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.107031][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.117036][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.127611][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.137505][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 101.148019][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 101.160206][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.209033][ T5850] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.219470][ T5850] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.230133][ T5850] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.239285][ T5850] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.344513][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.348453][ T55] Bluetooth: hci1: command tx timeout [ 101.362105][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.369166][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 101.420678][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.429114][ T55] Bluetooth: hci0: command tx timeout [ 101.434654][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.581549][ T1056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.589802][ T55] Bluetooth: hci3: command tx timeout [ 101.595828][ T5154] Bluetooth: hci2: command tx timeout [ 101.609592][ T1056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.752148][ T3003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.783252][ T3003] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.827967][ T195] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.840467][ T195] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.397536][ T5923] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6'. [ 103.425528][ T55] Bluetooth: hci1: command tx timeout [ 103.505469][ T55] Bluetooth: hci0: command tx timeout [ 103.665368][ T55] Bluetooth: hci3: command tx timeout [ 103.670888][ T55] Bluetooth: hci2: command tx timeout [ 104.527134][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.607356][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.717211][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.726054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.852708][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 104.954858][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 105.438997][ T5954] Zero length message leads to an empty skb [ 105.466895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 107.719895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 107.827215][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 107.924574][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 113.393546][ T5906] delete_channel: no stack [ 115.753933][ T6054] netlink: 326 bytes leftover after parsing attributes in process `syz.1.29'. [ 117.513822][ T6077] netlink: 326 bytes leftover after parsing attributes in process `syz.1.36'. [ 119.370165][ T6099] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[6099] [ 119.515018][ T6088] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[6088] [ 119.530045][ T6093] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[6093] [ 120.206793][ T6105] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 120.697201][ T6113] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.798116][ T6113] netlink: 338 bytes leftover after parsing attributes in process `syz.3.42'. [ 120.809380][ T6113] netlink: 338 bytes leftover after parsing attributes in process `syz.3.42'. [ 122.087553][ T6125] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[6125] [ 122.684501][ T6129] netlink: 326 bytes leftover after parsing attributes in process `syz.1.46'. [ 124.725187][ T6136] netlink: 4 bytes leftover after parsing attributes in process `syz.0.48'. [ 124.898883][ T6139] bridge0: port 3(team0) entered blocking state [ 124.937712][ T6139] bridge0: port 3(team0) entered disabled state [ 124.944348][ T6139] team0: entered allmulticast mode [ 124.951464][ T6139] team_slave_0: entered allmulticast mode [ 124.957767][ T6139] team_slave_1: entered allmulticast mode [ 124.981023][ T6139] team0: entered promiscuous mode [ 124.991211][ T6139] team_slave_0: entered promiscuous mode [ 124.999027][ T6139] team_slave_1: entered promiscuous mode [ 125.031896][ T6139] bridge0: port 3(team0) entered blocking state [ 125.038543][ T6139] bridge0: port 3(team0) entered forwarding state [ 129.663487][ T6196] netlink: 28 bytes leftover after parsing attributes in process `syz.1.61'. [ 134.212789][ T6257] netlink: 4 bytes leftover after parsing attributes in process `syz.1.74'. [ 134.339738][ T6263] bridge0: port 3(team0) entered blocking state [ 134.397293][ T6263] bridge0: port 3(team0) entered disabled state [ 134.445135][ T6263] team0: entered allmulticast mode [ 134.451439][ T6263] team_slave_0: entered allmulticast mode [ 134.479121][ T6263] team_slave_1: entered allmulticast mode [ 134.557511][ T6263] team0: entered promiscuous mode [ 134.562644][ T6263] team_slave_0: entered promiscuous mode [ 134.601777][ T6263] team_slave_1: entered promiscuous mode [ 134.626763][ T6263] bridge0: port 3(team0) entered blocking state [ 134.633268][ T6263] bridge0: port 3(team0) entered forwarding state [ 138.070621][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.084939][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.483500][ T6317] netlink: 326 bytes leftover after parsing attributes in process `syz.0.91'. [ 145.280531][ T6349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.99'. [ 145.483342][ T6352] bridge0: port 3(team0) entered blocking state [ 145.513358][ T6352] bridge0: port 3(team0) entered disabled state [ 145.521078][ T6352] team0: entered allmulticast mode [ 145.526767][ T6352] team_slave_0: entered allmulticast mode [ 145.532755][ T6352] team_slave_1: entered allmulticast mode [ 145.542019][ T6352] team0: entered promiscuous mode [ 145.550042][ T6352] team_slave_0: entered promiscuous mode [ 145.577695][ T6352] team_slave_1: entered promiscuous mode [ 145.625561][ T6352] bridge0: port 3(team0) entered blocking state [ 145.632008][ T6352] bridge0: port 3(team0) entered forwarding state [ 147.407454][ T6399] netlink: 326 bytes leftover after parsing attributes in process `syz.2.109'. [ 151.786284][ T6461] netlink: 338 bytes leftover after parsing attributes in process `syz.1.124'. [ 151.831422][ T6461] netlink: 338 bytes leftover after parsing attributes in process `syz.1.124'. [ 151.978870][ T6469] netlink: 326 bytes leftover after parsing attributes in process `syz.3.129'. [ 156.133575][ T6523] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[6523] [ 156.272130][ T6528] netlink: 338 bytes leftover after parsing attributes in process `syz.2.144'. [ 156.322903][ T6528] netlink: 338 bytes leftover after parsing attributes in process `syz.2.144'. [ 159.354359][ T6573] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[6573] [ 159.620970][ T6586] netlink: 338 bytes leftover after parsing attributes in process `syz.0.160'. [ 159.655283][ T6586] netlink: 338 bytes leftover after parsing attributes in process `syz.0.160'. [ 162.215936][ T6631] netlink: 326 bytes leftover after parsing attributes in process `syz.0.175'. [ 163.406293][ T6642] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[6642] [ 164.413003][ T6660] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[6660] [ 165.118132][ T6663] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[6663] [ 166.588051][ T6685] netlink: 326 bytes leftover after parsing attributes in process `syz.3.189'. [ 168.230330][ T6712] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[6712] [ 169.384518][ T6730] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[6730] [ 169.560225][ T6732] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[6732] [ 172.463562][ T6765] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[6765] [ 173.563780][ T6780] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[6780] [ 174.085925][ T6796] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[6796] [ 178.905163][ T6852] netlink: 326 bytes leftover after parsing attributes in process `syz.2.232'. [ 184.079678][ T6919] netlink: 326 bytes leftover after parsing attributes in process `syz.0.247'. [ 199.512204][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.512268][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 202.061723][ T7150] netlink: 146 bytes leftover after parsing attributes in process `syz.0.303'. [ 203.388270][ T7164] netlink: 338 bytes leftover after parsing attributes in process `syz.1.314'. [ 207.300385][ T7210] netlink: 146 bytes leftover after parsing attributes in process `syz.1.315'. [ 208.169860][ T7235] netlink: 338 bytes leftover after parsing attributes in process `syz.1.322'. [ 209.258386][ T7243] netlink: 338 bytes leftover after parsing attributes in process `syz.0.332'. [ 214.610464][ T7312] netlink: 338 bytes leftover after parsing attributes in process `syz.3.339'. [ 217.675136][ T7353] netlink: 338 bytes leftover after parsing attributes in process `syz.3.349'. [ 217.707988][ T7348] netlink: 28 bytes leftover after parsing attributes in process `syz.0.348'. [ 219.614316][ T7370] netlink: 338 bytes leftover after parsing attributes in process `syz.0.359'. [ 222.067625][ T7381] Bluetooth: hci1: command 0x0406 tx timeout [ 222.073729][ T7381] Bluetooth: hci0: command 0x0406 tx timeout [ 222.080594][ T7381] Bluetooth: hci3: command 0x0406 tx timeout [ 222.086980][ T7381] Bluetooth: hci2: command 0x0406 tx timeout [ 224.038348][ T7441] netlink: 338 bytes leftover after parsing attributes in process `syz.2.367'. [ 226.102457][ T7437] delete_channel: no stack [ 228.353885][ T7498] netlink: 338 bytes leftover after parsing attributes in process `syz.0.377'. [ 233.497045][ T7555] netlink: 338 bytes leftover after parsing attributes in process `syz.2.391'. [ 234.173077][ T7566] busy [ 235.088496][ T7579] busy [ 236.612177][ T7517] delete_channel: no stack [ 236.685040][ T7604] netlink: 12 bytes leftover after parsing attributes in process `syz.0.410'. [ 237.792799][ T7621] can: request_module (can-proto-0) failed. [ 237.965708][ T7626] netlink: 338 bytes leftover after parsing attributes in process `syz.1.407'. syzkaller syzkaller login: [ 241.191223][ T55] Bluetooth: hci1: Malformed LE Event: 0x1b [ 241.784880][ T7683] netlink: 338 bytes leftover after parsing attributes in process `syz.0.421'. [ 242.811915][ T7702] ======================================================= [ 242.811915][ T7702] WARNING: The mand mount option has been deprecated and [ 242.811915][ T7702] and is ignored by this kernel. Remove the mand [ 242.811915][ T7702] option from the mount to silence this