last executing test programs: 1m46.693837388s ago: executing program 1 (id=1222): close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(0x0, 0x0, 0x7d, &(0x7f0000000040)={0xfffffffffffffffd, 0x6, 0xffffffffffffffc0, 0x800000000000006}) socket(0x2, 0x80805, 0x0) eventfd$auto(0x7) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) 1m45.57801073s ago: executing program 1 (id=1230): close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/err\x00', 0x0, 0x0) read$auto_aoe_fops_aoechr(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) 1m45.402243003s ago: executing program 1 (id=1231): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) capget$auto(&(0x7f0000000000)={0x19980330}, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'gretap0\x00', 0x0}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x807, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84}, 0x1fa, 0xd) r7 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r7, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") ioctl$auto__ctl_fops_dm_ioctl(r7, 0xfffffff7effffd05, &(0x7f00000001c0)) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0x100082) 1m44.57296594s ago: executing program 1 (id=1236): unshare$auto(0x40000080) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) write$auto(r0, 0x0, 0x7) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0xf58, 0x0, 0x0, 0x0, 0x3) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x4240, 0x112) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto_SO_PEERNAME(r1, 0x4, 0x1c, 0x0, &(0x7f0000000140)=0x3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) unshare$auto(0x20000) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') mmap$auto(0x0, 0x7, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x6) fchownat$auto(0x2, 0x0, 0x4, 0x8001, 0x1000) setns(r2, 0x0) mount$auto(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='nf%@d\xddo\xbf9sd\x00\t\xc1\xa8r\x15/\x9cH\xfe\x1e\xbb\xc1U1e\xdd\xc1Tqm\xbc\xac^\xd5\x92\x17<\r\xa7\x05`Wu\xc4\no3\x7f\xece\xf2\xea@\x03\xd4\xd4\x8b\xfb\xca\xa0', 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x10000008000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vbi26\x00', 0x220000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/graphics/fbcon/cursor_blink\x00', 0xa001, 0x0) write$auto(r4, 0x0, 0xd4d0) timer_create$auto(0x0, 0x0, 0x0) mmap$auto(0x3, 0x200, 0x2, 0x10, r3, 0x8) r5 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x68500, 0x0) read$auto_vhci_fops_hci_vhci(r5, &(0x7f0000000d40)=""/16, 0x10) socket(0x15, 0x5, 0x0) write$auto(0x1, 0x0, 0x80000001) 1m43.547404183s ago: executing program 1 (id=1240): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x24c802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0xffffffffffffffff, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) mmap$auto(0x0, 0x7fff, 0x3, 0xeb0, 0xfffffffffffffffa, 0x208000) unshare$auto(0x40000080) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.throttle.read_bps_device\x00', 0x2002, 0x0) write$auto(r2, &(0x7f0000000040)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) unshare$auto(0x40000080) mknod$auto(&(0x7f0000000080)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x1081, 0x8) r3 = socket(0x18, 0x1, 0x5) getsockopt$auto(r3, 0x0, 0x33, 0xfffffffffffffffe, 0x0) uname$auto(0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/ieee80211/phy10/netdev:wlan0/stations/08:02:11:00:00:01/aid\x00', 0x802, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="5e48fedcb2774a76268830c2e06a78866e5a9a66e67ec0e4a405152d558a8bf524fae9307d08640b1ecfde133cbaa3d58fd8bddf5956ec8e6b1cfe602de7d8352fbb84c6cdcc5e3729181e836b12047b0c", @ANYRES16=0x0, @ANYRESOCT=r4], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4048041) clock_gettime$auto(0x80000000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000ac0)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x6c000, 0x63) acct$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d@\x85\x059\xb0\x15kD\x8b\n\xd8$\x9c\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x027B3/\x82\xda\x8c\xa5\xa9T\xden\xb5\xc2\x05\xad\x9c\xda\n.S\xcb\x10\x9d\xbc\x9a>\xd0\xb9\xae\x85\t\xc2\xd1\x16M\xef\x90\xcc\x19%s\x93\xa2\x9a\x06\x95\xe3\xa8C\xea\x9e\x0e\x82`\xe4\x0eZ\xac\xab_\xbd\xf3\x12\x1a\x9f\xeb{\xe3\x9d\xb6\x83H\x04\x1a\x7f\xc2\x178\xd1%\'\xd8D\xf9\xc9\xfe\x89\xa6\xdbR\xe3y\x9e\xe8:\xd8\x91\xe67t') 1m42.593998674s ago: executing program 1 (id=1249): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioprio_set$auto(0x3, 0x0, 0x4b34) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x10000000000009, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x9, 0x0, 0x10006, 0x4004080, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x40, 0x84}, 0x1fe, 0xd) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="81"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffffffffffd0a, &(0x7f00000001c0)) capget$auto(0x0, 0xfffffffffffffffe) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x38, r3, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x15}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0xc800) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0) madvise$auto(0x9, 0x4, 0xff) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0x10000) r4 = gettid() tkill$auto(r4, 0x7) move_pages$auto(r4, 0x80000000001002, 0x0, 0x0, 0x0, 0x2) 1m27.318445708s ago: executing program 32 (id=1249): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioprio_set$auto(0x3, 0x0, 0x4b34) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x1ff, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x10000000000009, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x9, 0x0, 0x10006, 0x4004080, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x40, 0x84}, 0x1fe, 0xd) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="81"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffffffffffd0a, &(0x7f00000001c0)) capget$auto(0x0, 0xfffffffffffffffe) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x38, r3, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x15}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0xc800) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0) madvise$auto(0x9, 0x4, 0xff) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0x10000) r4 = gettid() tkill$auto(r4, 0x7) move_pages$auto(r4, 0x80000000001002, 0x0, 0x0, 0x0, 0x2) 14.072854594s ago: executing program 4 (id=1597): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) sysfs$auto(0x2, 0x0, 0x0) (async) r1 = epoll_create$auto(0x4) (async, rerun: 32) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/bonding/num_grat_arp\x00', 0xc8282, 0x0) (rerun: 32) sendfile$auto(r2, r2, 0x0, 0x1) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(r1, 0x1, r3, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card1/pcm0c/sub6/hw_params\x00', 0x48041, 0x0) (async) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000080)='/dev/usbmon2\x00', 0x80000, 0x0) (async, rerun: 64) r5 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) (rerun: 64) ioctl$auto_PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, 0x100008, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x6, 0x4, 0x0, 0x2, 0x0, 0x2}) (async) write$auto(r4, 0x0, 0x6) 12.787898724s ago: executing program 4 (id=1602): r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x32, &(0x7f0000000180)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5', 0x10000110) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0xca) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x228140, 0x0) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r1, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x791a81, 0x0) socket(0x21, 0x3, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x8800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mount$auto(0x0, &(0x7f0000001500)='./file0\x00', &(0x7f0000001540)='cifs\x00', 0x8002, 0x0) mincore$auto(0x6, 0x1, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) 11.5545139s ago: executing program 4 (id=1606): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x40802, 0x0) r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r1, 0x0, 0x1) write$auto_evm_key_ops_evm_secfs(r0, 0x0, 0xa) r2 = socket(0x2b, 0x1, 0x1) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r2, 0x0, 0x20000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_MPP(r2, 0x0, 0x880) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r2) sendmsg$auto_NFC_CMD_STOP_POLL(r2, 0x0, 0x44084) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mmap$auto(0xff, 0x2020009, 0x3, 0x10, 0xfffffffffffffffa, 0x400008000) mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x5) socket(0x15, 0x5, 0x4) 8.3821557s ago: executing program 3 (id=1613): r0 = openat$auto_ht40allow_map_ops_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy4/ht40allow_map\x00', 0x0, 0x0) read$auto_ht40allow_map_ops_debugfs(r0, &(0x7f0000000280)=""/168, 0xa8) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket(0x21, 0x1, 0x40) mmap$auto(0xfffffffffffffffc, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) writev$auto(0x8000, &(0x7f0000000040)={0x0, 0x7fffffffffffffff}, 0x2bc) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/projid_map\x00', 0x100000, 0x0) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r2, 0x0, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) ioctl$auto(r1, 0x402c542c, 0x38) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/midiC2D3\x00', 0x2001, 0x0) select$auto(0xfffffffb, 0x0, &(0x7f0000000500)={[0x1, 0x101, 0x3c, 0x4, 0x3, 0x7, 0x0, 0x3, 0x3, 0xf, 0x51c7, 0x87, 0x8, 0x9, 0x1, 0x8000000000000001]}, &(0x7f0000000580)={[0x9, 0x8, 0xfffffffffffffc01, 0x4, 0xfffd, 0x9, 0x6, 0x7fffffff, 0x8, 0x120000004000000, 0x69, 0x9, 0x5, 0x81, 0x5]}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_SESSION_GET(r4, 0x0, 0x20000091) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xd, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0xd5b, 0x9, 0xb78, 0x948a, 0x101, 0x80000000000008, 0x1, 0x3, 0x300000000000600, 0x40080000001, 0x16, 0x6d3c, 0xc, 0x9, 0xfffffffffffffffc]}, 0x0) socket(0x0, 0x3, 0x1) 7.327358838s ago: executing program 3 (id=1617): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) timer_create$auto_CLOCK_TAI(0xb, &(0x7f0000000080)={@sival_int=0x2, @raw=0x134}, &(0x7f0000000180)=0x797) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/sem\x00', 0x2, 0x0) ioctl$auto_TIOCSWINSZ(r0, 0x5414, &(0x7f0000000000)) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x90040, 0x0) r1 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) io_uring_setup$auto(0x9, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r4 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r6, r5, 0x4, 0x401, r4, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r2, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_11={0x5, 0x8000000000000001, 0x9, 0x161f, 0xf870e9f, 0xa4ea, 0x8}, 0x9) 7.055091889s ago: executing program 2 (id=1618): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000afd003a5394e965231da1bd312e7af6d67d09340d0a4bd7805e18a"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000062c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000006380)={0xfffffffffffffffd, 0x0, &(0x7f0000006340)={&(0x7f0000006300)={0x14, r3, 0x38f, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4044041}, 0x4000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macsec0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket(0x2a, 0x2, 0x1) r8 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="110b27f27200fbdbdf250c00000008000300", @ANYRES32=r9], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r10) r12 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$auto_ILA_CMD_ADD(r10, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000080)={0x1c, r11, 0x201, 0x70bd28, 0x25dfdbff, {}, [@ILA_ATTR_IFINDEX={0x8, 0x4, r13}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x38) sendmsg$auto_ETHTOOL_MSG_PSE_GET(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000480)={0x144, r3, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_PSE_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}]}, @ETHTOOL_A_PSE_HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x2}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_PSE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfff}]}, @ETHTOOL_A_PSE_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_PSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_PSE_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0xff}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x80000}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0x144}, 0x1, 0x0, 0x0, 0x44}, 0x20000000) r14 = getpgid(0x0) pidfd_open$auto(r14, 0x0) fcntl$auto(0xffffffffffffffff, 0x40, r14) syslog$auto(0x2, 0x0, 0xcf) close_range$auto(0x2, 0x8, 0x0) 6.981559952s ago: executing program 3 (id=1619): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/most/drivers/most_core/links\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) ioperm$auto(0x800, 0x5, 0xd) open_tree_attr$auto(0xffffffffffffff9c, 0x0, 0x463, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000003940)={0x0, 0x0, &(0x7f0000003900)={&(0x7f0000000040)={0x14, 0x0, 0xf01, 0x70bd28, 0x25dfdbf7}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x840) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000080)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000000), 0x7f}, 0x6, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182b02, 0x0) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4000000) read$auto(r2, 0x0, 0x1f40) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) bpf$auto(0xdc, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0xf719, 0xa, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) getsockopt$auto_SO_PASSCRED(r4, 0x1, 0x10, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000040), 0x248c41, 0x0) acct$auto(&(0x7f0000000000)='/dev/snd/controlC1\x00') ioctl$auto(0x3, 0xc0585605, 0x38) 6.570334348s ago: executing program 0 (id=1620): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80fffe00"}, 0x1c) ioctl$auto_IOCTL_VMCI_GET_CONTEXT_ID(0xffffffffffffffff, 0x7b3, 0x0) 6.169762232s ago: executing program 0 (id=1621): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) write$auto(0xca, &(0x7f0000000040)='\x045h\xd5\x89|d\v\x00\x00\x00\x00\x81\x00\x00\x00\xf6\xf5\x00\xdf\xff\x00', 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101040, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r0, 0x7, 0x6}, 0x4, 0x100000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) close_range$auto(r1, 0x8, 0x8000000) pipe$auto(0x0) write$auto(0x3, 0x0, 0x200ffd8) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60740, 0x0) openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x102, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x800) 6.159756142s ago: executing program 2 (id=1622): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x1, 0x0) r0 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/err\x00', 0x0, 0x0) read$auto_aoe_fops_aoechr(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) 6.059470547s ago: executing program 3 (id=1623): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x1, 0xfffffffc) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_CEC_G_MODE(0xffffffffffffffff, 0x80046108, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) setreuid$auto(0x2, 0x87) r1 = timerfd_create$auto(0x6, 0x0) futimesat$auto(r1, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x40, 0xffffffffffffffff}) connect$auto(0x3, 0x0, 0x54) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x3, 0x2c) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f00000001c0), 0x189002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/blkio.bfq.weight_device\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000004c0)=""/45, 0x2d) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22c02, 0x0) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, 0x0) read$auto(r3, &(0x7f0000000140)='/dev/ppp\x00', 0x5) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/loop13/queue/max_sectors_kb\x00', 0x109206, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)='-', 0x1) write$auto(0xffffffffffffffff, 0x0, 0x2) 5.927687328s ago: executing program 0 (id=1624): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x24c802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0xffffffffffffffff, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) r2 = ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) mmap$auto(0x0, 0x7fff, 0x3, 0xeb0, 0xfffffffffffffffa, 0x208000) unshare$auto(0x40000080) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) unshare$auto(0x40000080) mknod$auto(&(0x7f0000000080)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x1081, 0x8) r3 = socket(0x18, 0x1, 0x5) r4 = getsockopt$auto(r3, 0x0, 0x33, 0xfffffffffffffffe, 0x0) uname$auto(0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/ieee80211/phy10/netdev:wlan0/stations/08:02:11:00:00:01/aid\x00', 0x802, 0x0) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="5e48fedc", @ANYRES16=0x0, @ANYRES8=r4], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4048041) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) setresuid$auto(0x8, 0x8, 0x0) r7 = socket(0x25, 0x5, 0x0) r8 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000380), r2) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r7, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xe0, r8, 0x8, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0xcb, 0x2b, 0x0, 0x1, [@generic="23b0b5516c84441b572dafbc957d2a2404bb6769f1ffc30139c1dcbe2508866c1bb0c8cb20a57e895cf9f7e132684da4f4865cd5762314a706128cf44c5acfe453eff18a76255da1a4c2c1483d025adee2a8171ac0c376d42a13ff54873fde1c7c999ff455840cb3555f274479f8b4ae151b89b97a11b10b6ca03bea3b4b92361a4f499da18c53440b35c50d4dcf982cf71b128fa2d12e6366eb684c2315b0abb40efa33d2f1b2861e84ceba8f9940c904f746b1da090604c374b50610928527e5f54e3055c3e2"]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4840}, 0x20048080) write$auto_qrtr_tun_ops_tun(r6, &(0x7f0000000080)="01000100", 0x4) r9 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)={0x3c, r9, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0x7}, @OVS_DP_ATTR_NAME={0x8, 0x1, '.SR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000800}, 0x80) clock_gettime$auto(0x80000000, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000ac0)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x6c000, 