warning. [ 242.811915][ T7702] ======================================================= [ 242.846814][ C1] vkms_vblank_simulate: vblank timer overrun [ 242.909817][ T7702] nfsd: Unknown parameter 'DJ6{4!f b-G(Rېz)`ncAs(Ļ0c5.kD ũ|p)As*V]ȸ厢]b]E-%E;|>1TN<ùGep$DrműT&Ot [ 242.909817][ T7702] fQJ d(;]*>W5m(-.kX^^Tt++#J4/kK#m*' [ 243.258800][ T30] audit: type=1800 audit(6039402177.745:2): pid=7702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.425" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 243.509888][ T7714] Line length is too long: Should be less than 4094 [ 246.276744][ T7751] netlink: 338 bytes leftover after parsing attributes in process `syz.1.436'. [ 247.765714][ T7765] FAULT_INJECTION: forcing a failure. [ 247.765714][ T7765] name failslab, interval 1, probability 0, space 0, times 0 [ 247.811886][ T7765] CPU: 0 UID: 0 PID: 7765 Comm: syz.0.441 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 247.811927][ T7765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 247.811949][ T7765] Call Trace: [ 247.811960][ T7765] [ 247.811975][ T7765] dump_stack_lvl+0x16c/0x1f0 [ 247.812032][ T7765] should_fail_ex+0x512/0x640 [ 247.812067][ T7765] ? fs_reclaim_acquire+0xae/0x150 [ 247.812106][ T7765] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 247.812155][ T7765] should_failslab+0xc2/0x120 [ 247.812183][ T7765] __kmalloc_noprof+0xd2/0x510 [ 247.812236][ T7765] tomoyo_realpath_from_path+0xc2/0x6e0 [ 247.812282][ T7765] ? tomoyo_profile+0x47/0x60 [ 247.812344][ T7765] tomoyo_path_number_perm+0x245/0x580 [ 247.812377][ T7765] ? tomoyo_path_number_perm+0x237/0x580 [ 247.812435][ T7765] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 247.812474][ T7765] ? find_held_lock+0x2b/0x80 [ 247.812551][ T7765] ? find_held_lock+0x2b/0x80 [ 247.812587][ T7765] ? hook_file_ioctl_common+0x145/0x410 [ 247.812628][ T7765] ? __fget_files+0x20e/0x3c0 [ 247.812680][ T7765] security_file_ioctl+0x9b/0x240 [ 247.812720][ T7765] __x64_sys_ioctl+0xb7/0x200 [ 247.812761][ T7765] do_syscall_64+0xcd/0x260 [ 247.812810][ T7765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.812842][ T7765] RIP: 0033:0x7fc849b8d169 [ 247.812865][ T7765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.812906][ T7765] RSP: 002b:00007fc84a974038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.812934][ T7765] RAX: ffffffffffffffda RBX: 00007fc849da5fa0 RCX: 00007fc849b8d169 [ 247.812953][ T7765] RDX: 0000000000000000 RSI: 00000000c0585611 RDI: 0000000000000000 [ 247.812971][ T7765] RBP: 00007fc84a974090 R08: 0000000000000000 R09: 0000000000000000 [ 247.812989][ T7765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.813007][ T7765] R13: 0000000000000000 R14: 00007fc849da5fa0 R15: 00007fff360d9af8 [ 247.813046][ T7765] [ 247.813064][ T7765] ERROR: Out of memory at tomoyo_realpath_from_path. [ 249.200913][ T7785] netlink: 'syz.1.446': attribute type 1 has an invalid length. [ 250.467434][ T7793] ima: policy update failed [ 250.489593][ T30] audit: type=1802 audit(6039402184.955:3): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.448" res=0 errno=0 [ 250.645210][ T7818] netlink: 338 bytes leftover after parsing attributes in process `syz.2.452'. [ 254.131366][ T7867] netlink: 338 bytes leftover after parsing attributes in process `syz.2.466'. [ 254.285624][ T7871] MTRR 1 not used [ 255.389576][ T7887] FAULT_INJECTION: forcing a failure. [ 255.389576][ T7887] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 255.419552][ T7887] CPU: 1 UID: 0 PID: 7887 Comm: syz.0.471 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 255.419591][ T7887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 255.419609][ T7887] Call Trace: [ 255.419619][ T7887] [ 255.419630][ T7887] dump_stack_lvl+0x16c/0x1f0 [ 255.419679][ T7887] should_fail_ex+0x512/0x640 [ 255.419720][ T7887] _copy_to_user+0x32/0xd0 [ 255.419761][ T7887] simple_read_from_buffer+0xcb/0x170 [ 255.419808][ T7887] proc_fail_nth_read+0x197/0x270 [ 255.419851][ T7887] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 255.419896][ T7887] ? rw_verify_area+0xcf/0x680 [ 255.419932][ T7887] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 255.419977][ T7887] vfs_read+0x1de/0xc70 [ 255.420025][ T7887] ? __pfx___mutex_lock+0x10/0x10 [ 255.420072][ T7887] ? __pfx_vfs_read+0x10/0x10 [ 255.420127][ T7887] ? __fget_files+0x20e/0x3c0 [ 255.420185][ T7887] ksys_read+0x12a/0x240 [ 255.420228][ T7887] ? __pfx_ksys_read+0x10/0x10 [ 255.420313][ T7887] ? rcu_is_watching+0x12/0xc0 [ 255.420365][ T7887] do_syscall_64+0xcd/0x260 [ 255.420415][ T7887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.420447][ T7887] RIP: 0033:0x7fc849b8bb7c [ 255.420471][ T7887] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 255.420499][ T7887] RSP: 002b:00007fc84a974030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 255.420529][ T7887] RAX: ffffffffffffffda RBX: 00007fc849da5fa0 RCX: 00007fc849b8bb7c [ 255.420549][ T7887] RDX: 000000000000000f RSI: 00007fc84a9740a0 RDI: 0000000000000004 [ 255.420568][ T7887] RBP: 00007fc84a974090 R08: 0000000000000000 R09: 0000000000000000 [ 255.420586][ T7887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.420605][ T7887] R13: 0000000000000000 R14: 00007fc849da5fa0 R15: 00007fff360d9af8 [ 255.420645][ T7887] [ 255.610754][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.616781][ C1] hrtimer: interrupt took 192100261 ns [ 255.716832][ C1] vkms_vblank_simulate: vblank timer overrun [ 256.523784][ T7905] busy [ 256.534775][ T7907] FAULT_INJECTION: forcing a failure. [ 256.534775][ T7907] name failslab, interval 1, probability 0, space 0, times 0 [ 256.548632][ T7907] CPU: 0 UID: 0 PID: 7907 Comm: syz.1.478 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 256.548672][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 256.548689][ T7907] Call Trace: [ 256.548699][ T7907] [ 256.548710][ T7907] dump_stack_lvl+0x16c/0x1f0 [ 256.548759][ T7907] should_fail_ex+0x512/0x640 [ 256.548792][ T7907] ? __kmalloc_noprof+0xbf/0x510 [ 256.548839][ T7907] ? lsm_blob_alloc+0x68/0x90 [ 256.548882][ T7907] should_failslab+0xc2/0x120 [ 256.548909][ T7907] __kmalloc_noprof+0xd2/0x510 [ 256.548962][ T7907] lsm_blob_alloc+0x68/0x90 [ 256.549007][ T7907] security_sk_alloc+0x30/0x270 [ 256.549039][ T7907] sk_prot_alloc+0x1c7/0x2a0 [ 256.549089][ T7907] sk_alloc+0x36/0xc20 [ 256.549134][ T7907] __netlink_create+0x5e/0x2c0 [ 256.549168][ T7907] ? __wake_up+0x3f/0x60 [ 256.549212][ T7907] netlink_create+0x39e/0x620 [ 256.549249][ T7907] ? __pfx_genl_bind+0x10/0x10 [ 256.549292][ T7907] ? __pfx_genl_unbind+0x10/0x10 [ 256.549336][ T7907] ? __pfx_genl_release+0x10/0x10 [ 256.549384][ T7907] __sock_create+0x335/0x8d0 [ 256.549421][ T7907] __sys_socket+0x14d/0x260 [ 256.549452][ T7907] ? __pfx___sys_socket+0x10/0x10 [ 256.549483][ T7907] ? rcu_is_watching+0x12/0xc0 [ 256.549529][ T7907] __x64_sys_socket+0x72/0xb0 [ 256.549557][ T7907] ? lockdep_hardirqs_on+0x7c/0x110 [ 256.549600][ T7907] do_syscall_64+0xcd/0x260 [ 256.549649][ T7907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.549679][ T7907] RIP: 0033:0x7f7610b8d169 [ 256.549702][ T7907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.549730][ T7907] RSP: 002b:00007f7611950038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 256.549757][ T7907] RAX: ffffffffffffffda RBX: 00007f7610da6080 RCX: 00007f7610b8d169 [ 256.549776][ T7907] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 256.549793][ T7907] RBP: 00007f7610c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 256.549810][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 256.549827][ T7907] R13: 0000000000000000 R14: 00007f7610da6080 R15: 00007fff6c619118 [ 256.549864][ T7907] [ 256.914604][ T7915] netlink: 342 bytes leftover after parsing attributes in process `syz.1.482'. [ 256.929626][ T7913] netlink: 338 bytes leftover after parsing attributes in process `syz.0.481'. [ 257.355573][ T7929] block nbd8: NBD_DISCONNECT [ 259.535063][ T7964] sp0: Synchronizing with TNC [ 260.656259][ T7990] netlink: 338 bytes leftover after parsing attributes in process `syz.0.500'. [ 260.950329][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.957017][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.670955][ T8022] WARNING! power/level is deprecated; use power/control instead [ 263.919054][ T8044] netlink: 338 bytes leftover after parsing attributes in process `syz.3.517'. [ 263.953804][ T8046] nfsd: Unknown parameter 'DJ6{4!f b-G(Rېz)`ncAs(Ļ0c5.kD ũ|p)As*V]ȸ厢]b]E-%E;|>1TN<ùGep$DrműT&Ot [ 263.953804][ T8046] fQJ d(;]*>W5m(-.kX^^Tt++#J4/kK#m*' [ 263.981269][ C1] vkms_vblank_simulate: vblank timer overrun [ 264.192177][ T30] audit: type=1800 audit(6039402198.675:4): pid=8046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.518" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 266.148976][ T8070] Console: switching to colour VGA+ 80x25 [ 267.618700][ T8101] nfsd: Unknown parameter 'DJ6{4!f b-G(Rېz)`ncAs(Ļ0c5.kD ũ|p)As*V]ȸ厢]b]E-%E;|>1TN<ùGep$DrműT&Ot [ 267.618700][ T8101] fQJ d(;]*>W5m(-.kX^^Tt++#J4/kK#m*' [ 267.893107][ T30] audit: type=1800 audit(6039402202.375:5): pid=8109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.530" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 267.936019][ T8104] netlink: 338 bytes leftover after parsing attributes in process `syz.1.531'. [ 272.602363][ T8171] busy syzkaller syzkaller login: [ 281.179541][ T8262] netlink: 338 bytes leftover after parsing attributes in process `syz.3.562'. [ 286.406170][ T8330] netlink: 338 bytes leftover after parsing attributes in process `syz.2.576'. [ 287.304064][ T8339] netlink: 338 bytes leftover after parsing attributes in process `syz.0.577'. [ 289.608408][ T8360] netlink: 338 bytes leftover after parsing attributes in process `syz.2.590'. [ 294.588620][ T8426] busy [ 301.344760][ T8519] busy [ 303.492005][ T8533] sp0: Synchronizing with TNC [ 304.378125][ T8556] nfsd: Unknown parameter 'DJ6{4!f b-G(Rېz)`ncAs(Ļ0c5.kD ũ|p)As*V]ȸ厢]b]E-%E;|>1TN<ùGep$DrműT&Ot [ 304.378125][ T8556] fQJ d(;]*>W5m(-.kX^^Tt++#J4/kK#m*' [ 304.431734][ T8558] netlink: 338 bytes leftover after parsing attributes in process `syz.3.623'. [ 305.175074][ T8575] netlink: 338 bytes leftover after parsing attributes in process `syz.0.631'. [ 307.190713][ T8604] sp0: Synchronizing with TNC [ 309.328227][ T8648] netlink: 338 bytes leftover after parsing attributes in process `syz.0.651'. [ 311.057501][ T8677] netlink: 338 bytes leftover after parsing attributes in process `syz.2.657'. [ 313.128911][ T8697] netlink: 338 bytes leftover after parsing attributes in process `syz.1.662'. [ 314.389766][ T8721] netlink: 338 bytes leftover after parsing attributes in process `syz.2.668'. [ 315.492332][ T8743] nfsd: Unknown parameter 'DJ6{4!f b-G(Rېz)`ncAs(Ļ0c5.kD ũ|p)As*V]ȸ厢]b]E-%E;|>1TN<ùGep$DrműT&Ot [ 315.492332][ T8743] fQJ d(;]*>W5m(-.kX^^Tt++#J4/kK#m*' [ 315.519894][ C1] vkms_vblank_simulate: vblank timer overrun [ 315.952199][ T30] audit: type=1800 audit(6039402250.425:6): pid=8743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.674" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 316.090272][ T8752] process 'syz.3.677' launched '/dev/fd/4' with NULL argv: empty string added [ 318.274068][ T8786] netlink: 338 bytes leftover after parsing attributes in process `syz.0.684'. [ 318.433978][ T8785] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 319.624579][ T8813] netlink: 338 bytes leftover after parsing attributes in process `syz.0.699'. [ 320.258278][ T8816] FAULT_INJECTION: forcing a failure. [ 320.258278][ T8816] name failslab, interval 1, probability 0, space 0, times 0 [ 320.432921][ T8816] CPU: 1 UID: 0 PID: 8816 Comm: syz.2.693 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 320.432965][ T8816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 320.432979][ T8816] Call Trace: [ 320.432986][ T8816] [ 320.432995][ T8816] dump_stack_lvl+0x16c/0x1f0 [ 320.433041][ T8816] should_fail_ex+0x512/0x640 [ 320.433067][ T8816] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 320.433108][ T8816] should_failslab+0xc2/0x120 [ 320.433130][ T8816] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 320.433169][ T8816] ? __kthread_create_on_node+0x186/0x3f0 [ 320.433211][ T8816] kvasprintf+0xbc/0x160 [ 320.433241][ T8816] ? __pfx_kvasprintf+0x10/0x10 [ 320.433280][ T8816] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 320.433302][ T8816] __kthread_create_on_node+0x186/0x3f0 [ 320.433338][ T8816] ? __pfx___mutex_trylock_common+0x10/0x10 [ 320.433361][ T8816] ? __pfx___kthread_create_on_node+0x10/0x10 [ 320.433412][ T8816] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 320.433436][ T8816] kthread_create_on_node+0xc7/0x100 [ 320.433471][ T8816] ? __pfx_kthread_create_on_node+0x10/0x10 [ 320.433514][ T8816] ? mark_held_locks+0x49/0x80 [ 320.433548][ T8816] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 320.433579][ T8816] ? lockdep_hardirqs_on+0x7c/0x110 [ 320.433615][ T8816] dvb_frontend_open+0xf47/0x1730 [ 320.433645][ T8816] ? __pfx_dvb_frontend_open+0x10/0x10 [ 320.433668][ T8816] dvb_device_open+0x26d/0x3b0 [ 320.433692][ T8816] ? __pfx_dvb_device_open+0x10/0x10 [ 320.433714][ T8816] chrdev_open+0x231/0x6a0 [ 320.433749][ T8816] ? __pfx_apparmor_file_open+0x10/0x10 [ 320.433785][ T8816] ? __pfx_chrdev_open+0x10/0x10 [ 320.433823][ T8816] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 320.433861][ T8816] do_dentry_open+0x741/0x1c10 [ 320.433894][ T8816] ? __pfx_chrdev_open+0x10/0x10 [ 320.433935][ T8816] vfs_open+0x82/0x3f0 [ 320.433962][ T8816] path_openat+0x1e5e/0x2d40 [ 320.434012][ T8816] ? __pfx_path_openat+0x10/0x10 [ 320.434055][ T8816] do_filp_open+0x20b/0x470 [ 320.434089][ T8816] ? __pfx_do_filp_open+0x10/0x10 [ 320.434145][ T8816] ? alloc_fd+0x471/0x7d0 [ 320.434185][ T8816] do_sys_openat2+0x11b/0x1d0 [ 320.434209][ T8816] ? __pfx_do_sys_openat2+0x10/0x10 [ 320.434244][ T8816] __x64_sys_openat+0x174/0x210 [ 320.434269][ T8816] ? __pfx___x64_sys_openat+0x10/0x10 [ 320.434295][ T8816] ? rcu_is_watching+0x12/0xc0 [ 320.434332][ T8816] do_syscall_64+0xcd/0x260 [ 320.434367][ T8816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.434390][ T8816] RIP: 0033:0x7f8b28d8d169 [ 320.434408][ T8816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.434430][ T8816] RSP: 002b:00007f8b29b7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 320.434451][ T8816] RAX: ffffffffffffffda RBX: 00007f8b28fa5fa0 RCX: 00007f8b28d8d169 [ 320.434466][ T8816] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 320.434480][ T8816] RBP: 00007f8b28e0e990 R08: 0000000000000000 R09: 0000000000000000 [ 320.434494][ T8816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.434507][ T8816] R13: 0000000000000000 R14: 00007f8b28fa5fa0 R15: 00007fff08246218 [ 320.434536][ T8816] [ 320.750787][ C1] vkms_vblank_simulate: vblank timer overrun [ 320.774831][ T8816] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 321.242314][ T8831] netlink: 338 bytes leftover after parsing attributes in process `syz.0.694'. [ 321.551011][ T8836] input: jJǸ-9%vlQ J8fi as /devices/virtual/input/input13 [ 321.931913][ T8842] nfsd: Unknown parameter 'DJ6{4!f b-G(Rېz)`ncAs(Ļ0c5.kD ũ|p)As*V]ȸ厢]b]E-%E;|>1TN<ùGep$DrműT&Ot [ 321.931913][ T8842] fQJ d(;]*>W5m(-.kX^^Tt++#J4/kK#m*' [ 321.959421][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.397961][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.404590][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.311071][ T8854] FAULT_INJECTION: forcing a failure. [ 323.311071][ T8854] name failslab, interval 1, probability 0, space 0, times 0 [ 323.327429][ T8854] CPU: 0 UID: 0 PID: 8854 Comm: syz.1.703 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 323.327474][ T8854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 323.327493][ T8854] Call Trace: [ 323.327503][ T8854] [ 323.327515][ T8854] dump_stack_lvl+0x16c/0x1f0 [ 323.327571][ T8854] should_fail_ex+0x512/0x640 [ 323.327606][ T8854] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 