0x63) acct$auto(&(0x7f0000000580)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d@\x85\x059\xb0\x15kD\x8b\n\xd8$\x9c\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x027B3/\x82\xda\x8c\xa5\xa9T\xden\xb5\xc2\x05\xad\x9c\xda\n.S\xcb\x10\x9d\xbc\x9a>\xd0\xb9\xae\x85\t\xc2\xd1\x16M\xef\x90\xcc\x19%s\x93\xa2\x9a\x06\x95\xe3\xa8C\xea\x9e\x0e\x82`\xe4\x0eZ\xac\xab_\xbd\xf3\x12\x1a\x9f\xeb{\xe3\x9d\xb6\x83H\x04\x1a\x7f\xc2\x178\xd1%\'\xd8D\xf9\xc9\xfe\x89\xa6\xdbR\xe3y\x9e\xe8:\xd8\x91\xe67t') 5.926912618s ago: executing program 2 (id=1625): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, 0x0, 0x14000, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000000000600010000000a0005000000000000000000b3fc010000000000000000000a0001000000000000000000060006000500000008000200", @ANYRES32=0x0, @ANYBLOB="0800040003"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x7, 0x2, 0x1d49, 0x9b72, r0, 0x820008000) socket(0x28, 0x1, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="2f212abd7800fd"], 0x14}}, 0x4000000) mmap$auto(0x0, 0x20009, 0xe0, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon1\x00', 0x4ad03, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000280)='/dev/audio1\x00', 0xa3d9) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') fremovexattr$auto(0xffffffffffffffff, &(0x7f0000000240)='\xe8\x8b:\x1e\x98$\xddGi\x82\x12\xc1,platform/duoiY_hcd\xb0z\x85.4/usb5/descripto') openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x200000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x61, 0x100001000000003, 0x9b72, 0x2, 0x8000) r3 = getsockopt$auto(r2, 0x200000000001, 0x84, 0x0, 0x0) madvise$auto(0x108000, 0x800034, 0xa) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000100)={0x0, 0xcf, 0x80}) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyq0\x00', 0x101000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20082, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) 4.444244966s ago: executing program 3 (id=1626): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) capget$auto(&(0x7f0000000000)={0x19980330}, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r4, 0x0, 0x20000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000500)={'gretap0\x00', 0x0}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x807, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84}, 0x1fa, 0xd) r7 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r7, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") ioctl$auto__ctl_fops_dm_ioctl(r7, 0xfffffff7effffd05, &(0x7f00000001c0)) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0x100082) 3.653575289s ago: executing program 0 (id=1627): mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) r1 = socket(0x15, 0x5, 0x4) mmap$auto(0x0, 0x81, 0x84, 0x9b71, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) r2 = ioctl$auto_NS_GET_TGID_FROM_PIDNS(r0, 0x8004b707, &(0x7f0000000000)=0xd049) read$auto_ftrace_event_id_fops_trace_events(r2, &(0x7f0000000080)=""/53, 0x35) fsmount$auto(r0, 0x2, 0x2) 3.580973094s ago: executing program 2 (id=1628): read$auto_proc_single_file_operations_base(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) r1 = openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0) readv$auto(r1, &(0x7f0000000300)={&(0x7f0000000240), 0x7}, 0xc) ioctl$auto(r0, 0x4b2f, 0xffffffffffffffff) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x200a02, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) 3.21841342s ago: executing program 4 (id=1629): r0 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/bluetooth/hci2/hci2:200/power/autosuspend_delay_ms\x00', 0x18800, 0x0) mmap$auto(0x0, 0x4020009, 0x100000001, 0x14, 0xffffffffffffffff, 0x80000001) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2c, 0xa, 0x5) sendfile$auto(0x1, r1, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) sysfs$auto(0x1000006, 0x1, 0x0) r2 = fcntl$auto(0x3, 0x4, 0xa553) ioctl$auto(0x3, 0x541b, r2) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x42006, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x9) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r3, 0x40046109, &(0x7f0000002c40)=0xd2) close_range$auto(r3, 0xffffffffffffffff, 0x2) r4 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x100, 0x1, 0x2, {0x20ffffffff, 0x10000}, 0x6, 0x6, 0xffffffffffffffe0, 0x1008801, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) getsockopt$auto(r0, 0x4, 0x7ff, &(0x7f0000000040)='/dev/net/tun\x00', &(0x7f0000000100)=0x6) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) fsopen$auto(&(0x7f00000000c0)='/dev/net/tun\x00', 0x1) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) lseek$auto(r4, 0x7f, 0x2a21) sysfs$auto(0x2, 0x8000000000000001, 0x0) fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) rseq$auto(&(0x7f0000000080)={0x9, 0x8, 0x0, 0x7, 0xffffffff, 0x2, "24229ba6405fe4fc"}, 0x7ffd, 0xfffffff4, 0x6) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 3.192487046s ago: executing program 3 (id=1630): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = fcntl$getown(r0, 0x9) capget$auto(&(0x7f00000000c0)={0x8, r1}, &(0x7f0000000100)={0x0, 0x8, 0x3}) prctl$auto(0x200039, 0x8, r2, 0xfffffffffffffffe, 0x9) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) migrate_pages$auto(0x0, 0x4, 0x0, &(0x7f0000000140)=0x3) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) io_setup$auto(0xa7c9, &(0x7f0000000000)) io_setup$auto(0x7ffe, &(0x7f0000000040)) 2.962514622s ago: executing program 0 (id=1631): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000afd003a5394e965231da1bd312e7af6d67d09340d0a4bd7805e18a"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000062c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000006380)={0xfffffffffffffffd, 0x0, &(0x7f0000006340)={&(0x7f0000006300)={0x14, r3, 0x38f, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4044041}, 0x4000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'macsec0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket(0x2a, 0x2, 0x1) r8 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="110b27f27200fbdbdf250c00000008000300", @ANYRES32=r9], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r10) r12 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$auto_ILA_CMD_ADD(r10, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000080)={0x1c, r11, 0x201, 0x70bd28, 0x25dfdbff, {}, [@ILA_ATTR_IFINDEX={0x8, 0x4, r13}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x38) sendmsg$auto_ETHTOOL_MSG_PSE_GET(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000480)={0x144, r3, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_PSE_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}]}, @ETHTOOL_A_PSE_HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x2}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_PSE_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfff}]}, @ETHTOOL_A_PSE_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_PSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_PSE_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0xff}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x80000}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0x144}, 0x1, 0x0, 0x0, 0x44}, 0x20000000) r14 = getpgid(0x0) pidfd_open$auto(r14, 0x0) fcntl$auto(0xffffffffffffffff, 0x40, r14) syslog$auto(0x2, 0x0, 0xcf) close_range$auto(0x2, 0x8, 0x0) 2.658186751s ago: executing program 2 (id=1632): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x5, 0x0) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) iopl$auto(0x2) iopl$auto(0x1) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x0) mmap$auto(0x0, 0xa00006, 0x7fffffffffffffff, 0x40eb1, r0, 0x300000000000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x7}, 0xb22a, 0x2000000000400a, 0xfffffffffffffffd, 0x4, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdead, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) set_mempolicy$auto(0x2, 0x0, 0x8) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) r3 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_proc_page_owner_operations_page_owner(r3, &(0x7f0000002080)=""/4096, 0x1000) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000140)={{0x0, 0xd1f4, &(0x7f00000002c0)={0x0, 0xc4}, 0x9, 0x0, 0x3, 0x8}}, 0x4, 0x3) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x1c9180, 0x0) read$auto_tracing_stats_fops_trace(r4, &(0x7f0000000000)=""/43, 0xfedf) 1.972684844s ago: executing program 4 (id=1633): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) capget$auto(0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000500)={'gretap0\x00', 0x0}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x807, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84}, 0x1fa, 0xd) r8 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r8, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") ioctl$auto__ctl_fops_dm_ioctl(r8, 0xfffffff7effffd05, &(0x7f00000001c0)) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0x100082) 25.53298ms ago: executing program 0 (id=1634): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/security/tomoyo/manager\x00', 0x20080, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nbd6\x00', 0x8001, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) read$auto_tomoyo_operations_securityfs_if(r0, 0x0, 0x0) pread64$auto(r0, 0x0, 0xb69c, 0x6) r1 = socket(0x2, 0x801, 0x100) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'veth0_to_bond\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r2, r1, 0x0, 0x0, 0x1, @relative_fd, 0x5}, 0x96) r3 = syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000040), 0xffffffffffffffff) mremap$auto(0x7, 0x4, 0x8282, 0xffff, 0x3) msgctl$auto(0x40, 0x2, &(0x7f0000000140)={{0x80000000, 0xee01, 0xee00, 0x9, 0x8, 0x4}, &(0x7f0000000080)=0xb, &(0x7f00000000c0)=0xe, 0x6, 0x8000000000000000, 0x0, 0x8000000000000000, 0x5, 0x1, 0x80, 0x40, @inferred, @raw=0x4}) r5 = gettid() pidfd_open$auto(r5, 0x0) r6 = set_tid_address$auto(&(0x7f00000001c0)=0xffffff40) ptrace$auto_PTRACE_GETSIGMASK(0x420a, r6, 0x4, 0x0) r7 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) shmctl$auto_IPC_INFO(0x8, 0x3, &(0x7f00000003c0)={{0x3, 0x0, 0xee01, 0xfffffff8, 0x7, 0xffff, 0x409}, 0x1, 0xe, 0x0, 0x101, @inferred, @raw=0x8111, 0x216, 0x0, &(0x7f0000000200)="e38d05b19e5f489f1d8e25f4ef203b3c12e2ecacaf0127b9c8dc48f088eaedda7fc6d9090665abbea38b4e439221d7e3fc87ca0f7c5ca9f0d9491a279d9bbd3d71f49505eefaef47c66f7dafe8090a1b02658840a063248b27a040bc759a1d340bc9fccae6034b06ca807e9b60e1aea62d0d24d89e7d2546c7af1e9985e05244956c254052c20aed6a329bbc9ca4abfb31c6f23586a14ebfea5e7041c9a4fb8522ec7aa8997b027df33cf8502d16c41d1fe840de4339eb5e9d034487e4a24ac45b1ec5343c25263ba5f623789c2b18b9", &(0x7f0000000300)="f6dece2574f8c7154d0cb4f59f97f0d0d65cce27825284f935cb42d76b6c0edb7e7a6002ce1b1758cede108e4c7b1f1efc7091bbf616b8ed795ef46a12d3ec90b503c84d7df0a70f8decdd23241e2a350d316233579bbe43193b76d7621f97fd4381993830377c86691f93d8e4af3338a8b8b82be73ab9246d62f655149064ba1366cb8f5707ef3c87126b8b05020a781941a9b066c8e735613b7d"}) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(r1, &(0x7f0000001980)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001940)={&(0x7f0000000440)={0x14e0, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@MAC802154_HWSIM_ATTR_RADIO_EDGES={0x13a, 0x3, 0x0, 0x1, [@generic="e7241771ab1c8c69bcf84886730f437200b561dbcc57298935ef5a03c31656c00a13f4eefc0596b53336610dd70135027a1aa579b7d87ae13d843f73cab5887f7d3691899261a56e2ba148de6a82fa3de88e947c53e2c0688326fec3fb766b9a508085785802d787e69d604752c0504e54f79d2135356f630b6ccc880c9ec46333d76cbc3b833204b74aacf90e7a492325b07bd4dd07e2fadbd91e1a8613fcbec39de5db652a7684298066999631dcc2f066c2ef6a21ee1522f1962b86121ac496f775169896e2c9c8fde75b07deb4cac27e3b68eed244609ba4f6ddfed51df1a736b22393a4f3a7ca936cedc9749b49fc70ae", @generic="e11e78fc15b368d107548c4d4e5a3a9c9cd8059ee1cb0bde93c1c4ac2e6d81acfbd272342a607c870ef4859fcc160440e293e244eb6fd4effb80b0416a90835a72bac6"]}, @MAC802154_HWSIM_ATTR_RADIO_EDGES={0x1e6, 0x3, 0x0, 0x1, [@generic="0f2f28664c9f8d7abb4d5c3fa429f6743e09a94fbf0eb862411adfb42eff3369a096122a6455c7075e34387c80dbe455b734b754cfafa4ab86d2608603d6c295bc431d11ca7b6b9f68834f1644ecb2d35d53f7fd5623c6f3c57949f99b396feba5ac4663bc4db7f4c9f06cb92d161e102e8fe9b30f1cdf6b24", @generic="45e68b0f19e07391db7fe8ba75c7983d4bbade4153f35fd02ceccb58debc1af82d1851004c1417a7d323048b80a9526474965157c7ec258e8db79eb8ca8197932bc40442d0905eb5a0ee4437177ad3e7122500fd25e449d4ab36998a2e7234c00e0ae61ea67fd6ef645c7a50607d6fb001746b60e72865009607a2302eed81fa2c7786f9213a5b777e1934ab1624e1be04b6adfbd64cecfbc5", @nested={0xd0, 0x29, 0x0, 0x1, [@nested={0x4, 0xac}, @generic="8deff7a0ffe8cb7c636953ee8bb76162f74fd340e6f749a630bdeb85e2db0d94a962bc0651dc3a35fbf58bacb9efdfdb4d049fc46ae865e6e658a3c44e683ba3e4ccf3d922fd802100282425d0def38cebe324c8669f96a7e7ec8a96027dcc6c7b27ea943b82ac3b16a8003f8a5587fed43702afeeb5ad102ee20231a31604d7cb9541513d027c21f21e8acefedeaa9b2f6660335aef3ca2524f0412e01f1f6317c96fedb56b04bffb80a3b51136ce4301e601d6bcf7733c7cdfb675fe9771897a1374d8cd655a0e"]}]}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x5}, @MAC802154_HWSIM_ATTR_RADIO_EDGE={0x1128, 0x2, 0x0, 0x1, [@nested={0xf7, 0xa8, 0x0, 0x1, [@typed={0x28, 0x44, 0x0, 0x0, @str='/sys/kernel/security/tomoyo/manager\x00'}, @typed={0x4, 0x111}, @generic="cc635cbd4afa3260c2ae9a00db0b4415fdeb269fb5e280a44ce7d0d0a2d136e74a53f02761d9298b30a54b695b2cdee430df80600c629c47951826743d3b1af22e9639a9f20e35a5675c2790821b5813cb2743c294924b647dec2c2f122c096bbf091e1ed34efbb79c2f4289502cf37ffeac29f8c6c94ce0246cdff2d8d6151923b4824c09a50e8505c925688f4ed167ceb13de3aec285af6c42c2c7ce16545d7d7f43887e2655616be47d054886fd5db0fafdce4b7751d7ff8c7087fd6680", @typed={0x8, 0x12d, 0x0, 0x0, @uid=r4}]}, @nested={0x24, 0x69, 0x0, 0x1, [@typed={0x8, 0x113, 0x0, 0x0, @pid=r5}, @typed={0x14, 0xe9, 0x0, 0x0, @ipv6=@empty}, @nested={0x4, 0x9b}]}, @generic="0dd9b9b669230b8ad9fab104a1069abcb8572edd11e44b5c628206d91ec8c2b8d51f491592dd13eeba3d89e690e34b3dcf74bb328ef6f4c215ad0196d20e2122aa68bb1987b443c32772e40cb3af8d49f2510806819923b58151d869245ba16c5d95d6dd56ba16dfce8685478fb35c34335b5703ff1aef6bbd71b993f41d4561fde4155dfa3e5c4347e04739ed21dec03dd5e2b4599b9edf77e341dc478827e7f393018cba199cada98a1bd1f03c56fa8e825e2e9c7fe93c462fa1cff9557f0d833b79ef7e9fcf366eba7d9ca52f45d1ac13f5a4e11a63361afb85b5c29994c94590bbec12aa7c80b69a57d0d7c32fdfda4a8afb15fe66c771cca7b7f6c813da546d5002b0e685676bb60daf587c0f00b1ce4a9ae6394921325e00c7a3121cd8885e5c9c4df03f2f0ee65662cc721c658daf5d3fae86ba067a548f89207de8a5d1c6424363fe36a380350b3890564f6abe10bfd730859ccc00dae8e21cd0bf1ee90b73a83e20a3d52ceecaa531dc1cec104f3d566b510961cd437485d1171e202cf20af0a2b8c949a0cd72cf81240eed5381fd074a3008feea1abc6892e8d5b0024e37bdefb2e9f7a6278b3802fef166aab471ed722002df181d2a682fd5e717d3d366e6ab6ee9ce2e985627cd1ad06fbb0cb3ac73d8fb043b470c4231251d1a3721cb1b230ade7c020c1c87d2ff9e2e05ed0b137ddb4030b58c866af1b41bc0c5dde0324772873b41296e49afa02ba7b5dc74ebd4b5c0b3b1cc1b539f5d60291b770493083fa9b334b1d570f1522c0be41196342bc0ccc7374676d3691816d30e443651aa06db8e0a6578c06e2ce275af440289d0a867723d8799228bb5115d4477c729fa3c1075c7b2df8ae9b78c777517e8848c8a7c065833c7e86ef394f20c5964d0337f3fc39e562904691c55ee95e82498e6967bdff6a16345dea246b9550e9b85bc8ef43070ce2670181f32c7020b55b95613676a487f91b094a46b4efb8191c7a788ffd0669e64ba1c8c0a1a722bd765019ad9a740e72c4b45137cce54d16aaeebcf1b42e48380f96310e65bef1ad624b7c1ea566044e96410f9e692c10779c62d1989e9bbd05e76a747aea943240c7db130aecd6be2f9689e2faeafe32eccf28aa3ec2e6d2f68c083e52f0c3c101ce6ae6b76c3aeba679709851c719b9ffea8dfa74083628e174d9799f8f01d983f4b4f11cd4d5bb11c6f88820637e2ff46b36f5510d2294b37f29e9bb5c22b8e12ae63445d42d4c77a829c058f14d6d2b43575cbb98aedaf95945b8a5922a269981356ee86b9172edf4a8251c226b4d72c87971c3afb1402daf49c2e0d04c915e5cb0b585bf40a59b14340d73e1bd375b393dafae994591325c28cb1917b9e39d8fd18b1eacc13da2435d13bac360c7c1b791ecae47974b3b7ad6f5300cf5051d9b4dff4cd065da1eb13e239c1e8a927d7c5d6a0b9917deb7ceb62015f914632f4ebe62ff9a106e5398e4b8e5e827da90bb7eb9bffdc66c20ac6836f9e69bc97db3fca85a7287679719ae6a0ff672e082c3ff08de878cfca413997a8b3225ea7b37b841fd8f60fe8f90801b25abdcdfecb87bdd74c0f76c9facc0fb42abc1356ea1a683008c19f449ed750fec4d03a2f221aed0cf892f4a9376bd4c81074266c07dff54193f0d16382ffad715d6767d8ba421a327c901e8fee4e7665c6716ab761fd30fe8e7783ae2465a9ad8b527c903ee0071bcd22a6eae39afbcd4eb433bbfa3f1e560141c720fb93b521a39dd403090c7d577489223ddf8d522629411f3115021099aada1bd7f89550b60c55deebd79543d3243ed5841203331400c3f4ffe02ed93e0b02110e9c1190ce505a13d7fa9c74e6005f406a9f561a56a9d1ae550f0c52c5423fc4920d4fd9ff3df23b2645c70ee5c88cabf773d5aaccfbef81042ce301dbe348bcb82f51337e3a7429d76de0950d0893c76e5ea150b05c9de2da7b7cb86ca4b8f1703298fbbe640debe04874bd545f76f1080521bc7f0b00e15615d08664d0a64c5b4141f0f139ac142515e68636c4f57fe9b01a99a5627bffa7230a54e87fd7423bff77d17d9ca870b16ad15240d1b8c2baa0c3005e70b6e08e3ea125655ea2ea216c7fa08be22486e7f16f0bd7e1eef05db5571e0e4445076d1660fa03118cb7028862df144dde194bb9ac1e4a95bedcf5cb94c45dbad66bc3b7e2ed9ec72f9786c852db712fd338a793ba28c2d2641536d029c22149ee94ebd4124d5eb3143a65a07191c78db64ecace2dd7363fb6f27b407da2dacf8e4414da24bbdceb262e970a550e6bb5a51659ca0384ba6d603439a49253920f80a61ec354108fae0e7900fcaa2faf33d947ed916718b7490b7afb37b508992720a5c71f12fa657dd5ef62a2ebc2bce639080e95065d6fdca0718e95d9e9a3139753c7a199055f2cd4dd79f2b2ccf3633079cb2ee1e1a1f7f6a13c080f2bfb3aafff5bccd3025b0270fc6191f0c1c42faae602a92cae1df8524b218c4148b0ff08918ec7e7b09ec8b352725d62c97b75ab1dc2af30927694301ca651ffc7a586b8957b48e9aaadc2186d005a75424faf3767a9a4bffebbc16e197b21c3202925628f32e6b1112a039a8511ca864a65bf1ef19df7516ac2e8d6521af3f298bb09ace763ccdfc781115a8eeb119033af30ad791ba91ef7df1bc0ab409b3d690e2ea9a4f687a4418fbc7f6ed04a3460a3ed2257a0ba383a10eeef7919561700d980e12e56fae42d5af70d9e884a11b4468c6346ea8e2ef8c2f228cd62374db8bdab673e35f296e240b79959a0e0c85723183d6fc0a736a60ef2f3433b1a42622991450af547e64e8659e866d3d503cd8f09259048d08a2861d2f37901834e6fcdc51101fcd330907ec445ae8d637d32815c132da6754d1d7593479c038cf6082bf7755241cd0318114ed66c1b1d227c634ef669004d9b2a7c6584d20dc45bd4b20690c6a64bca245c5dab9085fac14e024eac4980a1f288f318f3f83a68e8948faac68b08fdf2557c4e9fd8da7cd207e59923f8a010eb295c40ee505a80d6eeee869b7130fe97bdbf0eb247739376ae98e2675137b0b06614f4d2b63ff90d56aa92810e2cb30897ed2529541a8ae8df8d8fceacfd83d11b6c11ea89de05edeb84d4d077210f490ae4e921c0d7b846b96d63c1c0093876514fa1ecd3fd32345a67a4bf5b3315b8c6551d6bf43fe64af19503d8339