323.327655][ T8854] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 323.327701][ T8854] should_failslab+0xc2/0x120 [ 323.327733][ T8854] __kmalloc_cache_noprof+0x6a/0x3e0 [ 323.327778][ T8854] ? lockdep_init_map_type+0x5c/0x280 [ 323.327810][ T8854] ? __kthread_create_on_node+0xce/0x3f0 [ 323.327867][ T8854] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 323.327899][ T8854] __kthread_create_on_node+0xce/0x3f0 [ 323.327950][ T8854] ? __pfx___mutex_trylock_common+0x10/0x10 [ 323.327983][ T8854] ? __pfx___kthread_create_on_node+0x10/0x10 [ 323.328057][ T8854] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 323.328092][ T8854] kthread_create_on_node+0xc7/0x100 [ 323.328144][ T8854] ? __pfx_kthread_create_on_node+0x10/0x10 [ 323.328205][ T8854] ? mark_held_locks+0x49/0x80 [ 323.328256][ T8854] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 323.328301][ T8854] ? lockdep_hardirqs_on+0x7c/0x110 [ 323.328359][ T8854] dvb_frontend_open+0xf47/0x1730 [ 323.328402][ T8854] ? __pfx_dvb_frontend_open+0x10/0x10 [ 323.328437][ T8854] dvb_device_open+0x26d/0x3b0 [ 323.328471][ T8854] ? __pfx_dvb_device_open+0x10/0x10 [ 323.328504][ T8854] chrdev_open+0x231/0x6a0 [ 323.328554][ T8854] ? __pfx_apparmor_file_open+0x10/0x10 [ 323.328596][ T8854] ? __pfx_chrdev_open+0x10/0x10 [ 323.328649][ T8854] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 323.328713][ T8854] do_dentry_open+0x741/0x1c10 [ 323.328762][ T8854] ? __pfx_chrdev_open+0x10/0x10 [ 323.328822][ T8854] vfs_open+0x82/0x3f0 [ 323.328861][ T8854] path_openat+0x1e5e/0x2d40 [ 323.328927][ T8854] ? __pfx_path_openat+0x10/0x10 [ 323.328988][ T8854] do_filp_open+0x20b/0x470 [ 323.329037][ T8854] ? __pfx_do_filp_open+0x10/0x10 [ 323.329117][ T8854] ? alloc_fd+0x471/0x7d0 [ 323.329177][ T8854] do_sys_openat2+0x11b/0x1d0 [ 323.329211][ T8854] ? __pfx_do_sys_openat2+0x10/0x10 [ 323.329264][ T8854] __x64_sys_openat+0x174/0x210 [ 323.329301][ T8854] ? __pfx___x64_sys_openat+0x10/0x10 [ 323.329340][ T8854] ? rcu_is_watching+0x12/0xc0 [ 323.329393][ T8854] do_syscall_64+0xcd/0x260 [ 323.329444][ T8854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.329478][ T8854] RIP: 0033:0x7f7610b8d169 [ 323.329504][ T8854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.329536][ T8854] RSP: 002b:00007f7611971038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 323.329567][ T8854] RAX: ffffffffffffffda RBX: 00007f7610da5fa0 RCX: 00007f7610b8d169 [ 323.329589][ T8854] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 323.329609][ T8854] RBP: 00007f7610c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 323.329629][ T8854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.329648][ T8854] R13: 0000000000000000 R14: 00007f7610da5fa0 R15: 00007fff6c619118 [ 323.329698][ T8854] [ 323.330931][ T8854] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 324.155720][ T8877] nfsd: Unknown parameter 'DJ6{4!f b-G(Rېz)`ncAs(Ļ0c5.kD ũ|p)As*V]ȸ厢]b]E-%E;|>1TN<ùGep$DrműT&Ot [ 324.155720][ T8877] fQJ d(;]*>W5m(-.kX^^Tt++#J4/kK#m*' [ 324.183149][ C1] vkms_vblank_simulate: vblank timer overrun [ 324.191178][ T8875] FAULT_INJECTION: forcing a failure. [ 324.191178][ T8875] name failslab, interval 1, probability 0, space 0, times 0 [ 324.241674][ T8875] CPU: 1 UID: 0 PID: 8875 Comm: syz.3.710 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 324.241718][ T8875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 324.241735][ T8875] Call Trace: [ 324.241745][ T8875] [ 324.241756][ T8875] dump_stack_lvl+0x16c/0x1f0 [ 324.241807][ T8875] should_fail_ex+0x512/0x640 [ 324.241841][ T8875] ? fs_reclaim_acquire+0xae/0x150 [ 324.241880][ T8875] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 324.241923][ T8875] should_failslab+0xc2/0x120 [ 324.241951][ T8875] __kmalloc_noprof+0xd2/0x510 [ 324.242006][ T8875] tomoyo_realpath_from_path+0xc2/0x6e0 [ 324.242054][ T8875] ? tomoyo_profile+0x47/0x60 [ 324.242106][ T8875] tomoyo_path_number_perm+0x245/0x580 [ 324.242140][ T8875] ? tomoyo_path_number_perm+0x237/0x580 [ 324.242178][ T8875] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 324.242222][ T8875] ? find_held_lock+0x2b/0x80 [ 324.242296][ T8875] ? find_held_lock+0x2b/0x80 [ 324.242334][ T8875] ? hook_file_ioctl_common+0x145/0x410 [ 324.242385][ T8875] ? __fget_files+0x20e/0x3c0 [ 324.242438][ T8875] security_file_ioctl+0x9b/0x240 [ 324.242479][ T8875] __x64_sys_ioctl+0xb7/0x200 [ 324.242519][ T8875] do_syscall_64+0xcd/0x260 [ 324.242568][ T8875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.242600][ T8875] RIP: 0033:0x7fcd9918d169 [ 324.242623][ T8875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.242652][ T8875] RSP: 002b:00007fcd99f9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 324.242680][ T8875] RAX: ffffffffffffffda RBX: 00007fcd993a5fa0 RCX: 00007fcd9918d169 [ 324.242700][ T8875] RDX: 0000200000000600 RSI: 00000000c4c85512 RDI: 0000000000000003 [ 324.242718][ T8875] RBP: 00007fcd99f9e090 R08: 0000000000000000 R09: 0000000000000000 [ 324.242735][ T8875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.242752][ T8875] R13: 0000000000000000 R14: 00007fcd993a5fa0 R15: 00007ffca1080dc8 [ 324.242792][ T8875] [ 324.253632][ T8875] ERROR: Out of memory at tomoyo_realpath_from_path. [ 326.086970][ T8912] netlink: 28 bytes leftover after parsing attributes in process `syz.0.717'. [ 326.154264][ T8912] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.191710][ T8912] bridge_slave_1 (unregistering): left allmulticast mode [ 326.199011][ T8912] bridge_slave_1 (unregistering): left promiscuous mode [ 326.210668][ T8912] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.868441][ T8921] ================================================================== [ 326.876584][ T8921] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 326.884366][ T8921] Read of size 8 at addr ffff888141ef6618 by task syz.0.718/8921 [ 326.892140][ T8921] [ 326.894532][ T8921] CPU: 1 UID: 0 PID: 8921 Comm: syz.0.718 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 326.894576][ T8921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 326.894596][ T8921] Call Trace: [ 326.894607][ T8921] [ 326.894620][ T8921] dump_stack_lvl+0x116/0x1f0 [ 326.894673][ T8921] print_report+0xc3/0x670 [ 326.894722][ T8921] ? __virt_addr_valid+0x5e/0x590 [ 326.894770][ T8921] ? __phys_addr+0xc6/0x150 [ 326.894818][ T8921] ? dvb_device_open+0x36a/0x3b0 [ 326.894848][ T8921] kasan_report+0xe0/0x110 [ 326.894876][ T8921] ? dvb_device_open+0x36a/0x3b0 [ 326.894912][ T8921] ? __pfx_dvb_device_open+0x10/0x10 [ 326.894944][ T8921] dvb_device_open+0x36a/0x3b0 [ 326.894976][ T8921] ? __pfx_dvb_device_open+0x10/0x10 [ 326.895008][ T8921] chrdev_open+0x231/0x6a0 [ 326.895058][ T8921] ? __pfx_apparmor_file_open+0x10/0x10 [ 326.895108][ T8921] ? __pfx_chrdev_open+0x10/0x10 [ 326.895160][ T8921] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 326.895212][ T8921] do_dentry_open+0x741/0x1c10 [ 326.895258][ T8921] ? __pfx_chrdev_open+0x10/0x10 [ 326.895312][ T8921] vfs_open+0x82/0x3f0 [ 326.895346][ T8921] path_openat+0x1e5e/0x2d40 [ 326.895401][ T8921] ? __pfx_path_openat+0x10/0x10 [ 326.895453][ T8921] do_filp_open+0x20b/0x470 [ 326.895500][ T8921] ? __pfx_do_filp_open+0x10/0x10 [ 326.895562][ T8921] ? alloc_fd+0x471/0x7d0 [ 326.895614][ T8921] do_sys_openat2+0x11b/0x1d0 [ 326.895648][ T8921] ? __pfx_do_sys_openat2+0x10/0x10 [ 326.895691][ T8921] __x64_sys_openat+0x174/0x210 [ 326.895726][ T8921] ? __pfx___x64_sys_openat+0x10/0x10 [ 326.895762][ T8921] ? rcu_is_watching+0x12/0xc0 [ 326.895808][ T8921] do_syscall_64+0xcd/0x260 [ 326.895857][ T8921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.895891][ T8921] RIP: 0033:0x7fc849b8d169 [ 326.895915][ T8921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.895947][ T8921] RSP: 002b:00007fc84a974038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 326.895976][ T8921] RAX: ffffffffffffffda RBX: 00007fc849da5fa0 RCX: 00007fc849b8d169 [ 326.895999][ T8921] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 326.896020][ T8921] RBP: 00007fc849c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 326.896040][ T8921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 326.896059][ T8921] R13: 0000000000000000 R14: 00007fc849da5fa0 R15: 00007fff360d9af8 [ 326.896097][ T8921] [ 326.896108][ T8921] [ 327.145282][ T8921] Allocated by task 1: [ 327.149381][ T8921] kasan_save_stack+0x33/0x60 [ 327.154119][ T8921] kasan_save_track+0x14/0x30 [ 327.158847][ T8921] __kasan_kmalloc+0xaa/0xb0 [ 327.163494][ T8921] dvb_register_device+0x1e4/0x2370 [ 327.168736][ T8921] dvb_register_frontend+0x5a6/0x880 [ 327.174092][ T8921] vidtv_bridge_probe+0x459/0xa90 [ 327.179178][ T8921] platform_probe+0xff/0x1f0 [ 327.183816][ T8921] really_probe+0x23e/0xa90 [ 327.188378][ T8921] __driver_probe_device+0x1de/0x440 [ 327.193718][ T8921] driver_probe_device+0x4c/0x1b0 [ 327.198805][ T8921] __driver_attach+0x283/0x580 [ 327.203624][ T8921] bus_for_each_dev+0x13b/0x1d0 [ 327.208529][ T8921] bus_add_driver+0x2e9/0x690 [ 327.213265][ T8921] driver_register+0x15c/0x4b0 [ 327.218124][ T8921] vidtv_bridge_init+0x45/0x80 [ 327.223003][ T8921] do_one_initcall+0x120/0x6e0 [ 327.227882][ T8921] kernel_init_freeable+0x5c2/0x900 [ 327.233139][ T8921] kernel_init+0x1c/0x2b0 [ 327.237516][ T8921] ret_from_fork+0x45/0x80 [ 327.242006][ T8921] ret_from_fork_asm+0x1a/0x30 [ 327.246962][ T8921] [ 327.249314][ T8921] Freed by task 8854: [ 327.253322][ T8921] kasan_save_stack+0x33/0x60 [ 327.258321][ T8921] kasan_save_track+0x14/0x30 [ 327.263057][ T8921] kasan_save_free_info+0x3b/0x60 [ 327.268139][ T8921] __kasan_slab_free+0x51/0x70 [ 327.272980][ T8921] kfree+0x2b6/0x4d0 [ 327.276924][ T8921] dvb_device_put.part.0+0x60/0x90 [ 327.282233][ T8921] dvb_device_open+0x2a4/0x3b0 [ 327.287063][ T8921] chrdev_open+0x231/0x6a0 [ 327.291541][ T8921] do_dentry_open+0x741/0x1c10 [ 327.296367][ T8921] vfs_open+0x82/0x3f0 [ 327.300482][ T8921] path_openat+0x1e5e/0x2d40 [ 327.305132][ T8921] do_filp_open+0x20b/0x470 [ 327.309698][ T8921] do_sys_openat2+0x11b/0x1d0 [ 327.314421][ T8921] __x64_sys_openat+0x174/0x210 [ 327.319314][ T8921] do_syscall_64+0xcd/0x260 [ 327.323871][ T8921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.329798][ T8921] [ 327.332140][ T8921] The buggy address belongs to the object at ffff888141ef6600 [ 327.332140][ T8921] which belongs to the cache kmalloc-256 of size 256 [ 327.346410][ T8921] The buggy address is located 24 bytes inside of [ 327.346410][ T8921] freed 256-byte region [ffff888141ef6600, ffff888141ef6700) [ 327.360166][ T8921] [ 327.362515][ T8921] The buggy address belongs to the physical page: [ 327.368964][ T8921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x141ef6 [ 327.377871][ T8921] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 327.386423][ T8921] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 327.394080][ T8921] page_type: f5(slab) [ 327.398082][ T8921] raw: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 327.406690][ T8921] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 327.415300][ T8921] head: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 327.423998][ T8921] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 327.432689][ T8921] head: 057ff00000000001 ffffea000507bd81 00000000ffffffff 00000000ffffffff [ 327.441380][ T8921] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 327.450068][ T8921] page dumped because: kasan: bad access detected [ 327.456490][ T8921] page_owner tracks the page as allocated [ 327.462211][ T8921] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 24878200377, free_ts 0 [ 327.481955][ T8921] post_alloc_hook+0x181/0x1b0 [ 327.486787][ T8921] get_page_from_freelist+0x1193/0x39b0 [ 327.492364][ T8921] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 327.498291][ T8921] alloc_pages_mpol+0x1fb/0x550 [ 327.503179][ T8921] new_slab+0x23c/0x330 [ 327.507362][ T8921] ___slab_alloc+0xd9c/0x1940 [ 327.512063][ T8921] __slab_alloc.constprop.0+0x56/0xb0 [ 327.517460][ T8921] __kmalloc_cache_noprof+0xfb/0x3e0 [ 327.522767][ T8921] bus_add_driver+0x92/0x690 [ 327.527392][ T8921] driver_register+0x15c/0x4b0 [ 327.532179][ T8921] i2c_register_driver+0xd9/0x1c0 [ 327.537224][ T8921] do_one_initcall+0x120/0x6e0 [ 327.542020][ T8921] kernel_init_freeable+0x5c2/0x900 [ 327.547246][ T8921] kernel_init+0x1c/0x2b0 [ 327.551593][ T8921] ret_from_fork+0x45/0x80 [ 327.556029][ T8921] ret_from_fork_asm+0x1a/0x30 [ 327.560824][ T8921] page_owner free stack trace missing [ 327.566197][ T8921] [ 327.568527][ T8921] Memory state around the buggy address: [ 327.574168][ T8921] ffff888141ef6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 327.582253][ T8921] ffff888141ef6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 327.590333][ T8921] >ffff888141ef6600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 327.598404][ T8921] ^ [ 327.603263][ T8921] ffff888141ef6680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 327.611335][ T8921] ffff888141ef6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 327.619406][ T8921] ================================================================== [ 327.627563][ C1] vkms_vblank_simulate: vblank timer overrun [ 327.636593][ T8921] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 327.643838][ T8921] CPU: 0 UID: 0 PID: 8921 Comm: syz.0.718 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 327.655753][ T8921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 327.665824][ T8921] Call Trace: [ 327.669118][ T8921] [ 327.672064][ T8921] dump_stack_lvl+0x3d/0x1f0 [ 327.676696][ T8921] panic+0x71c/0x800 [ 327.680612][ T8921] ? __pfx_panic+0x10/0x10 [ 327.685050][ T8921] ? mark_held_locks+0x49/0x80 [ 327.689852][ T8921] ? preempt_schedule_thunk+0x16/0x30 [ 327.695268][ T8921] ? dvb_device_open+0x36a/0x3b0 [ 327.700228][ T8921] ? preempt_schedule_common+0x44/0xc0 [ 327.705722][ T8921] ? dvb_device_open+0x36a/0x3b0 [ 327.710683][ T8921] check_panic_on_warn+0xab/0xb0 [ 327.715642][ T8921] end_report+0x107/0x170 [ 327.720097][ T8921] kasan_report+0xee/0x110 [ 327.724528][ T8921] ? dvb_device_open+0x36a/0x3b0 [ 327.729487][ T8921] ? __pfx_dvb_device_open+0x10/0x10 [ 327.734793][ T8921] dvb_device_open+0x36a/0x3b0 [ 327.739582][ T8921] ? __pfx_dvb_device_open+0x10/0x10 [ 327.744891][ T8921] chrdev_open+0x231/0x6a0 [ 327.749344][ T8921] ? __pfx_apparmor_file_open+0x10/0x10 [ 327.754921][ T8921] ? __pfx_chrdev_open+0x10/0x10 [ 327.759897][ T8921] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 327.766708][ T8921] do_dentry_open+0x741/0x1c10 [ 327.771515][ T8921] ? __pfx_chrdev_open+0x10/0x10 [ 327.776507][ T8921] vfs_open+0x82/0x3f0 [ 327.780615][ T8921] path_openat+0x1e5e/0x2d40 [ 327.785265][ T8921] ? __pfx_path_openat+0x10/0x10 [ 327.790271][ T8921] do_filp_open+0x20b/0x470 [ 327.794823][ T8921] ? __pfx_do_filp_open+0x10/0x10 [ 327.799912][ T8921] ? alloc_fd+0x471/0x7d0 [ 327.804318][ T8921] do_sys_openat2+0x11b/0x1d0 [ 327.809047][ T8921] ? __pfx_do_sys_openat2+0x10/0x10 [ 327.814311][ T8921] __x64_sys_openat+0x174/0x210 [ 327.819207][ T8921] ? __pfx___x64_sys_openat+0x10/0x10 [ 327.824610][ T8921] ? rcu_is_watching+0x12/0xc0 [ 327.829411][ T8921] do_syscall_64+0xcd/0x260 [ 327.833960][ T8921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.839882][ T8921] RIP: 0033:0x7fc849b8d169 [ 327.844320][ T8921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.864043][ T8921] RSP: 002b:00007fc84a974038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 327.872481][ T8921] RAX: ffffffffffffffda RBX: 00007fc849da5fa0 RCX: 00007fc849b8d169 [ 327.880475][ T8921] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 327.888465][ T8921] RBP: 00007fc849c0e990 R08: 0000000000000000 R09: 0000000000000000 [ 327.896476][ T8921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 327.905156][ T8921] R13: 0000000000000000 R14: 00007fc849da5fa0 R15: 00007fff360d9af8 [ 327.913156][ T8921] [ 327.916366][ T8921] Kernel Offset: disabled [ 327.920731][ T8921] Rebooting in 86400 seconds..