c5d609d9791d4e49d89de9df5afaeecaf5bcaefa537c1561bed450a5607ce209603319f6d1e35d443664c204619b0dbcf407bac4a4a70c08eb559ea6b5c71418123aea41008ef13742a481db7134d5236d34ff72ded62e563fd851f045ded936fd3f9e71dafa9cd1cc643724e0adf3a1067529050a66b66559d32640a3ac8893b398f69e9ac6a452ad944778d9d2f9f408abb98eb74adeeabcfc2259e25ed4516f0fc527e2e282e6937b4a0d4fa729938e8c1da6aae79e380c5447215c9841e067e1eca7fc37743480c22a3e83a763178dc4a532dc7a0d59b6f389c1b314eec213f062925a594625c152155e71708b748ad7a060ece10bc1d3293d74889fc5f166b4fc8b44596844b57e7237277322f2d818aba95a52f5c2faf3d242a58f6987bdd538de2ce04248e69a503b5be4603122de571570677d6b40cbe70398389718305e7899f3d8eacdbd117827cb1666688677134fef86ec3e978f7d827dca39622c0fcb0c921666369b16d53e4165ee966a06377ab635e373099f9c4cf613886b05e85c82498436ef34ca55e5b808d0a563f52a1b7bf1985634d56a8c684072fecdcb437fe7046bab306a4752c2feb9390e01459b029bead292a86b6ee8044f23a2a71b5f35ea7b34c695ad31ddc558c1cf8d39b191f9c51c01a14083c0c3217426406a7931b17fa55715e2622b6a27feab8fcc638d8ec07f6d2c4b9374f683f68f8148efae0854fb62b883d6ac99828131f023dedde9ab00e333675b240232fb2ff9cf7cc7f2f0e611c9ac1f8facf17a7c5e83876038edcdcd4221266767f4f3b897f351343d97509e8672514f8dfbc863bcc3ca60a32cd9325c3ad8554e502c4e80509c6d2dd0c4cc715ec88d5c953f1ecb0a1e78b778251aebcc35ab236f5ec9740d196e137a29e7dba3fde7f3d07c72b0bcf139559d2234d3611baccc10e2d05e462a9a7d28db0ab6a0dbc13d63e033bd3e1246056aab83825a8d219c25b678ac7320959f7db746c9cd4c1cebb555a8dbbc25b5ec5fc517fcd650ee66590c5ab61bc478365c62b0592a1a66cab73a1fdfdf21b410ac2ca1897fd4b10fcb86fe70b7bf56006553faa7298b4a9e8a0282ad27e3d73c30515fa9d9e06eee89ea632ea82006522e2bd31d71faf29729c0cfd52c9bf6c54cb7e9ab9b6f347e7f157aeee0ddd0a66eaf1fe290a2a6e2ec7fdb58f8d042300f7a79cc0afaf1058f528d50381813d8f7d257a483524b78312834fa39aaff62f0cbb8aeb40447e6e44304579926fecb006ebf6b27181a0b64823d20997d70db7ecae5ceef3c367f0c00daeb5ab0da14234a33bcfb2c221334a769f3ae35a186abb05a78392ea5faaf8fe00ec9d028ac4bf5c268c0abf310329fbca027295679128756d306b36f9546bb4df55df5b9eccb848f6dd29e69cf0bcd0174d197b6109c81382ad5825ae9c974f5634fb6262fcbdc96e8dc42c36a48d988341bba5b40e3080c5606118f99c23cb9adfc5dce427106f70cebb7a5b7a04967acd03a19db7e3fcd23a142be241b40012a4e6e5d766aa3ddcc0dc6d95c6d2a9537527e6ca125cbdb5b8615992ae96bf1144896d8973b62230da2a7947396b142a13f15f1bee9eb15beffb7547e7361220477019df059129564ce43b14951609187df096fec88ddb0e0919e700f0f1d1a2071ddbb182c0d5158102eca22376fbd9eb5cb63f6fd55a66e85507a723f7337ba900b63824b7831b940c67b3b29be5aea1d3287a0d156e18eae6bcf527efc03b9c9853cc092fa52fad0fea73011c96c0af6875b470f0067f0898f5a8aa1dc1b479f6c04eeeb9747e90696cfceca0d32338585cb80db4f6ee1760ddee910b1760b64a159c8f829c1d9a212fd34ff7b0865d3a23a2e0788f3cd6dca1e0ec40b0f83615870664e3e88f73e080d755e2b1fd05c027ef9931c2d4da0cec694e35bab4cf6a87ed205106304e6c0b4233d7c1918f81fd318f89b1c0cfe01961e5e09efead145781feacd0887b9f25e8e3f43464ea06dc6eaa832be20c3f2b2206ecc4f8265bfafce9b98b0419338816c8eda7602f0c40dba92a5d95c5301344984c4cff5a6c9945bd9450a39b0c0d8bbaa747d71658f7e544e0416f5bd98ad5f7e3e15f4011bfd981f80b208a6b87723d4ac1cad374a60bb9b78c93237076db330fca4b6bbc09b7e9142bd532cbb928f320bdfb98d40e2b0af461f7117ac916f5eaa0bfc03be3207869db82f8d792e0188dd61ad34bb1a6c405f0cd88d11b843f03d70666b8d9f05a296f6c65bc78929dbc58fd11b27690cf786596e7998e1c6fa439e5f8672223ac62a04f98064390f6e7b9fb70741e961da01767916766a765fe72a0576c652541fef97f7c4a3c93667c5a6b024eb10e64fa7e0a9da681669de406d94acfdd4318e760ecbe79d5f1f4af403a1f0d250d58a66f436672c637ac87feebea9d95b492cc5b37c03e784cb0ad7760f0ba8888e46fef409e1154f4c2ccc88e473038fc766d378e5397ee20eb01fc5f4fd71088665c07153a716c77640fecc9e7ae2528cc8ecd0d960f139a522fe9b5a721fb788c437b132b3a73dd20", @typed={0x8, 0xd5, 0x0, 0x0, @pid=r6}]}, @MAC802154_HWSIM_ATTR_RADIO_EDGE={0x38, 0x2, 0x0, 0x1, [@nested={0x34, 0x106, 0x0, 0x1, [@nested={0x4, 0xb7}, @typed={0x8, 0xde, 0x0, 0x0, @u32=0xabf}, @typed={0x8, 0x1e, 0x0, 0x0, @fd=r7}, @nested={0x4, 0x78}, @typed={0x8, 0x143, 0x0, 0x0, @uid=r8}, @typed={0x8, 0x150, 0x0, 0x0, @ipv4=@remote}, @nested={0x4, 0x40}, @nested={0x4, 0xd5}]}]}, @MAC802154_HWSIM_ATTR_RADIO_EDGES={0x40, 0x3, 0x0, 0x1, [@typed={0x33, 0xcd, 0x0, 0x0, @binary="073bcba6ebda964983894186da1c0574353021e34dd8ecc246a60113493830f7c510ed6fc2be832c8e5a5b0962c47a"}, @typed={0x8, 0x143, 0x0, 0x0, @fd=r0}]}]}, 0x14e0}, 0x1, 0x0, 0x0, 0x40}, 0x20004000) 15.652473ms ago: executing program 4 (id=1635): r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000080)={0x44, r0, 0x1, 0x70bd29, 0x25dfdc02, {}, [@ETHTOOL_A_MODULE_EEPROM_LENGTH={0x8, 0x3, 0x7}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5, 0x4, 0xe9}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0xf7}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x44, 0x2, 'veth0_virt_wifi\x00'}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004084}, 0x82) 0s ago: executing program 2 (id=1636): mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) r0 = socket(0x2, 0x1, 0x0) (async) r1 = socket(0xa, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback}, 0x55) (async) mincore$auto(0x0, 0x1, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(r0, 0x10000000084, 0x1a, 0x0, 0x8) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0xffffffffffffffff, 0x20009, 0x4000000000e1, 0x4000000eb1, 0x401, 0x8000) ioctl$auto(0x3, 0x400454da, r2) (async) r3 = socket(0x2, 0x2, 0x0) (async) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) sendmsg$auto_NL802154_CMD_NEW_SEC_LEVEL(r3, 0x0, 0x4) lsm_list_modules$auto(0x0, 0x0, 0x0) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x401, 0xe983, 0xfffffffffffffffc, 0xeb4, r4, 0x8000) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async) r7 = openat$auto_fops_atomic_t_(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/fail_iommufd/space\x00', 0x40, 0x0) sendmsg$auto_NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r5, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20010000", @ANYRESDEC=r6, @ANYBLOB="000426a870fcdbdf2570000000ea0045800800c400", @ANYRES32=r7, @ANYRES64=r1], 0x120}, 0x1, 0x0, 0x0, 0x20040000}, 0x80) sendmsg$auto_NL80211_CMD_START_NAN(r3, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x56bf0dcd65caf311}, 0xc, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8010020", @ANYRES16=r7, @ANYBLOB="00022abd7000ffdbdf2573000000e400318008009a005d080000110002002f6465762f6e65742f74756e0000000018001d8014000080040004000c000200090000000000000008002700feffffff0500d500080000000400050108000d000700000063002801fcc89684e3102aafb1ffcf5633add25d766dc3e1104be92ddebb3eefcdf2599504a6dee000050000007f52b247800993254bf26f1f1fea1f334c44ecdbd188abb8fcac54df7f1f2ca44a1165f39f71ae86ec449e70f266c2af41fff88cf564000400730026009d009d29a3743cbb37cd9014c85b6f5c7d16f496eb3bfaa5b85bddfe157c4f73cd98a4210000060066004e220000b500ac0060cc3cc7e9362f542ebce26849d5f3a14ac77a41c77929ea0ecfc0839ec4969029d4c2de8db41e9e2857057602e9df230b3044533c4cd2fa546ea7d92a6fd73b7aed573630d65efd7da8e7533f47a162774ae7b52e620a6b432c70afc0d302aea1c0b3ea8a8af0bfc3ce5eef5e8ae524eed0c7a19536c255ea08fe1ef97987080000005253f890c0b0f2da8caa0cf649d4679e29effc3f89aa5ec616e88c78b5e934fb318ab689bcc703dd66e9ed6fcbdb0000003ed03a6a874cfa1f37805b9119414604dc834ac904d69f5492ad614ac398b19bbdd4f010e839e49b1278028a02e618eea4bfb4a867b19fe2c5693d155b3ece1f23ca"], 0x1b8}, 0x1, 0x0, 0x0, 0x20004011}, 0x44800) (async) r8 = socket(0x10, 0x2, 0xc) (async) r9 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="10002cbd7000fadbdf250a00000a00000200252f00e2a85c41e75a02715b2d0000001100df28fffe65c31770799fdab838aaf6712a82e628c9e6429a4a38320b2d692863927bd744b4f7b409b29862d3257675d4fd09d74a831929b1005bdd28ef3fc5ae2884ef6a78fedbebbc656141771e57124268c37932c90ec99923926a97bb444f6903a41102463c79baf78c35827f46efb37be97277d81130bd43e31c60347610f3e65f3d60d3d1e231c0cc23ad56ff23565d95cfafc7a92a64da18c0c01c0600010006000000"], 0x51}, 0x1, 0x0, 0x0, 0x24050803}, 0x10004010) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x201, 0x0) pwrite64$auto(0xc8, 0x0, 0x10, 0x6) kernel console output (not intermixed with test programs): __mutex_trylock_common+0x10/0x10 [ 228.877541][ T8053] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 228.877584][ T8053] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 228.877618][ T8053] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 228.877649][ T8053] ? trace_cap_capable+0x18d/0x200 [ 228.877690][ T8053] ? bpf_lsm_capable+0x9/0x10 [ 228.877734][ T8053] ? security_capable+0x7e/0x260 [ 228.877764][ T8053] ? ns_capable+0xd7/0x110 [ 228.877806][ T8053] genl_rcv_msg+0x55c/0x800 [ 228.877841][ T8053] ? __pfx_genl_rcv_msg+0x10/0x10 [ 228.877869][ T8053] ? __pfx___dev_queue_xmit+0x10/0x10 [ 228.877904][ T8053] ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10 [ 228.877979][ T8053] ? __lock_acquire+0xaa4/0x1ba0 [ 228.878038][ T8053] netlink_rcv_skb+0x16a/0x440 [ 228.878087][ T8053] ? __pfx_genl_rcv_msg+0x10/0x10 [ 228.878120][ T8053] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 228.878200][ T8053] ? __pfx_down_read+0x10/0x10 [ 228.878232][ T8053] ? netlink_deliver_tap+0x1ae/0xd30 [ 228.878284][ T8053] genl_rcv+0x28/0x40 [ 228.878310][ T8053] netlink_unicast+0x53a/0x7f0 [ 228.878363][ T8053] ? __pfx_netlink_unicast+0x10/0x10 [ 228.878408][ T8053] ? __lock_acquire+0xaa4/0x1ba0 [ 228.878469][ T8053] netlink_sendmsg+0x8d1/0xdd0 [ 228.878525][ T8053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 228.878590][ T8053] ____sys_sendmsg+0xa95/0xc70 [ 228.878622][ T8053] ? copy_msghdr_from_user+0x10a/0x160 [ 228.878665][ T8053] ? __pfx_____sys_sendmsg+0x10/0x10 [ 228.878715][ T8053] ___sys_sendmsg+0x134/0x1d0 [ 228.878760][ T8053] ? __pfx____sys_sendmsg+0x10/0x10 [ 228.878855][ T8053] __sys_sendmsg+0x16d/0x220 [ 228.878899][ T8053] ? __pfx___sys_sendmsg+0x10/0x10 [ 228.878955][ T8053] ? rcu_is_watching+0x12/0xc0 [ 228.879006][ T8053] do_syscall_64+0xcd/0x260 [ 228.879058][ T8053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.879090][ T8053] RIP: 0033:0x7f6467f8e169 [ 228.879115][ T8053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.879145][ T8053] RSP: 002b:00007f6468dc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 228.879193][ T8053] RAX: ffffffffffffffda RBX: 00007f64681b6080 RCX: 00007f6467f8e169 [ 228.879215][ T8053] RDX: 000000000404c004 RSI: 0000200000000140 RDI: 0000000000000007 [ 228.879231][ T8053] RBP: 00007f6468dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 228.879267][ T8053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.879285][ T8053] R13: 0000000000000000 R14: 00007f64681b6080 R15: 00007fff14a723b8 [ 228.879327][ T8053] [ 229.667209][ T8058] FAULT_INJECTION: forcing a failure. [ 229.667209][ T8058] name failslab, interval 1, probability 0, space 0, times 0 [ 229.825324][ T8058] CPU: 1 UID: 0 PID: 8058 Comm: syz.3.523 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 229.825370][ T8058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 229.825389][ T8058] Call Trace: [ 229.825400][ T8058] [ 229.825412][ T8058] dump_stack_lvl+0x16c/0x1f0 [ 229.825465][ T8058] should_fail_ex+0x512/0x640 [ 229.825502][ T8058] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 229.825557][ T8058] should_failslab+0xc2/0x120 [ 229.825587][ T8058] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 229.825639][ T8058] ? ktime_get_coarse_real_ts64_mg+0x26c/0x320 [ 229.825692][ T8058] ? __d_alloc+0x31/0xaa0 [ 229.825728][ T8058] __d_alloc+0x31/0xaa0 [ 229.825763][ T8058] d_alloc_pseudo+0x1c/0xc0 [ 229.825809][ T8058] alloc_file_pseudo+0xcf/0x230 [ 229.825848][ T8058] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 229.825896][ T8058] secretmem_file_create.constprop.0+0x108/0x2c0 [ 229.825957][ T8058] __x64_sys_memfd_secret+0xc5/0x1a0 [ 229.825988][ T8058] do_syscall_64+0xcd/0x260 [ 229.826039][ T8058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.826072][ T8058] RIP: 0033:0x7f88bd78e169 [ 229.826097][ T8058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.826126][ T8058] RSP: 002b:00007f88be5fa038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 229.826156][ T8058] RAX: ffffffffffffffda RBX: 00007f88bd9b5fa0 RCX: 00007f88bd78e169 [ 229.826176][ T8058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 229.826193][ T8058] RBP: 00007f88bd810a68 R08: 0000000000000000 R09: 0000000000000000 [ 229.826210][ T8058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.826228][ T8058] R13: 0000000000000000 R14: 00007f88bd9b5fa0 R15: 00007ffed0333da8 [ 229.826266][ T8058] [ 230.484524][ T8071] futex_wake_op: syz.0.525 tries to shift op by 64; fix this program [ 232.025489][ T8100] WARNING! power/level is deprecated; use power/control instead [ 232.081964][ T8114] ICMPv6: process `syz.3.535' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 232.599566][ T8124] netlink: 146 bytes leftover after parsing attributes in process `syz.1.538'. [ 233.290004][ T8139] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 233.346204][ T8139] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 234.225719][ T8149] FAULT_INJECTION: forcing a failure. [ 234.225719][ T8149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.251637][ T8149] CPU: 0 UID: 0 PID: 8149 Comm: syz.0.546 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 234.251680][ T8149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 234.251698][ T8149] Call Trace: [ 234.251708][ T8149] [ 234.251720][ T8149] dump_stack_lvl+0x16c/0x1f0 [ 234.251781][ T8149] should_fail_ex+0x512/0x640 [ 234.251824][ T8149] _copy_to_user+0x32/0xd0 [ 234.251867][ T8149] simple_read_from_buffer+0xcb/0x170 [ 234.251913][ T8149] proc_fail_nth_read+0x197/0x270 [ 234.251958][ T8149] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 234.252006][ T8149] ? rw_verify_area+0xcf/0x680 [ 234.252044][ T8149] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 234.252095][ T8149] vfs_read+0x1de/0xc70 [ 234.252144][ T8149] ? __pfx___mutex_lock+0x10/0x10 [ 234.252191][ T8149] ? __pfx_vfs_read+0x10/0x10 [ 234.252245][ T8149] ? __fget_files+0x20e/0x3c0 [ 234.252303][ T8149] ksys_read+0x12a/0x240 [ 234.252346][ T8149] ? __pfx_ksys_read+0x10/0x10 [ 234.252387][ T8149] ? rcu_is_watching+0x12/0xc0 [ 234.252439][ T8149] do_syscall_64+0xcd/0x260 [ 234.252490][ T8149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.252522][ T8149] RIP: 0033:0x7f6467f8cb7c [ 234.252546][ T8149] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 234.252576][ T8149] RSP: 002b:00007f6468de7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 234.252604][ T8149] RAX: ffffffffffffffda RBX: 00007f64681b5fa0 RCX: 00007f6467f8cb7c [ 234.252624][ T8149] RDX: 000000000000000f RSI: 00007f6468de70a0 RDI: 0000000000000004 [ 234.252642][ T8149] RBP: 00007f6468de7090 R08: 0000000000000000 R09: 0000000000000000 [ 234.252660][ T8149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.252677][ T8149] R13: 0000000000000000 R14: 00007f64681b5fa0 R15: 00007fff14a723b8 [ 234.252717][ T8149] [ 234.542589][ T8153] netlink: 146 bytes leftover after parsing attributes in process `syz.0.548'. [ 235.461389][ T8165] FAULT_INJECTION: forcing a failure. [ 235.461389][ T8165] name failslab, interval 1, probability 0, space 0, times 0 [ 235.474473][ T8165] CPU: 0 UID: 0 PID: 8165 Comm: syz.0.551 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 235.474518][ T8165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 235.474537][ T8165] Call Trace: [ 235.474549][ T8165] [ 235.474561][ T8165] dump_stack_lvl+0x16c/0x1f0 [ 235.474621][ T8165] should_fail_ex+0x512/0x640 [ 235.474666][ T8165] should_failslab+0xc2/0x120 [ 235.474697][ T8165] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 235.474746][ T8165] ? find_held_lock+0x2b/0x80 [ 235.474784][ T8165] ? __alloc_skb+0x2b2/0x380 [ 235.474831][ T8165] __alloc_skb+0x2b2/0x380 [ 235.474870][ T8165] ? __pfx___alloc_skb+0x10/0x10 [ 235.474906][ T8165] ? kernel_text_address+0x8d/0x100 [ 235.474944][ T8165] ? kernel_text_address+0x30/0x100 [ 235.474983][ T8165] ? arch_stack_walk+0xa6/0x100 [ 235.475034][ T8165] alloc_skb_with_frags+0xe0/0x860 [ 235.475092][ T8165] sock_alloc_send_pskb+0x7fb/0x990 [ 235.475132][ T8165] ? fib_table_lookup+0x75a/0x2300 [ 235.475184][ T8165] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 235.475219][ T8165] ? __icmp_send+0xcd8/0x1950 [ 235.475253][ T8165] ? ipv4_link_failure+0x424/0xbc0 [ 235.475282][ T8165] ? vti_tunnel_xmit+0x672/0x1e70 [ 235.475309][ T8165] ? dev_hard_start_xmit+0x93/0x740 [ 235.475341][ T8165] ? __dev_queue_xmit+0x7eb/0x43e0 [ 235.475373][ T8165] ? neigh_connected_output+0x3da/0x620 [ 235.475415][ T8165] ? ip_finish_output2+0x7f5/0x21a0 [ 235.475458][ T8165] ? __ip_finish_output+0x49e/0x950 [ 235.475502][ T8165] ? ip_finish_output+0x35/0x380 [ 235.475544][ T8165] ? ip_output+0x13b/0x2a0 [ 235.475586][ T8165] ? ip_send_skb+0x3e8/0x560 [ 235.475636][ T8165] ? udp_send_skb+0x71d/0x15b0 [ 235.475675][ T8165] ? udp_sendmsg+0x18d6/0x29e0 [ 235.475715][ T8165] ? inet_sendmsg+0x105/0x140 [ 235.475741][ T8165] ? ____sys_sendmsg+0x973/0xc70 [ 235.475766][ T8165] ? ___sys_sendmsg+0x134/0x1d0 [ 235.475811][ T8165] __ip_append_data+0x21a2/0x41e0 [ 235.475868][ T8165] ? __pfx_icmp_glue_bits+0x10/0x10 [ 235.475922][ T8165] ? __pfx___ip_append_data+0x10/0x10 [ 235.475970][ T8165] ? __asan_memcpy+0x3c/0x60 [ 235.476018][ T8165] ip_append_data+0x10f/0x1a0 [ 235.476068][ T8165] ? __pfx_icmp_glue_bits+0x10/0x10 [ 235.476107][ T8165] icmp_push_reply+0xa8/0x440 [ 235.476153][ T8165] __icmp_send+0xcd8/0x1950 [ 235.476204][ T8165] ? __pfx___icmp_send+0x10/0x10 [ 235.476238][ T8165] ? ip_output+0x13b/0x2a0 [ 235.476277][ T8165] ? ip_send_skb+0x2f1/0x560 [ 235.476321][ T8165] ? udp_send_skb+0x71d/0x15b0 [ 235.476359][ T8165] ? udp_sendmsg+0x18d6/0x29e0 [ 235.476399][ T8165] ? inet_sendmsg+0x105/0x140 [ 235.476427][ T8165] ? ___sys_sendmsg+0x134/0x1d0 [ 235.476464][ T8165] ? __sys_sendmmsg+0x200/0x420 [ 235.476502][ T8165] ? __x64_sys_sendmmsg+0x9c/0x100 [ 235.476584][ T8165] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 235.476639][ T8165] ipv4_link_failure+0x424/0xbc0 [ 235.476676][ T8165] ? __pfx_ipv4_link_failure+0x10/0x10 [ 235.476717][ T8165] ? __pfx_ipv4_link_failure+0x10/0x10 [ 235.476750][ T8165] vti_tunnel_xmit+0x672/0x1e70 [ 235.476790][ T8165] ? __pfx_vti_tunnel_xmit+0x10/0x10 [ 235.476846][ T8165] dev_hard_start_xmit+0x93/0x740 [ 235.476891][ T8165] __dev_queue_xmit+0x7eb/0x43e0 [ 235.476944][ T8165] ? __pfx___dev_queue_xmit+0x10/0x10 [ 235.476981][ T8165] ? register_lock_class+0x41/0x4c0 [ 235.477022][ T8165] ? lockdep_unlock+0x64/0xe0 [ 235.477059][ T8165] ? __lock_acquire+0xf7f/0x1ba0 [ 235.477131][ T8165] ? find_held_lock+0x2b/0x80 [ 235.477183][ T8165] neigh_connected_output+0x3da/0x620 [ 235.477244][ T8165] ip_finish_output2+0x7f5/0x21a0 [ 235.477293][ T8165] ? ip_skb_dst_mtu+0x487/0xe90 [ 235.477343][ T8165] ? __pfx_ip_finish_output2+0x10/0x10 [ 235.477387][ T8165] ? ip_skb_dst_mtu+0x496/0xe90 [ 235.477430][ T8165] ? skb_gso_transport_seglen+0x1a5/0x3b0 [ 235.477487][ T8165] __ip_finish_output+0x49e/0x950 [ 235.477539][ T8165] ip_finish_output+0x35/0x380 [ 235.477596][ T8165] ip_output+0x13b/0x2a0 [ 235.477639][ T8165] ? __pfx_ip_output+0x10/0x10 [ 235.477689][ T8165] ip_send_skb+0x3e8/0x560 [ 235.477741][ T8165] udp_send_skb+0x71d/0x15b0 [ 235.477798][ T8165] udp_sendmsg+0x18d6/0x29e0 [ 235.477847][ T8165] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 235.477900][ T8165] ? __pfx_udp_sendmsg+0x10/0x10 [ 235.477964][ T8165] ? __lock_acquire+0xaa4/0x1ba0 [ 235.478014][ T8165] ? __pfx___might_resched+0x10/0x10 [ 235.478067][ T8165] ? aa_sk_perm+0x2f4/0xb10 [ 235.478111][ T8165] ? __import_iovec+0x1c8/0x660 [ 235.478151][ T8165] ? __might_fault+0xe3/0x190 [ 235.478196][ T8165] ? __might_fault+0x13b/0x190 [ 235.478245][ T8165] ? __pfx_udp_sendmsg+0x10/0x10 [ 235.478291][ T8165] inet_sendmsg+0x105/0x140 [ 235.478323][ T8165] ____sys_sendmsg+0x973/0xc70 [ 235.478355][ T8165] ? copy_msghdr_from_user+0x10a/0x160 [ 235.478398][ T8165] ? __pfx_____sys_sendmsg+0x10/0x10 [ 235.478425][ T8165] ? __pfx___schedule+0x10/0x10 [ 235.478472][ T8165] ? trace_pid_list_is_set+0x100/0x150 [ 235.478522][ T8165] ? trace_ignore_this_task+0xc3/0x100 [ 235.478561][ T8165] ___sys_sendmsg+0x134/0x1d0 [ 235.478611][ T8165] ? __pfx____sys_sendmsg+0x10/0x10 [ 235.478675][ T8165] ? find_held_lock+0x2b/0x80 [ 235.478743][ T8165] __sys_sendmmsg+0x200/0x420 [ 235.478791][ T8165] ? __pfx___sys_sendmmsg+0x10/0x10 [ 235.478847][ T8165] ? __pfx_do_futex+0x10/0x10 [ 235.478888][ T8165] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 235.478958][ T8165] ? xfd_validate_state+0x5d/0x180 [ 235.478995][ T8165] ? rcu_is_watching+0x12/0xc0 [ 235.479041][ T8165] __x64_sys_sendmmsg+0x9c/0x100 [ 235.479082][ T8165] ? lockdep_hardirqs_on+0x7c/0x110 [ 235.479127][ T8165] do_syscall_64+0xcd/0x260 [ 235.479177][ T8165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.479212][ T8165] RIP: 0033:0x7f6467f8e169 [ 235.479238][ T8165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.479267][ T8165] RSP: 002b:00007f6468de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 235.479295][ T8165] RAX: ffffffffffffffda RBX: 00007f64681b5fa0 RCX: 00007f6467f8e169 [ 235.479314][ T8165] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 235.479333][ T8165] RBP: 00007f6468010a68 R08: 0000000000000000 R09: 0000000000000000 [ 235.479352][ T8165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 235.479371][ T8165] R13: 0000000000000000 R14: 00007f64681b5fa0 R15: 00007fff14a723b8 [ 235.479414][ T8165] [ 237.065004][ T8179] netlink: 20 bytes leftover after parsing attributes in process `syz.0.553'. [ 237.357890][ T8185] netlink: 146 bytes leftover after parsing attributes in process `syz.1.558'. [ 238.318998][ T8199] HfR: entered promiscuous mode [ 238.388799][ T8199] netlink: 12 bytes leftover after parsing attributes in process `syz.1.561'. [ 238.409755][ T8199] HfR: left promiscuous mode [ 238.442032][ T8203] netlink: 4 bytes leftover after parsing attributes in process `syz.1.561'. [ 239.693592][ T8224] ubi4: attaching mtd0 [ 239.808470][ T8226] FAULT_INJECTION: forcing a failure. [ 239.808470][ T8226] name failslab, interval 1, probability 0, space 0, times 0 [ 239.835158][ T8226] CPU: 0 UID: 0 PID: 8226 Comm: syz.2.568 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 239.835201][ T8226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 239.835230][ T8226] Call Trace: [ 239.835240][ T8226] [ 239.835252][ T8226] dump_stack_lvl+0x16c/0x1f0 [ 239.835304][ T8226] should_fail_ex+0x512/0x640 [ 239.835340][ T8226] ? fs_reclaim_acquire+0xae/0x150 [ 239.835382][ T8226] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 239.835426][ T8226] should_failslab+0xc2/0x120 [ 239.835456][ T8226] __kmalloc_noprof+0xd2/0x510 [ 239.835513][ T8226] tomoyo_realpath_from_path+0xc2/0x6e0 [ 239.835564][ T8226] ? tomoyo_profile+0x47/0x60 [ 239.835617][ T8226] tomoyo_path_number_perm+0x245/0x580 [ 239.835654][ T8226] ? tomoyo_path_number_perm+0x237/0x580 [ 239.835695][ T8226] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 239.835736][ T8226] ? find_held_lock+0x2b/0x80 [ 239.835824][ T8226] ? find_held_lock+0x2b/0x80 [ 239.835879][ T8226] ? hook_file_ioctl_common+0x145/0x410 [ 239.835923][ T8226] ? __fget_files+0x20e/0x3c0 [ 239.835975][ T8226] security_file_ioctl+0x9b/0x240 [ 239.836018][ T8226] __x64_sys_ioctl+0xb7/0x200 [ 239.836060][ T8226] do_syscall_64+0xcd/0x260 [ 239.836111][ T8226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.836143][ T8226] RIP: 0033:0x7f092a18e169 [ 239.836180][ T8226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.836209][ T8226] RSP: 002b:00007f092af12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 239.836245][ T8226] RAX: ffffffffffffffda RBX: 00007f092a3b5fa0 RCX: 00007f092a18e169 [ 239.836264][ T8226] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000005 [ 239.836282][ T8226] RBP: 00007f092af12090 R08: 0000000000000000 R09: 0000000000000000 [ 239.836300][ T8226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.836335][ T8226] R13: 0000000000000000 R14: 00007f092a3b5fa0 R15: 00007ffd756473a8 [ 239.836375][ T8226] [ 239.836440][ T8226] ERROR: Out of memory at tomoyo_realpath_from_path. [ 240.090492][ T8226] ubi4: attaching mtd0 [ 241.319075][ T8262] netlink: 146 bytes leftover after parsing attributes in process `syz.0.581'. [ 241.663902][ T8273] netlink: 342 bytes leftover after parsing attributes in process `syz.3.584'. [ 244.461326][ T8318] netlink: 146 bytes leftover after parsing attributes in process `syz.3.594'. [ 244.956617][ T8330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.596'. [ 246.069046][ T8344] netlink: 8 bytes leftover after parsing attributes in process `syz.1.601'. [ 246.304428][ T8353] FAULT_INJECTION: forcing a failure. [ 246.304428][ T8353] name failslab, interval 1, probability 0, space 0, times 0 [ 246.318569][ T8353] CPU: 0 UID: 0 PID: 8353 Comm: syz.3.603 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 246.318613][ T8353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 246.318632][ T8353] Call Trace: [ 246.318642][ T8353] [ 246.318666][ T8353] dump_stack_lvl+0x16c/0x1f0 [ 246.318721][ T8353] should_fail_ex+0x512/0x640 [ 246.318756][ T8353] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 246.318810][ T8353] should_failslab+0xc2/0x120 [ 246.318839][ T8353] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 246.318889][ T8353] ? ptlock_alloc+0x1f/0x70 [ 246.318936][ T8353] ptlock_alloc+0x1f/0x70 [ 246.318978][ T8353] pte_alloc_one+0x6d/0x380 [ 246.319020][ T8353] __pte_alloc+0x6d/0x3c0 [ 246.319052][ T8353] ? __pfx___pte_alloc+0x10/0x10 [ 246.319086][ T8353] ? __lock_acquire+0xaa4/0x1ba0 [ 246.319137][ T8353] do_pte_missing+0x2925/0x3fb0 [ 246.319197][ T8353] __handle_mm_fault+0x103d/0x2a40 [ 246.319247][ T8353] ? const_folio_flags+0x5b/0x100 [ 246.319297][ T8353] ? __pfx___handle_mm_fault+0x10/0x10 [ 246.319342][ T8353] ? __pfx_folio_mark_accessed+0x10/0x10 [ 246.319375][ T8353] ? vm_normal_page+0x13b/0x2b0 [ 246.319406][ T8353] ? find_held_lock+0x2b/0x80 [ 246.319445][ T8353] ? find_held_lock+0x2b/0x80 [ 246.319507][ T8353] handle_mm_fault+0x3fe/0xad0 [ 246.319558][ T8353] __get_user_pages+0x771/0x36f0 [ 246.319608][ T8353] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 246.319639][ T8353] ? look_up_lock_class+0x59/0x150 [ 246.319692][ T8353] ? __pfx___get_user_pages+0x10/0x10 [ 246.319732][ T8353] ? process_vm_rw+0x2ff/0x360 [ 246.319758][ T8353] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 246.319787][ T8353] ? do_syscall_64+0xcd/0x260 [ 246.319845][ T8353] __gup_longterm_locked+0x20d/0x1850 [ 246.319897][ T8353] ? __pfx___gup_longterm_locked+0x10/0x10 [ 246.319958][ T8353] pin_user_pages_remote+0xed/0x140 [ 246.320001][ T8353] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 246.320040][ T8353] ? mm_access+0x22d/0x2e0 [ 246.320102][ T8353] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 246.320152][ T8353] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 246.320210][ T8353] ? iovec_from_user+0xbb/0x140 [ 246.320256][ T8353] process_vm_rw+0x2ff/0x360 [ 246.320289][ T8353] ? __pfx_process_vm_rw+0x10/0x10 [ 246.320328][ T8353] ? fd_install+0x225/0x750 [ 246.320369][ T8353] ? putname+0x154/0x1a0 [ 246.320434][ T8353] ? xfd_validate_state+0x5d/0x180 [ 246.320479][ T8353] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 246.320512][ T8353] ? do_syscall_64+0x91/0x260 [ 246.320557][ T8353] ? lockdep_hardirqs_on+0x7c/0x110 [ 246.320602][ T8353] do_syscall_64+0xcd/0x260 [ 246.320659][ T8353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.320691][ T8353] RIP: 0033:0x7f88bd78e169 [ 246.320717][ T8353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.320746][ T8353] RSP: 002b:00007f88be5d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 246.320775][ T8353] RAX: ffffffffffffffda RBX: 00007f88bd9b6080 RCX: 00007f88bd78e169 [ 246.320795][ T8353] RDX: 0000040000000001 RSI: 0000200000000000 RDI: 0000000000000217 [ 246.320814][ T8353] RBP: 00007f88bd810a68 R08: 000000000000000a R09: 0000000000000000 [ 246.320832][ T8353] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 246.320851][ T8353] R13: 0000000000000000 R14: 00007f88bd9b6080 R15: 00007ffed0333da8 [ 246.320891][ T8353] [ 247.567310][ T8372] netlink: 12 bytes leftover after parsing attributes in process `syz.1.609'. [ 247.611707][ T8373] netlink: 4 bytes leftover after parsing attributes in process `syz.3.608'. [ 247.686590][ T8369] HfR: entered promiscuous mode [ 247.747931][ T8374] netlink: 4 bytes leftover after parsing attributes in process `syz.1.609'. [ 247.874122][ T8372] HfR: left promiscuous mode [ 248.134795][ T8377] HfR: entered promiscuous mode [ 248.232882][ T8377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.610'. [ 248.280294][ T8377] HfR: left promiscuous mode [ 248.287198][ T8378] device-mapper: ioctl: Unable to rename non-existent device,  to [ 248.303643][ T8378] netlink: 4 bytes leftover after parsing attributes in process `syz.0.610'. [ 248.584458][ T8382] netlink: 28 bytes leftover after parsing attributes in process `syz.3.613'. [ 248.593484][ T8382] hsr0: entered allmulticast mode [ 248.598560][ T8382] hsr_slave_0: entered allmulticast mode [ 248.598603][ T8384] netlink: 20 bytes leftover after parsing attributes in process `syz.1.614'. [ 248.612532][ T8382] hsr_slave_1: entered allmulticast mode [ 249.294612][ T8402] netlink: 146 bytes leftover after parsing attributes in process `syz.0.620'. [ 249.506763][ T8403] netlink: 20 bytes leftover after parsing attributes in process `syz.3.618'. [ 249.853617][ T8398] Setting dangerous option i915.mitigations - tainting kernel [ 250.417353][ T8413] HfR: entered promiscuous mode [ 250.470899][ T8413] device-mapper: ioctl: Unable to rename non-existent device,  to [ 250.509408][ T8423] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 251.361365][ T8433] FAULT_INJECTION: forcing a failure. [ 251.361365][ T8433] name failslab, interval 1, probability 0, space 0, times 0 [ 251.374272][ T8433] CPU: 1 UID: 0 PID: 8433 Comm: syz.3.625 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 251.374318][ T8433] Tainted: [U]=USER [ 251.374328][ T8433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 251.374344][ T8433] Call Trace: [ 251.374354][ T8433] [ 251.374365][ T8433] dump_stack_lvl+0x16c/0x1f0 [ 251.374414][ T8433] should_fail_ex+0x512/0x640 [ 251.374448][ T8433] ? fs_reclaim_acquire+0xae/0x150 [ 251.374489][ T8433] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 251.374532][ T8433] should_failslab+0xc2/0x120 [ 251.374561][ T8433] __kmalloc_noprof+0xd2/0x510 [ 251.374616][ T8433] tomoyo_realpath_from_path+0xc2/0x6e0 [ 251.374664][ T8433] ? tomoyo_profile+0x47/0x60 [ 251.374715][ T8433] tomoyo_path_number_perm+0x245/0x580 [ 251.374750][ T8433] ? tomoyo_path_number_perm+0x237/0x580 [ 251.374790][ T8433] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 251.374830][ T8433] ? find_held_lock+0x2b/0x80 [ 251.374905][ T8433] ? find_held_lock+0x2b/0x80 [ 251.374944][ T8433] ? hook_file_ioctl_common+0x145/0x410 [ 251.374994][ T8433] ? __fget_files+0x20e/0x3c0 [ 251.375046][ T8433] security_file_ioctl+0x9b/0x240 [ 251.375087][ T8433] __x64_sys_ioctl+0xb7/0x200 [ 251.375128][ T8433] do_syscall_64+0xcd/0x260 [ 251.375177][ T8433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.375207][ T8433] RIP: 0033:0x7f88bd78e169 [ 251.375231][ T8433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.375260][ T8433] RSP: 002b:00007f88be597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.375287][ T8433] RAX: ffffffffffffffda RBX: 00007f88bd9b6240 RCX: 00007f88bd78e169 [ 251.375307][ T8433] RDX: 0000200000000040 RSI: 00000000405c5503 RDI: 0000000000000003 [ 251.375324][ T8433] RBP: 00007f88be597090 R08: 0000000000000000 R09: 0000000000000000 [ 251.375341][ T8433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.375358][ T8433] R13: 0000000000000001 R14: 00007f88bd9b6240 R15: 00007ffed0333da8 [ 251.375397][ T8433] [ 251.375469][ T8433] ERROR: Out of memory at tomoyo_realpath_from_path. [ 252.406010][ T8457] netlink: 146 bytes leftover after parsing attributes in process `syz.3.632'. [ 252.705589][ T8466] HfR: entered promiscuous mode [ 252.707987][ T8471] device-mapper: ioctl: Unable to rename non-existent device,  to [ 253.535997][ T8492] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input15 [ 254.907673][ T8517] netlink: 146 bytes leftover after parsing attributes in process `syz.3.645'. [ 255.156512][ T8526] openvswitch: HfR: Dropping previously announced user features [ 255.235691][ T8526] device-mapper: ioctl: Unable to rename non-existent device,  to [ 256.652618][ T8560] netlink: 330 bytes leftover after parsing attributes in process `syz.1.657'. [ 256.696536][ T8560] net veth1_virt_wifi : renamed from virt_wifi0 [ 256.846830][ T8560] netlink: 330 bytes leftover after parsing attributes in process `syz.1.657'. [ 257.839378][ T8578] netlink: 146 bytes leftover after parsing attributes in process `syz.1.661'. [ 258.172975][ T8586] device-mapper: ioctl: Unable to rename non-existent device,  to [ 258.220985][ T8585] openvswitch: HfR: Dropping previously announced user features [ 258.617026][ T8583] netlink: 342 bytes leftover after parsing attributes in process `syz.3.663'. [ 260.944457][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.951063][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.433306][ T8661] FAULT_INJECTION: forcing a failure. [ 262.433306][ T8661] name failslab, interval 1, probability 0, space 0, times 0 [ 262.485344][ T8661] CPU: 0 UID: 0 PID: 8661 Comm: syz.0.683 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 262.485401][ T8661] Tainted: [U]=USER [ 262.485412][ T8661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 262.485430][ T8661] Call Trace: [ 262.485440][ T8661] [ 262.485452][ T8661] dump_stack_lvl+0x16c/0x1f0 [ 262.485507][ T8661] should_fail_ex+0x512/0x640 [ 262.485543][ T8661] ? fs_reclaim_acquire+0xae/0x150 [ 262.485587][ T8661] should_failslab+0xc2/0x120 [ 262.485618][ T8661] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 262.485670][ T8661] ? security_inode_alloc+0x3b/0x2b0 [ 262.485712][ T8661] security_inode_alloc+0x3b/0x2b0 [ 262.485750][ T8661] inode_init_always_gfp+0xce4/0x1030 [ 262.485806][ T8661] alloc_inode+0x86/0x240 [ 262.485843][ T8661] sock_alloc+0x40/0x280 [ 262.485892][ T8661] sock_create_lite+0x82/0x120 [ 262.485944][ T8661] __netlink_kernel_create+0xbd/0x750 [ 262.485991][ T8661] ? __kvmalloc_node_noprof+0x296/0x600 [ 262.486040][ T8661] ? __pfx___netlink_kernel_create+0x10/0x10 [ 262.486102][ T8661] fib_net_init+0x26d/0x3f0 [ 262.486145][ T8661] ? __pfx___register_sysctl_table+0x10/0x10 [ 262.486183][ T8661] ? __pfx_fib_net_init+0x10/0x10 [ 262.486238][ T8661] ? lockdep_init_map_type+0x5c/0x280 [ 262.486276][ T8661] ? __pfx_nl_fib_input+0x10/0x10 [ 262.486326][ T8661] ? devinet_init_net+0x5c2/0x910 [ 262.486380][ T8661] ? __pfx_fib_net_init+0x10/0x10 [ 262.486423][ T8661] ops_init+0x1df/0x5f0 [ 262.486472][ T8661] setup_net+0x21e/0x850 [ 262.486520][ T8661] ? __pfx_setup_net+0x10/0x10 [ 262.486562][ T8661] ? lockdep_init_map_type+0x5c/0x280 [ 262.486592][ T8661] ? __pfx_down_read_killable+0x10/0x10 [ 262.486628][ T8661] ? debug_mutex_init+0x37/0x70 [ 262.486672][ T8661] copy_net_ns+0x2a6/0x5f0 [ 262.486726][ T8661] create_new_namespaces+0x3ea/0xad0 [ 262.486780][ T8661] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 262.486829][ T8661] ksys_unshare+0x45b/0xa40 [ 262.486879][ T8661] ? __pfx_ksys_unshare+0x10/0x10 [ 262.486943][ T8661] ? xfd_validate_state+0x5d/0x180 [ 262.486981][ T8661] ? rcu_is_watching+0x12/0xc0 [ 262.487033][ T8661] __x64_sys_unshare+0x31/0x40 [ 262.487083][ T8661] do_syscall_64+0xcd/0x260 [ 262.487146][ T8661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.487178][ T8661] RIP: 0033:0x7f6467f8e169 [ 262.487204][ T8661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.487234][ T8661] RSP: 002b:00007f6468dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 262.487271][ T8661] RAX: ffffffffffffffda RBX: 00007f64681b6080 RCX: 00007f6467f8e169 [ 262.487292][ T8661] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 262.487312][ T8661] RBP: 00007f6468010a68 R08: 0000000000000000 R09: 0000000000000000 [ 262.487331][ T8661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 262.487350][ T8661] R13: 0000000000000000 R14: 00007f64681b6080 R15: 00007fff14a723b8 [ 262.487391][ T8661] [ 262.783634][ C0] vkms_vblank_simulate: vblank timer overrun [ 264.326453][ T8685] FAULT_INJECTION: forcing a failure. [ 264.326453][ T8685] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.365573][ T8685] CPU: 1 UID: 0 PID: 8685 Comm: syz.3.688 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 264.365621][ T8685] Tainted: [U]=USER [ 264.365630][ T8685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 264.365646][ T8685] Call Trace: [ 264.365656][ T8685] [ 264.365666][ T8685] dump_stack_lvl+0x16c/0x1f0 [ 264.365716][ T8685] should_fail_ex+0x512/0x640 [ 264.365756][ T8685] _copy_to_user+0x32/0xd0 [ 264.365798][ T8685] simple_read_from_buffer+0xcb/0x170 [ 264.365843][ T8685] proc_fail_nth_read+0x197/0x270 [ 264.365887][ T8685] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 264.365940][ T8685] ? rw_verify_area+0xcf/0x680 [ 264.365975][ T8685] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 264.366019][ T8685] vfs_read+0x1de/0xc70 [ 264.366065][ T8685] ? __pfx___mutex_lock+0x10/0x10 [ 264.366111][ T8685] ? __pfx_vfs_read+0x10/0x10 [ 264.366164][ T8685] ? __fget_files+0x20e/0x3c0 [ 264.366220][ T8685] ksys_read+0x12a/0x240 [ 264.366261][ T8685] ? __pfx_ksys_read+0x10/0x10 [ 264.366314][ T8685] do_syscall_64+0xcd/0x260 [ 264.366363][ T8685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.366394][ T8685] RIP: 0033:0x7f88bd78cb7c [ 264.366418][ T8685] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 264.366446][ T8685] RSP: 002b:00007f88be5d9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 264.366473][ T8685] RAX: ffffffffffffffda RBX: 00007f88bd9b6080 RCX: 00007f88bd78cb7c [ 264.366492][ T8685] RDX: 000000000000000f RSI: 00007f88be5d90a0 RDI: 0000000000000004 [ 264.366509][ T8685] RBP: 00007f88be5d9090 R08: 0000000000000000 R09: 0000000000000000 [ 264.366526][ T8685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.366543][ T8685] R13: 0000000000000001 R14: 00007f88bd9b6080 R15: 00007ffed0333da8 [ 264.366581][ T8685] [ 265.374557][ T8701] HfR: entered promiscuous mode [ 265.423672][ T8701] device-mapper: ioctl: Unable to rename non-existent device,  to [ 266.960018][ T8726] openvswitch: HfR: Dropping previously announced user features [ 267.025103][ T8726] device-mapper: ioctl: Unable to rename non-existent device,  to [ 267.453430][ T8734] netlink: 146 bytes leftover after parsing attributes in process `syz.1.702'. [ 269.442883][ T8760] netlink: 4 bytes leftover after parsing attributes in process `syz.0.708'. [ 269.453810][ T8760] netlink: 98 bytes leftover after parsing attributes in process `syz.0.708'. [ 269.551978][ T8765] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 269.586328][ T8765] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 270.541298][ T8775] openvswitch: HfR: Dropping previously announced user features [ 270.582808][ T8775] device-mapper: ioctl: Unable to rename non-existent device,  to [ 271.364413][ T8796] delete_channel: no stack [ 273.527546][ T8832] openvswitch: HfR: Dropping previously announced user features [ 273.552806][ T8832] device-mapper: ioctl: Unable to rename non-existent device,  to [ 274.495319][ T8853] netlink: 146 bytes leftover after parsing attributes in process `syz.1.732'. [ 274.718919][ T8857] openvswitch: HfR: Dropping previously announced user features [ 274.832962][ T8857] netlink: 12 bytes leftover after parsing attributes in process `syz.3.733'. [ 274.889454][ T8857] HfR: left promiscuous mode [ 276.131113][ T8879] netlink: 32 bytes leftover after parsing attributes in process `syz.1.738'. [ 276.930818][ T8885] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 277.499838][ T8897] syz.3.744 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 278.138460][ T8912] netlink: 146 bytes leftover after parsing attributes in process `syz.0.748'. [ 278.439964][ T8917] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input16 [ 278.735590][ T8921] HfR: entered promiscuous mode [ 278.844213][ T8921] netlink: 12 bytes leftover after parsing attributes in process `syz.1.749'. [ 278.865076][ T8921] HfR: left promiscuous mode [ 278.888466][ T8925] netlink: 32 bytes leftover after parsing attributes in process `syz.0.750'. [ 278.950632][ T8927] device-mapper: ioctl: Unable to rename non-existent device,  to [ 280.176179][ T8941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.755'. [ 280.993184][ T8946] netlink: 28 bytes leftover after parsing attributes in process `syz.2.753'. [ 281.022874][ T8946] bridge_slave_1: left allmulticast mode [ 281.028598][ T8946] bridge_slave_1: left promiscuous mode [ 281.036855][ T8956] netlink: 146 bytes leftover after parsing attributes in process `syz.1.759'. [ 281.070547][ T8946] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.141656][ T8946] bridge_slave_0: left allmulticast mode [ 281.177573][ T8946] bridge_slave_0: left promiscuous mode [ 281.204182][ T8946] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.245965][ T8960] netlink: zone id is out of range [ 281.262807][ T8960] netlink: zone id is out of range [ 281.267985][ T8960] netlink: zone id is out of range [ 281.303562][ T8960] netlink: zone id is out of range [ 281.308788][ T8960] netlink: get zone limit has 4 unknown bytes [ 281.403222][ T8946] FAULT_INJECTION: forcing a failure. [ 281.403222][ T8946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 281.439367][ T8946] CPU: 1 UID: 0 PID: 8946 Comm: syz.2.753 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 281.439435][ T8946] Tainted: [U]=USER [ 281.439446][ T8946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 281.439464][ T8946] Call Trace: [ 281.439474][ T8946] [ 281.439486][ T8946] dump_stack_lvl+0x16c/0x1f0 [ 281.439539][ T8946] should_fail_ex+0x512/0x640 [ 281.439582][ T8946] _copy_from_user+0x2e/0xd0 [ 281.439623][ T8946] copy_msghdr_from_user+0x98/0x160 [ 281.439672][ T8946] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 281.439721][ T8946] ? kfree+0x252/0x4d0 [ 281.439758][ T8946] ? schedule+0x2d7/0x3a0 [ 281.439806][ T8946] ___sys_sendmsg+0xfe/0x1d0 [ 281.439850][ T8946] ? __pfx____sys_sendmsg+0x10/0x10 [ 281.439927][ T8946] ? __pfx___might_resched+0x10/0x10 [ 281.439981][ T8946] __sys_sendmmsg+0x200/0x420 [ 281.440026][ T8946] ? __pfx___sys_sendmmsg+0x10/0x10 [ 281.440079][ T8946] ? __pfx_do_futex+0x10/0x10 [ 281.440143][ T8946] ? xfd_validate_state+0x5d/0x180 [ 281.440175][ T8946] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 281.440210][ T8946] ? syscall_user_dispatch+0x78/0x140 [ 281.440251][ T8946] __x64_sys_sendmmsg+0x9c/0x100 [ 281.440295][ T8946] do_syscall_64+0xcd/0x260 [ 281.440345][ T8946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.440375][ T8946] RIP: 0033:0x7f092a18e169 [ 281.440401][ T8946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.440431][ T8946] RSP: 002b:00007f092af12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 281.440461][ T8946] RAX: ffffffffffffffda RBX: 00007f092a3b5fa0 RCX: 00007f092a18e169 [ 281.440482][ T8946] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 281.440501][ T8946] RBP: 00007f092a210a68 R08: 0000000000000000 R09: 0000000000000000 [ 281.440520][ T8946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.440539][ T8946] R13: 0000000000000000 R14: 00007f092a3b5fa0 R15: 00007ffd756473a8 [ 281.440579][ T8946] [ 281.959598][ T8966] HfR: entered promiscuous mode [ 281.993403][ T8968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.763'. [ 281.995234][ T8966] netlink: 12 bytes leftover after parsing attributes in process `syz.3.761'. [ 282.044503][ T8966] HfR: left promiscuous mode [ 282.063133][ T8968] Invalid ELF header magic: != ELF [ 282.101745][ T8972] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 284.089993][ T9002] netlink: 146 bytes leftover after parsing attributes in process `syz.2.772'. [ 284.844810][ T9017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.773'. [ 284.859455][ T9017] bridge_slave_1: left allmulticast mode [ 284.867510][ T9017] bridge_slave_1: left promiscuous mode [ 284.882560][ T9017] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.901168][ T9017] bridge_slave_0: left allmulticast mode [ 284.909136][ T9017] bridge_slave_0: left promiscuous mode [ 284.919568][ T9017] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.355405][ T9063] netlink: 146 bytes leftover after parsing attributes in process `syz.3.786'. [ 286.552245][ T9064] netlink: 12 bytes leftover after parsing attributes in process `syz.0.785'. [ 286.561333][ T9064] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 287.088383][ T9077] netlink: 'syz.1.790': attribute type 1 has an invalid length. [ 287.162684][ T9073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.788'. [ 287.171981][ T9073] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 289.215358][ T9111] netlink: 12 bytes leftover after parsing attributes in process `syz.3.798'. [ 289.261605][ T9111] device-mapper: ioctl: Unable to rename non-existent device,  to [ 290.180936][ T9129] netlink: 12 bytes leftover after parsing attributes in process `syz.2.801'. [ 290.190251][ T9129] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 290.812359][ T9140] netlink: 12 bytes leftover after parsing attributes in process `syz.1.804'. [ 290.899759][ T9136] HfR: entered promiscuous mode [ 290.922754][ T9140] HfR: left promiscuous mode [ 291.673608][ T9151] netlink: 12 bytes leftover after parsing attributes in process `syz.1.808'. [ 292.088825][ T9159] netlink: 12 bytes leftover after parsing attributes in process `syz.2.810'. [ 292.125548][ T9159] HfR: left promiscuous mode [ 292.196901][ T9167] device-mapper: ioctl: Unable to rename non-existent device,  to [ 293.540007][ T9194] openvswitch: netlink: Message has 8 unknown bytes. [ 294.371453][ T9210] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 294.392480][ T9211] openvswitch: netlink: Message has 8 unknown bytes. [ 294.442529][ T9206] HfR: entered promiscuous mode [ 295.402792][ T9223] netlink: 12 bytes leftover after parsing attributes in process `syz.2.824'. [ 295.434497][ T9223] HfR: left promiscuous mode [ 295.471825][ T9224] device-mapper: ioctl: Unable to rename non-existent device,  to [ 296.258024][ T9235] netlink: 146 bytes leftover after parsing attributes in process `syz.0.827'. [ 296.298141][ T9237] HfR: entered promiscuous mode [ 296.328719][ T9237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.830'. [ 296.357389][ T9237] HfR: left promiscuous mode [ 296.806487][ T9251] openvswitch: netlink: Message has 8 unknown bytes. [ 296.986187][ T9254] netlink: 12 bytes leftover after parsing attributes in process `syz.3.836'. [ 297.044181][ T9254] device-mapper: ioctl: Unable to rename non-existent device,  to [ 297.438395][ T9270] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 297.908780][ T9277] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input17 [ 298.676373][ T9288] netlink: 146 bytes leftover after parsing attributes in process `syz.0.842'. [ 299.421949][ T9299] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 299.482775][ T9307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.848'. [ 299.499656][ T9307] device-mapper: ioctl: Unable to rename non-existent device,  to [ 299.615158][ T9311] netlink: 146 bytes leftover after parsing attributes in process `syz.1.850'. [ 300.452176][ T9322] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 300.835889][ T9337] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input18 [ 300.856078][ T9336] netlink: 'syz.3.857': attribute type 3 has an invalid length. [ 300.900206][ T9336] netlink: 332 bytes leftover after parsing attributes in process `syz.3.857'. [ 302.003726][ T9356] netlink: 12 bytes leftover after parsing attributes in process `syz.1.860'. [ 302.025721][ T9358] netlink: 146 bytes leftover after parsing attributes in process `syz.3.861'. [ 302.061863][ T9354] HfR: entered promiscuous mode [ 302.083032][ T9356] HfR: left promiscuous mode [ 302.240780][ T9360] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 303.142030][ T9376] netlink: 'syz.3.866': attribute type 3 has an invalid length. [ 303.169241][ T9377] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 303.260950][ T9376] netlink: 332 bytes leftover after parsing attributes in process `syz.3.866'. [ 306.265439][ T9440] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 307.578961][ T9468] netlink: 'syz.3.886': attribute type 3 has an invalid length. [ 307.586868][ T9468] netlink: 332 bytes leftover after parsing attributes in process `syz.3.886'. [ 308.000605][ T9474] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 308.527997][ T9485] netlink: 146 bytes leftover after parsing attributes in process `syz.2.890'. [ 310.083838][ T9516] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 311.013215][ T9530] netlink: 146 bytes leftover after parsing attributes in process `syz.1.901'. [ 312.851200][ T9570] FAULT_INJECTION: forcing a failure. [ 312.851200][ T9570] name failslab, interval 1, probability 0, space 0, times 0 [ 312.874968][ T9570] CPU: 1 UID: 0 PID: 9570 Comm: syz.0.910 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 312.875030][ T9570] Tainted: [U]=USER [ 312.875041][ T9570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 312.875067][ T9570] Call Trace: [ 312.875078][ T9570] [ 312.875090][ T9570] dump_stack_lvl+0x16c/0x1f0 [ 312.875143][ T9570] should_fail_ex+0x512/0x640 [ 312.875178][ T9570] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 312.875231][ T9570] should_failslab+0xc2/0x120 [ 312.875260][ T9570] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 312.875308][ T9570] ? d_instantiate+0x77/0x90 [ 312.875336][ T9570] ? alloc_empty_file+0x55/0x1e0 [ 312.875374][ T9570] alloc_empty_file+0x55/0x1e0 [ 312.875409][ T9570] alloc_file_pseudo+0x13a/0x230 [ 312.875445][ T9570] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 312.875477][ T9570] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 312.875533][ T9570] create_pipe_files+0x364/0x930 [ 312.875567][ T9570] do_pipe2+0xaf/0x1c0 [ 312.875611][ T9570] ? __pfx_do_pipe2+0x10/0x10 [ 312.875653][ T9570] __x64_sys_pipe+0x33/0x50 [ 312.875680][ T9570] do_syscall_64+0xcd/0x260 [ 312.875730][ T9570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.875762][ T9570] RIP: 0033:0x7f6467f8e169 [ 312.875787][ T9570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.875817][ T9570] RSP: 002b:00007f6468de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 312.875846][ T9570] RAX: ffffffffffffffda RBX: 00007f64681b5fa0 RCX: 00007f6467f8e169 [ 312.875865][ T9570] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 312.875882][ T9570] RBP: 00007f6468010a68 R08: 0000000000000000 R09: 0000000000000000 [ 312.875899][ T9570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 312.875916][ T9570] R13: 0000000000000000 R14: 00007f64681b5fa0 R15: 00007fff14a723b8 [ 312.875952][ T9570] [ 313.519305][ T9580] netlink: 146 bytes leftover after parsing attributes in process `syz.2.913'. [ 314.445033][ T9601] HfR: entered promiscuous mode [ 314.465602][ T9601] netlink: 12 bytes leftover after parsing attributes in process `syz.2.918'. [ 314.493436][ T9601] HfR: left promiscuous mode [ 314.524369][ T9599] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 314.545824][ T9604] device-mapper: ioctl: Unable to rename non-existent device,  to [ 316.184831][ T9650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.930'. [ 316.967052][ T9668] HfR: entered promiscuous mode [ 316.997270][ T9668] netlink: 12 bytes leftover after parsing attributes in process `syz.1.934'. [ 317.027946][ T9668] HfR: left promiscuous mode [ 318.311126][ T9695] netlink: 'syz.3.942': attribute type 3 has an invalid length. [ 318.336299][ T9695] netlink: 332 bytes leftover after parsing attributes in process `syz.3.942'. [ 318.378412][ T5848] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 318.378468][ T5848] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 318.397241][ T5848] Bluetooth: hci0: Dropping invalid advertising data [ 318.405557][ T5848] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 318.405611][ T5848] Bluetooth: hci0: Dropping invalid advertising data [ 318.419545][ T5848] Bluetooth: hci0: Dropping invalid advertising data [ 318.426301][ T5848] Bluetooth: hci0: Malformed LE Event: 0x02 [ 318.734025][ T9706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78400 [ 318.746098][ T9710] HfR: entered promiscuous mode [ 318.778710][ T9710] netlink: 12 bytes leftover after parsing attributes in process `syz.3.947'. [ 318.792156][ T9706] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 318.814704][ T9710] HfR: left promiscuous mode [ 318.832556][ T9706] memcg:ffff88802a936d01 [ 318.840374][ T9706] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 318.848440][ T9706] page_type: f5(slab) [ 318.863412][ T9716] device-mapper: ioctl: Unable to rename non-existent device,  to [ 318.872875][ T9706] raw: 00fff00000000040 ffff88801fabcdc0 0000000000000000 dead000000000001 [ 318.883586][ T9706] raw: 0000000000000000 0000000000150015 00000000f5000000 ffff88802a936d01 [ 318.895542][ T9706] head: 00fff00000000040 ffff88801fabcdc0 0000000000000000 dead000000000001 [ 318.934891][ T9706] head: 0000000000000000 0000000000150015 00000000f5000000 ffff88802a936d01 [ 318.944360][ T9706] head: 00fff00000000003 ffffea0001e10001 00000000ffffffff 00000000ffffffff [ 318.961010][ T9706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 318.971424][ T9706] page dumped because: unmovable page [ 318.990761][ T9706] page_owner tracks the page as allocated [ 318.997946][ T9706] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5505, tgid 5505 (dhcpcd), ts 70646143642, free_ts 37280479231 [ 319.073045][ T9706] post_alloc_hook+0x181/0x1b0 [ 319.109738][ T9706] get_page_from_freelist+0x1193/0x39b0 [ 319.115413][ T9706] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 319.131615][ T9706] alloc_pages_mpol+0x1fb/0x550 [ 319.189523][ T9706] new_slab+0x23c/0x330 [ 319.194060][ T9706] ___slab_alloc+0xd9c/0x1940 [ 319.198901][ T9706] __slab_alloc.constprop.0+0x56/0xb0 [ 319.229959][ T9706] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 319.268484][ T9706] sock_alloc_inode+0x25/0x1c0 [ 319.292646][ T9706] alloc_inode+0x61/0x240 [ 319.297178][ T9706] sock_alloc+0x40/0x280 [ 319.303144][ T9706] __sock_create+0xc1/0x8d0 [ 319.307818][ T9706] __sys_socket+0x14d/0x260 [ 319.314528][ T9706] __x64_sys_socket+0x72/0xb0 [ 319.324180][ T9706] do_syscall_64+0xcd/0x260 [ 319.336648][ T9706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.345740][ T9706] page last free pid 1 tgid 1 stack trace: [ 319.352256][ T9706] __free_frozen_pages+0x69d/0xff0 [ 319.357535][ T9706] free_contig_range+0x135/0x3f0 [ 319.362669][ T9706] destroy_args+0x66f/0x830 [ 319.367239][ T9706] debug_vm_pgtable+0x130e/0x2d50 [ 319.372453][ T9706] do_one_initcall+0x120/0x6e0 [ 319.377355][ T9706] kernel_init_freeable+0x5c2/0x900 [ 319.390802][ T9706] kernel_init+0x1c/0x2b0 [ 319.398610][ T9706] ret_from_fork+0x45/0x80 [ 319.408217][ T9706] ret_from_fork_asm+0x1a/0x30 [ 320.926759][ T9751] netlink: 146 bytes leftover after parsing attributes in process `syz.1.957'. [ 321.646742][ T9771] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 322.383988][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.400882][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.836399][ T9799] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 326.500522][ T9858] FAULT_INJECTION: forcing a failure. [ 326.500522][ T9858] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.528093][ T9858] CPU: 1 UID: 0 PID: 9858 Comm: syz.0.981 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 326.528143][ T9858] Tainted: [U]=USER [ 326.528153][ T9858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 326.528170][ T9858] Call Trace: [ 326.528180][ T9858] [ 326.528191][ T9858] dump_stack_lvl+0x16c/0x1f0 [ 326.528241][ T9858] should_fail_ex+0x512/0x640 [ 326.528283][ T9858] _copy_from_user+0x2e/0xd0 [ 326.528324][ T9858] kstrtoul_from_user+0xc0/0x1b0 [ 326.528374][ T9858] ? __pfx_kstrtoul_from_user+0x10/0x10 [ 326.528439][ T9858] ? iovec_from_user+0xbb/0x140 [ 326.528485][ T9858] event_enable_write+0x90/0x340 [ 326.528521][ T9858] ? __pfx_event_enable_write+0x10/0x10 [ 326.528565][ T9858] ? __pfx_event_enable_write+0x10/0x10 [ 326.528599][ T9858] vfs_writev+0x6c4/0xdc0 [ 326.528638][ T9858] ? __pfx___mutex_trylock_common+0x10/0x10 [ 326.528689][ T9858] ? __pfx_vfs_writev+0x10/0x10 [ 326.528728][ T9858] ? __mutex_lock+0x1ca/0xb90 [ 326.528784][ T9858] ? __pfx___mutex_lock+0x10/0x10 [ 326.528844][ T9858] ? __fget_files+0x20e/0x3c0 [ 326.528886][ T9858] ? __fget_files+0x150/0x3c0 [ 326.528939][ T9858] ? do_writev+0x132/0x330 [ 326.528976][ T9858] do_writev+0x132/0x330 [ 326.529016][ T9858] ? __pfx_do_writev+0x10/0x10 [ 326.529053][ T9858] ? rcu_is_watching+0x12/0xc0 [ 326.529103][ T9858] do_syscall_64+0xcd/0x260 [ 326.529157][ T9858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.529187][ T9858] RIP: 0033:0x7f6467f8e169 [ 326.529212][ T9858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.529241][ T9858] RSP: 002b:00007f6468de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 326.529270][ T9858] RAX: ffffffffffffffda RBX: 00007f64681b5fa0 RCX: 00007f6467f8e169 [ 326.529290][ T9858] RDX: 0000000000000009 RSI: 0000200000001900 RDI: 0000000000000005 [ 326.529308][ T9858] RBP: 00007f6468de7090 R08: 0000000000000000 R09: 0000000000000000 [ 326.529325][ T9858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.529342][ T9858] R13: 0000000000000000 R14: 00007f64681b5fa0 R15: 00007fff14a723b8 [ 326.529382][ T9858] [ 328.701059][ T9905] netlink: 146 bytes leftover after parsing attributes in process `syz.3.991'. [ 329.262963][ T9911] HfR: entered promiscuous mode [ 329.277287][ T9911] netlink: 12 bytes leftover after parsing attributes in process `syz.3.993'. [ 329.331512][ T9911] HfR: left promiscuous mode [ 329.341384][ T9915] device-mapper: ioctl: Unable to rename non-existent device,  to [ 329.994053][ T9926] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 330.248394][ T9930] Device name cannot be null; rc = [-22] [ 330.459746][ T9939] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1002'. [ 331.139236][ T9961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1008'. [ 331.241699][ T9959] HfR: entered promiscuous mode [ 331.247138][ T9961] HfR: left promiscuous mode [ 331.305737][ T9959] device-mapper: ioctl: Unable to rename non-existent device,  to [ 331.955181][ T9967] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1009'. [ 332.068041][ T9966] HfR: entered promiscuous mode [ 332.087252][ T9967] HfR: left promiscuous mode [ 332.720995][ T9985] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1016'. [ 333.211539][ T9994] vivid-003: ================= START STATUS ================= [ 333.247128][ T9994] vivid-003: Radio HW Seek Mode: Bounded [ 333.323504][ T9994] vivid-003: Radio Programmable HW Seek: false [ 333.379795][ T9994] vivid-003: RDS Rx I/O Mode: Block I/O [ 333.399275][ T9994] vivid-003: Generate RBDS Instead of RDS: false [ 333.405929][ T9994] vivid-003: RDS Reception: true [ 333.411127][ T9994] vivid-003: RDS Program Type: 0 inactive [ 333.417203][ T9994] vivid-003: RDS PS Name: inactive [ 333.422671][ T9994] vivid-003: RDS Radio Text: inactive [ 333.429511][ T9994] vivid-003: RDS Traffic Announcement: false inactive [ 333.436459][ T9994] vivid-003: RDS Traffic Program: false inactive [ 333.444821][ T9994] vivid-003: RDS Music: false inactive [ 333.450566][ T9994] vivid-003: ================== END STATUS ================== [ 333.782021][T10009] HfR: entered promiscuous mode [ 333.836341][T10009] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1020'. [ 333.900571][T10009] HfR: left promiscuous mode [ 334.835697][T10034] netlink: zone id is out of range [ 334.926768][T10034] netlink: zone id is out of range [ 334.940350][T10034] netlink: zone id is out of range [ 334.958136][T10034] netlink: zone id is out of range [ 334.969684][T10034] netlink: get zone limit has 4 unknown bytes [ 336.268255][T10051] openvswitch: HfR: Dropping previously announced user features [ 336.397968][T10051] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1033'. [ 336.431928][T10051] HfR: left promiscuous mode [ 336.456727][T10065] device-mapper: ioctl: Unable to rename non-existent device,  to [ 337.004379][T10058] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 337.326683][T10077] netlink: 'syz.2.1039': attribute type 3 has an invalid length. [ 337.383583][T10077] netlink: 332 bytes leftover after parsing attributes in process `syz.2.1039'. [ 337.392416][T10075] HfR: entered promiscuous mode [ 337.425352][T10075] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1037'. [ 337.449618][T10075] HfR: left promiscuous mode [ 337.515356][T10075] device-mapper: ioctl: Unable to rename non-existent device,  to [ 337.584382][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1042'. [ 337.605889][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1042'. [ 337.683282][T10087] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1043'. [ 338.506173][T10103] HfR: entered promiscuous mode [ 338.605200][T10110] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1047'. [ 338.653962][T10110] HfR: left promiscuous mode [ 339.449661][T10120] netlink: 'syz.3.1050': attribute type 3 has an invalid length. [ 339.468329][T10120] netlink: 332 bytes leftover after parsing attributes in process `syz.3.1050'. [ 339.688527][T10128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1052'. [ 341.362780][T10164] netlink: 'syz.3.1059': attribute type 3 has an invalid length. [ 341.371011][T10164] netlink: 332 bytes leftover after parsing attributes in process `syz.3.1059'. [ 341.417931][T10166] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1060'. [ 341.701895][T10171] HfR: entered promiscuous mode [ 341.744522][T10171] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1061'. [ 341.808142][T10171] HfR: left promiscuous mode [ 341.832023][T10175] device-mapper: ioctl: Unable to rename non-existent device,  to [ 343.163724][T10210] netlink: 'syz.3.1071': attribute type 3 has an invalid length. [ 343.231417][T10210] netlink: 332 bytes leftover after parsing attributes in process `syz.3.1071'. [ 344.011644][T10224] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1073'. [ 344.586932][T10233] HfR: entered promiscuous mode [ 344.612591][T10233] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1075'. [ 344.627513][T10233] HfR: left promiscuous mode [ 344.667822][T10240] device-mapper: ioctl: Unable to rename non-existent device,  to [ 344.945565][T10249] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1079'. [ 345.488391][T10267] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1083'. [ 347.798708][T10303] netlink: 'syz.2.1091': attribute type 3 has an invalid length. [ 347.813285][T10303] netlink: 332 bytes leftover after parsing attributes in process `syz.2.1091'. [ 348.644435][T10313] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1096'. [ 349.619873][T10327] FAULT_INJECTION: forcing a failure. [ 349.619873][T10327] name failslab, interval 1, probability 0, space 0, times 0 [ 349.690828][T10327] CPU: 1 UID: 0 PID: 10327 Comm: syz.2.1097 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 349.690887][T10327] Tainted: [U]=USER [ 349.690897][T10327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 349.690914][T10327] Call Trace: [ 349.690924][T10327] [ 349.690936][T10327] dump_stack_lvl+0x16c/0x1f0 [ 349.690988][T10327] should_fail_ex+0x512/0x640 [ 349.691024][T10327] ? fs_reclaim_acquire+0xae/0x150 [ 349.691065][T10327] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 349.691110][T10327] should_failslab+0xc2/0x120 [ 349.691140][T10327] __kmalloc_noprof+0xd2/0x510 [ 349.691197][T10327] tomoyo_realpath_from_path+0xc2/0x6e0 [ 349.691254][T10327] tomoyo_check_open_permission+0x2ab/0x3c0 [ 349.691294][T10327] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 349.691375][T10327] ? find_held_lock+0x2b/0x80 [ 349.691426][T10327] tomoyo_file_open+0x6b/0x90 [ 349.691478][T10327] security_file_open+0x84/0x1e0 [ 349.691521][T10327] do_dentry_open+0x596/0x1c10 [ 349.691579][T10327] vfs_open+0x82/0x3f0 [ 349.691616][T10327] path_openat+0x1e5e/0x2d40 [ 349.691678][T10327] ? __pfx_path_openat+0x10/0x10 [ 349.691736][T10327] do_filp_open+0x20b/0x470 [ 349.691783][T10327] ? __pfx_do_filp_open+0x10/0x10 [ 349.691866][T10327] ? alloc_fd+0x471/0x7d0 [ 349.691922][T10327] do_sys_openat2+0x11b/0x1d0 [ 349.691956][T10327] ? __pfx_do_sys_openat2+0x10/0x10 [ 349.692006][T10327] __x64_sys_openat+0x174/0x210 [ 349.692041][T10327] ? __pfx___x64_sys_openat+0x10/0x10 [ 349.692079][T10327] ? rcu_is_watching+0x12/0xc0 [ 349.692127][T10327] do_syscall_64+0xcd/0x260 [ 349.692195][T10327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.692228][T10327] RIP: 0033:0x7f092a18e169 [ 349.692251][T10327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.692283][T10327] RSP: 002b:00007f0927ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 349.692312][T10327] RAX: ffffffffffffffda RBX: 00007f092a3b6080 RCX: 00007f092a18e169 [ 349.692332][T10327] RDX: 0000000000124001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 349.692352][T10327] RBP: 00007f092a210a68 R08: 0000000000000000 R09: 0000000000000000 [ 349.692371][T10327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 349.692389][T10327] R13: 0000000000000000 R14: 00007f092a3b6080 R15: 00007ffd756473a8 [ 349.692428][T10327] [ 349.692441][T10327] ERROR: Out of memory at tomoyo_realpath_from_path. [ 350.256344][T10335] HfR: entered promiscuous mode [ 350.306314][T10335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 350.362493][T10337] netlink: 'syz.1.1102': attribute type 3 has an invalid length. [ 350.390442][T10337] netlink: 332 bytes leftover after parsing attributes in process `syz.1.1102'. [ 350.395552][T10339] device-mapper: ioctl: Unable to rename non-existent device,  to [ 350.451768][T10335] HfR: left promiscuous mode [ 351.484219][T10349] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1103'. [ 351.566257][T10356] HfR: entered promiscuous mode [ 351.591406][T10356] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1107'. [ 351.605024][T10356] HfR: left promiscuous mode [ 351.658112][T10360] device-mapper: ioctl: Unable to rename non-existent device,  to [ 352.755219][T10372] HfR: entered promiscuous mode [ 352.805522][T10374] netlink: 'syz.1.1112': attribute type 3 has an invalid length. [ 352.829264][T10374] netlink: 332 bytes leftover after parsing attributes in process `syz.1.1112'. [ 352.856307][T10372] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1111'. [ 352.951980][T10372] HfR: left promiscuous mode [ 352.966400][T10375] device-mapper: ioctl: Unable to rename non-existent device,  to [ 353.194126][T10384] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1114'. [ 354.598849][T10407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1119'. [ 354.626597][T10405] HfR: entered promiscuous mode [ 354.641321][T10407] HfR: left promiscuous mode [ 354.681655][T10405] device-mapper: ioctl: Unable to rename non-existent device,  to [ 355.072761][T10416] netlink: 'syz.2.1122': attribute type 3 has an invalid length. [ 355.114331][T10416] netlink: 332 bytes leftover after parsing attributes in process `syz.2.1122'. [ 355.523897][T10426] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1125'. [ 356.203591][ T30] audit: type=1800 audit(4294967460.419:5): pid=10440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1136" name="discovery_nqn" dev="configfs" ino=25274 res=0 errno=0 [ 356.401994][T10443] HfR: entered promiscuous mode [ 356.784370][T10452] device-mapper: ioctl: Unable to rename non-existent device,  to [ 356.868239][T10451] HfR: entered promiscuous mode [ 357.202521][T10462] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1134'. [ 357.341919][T10460] HfR: entered promiscuous mode [ 357.367246][T10460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1133'. [ 357.399343][T10460] HfR: left promiscuous mode [ 357.448898][T10469] device-mapper: ioctl: Unable to rename non-existent device,  to [ 359.623430][T10512] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1147'. [ 361.539521][T10553] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 361.867541][T10556] openvswitch: HfR: Dropping previously announced user features [ 361.948904][T10556] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1157'. [ 361.984444][T10556] HfR: left promiscuous mode [ 362.230558][T10561] HfR: entered promiscuous mode [ 362.256053][T10561] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1159'. [ 362.298373][T10561] HfR: left promiscuous mode [ 362.315501][T10563] device-mapper: ioctl: Unable to rename non-existent device,  to [ 362.418971][T10571] netlink: 'syz.3.1162': attribute type 3 has an invalid length. [ 362.427346][T10571] netlink: 332 bytes leftover after parsing attributes in process `syz.3.1162'. [ 362.931187][T10575] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 363.316693][T10589] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 363.334691][T10591] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1169'. [ 363.508742][T10597] netlink: 'syz.1.1171': attribute type 3 has an invalid length. [ 363.531297][T10597] netlink: 332 bytes leftover after parsing attributes in process `syz.1.1171'. [ 363.542072][T10595] misc userio: The device must be registered before sending interrupts [ 363.689031][T10600] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1172'. [ 363.733834][T10600] device-mapper: ioctl: Unable to rename non-existent device,  to [ 363.818457][T10604] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1173'. [ 363.892393][T10606] HfR: entered promiscuous mode [ 363.924105][T10606] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1174'. [ 363.958669][T10606] HfR: left promiscuous mode [ 365.435480][T10645] netlink: 'syz.2.1182': attribute type 3 has an invalid length. [ 365.462103][T10645] netlink: 332 bytes leftover after parsing attributes in process `syz.2.1182'. [ 366.123516][T10669] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1188'. [ 366.886560][T10684] netlink: 'syz.1.1194': attribute type 3 has an invalid length. [ 366.973850][T10685] __nla_validate_parse: 1 callbacks suppressed [ 366.973876][T10685] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1193'. [ 367.088827][T10687] device-mapper: ioctl: Unable to rename non-existent device,  to [ 367.276793][T10683] HfR: entered promiscuous mode [ 367.299227][T10685] HfR: left promiscuous mode [ 368.079331][T10705] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 368.306421][T10710] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 369.365320][T10722] netlink: 'syz.1.1206': attribute type 3 has an invalid length. [ 369.374652][T10722] netlink: 332 bytes leftover after parsing attributes in process `syz.1.1206'. [ 370.285696][T10740] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1212'. [ 373.813655][T10787] Invalid ELF header magic: != ELF [ 375.195335][T10823] HfR: entered promiscuous mode [ 375.245223][T10823] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1231'. [ 375.276621][T10823] HfR: left promiscuous mode [ 375.343362][T10829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1231'. [ 375.515159][T10811] random: crng reseeded on system resumption [ 377.241877][T10867] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 377.901305][T10879] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 378.807289][T10900] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1253'. [ 378.870841][T10900] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 379.342101][T10911] openvswitch: HfR: Dropping previously announced user features [ 379.407623][T10911] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1258'. [ 379.430752][T10911] HfR: left promiscuous mode [ 379.464591][T10915] device-mapper: ioctl: Unable to rename non-existent device,  to [ 379.780238][ T5848] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 380.367201][T10933] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 382.668489][T10953] HfR: entered promiscuous mode [ 382.678373][T10953] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1270'. [ 382.688371][T10953] HfR: left promiscuous mode [ 382.868545][T10958] futex_wake_op: syz.2.1272 tries to shift op by 64; fix this program [ 383.049254][T10961] FAULT_INJECTION: forcing a failure. [ 383.049254][T10961] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 383.124328][T10961] CPU: 1 UID: 0 PID: 10961 Comm: syz.3.1273 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 383.124382][T10961] Tainted: [U]=USER [ 383.124393][T10961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 383.124411][T10961] Call Trace: [ 383.124421][T10961] [ 383.124433][T10961] dump_stack_lvl+0x16c/0x1f0 [ 383.124485][T10961] should_fail_ex+0x512/0x640 [ 383.124527][T10961] should_fail_alloc_page+0xe7/0x130 [ 383.124561][T10961] prepare_alloc_pages+0x3c2/0x610 [ 383.124600][T10961] ? rcu_is_watching+0x12/0xc0 [ 383.124643][T10961] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 383.124691][T10961] ? rcu_is_watching+0x12/0xc0 [ 383.124730][T10961] ? trace_sched_exit_tp+0xde/0x130 [ 383.124778][T10961] ? __schedule+0x1186/0x5de0 [ 383.124815][T10961] ? lock_acquire+0x179/0x350 [ 383.124841][T10961] ? cgroup_rstat_updated+0x2a/0xb20 [ 383.124882][T10961] ? find_held_lock+0x2b/0x80 [ 383.124927][T10961] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 383.124985][T10961] ? lru_gen_add_folio+0x1a4/0xef0 [ 383.125021][T10961] ? __lock_acquire+0x5ca/0x1ba0 [ 383.125083][T10961] ? __lock_acquire+0x5ca/0x1ba0 [ 383.125132][T10961] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 383.125169][T10961] ? policy_nodemask+0xea/0x4e0 [ 383.125225][T10961] alloc_pages_mpol+0x1fb/0x550 [ 383.125257][T10961] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 383.125287][T10961] ? __lock_acquire+0x5ca/0x1ba0 [ 383.125346][T10961] folio_alloc_mpol_noprof+0x36/0x2f0 [ 383.125385][T10961] vma_alloc_folio_noprof+0xed/0x1e0 [ 383.125420][T10961] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 383.125470][T10961] do_pte_missing+0x223d/0x3fb0 [ 383.125529][T10961] __handle_mm_fault+0x103d/0x2a40 [ 383.125585][T10961] ? __pfx___handle_mm_fault+0x10/0x10 [ 383.125628][T10961] ? __pte_offset_map_lock+0x155/0x2f0 [ 383.125663][T10961] ? find_held_lock+0x2b/0x80 [ 383.125701][T10961] ? find_held_lock+0x2b/0x80 [ 383.125766][T10961] handle_mm_fault+0x3fe/0xad0 [ 383.125817][T10961] __get_user_pages+0x771/0x36f0 [ 383.125869][T10961] ? __pfx_mt_find+0x10/0x10 [ 383.125919][T10961] ? __pfx___get_user_pages+0x10/0x10 [ 383.125975][T10961] populate_vma_page_range+0x278/0x3a0 [ 383.126020][T10961] ? __pfx_populate_vma_page_range+0x10/0x10 [ 383.126068][T10961] ? __pfx_find_vma_intersection+0x10/0x10 [ 383.126107][T10961] ? do_mmap+0x69c/0x11b0 [ 383.126148][T10961] __mm_populate+0x1d8/0x380 [ 383.126192][T10961] ? __pfx___mm_populate+0x10/0x10 [ 383.126238][T10961] ? up_write+0x1b2/0x520 [ 383.126275][T10961] vm_mmap_pgoff+0x362/0x450 [ 383.126315][T10961] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 383.126350][T10961] ? find_held_lock+0x2b/0x80 [ 383.126394][T10961] ? __x64_sys_futex+0x1e0/0x4c0 [ 383.126436][T10961] ? __x64_sys_futex+0x1e9/0x4c0 [ 383.126486][T10961] ksys_mmap_pgoff+0x7d/0x5c0 [ 383.126523][T10961] ? rcu_is_watching+0x12/0xc0 [ 383.126567][T10961] __x64_sys_mmap+0x125/0x190 [ 383.126609][T10961] do_syscall_64+0xcd/0x260 [ 383.126657][T10961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.126686][T10961] RIP: 0033:0x7f88bd78e169 [ 383.126710][T10961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.126739][T10961] RSP: 002b:00007f88be5fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 383.126767][T10961] RAX: ffffffffffffffda RBX: 00007f88bd9b5fa0 RCX: 00007f88bd78e169 [ 383.126785][T10961] RDX: 00000000000000df RSI: 0000000000440009 RDI: 0000000000000000 [ 383.126802][T10961] RBP: 00007f88bd810a68 R08: 0000000000000007 R09: 0000000000028000 [ 383.126821][T10961] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 383.126838][T10961] R13: 0000000000000000 R14: 00007f88bd9b5fa0 R15: 00007ffed0333da8 [ 383.126876][T10961] [ 383.846553][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.853096][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.008985][T10995] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1279'. [ 385.709693][T11002] FAULT_INJECTION: forcing a failure. [ 385.709693][T11002] name fail_futex, interval 1, probability 0, space 0, times 1 [ 385.755444][T11002] CPU: 1 UID: 0 PID: 11002 Comm: syz.2.1282 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 385.755502][T11002] Tainted: [U]=USER [ 385.755513][T11002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 385.755546][T11002] Call Trace: [ 385.755558][T11002] [ 385.755569][T11002] dump_stack_lvl+0x16c/0x1f0 [ 385.755624][T11002] should_fail_ex+0x512/0x640 [ 385.755667][T11002] get_futex_key+0x49e/0x1000 [ 385.755712][T11002] ? __pfx_try_to_wake_up+0x10/0x10 [ 385.755753][T11002] ? __pfx_get_futex_key+0x10/0x10 [ 385.755803][T11002] ? plist_check_head+0xa3/0x150 [ 385.755838][T11002] ? find_held_lock+0x2b/0x80 [ 385.755911][T11002] futex_wake+0xe7/0x4e0 [ 385.755945][T11002] ? __pfx_futex_wake+0x10/0x10 [ 385.755994][T11002] do_futex+0x1e3/0x350 [ 385.756041][T11002] ? __pfx_do_futex+0x10/0x10 [ 385.756087][T11002] ? find_held_lock+0x2b/0x80 [ 385.756136][T11002] __x64_sys_futex+0x1e0/0x4c0 [ 385.756186][T11002] ? __do_sys_close_range+0x278/0x730 [ 385.756239][T11002] ? __pfx___x64_sys_futex+0x10/0x10 [ 385.756289][T11002] ? __pfx___do_sys_close_range+0x10/0x10 [ 385.756339][T11002] ? rcu_is_watching+0x12/0xc0 [ 385.756390][T11002] do_syscall_64+0xcd/0x260 [ 385.756447][T11002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.756480][T11002] RIP: 0033:0x7f092a18e169 [ 385.756508][T11002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.756541][T11002] RSP: 002b:00007f092af120e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 385.756572][T11002] RAX: ffffffffffffffda RBX: 00007f092a3b5fa8 RCX: 00007f092a18e169 [ 385.756594][T11002] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f092a3b5fac [ 385.756614][T11002] RBP: 00007f092a3b5fa0 R08: 00007f092af13000 R09: 0000000000000000 [ 385.756634][T11002] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f092a3b5fac [ 385.756654][T11002] R13: 0000000000000000 R14: 00007ffd756472c0 R15: 00007ffd756473a8 [ 385.756694][T11002] [ 387.133566][T11039] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1291'. [ 387.272266][T11042] FAULT_INJECTION: forcing a failure. [ 387.272266][T11042] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 387.323129][T11042] CPU: 0 UID: 0 PID: 11042 Comm: syz.2.1293 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 387.323183][T11042] Tainted: [U]=USER [ 387.323194][T11042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 387.323212][T11042] Call Trace: [ 387.323223][T11042] [ 387.323234][T11042] dump_stack_lvl+0x16c/0x1f0 [ 387.323285][T11042] should_fail_ex+0x512/0x640 [ 387.323327][T11042] _copy_from_user+0x2e/0xd0 [ 387.323379][T11042] map_update_elem+0x581/0x920 [ 387.323442][T11042] ? __pfx_map_update_elem+0x10/0x10 [ 387.323500][T11042] __sys_bpf+0x1616/0x4d80 [ 387.323540][T11042] ? __pfx___sys_bpf+0x10/0x10 [ 387.323576][T11042] ? ksys_write+0x190/0x240 [ 387.323623][T11042] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 387.323691][T11042] ? fput+0x70/0xf0 [ 387.323720][T11042] ? ksys_write+0x1b9/0x240 [ 387.323760][T11042] ? __pfx_ksys_write+0x10/0x10 [ 387.323808][T11042] __x64_sys_bpf+0x78/0xc0 [ 387.323843][T11042] ? lockdep_hardirqs_on+0x7c/0x110 [ 387.323884][T11042] do_syscall_64+0xcd/0x260 [ 387.323932][T11042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.323962][T11042] RIP: 0033:0x7f092a18e169 [ 387.323986][T11042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.324016][T11042] RSP: 002b:00007f092af12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 387.324045][T11042] RAX: ffffffffffffffda RBX: 00007f092a3b5fa0 RCX: 00007f092a18e169 [ 387.324065][T11042] RDX: 000000000000000c RSI: 00002000000001c0 RDI: 0000000000000002 [ 387.324083][T11042] RBP: 00007f092af12090 R08: 0000000000000000 R09: 0000000000000000 [ 387.324100][T11042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.324116][T11042] R13: 0000000000000000 R14: 00007f092a3b5fa0 R15: 00007ffd756473a8 [ 387.324153][T11042] [ 387.979742][T11045] vivid-003: ================= START STATUS ================= [ 388.003063][T11045] vivid-003: Radio HW Seek Mode: Bounded [ 388.030094][T11045] vivid-003: Radio Programmable HW Seek: false [ 388.039084][T11045] vivid-003: RDS Rx I/O Mode: Block I/O [ 388.050417][T11045] vivid-003: Generate RBDS Instead of RDS: false [ 388.061058][T11045] vivid-003: RDS Reception: true [ 388.071192][T11045] vivid-003: RDS Program Type: 0 inactive [ 388.079176][T11045] vivid-003: RDS PS Name: inactive [ 388.090496][T11045] vivid-003: RDS Radio Text: inactive [ 388.099644][T11045] vivid-003: RDS Traffic Announcement: false inactive [ 388.108788][T11045] vivid-003: RDS Traffic Program: false inactive [ 388.117524][T11045] vivid-003: RDS Music: false inactive [ 388.125233][T11045] vivid-003: ================== END STATUS ================== [ 389.110875][T11082] HfR: entered promiscuous mode [ 389.135793][T11082] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1301'. [ 389.231528][T11082] HfR: left promiscuous mode [ 389.481861][T11088] HfR: entered promiscuous mode [ 389.551048][T11088] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1303'. [ 389.583045][T11088] HfR: left promiscuous mode [ 389.631712][T11092] device-mapper: ioctl: Unable to rename non-existent device,  to [ 391.162923][T11132] netlink: 'syz.2.1312': attribute type 11 has an invalid length. [ 391.342249][T11138] HfR: entered promiscuous mode [ 391.420901][T11138] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1314'. [ 391.503556][T11140] device-mapper: ioctl: Unable to rename non-existent device,  to [ 391.557938][T11138] HfR: left promiscuous mode [ 392.155961][T11146] ubi0: attaching mtd0 [ 392.162023][T11146] ubi0: scanning is finished [ 392.168382][T11146] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 392.336883][T11146] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 392.834386][T11160] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 394.081211][T11177] HfR: entered promiscuous mode [ 394.114333][T11177] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1327'. [ 394.129772][T11177] HfR: left promiscuous mode [ 394.148084][ T5854] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 394.163487][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 394.179954][ T5854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 394.186436][T11181] device-mapper: ioctl: Unable to rename non-existent device,  to [ 394.206284][ T5854] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 394.215977][ T5854] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 395.009617][T11179] chnl_net:caif_netlink_parms(): no params data found [ 395.425890][T11179] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.434335][T11179] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.441637][T11179] bridge_slave_0: entered allmulticast mode [ 395.463330][T11179] bridge_slave_0: entered promiscuous mode [ 395.530394][T11179] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.548083][T11179] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.573218][T11179] bridge_slave_1: entered allmulticast mode [ 395.600890][T11179] bridge_slave_1: entered promiscuous mode [ 395.741201][T11179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.834616][T11179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 396.086418][T11179] team0: Port device team_slave_0 added [ 396.158158][T11179] team0: Port device team_slave_1 added [ 396.198417][T11211] FAULT_INJECTION: forcing a failure. [ 396.198417][T11211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 396.224412][T11211] CPU: 0 UID: 0 PID: 11211 Comm: syz.3.1332 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 396.224468][T11211] Tainted: [U]=USER [ 396.224478][T11211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 396.224497][T11211] Call Trace: [ 396.224508][T11211] [ 396.224520][T11211] dump_stack_lvl+0x16c/0x1f0 [ 396.224574][T11211] should_fail_ex+0x512/0x640 [ 396.224616][T11211] _copy_from_user+0x2e/0xd0 [ 396.224659][T11211] memdup_user+0x6b/0xe0 [ 396.224697][T11211] snd_ctl_ioctl+0xde8/0x1320 [ 396.224737][T11211] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 396.224781][T11211] ? find_held_lock+0x2b/0x80 [ 396.224816][T11211] ? hook_file_ioctl_common+0x145/0x410 [ 396.224853][T11211] ? __fget_files+0x20e/0x3c0 [ 396.224898][T11211] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 396.224937][T11211] __x64_sys_ioctl+0x190/0x200 [ 396.224980][T11211] do_syscall_64+0xcd/0x260 [ 396.225033][T11211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.225064][T11211] RIP: 0033:0x7f88bd78e169 [ 396.225091][T11211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 396.225123][T11211] RSP: 002b:00007f88be5d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 396.225153][T11211] RAX: ffffffffffffffda RBX: 00007f88bd9b6080 RCX: 00007f88bd78e169 [ 396.225174][T11211] RDX: 0000200000000100 RSI: 00000000c4c85512 RDI: 0000000000000005 [ 396.225193][T11211] RBP: 00007f88bd810a68 R08: 0000000000000000 R09: 0000000000000000 [ 396.225211][T11211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 396.225229][T11211] R13: 0000000000000000 R14: 00007f88bd9b6080 R15: 00007ffed0333da8 [ 396.225269][T11211] [ 396.414719][ T5848] Bluetooth: hci4: command tx timeout [ 396.491778][T11179] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 396.503848][T11179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.546412][T11179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.699698][T11179] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.707199][T11179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.790252][T11179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 397.099721][T11179] hsr_slave_0: entered promiscuous mode [ 397.117322][T11179] hsr_slave_1: entered promiscuous mode [ 397.133961][T11179] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 397.163072][T11179] Cannot create hsr debugfs directory [ 397.296409][T11222] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1335'. [ 397.385389][T11223] device-mapper: ioctl: Unable to rename non-existent device,  to [ 397.439604][T11220] HfR: entered promiscuous mode [ 397.450129][T11222] HfR: left promiscuous mode [ 397.792703][T11225] HfR: entered promiscuous mode [ 397.917637][T11225] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1336'. [ 398.013011][T11225] HfR: left promiscuous mode [ 398.462209][T11179] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 398.477731][ T5848] Bluetooth: hci4: command tx timeout [ 398.548261][T11239] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1337'. [ 398.566126][T11179] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 398.608184][T11234] HfR: entered promiscuous mode [ 398.629796][T11242] device-mapper: ioctl: Unable to rename non-existent device,  to [ 398.642414][T11179] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 398.675669][T11239] HfR: left promiscuous mode [ 398.727304][T11234] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1337'. [ 398.764192][T11179] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 399.045294][T11179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 399.130763][T11179] 8021q: adding VLAN 0 to HW filter on device team0 [ 399.167822][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.175059][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.191547][T11254] FAULT_INJECTION: forcing a failure. [ 399.191547][T11254] name failslab, interval 1, probability 0, space 0, times 0 [ 399.205983][T11254] CPU: 1 UID: 0 PID: 11254 Comm: syz.3.1343 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 399.206033][T11254] Tainted: [U]=USER [ 399.206043][T11254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 399.206060][T11254] Call Trace: [ 399.206072][T11254] [ 399.206083][T11254] dump_stack_lvl+0x16c/0x1f0 [ 399.206134][T11254] should_fail_ex+0x512/0x640 [ 399.206169][T11254] ? fs_reclaim_acquire+0xae/0x150 [ 399.206211][T11254] ? tomoyo_encode2+0x100/0x3e0 [ 399.206253][T11254] should_failslab+0xc2/0x120 [ 399.206283][T11254] __kmalloc_noprof+0xd2/0x510 [ 399.206330][T11254] ? d_absolute_path+0x136/0x1a0 [ 399.206373][T11254] tomoyo_encode2+0x100/0x3e0 [ 399.206422][T11254] tomoyo_encode+0x29/0x50 [ 399.206474][T11254] tomoyo_realpath_from_path+0x18f/0x6e0 [ 399.206532][T11254] tomoyo_path_number_perm+0x245/0x580 [ 399.206568][T11254] ? tomoyo_path_number_perm+0x237/0x580 [ 399.206610][T11254] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 399.206651][T11254] ? find_held_lock+0x2b/0x80 [ 399.206728][T11254] ? find_held_lock+0x2b/0x80 [ 399.206768][T11254] ? hook_file_ioctl_common+0x145/0x410 [ 399.206812][T11254] ? __fget_files+0x20e/0x3c0 [ 399.206862][T11254] security_file_ioctl+0x9b/0x240 [ 399.206898][T11254] __x64_sys_ioctl+0xb7/0x200 [ 399.206933][T11254] do_syscall_64+0xcd/0x260 [ 399.206978][T11254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.207011][T11254] RIP: 0033:0x7f88bd78e169 [ 399.207034][T11254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.207063][T11254] RSP: 002b:00007f88be597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 399.207090][T11254] RAX: ffffffffffffffda RBX: 00007f88bd9b6240 RCX: 00007f88bd78e169 [ 399.207109][T11254] RDX: 0000200000000040 RSI: 00000000405c5503 RDI: 0000000000000003 [ 399.207126][T11254] RBP: 00007f88be597090 R08: 0000000000000000 R09: 0000000000000000 [ 399.207143][T11254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 399.207157][T11254] R13: 0000000000000001 R14: 00007f88bd9b6240 R15: 00007ffed0333da8 [ 399.207191][T11254] [ 399.209293][T11254] ERROR: Out of memory at tomoyo_realpath_from_path. [ 399.456681][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.463937][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.645047][T11179] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 400.086101][T11265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1345'. [ 400.121719][T11263] HfR: entered promiscuous mode [ 400.154022][T11265] HfR: left promiscuous mode [ 400.543235][ T5848] Bluetooth: hci4: command tx timeout [ 400.807916][T11179] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 400.948483][T11282] random: crng reseeded on system resumption [ 401.065021][T11277] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1348'. [ 401.102674][T11274] Invalid ELF header magic: != ELF [ 401.727212][T11179] veth0_vlan: entered promiscuous mode [ 401.735614][T11271] zswap: compressor Ȯ9Qz%;0*lH`Bkjwjӳ<85'.Y[`2Y$`Yvgִq"b%zN[O EiFi(Sh3Kx>ԝRS=kHɟ{?Bbޝ4)> not available [ 401.803802][T11179] veth1_vlan: entered promiscuous mode [ 402.172227][T11179] veth0_macvtap: entered promiscuous mode [ 402.220403][T11179] veth1_macvtap: entered promiscuous mode [ 402.378867][T11179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.432734][T11179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.471623][T11179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.513054][T11179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.545874][T11179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.565625][T11179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.578495][T11179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.605282][T11179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.630976][T11179] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.643048][ T5848] Bluetooth: hci4: command tx timeout [ 402.655803][T11179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.681823][T11179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.691951][T11179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.702495][T11179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.712627][T11179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.733281][T11179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.743254][T11179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.754083][T11179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.765494][T11179] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 402.800811][T11179] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.820289][T11179] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.833668][T11179] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.857492][T11179] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.302596][T11236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.329554][T11236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.428720][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.462622][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.516406][T11311] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1353'. [ 403.659832][T11317] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input20 [ 404.636433][T11339] netlink: 'syz.4.1358': attribute type 3 has an invalid length. [ 404.663184][T11339] netlink: 332 bytes leftover after parsing attributes in process `syz.4.1358'. [ 405.224312][ T30] audit: type=1800 audit(4311745748.422:6): pid=11348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1359" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 406.794368][T11372] HfR: entered promiscuous mode [ 406.911199][T11372] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1365'. [ 406.953319][T11372] HfR: left promiscuous mode [ 406.980843][T11375] device-mapper: ioctl: Unable to rename non-existent device,  to [ 408.855763][T11414] netlink: 93 bytes leftover after parsing attributes in process `syz.4.1373'. [ 409.064602][T11422] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1375'. [ 409.119031][T11422] device-mapper: ioctl: Unable to rename non-existent device,  to [ 411.001833][T11436] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1377'. [ 411.674831][T11462] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1381'. [ 411.716768][T11462] device-mapper: ioctl: Unable to rename non-existent device,  to [ 413.055127][T11480] HfR: entered promiscuous mode [ 413.072885][T11483] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1389'. [ 413.101487][T11480] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1388'. [ 413.140682][T11480] HfR: left promiscuous mode [ 413.374916][T11488] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 413.446532][T11492] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1391'. [ 413.575138][T11493] Invalid ELF header magic: != ELF [ 414.072058][T11501] netlink: zone id is out of range [ 414.081497][T11501] netlink: zone id is out of range [ 414.101981][T11501] netlink: zone id is out of range [ 414.111865][T11501] netlink: zone id is out of range [ 414.153000][T11501] netlink: get zone limit has 4 unknown bytes [ 414.179704][T11503] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1395'. [ 414.244388][T11503] device-mapper: ioctl: Unable to rename non-existent device,  to [ 414.774854][T11513] netlink: 'syz.0.1397': attribute type 3 has an invalid length. [ 414.789610][T11497] FAULT_INJECTION: forcing a failure. [ 414.789610][T11497] name failslab, interval 1, probability 0, space 0, times 0 [ 414.806859][T11497] CPU: 1 UID: 0 PID: 11497 Comm: syz.2.1392 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 414.806935][T11497] Tainted: [U]=USER [ 414.806946][T11497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 414.806967][T11497] Call Trace: [ 414.806978][T11497] [ 414.806990][T11497] dump_stack_lvl+0x16c/0x1f0 [ 414.807044][T11497] should_fail_ex+0x512/0x640 [ 414.807089][T11497] should_failslab+0xc2/0x120 [ 414.807121][T11497] __kmalloc_cache_noprof+0x6a/0x3e0 [ 414.807168][T11497] ? proc_self_get_link+0x1a9/0x230 [ 414.807227][T11497] proc_self_get_link+0x1a9/0x230 [ 414.807282][T11497] ? __pfx_proc_self_get_link+0x10/0x10 [ 414.807339][T11497] step_into+0x19e4/0x2270 [ 414.807393][T11497] ? __pfx_step_into+0x10/0x10 [ 414.807443][T11497] ? lookup_fast+0x156/0x610 [ 414.807492][T11497] walk_component+0xfc/0x5b0 [ 414.807540][T11497] link_path_walk.part.0.constprop.0+0x685/0xd60 [ 414.807604][T11497] path_openat+0x227/0x2d40 [ 414.807649][T11497] ? __x64_sys_openat+0x174/0x210 [ 414.807701][T11497] ? __pfx_path_openat+0x10/0x10 [ 414.807763][T11497] do_filp_open+0x20b/0x470 [ 414.807813][T11497] ? __pfx_do_filp_open+0x10/0x10 [ 414.807894][T11497] ? alloc_fd+0x471/0x7d0 [ 414.807954][T11497] do_sys_openat2+0x11b/0x1d0 [ 414.807989][T11497] ? __pfx_do_sys_openat2+0x10/0x10 [ 414.808039][T11497] __x64_sys_openat+0x174/0x210 [ 414.808077][T11497] ? __pfx___x64_sys_openat+0x10/0x10 [ 414.808117][T11497] ? rcu_is_watching+0x12/0xc0 [ 414.808171][T11497] do_syscall_64+0xcd/0x260 [ 414.808224][T11497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.808258][T11497] RIP: 0033:0x7f092a18cad0 [ 414.808291][T11497] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 414.808325][T11497] RSP: 002b:00007f0927fd4f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 414.808357][T11497] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f092a18cad0 [ 414.808378][T11497] RDX: 0000000000000002 RSI: 00007f0927fd4fa0 RDI: 00000000ffffff9c [ 414.808397][T11497] RBP: 00007f0927fd4fa0 R08: 0000000000000000 R09: 00007f0927fd4cd4 [ 414.808417][T11497] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 414.808436][T11497] R13: 0000000000000000 R14: 00007f092a3b6160 R15: 00007ffd756473a8 [ 414.808479][T11497] [ 415.064311][T11513] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1397'. [ 416.077885][T11529] HfR: entered promiscuous mode [ 416.182254][T11529] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1400'. [ 416.237207][T11529] HfR: left promiscuous mode [ 416.255730][ T5848] Bluetooth: hci1: Malformed LE Event: 0x1d [ 416.264073][T11534] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1403'. [ 417.537198][T11551] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1408'. [ 417.607167][T11554] netlink: 'syz.0.1410': attribute type 3 has an invalid length. [ 417.618187][T11554] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1410'. [ 419.504946][T11589] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1418'. [ 421.026888][T11602] netlink: 'syz.0.1419': attribute type 3 has an invalid length. [ 421.043231][T11602] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1419'. [ 421.165153][T11604] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1420'. [ 421.191337][T11604] device-mapper: ioctl: Unable to rename non-existent device,  to [ 421.355942][T11607] HfR: entered promiscuous mode [ 421.379120][T11607] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1421'. [ 421.428773][T11607] HfR: left promiscuous mode [ 421.482890][T11613] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 423.811710][T11640] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1428'. [ 424.041221][T11642] netlink: 'syz.2.1430': attribute type 3 has an invalid length. [ 424.049446][T11642] netlink: 332 bytes leftover after parsing attributes in process `syz.2.1430'. [ 424.552524][T11650] FAULT_INJECTION: forcing a failure. [ 424.552524][T11650] name failslab, interval 1, probability 0, space 0, times 0 [ 424.568278][T11652] netlink: zone id is out of range [ 424.606718][T11650] CPU: 0 UID: 8 PID: 11650 Comm: syz.4.1432 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 424.606779][T11650] Tainted: [U]=USER [ 424.606789][T11650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 424.606808][T11650] Call Trace: [ 424.606818][T11650] [ 424.606830][T11650] dump_stack_lvl+0x16c/0x1f0 [ 424.606882][T11650] should_fail_ex+0x512/0x640 [ 424.606919][T11650] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 424.606972][T11650] should_failslab+0xc2/0x120 [ 424.607001][T11650] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 424.607050][T11650] ? security_file_alloc+0x34/0x2b0 [ 424.607098][T11650] security_file_alloc+0x34/0x2b0 [ 424.607141][T11650] init_file+0x93/0x4c0 [ 424.607174][T11650] alloc_empty_file+0x73/0x1e0 [ 424.607210][T11650] path_openat+0xe0/0x2d40 [ 424.607252][T11650] ? __x64_sys_openat+0x174/0x210 [ 424.607285][T11650] ? do_syscall_64+0xcd/0x260 [ 424.607339][T11650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.607386][T11650] ? __pfx_path_openat+0x10/0x10 [ 424.607444][T11650] do_filp_open+0x20b/0x470 [ 424.607492][T11650] ? __pfx_do_filp_open+0x10/0x10 [ 424.607566][T11650] ? alloc_fd+0x471/0x7d0 [ 424.607623][T11650] do_sys_openat2+0x11b/0x1d0 [ 424.607657][T11650] ? __pfx_do_sys_openat2+0x10/0x10 [ 424.607705][T11650] __x64_sys_openat+0x174/0x210 [ 424.607744][T11650] ? __pfx___x64_sys_openat+0x10/0x10 [ 424.607781][T11650] ? rcu_is_watching+0x12/0xc0 [ 424.607834][T11650] do_syscall_64+0xcd/0x260 [ 424.607884][T11650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.607916][T11650] RIP: 0033:0x7f9a0678e169 [ 424.607942][T11650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.607973][T11650] RSP: 002b:00007f9a0759c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 424.608003][T11650] RAX: ffffffffffffffda RBX: 00007f9a069b5fa0 RCX: 00007f9a0678e169 [ 424.608025][T11650] RDX: 0000000000008000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 424.608045][T11650] RBP: 00007f9a06810a68 R08: 0000000000000000 R09: 0000000000000000 [ 424.608063][T11650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.608081][T11650] R13: 0000000000000000 R14: 00007f9a069b5fa0 R15: 00007ffe87379678 [ 424.608120][T11650] [ 424.881594][T11652] netlink: zone id is out of range [ 424.887405][T11652] netlink: zone id is out of range [ 424.894536][T11652] netlink: zone id is out of range [ 424.899695][T11652] netlink: get zone limit has 4 unknown bytes [ 425.527737][T11664] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1437'. [ 425.652275][T11668] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1436'. [ 426.113710][T11673] HfR: entered promiscuous mode [ 426.149637][T11673] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1441'. [ 426.165133][T11676] netlink: 'syz.0.1440': attribute type 3 has an invalid length. [ 426.173543][T11676] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1440'. [ 426.213698][T11673] HfR: left promiscuous mode [ 428.022373][T11708] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1448'. [ 428.089558][T11710] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 428.963610][T11725] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1452'. [ 430.657463][T11737] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1455'. [ 430.734731][T11739] device-mapper: ioctl: Unable to rename non-existent device,  to [ 431.267329][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.577506][T11745] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1457'. [ 431.626702][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.747729][T11745] veth0_macvtap: left promiscuous mode [ 431.978360][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 431.990365][T11756] openvswitch: netlink: IP tunnel dst address not specified [ 432.395125][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.108034][ T13] bridge_slave_1: left allmulticast mode [ 433.136474][ T13] bridge_slave_1: left promiscuous mode [ 433.144069][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.239163][ T13] bridge_slave_0: left allmulticast mode [ 433.258746][ T13] bridge_slave_0: left promiscuous mode [ 433.269120][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.401829][T11772] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1464'. [ 433.987864][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 434.000317][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 434.011978][ T13] bond0 (unregistering): Released all slaves [ 434.038396][T11771] HfR: entered promiscuous mode [ 434.057764][T11772] HfR: left promiscuous mode [ 434.243221][ T13] tipc: Left network mode [ 434.382639][T11783] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1465'. [ 435.090935][T11810] FAULT_INJECTION: forcing a failure. [ 435.090935][T11810] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 435.123305][T11810] CPU: 0 UID: 0 PID: 11810 Comm: syz.3.1473 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 435.123357][T11810] Tainted: [U]=USER [ 435.123367][T11810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 435.123385][T11810] Call Trace: [ 435.123396][T11810] [ 435.123427][T11810] dump_stack_lvl+0x16c/0x1f0 [ 435.123478][T11810] should_fail_ex+0x512/0x640 [ 435.123519][T11810] should_fail_alloc_page+0xe7/0x130 [ 435.123551][T11810] prepare_alloc_pages+0x3c2/0x610 [ 435.123596][T11810] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 435.123643][T11810] ? stack_depot_save_flags+0x28/0xa50 [ 435.123688][T11810] ? look_up_lock_class+0x6b/0x150 [ 435.123733][T11810] ? register_lock_class+0x41/0x4c0 [ 435.123761][T11810] ? find_held_lock+0x2b/0x80 [ 435.123804][T11810] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 435.123878][T11810] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 435.123914][T11810] ? policy_nodemask+0xea/0x4e0 [ 435.123966][T11810] alloc_pages_mpol+0x1fb/0x550 [ 435.123996][T11810] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 435.124037][T11810] alloc_pages_noprof+0x131/0x390 [ 435.124068][T11810] __pmd_alloc+0x3f/0x870 [ 435.124101][T11810] ? find_held_lock+0x2b/0x80 [ 435.124141][T11810] __handle_mm_fault+0x948/0x2a40 [ 435.124196][T11810] ? __pfx___handle_mm_fault+0x10/0x10 [ 435.124262][T11810] ? find_vma+0xbf/0x140 [ 435.124294][T11810] ? __pfx_find_vma+0x10/0x10 [ 435.124331][T11810] handle_mm_fault+0x3fe/0xad0 [ 435.124381][T11810] do_user_addr_fault+0x7a6/0x1370 [ 435.124427][T11810] ? rcu_is_watching+0x12/0xc0 [ 435.124469][T11810] exc_page_fault+0x5c/0xc0 [ 435.124511][T11810] asm_exc_page_fault+0x26/0x30 [ 435.124540][T11810] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 435.124577][T11810] Code: c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 435.124606][T11810] RSP: 0018:ffffc9000b3d7b28 EFLAGS: 00050202 [ 435.124631][T11810] RAX: 0000000000000030 RBX: 0000000000000002 RCX: 0000000000000002 [ 435.124648][T11810] RDX: ffffed1028b72321 RSI: ffff888145b91900 RDI: 0000000000000000 [ 435.124667][T11810] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1028b72320 [ 435.124685][T11810] R10: ffff888145b91901 R11: 0000000000000000 R12: 0000000000000000 [ 435.124703][T11810] R13: ffffc9000b3d7da0 R14: 0000000000000002 R15: ffff888145b91900 [ 435.124744][T11810] _copy_to_iter+0x391/0x15a0 [ 435.124793][T11810] ? __pfx__copy_to_iter+0x10/0x10 [ 435.124838][T11810] ? proc_doulongvec_minmax+0x55/0x70 [ 435.124887][T11810] proc_sys_call_handler+0x42c/0x5c0 [ 435.124923][T11810] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 435.124965][T11810] ? rw_verify_area+0xcf/0x680 [ 435.125006][T11810] vfs_read+0x8c8/0xc70 [ 435.125053][T11810] ? __pfx___mutex_lock+0x10/0x10 [ 435.125097][T11810] ? __pfx_vfs_read+0x10/0x10 [ 435.125185][T11810] ksys_read+0x12a/0x240 [ 435.125246][T11810] ? __pfx_ksys_read+0x10/0x10 [ 435.125287][T11810] ? rcu_is_watching+0x12/0xc0 [ 435.125337][T11810] do_syscall_64+0xcd/0x260 [ 435.125386][T11810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.125422][T11810] RIP: 0033:0x7f88bd78e169 [ 435.125447][T11810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.125477][T11810] RSP: 002b:00007f88be5fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 435.125505][T11810] RAX: ffffffffffffffda RBX: 00007f88bd9b5fa0 RCX: 00007f88bd78e169 [ 435.125524][T11810] RDX: 00000000000000b5 RSI: 0000000000000000 RDI: 0000000000000003 [ 435.125542][T11810] RBP: 00007f88be5fa090 R08: 0000000000000000 R09: 0000000000000000 [ 435.125560][T11810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 435.125578][T11810] R13: 0000000000000000 R14: 00007f88bd9b5fa0 R15: 00007ffed0333da8 [ 435.125619][T11810] [ 436.331134][ T13] hsr_slave_0: left promiscuous mode [ 436.367840][ T13] hsr_slave_1: left promiscuous mode [ 436.378861][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 436.393179][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 436.444468][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 436.451942][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 436.579497][ T13] veth0_macvtap: left promiscuous mode [ 437.185409][ T13] team0 (unregistering): Port device team_slave_1 removed [ 437.240196][ T13] team0 (unregistering): Port device team_slave_0 removed [ 439.190207][T11880] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1485'. [ 439.207374][T11880] device-mapper: ioctl: Unable to rename non-existent device,  to [ 439.648650][T11864] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 439.803210][T11864] CIFS mount error: No usable UNC path provided in device string! [ 439.803210][T11864] [ 439.814460][T11864] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 440.884858][T11910] HfR: entered promiscuous mode [ 440.912210][T11910] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1491'. [ 440.926110][T11910] HfR: left promiscuous mode [ 443.028699][T11961] cougar: G6 mapped to space [ 443.161021][T11960] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1498'. [ 443.227175][T11974] FAULT_INJECTION: forcing a failure. [ 443.227175][T11974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 443.264017][T11974] CPU: 1 UID: 0 PID: 11974 Comm: syz.4.1500 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 443.264067][T11974] Tainted: [U]=USER [ 443.264078][T11974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 443.264095][T11974] Call Trace: [ 443.264103][T11974] [ 443.264114][T11974] dump_stack_lvl+0x16c/0x1f0 [ 443.264164][T11974] should_fail_ex+0x512/0x640 [ 443.264205][T11974] _copy_from_user+0x2e/0xd0 [ 443.264245][T11974] ctrl_cdev_ioctl+0x143/0x3d0 [ 443.264273][T11974] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 443.264312][T11974] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 443.264343][T11974] __x64_sys_ioctl+0x190/0x200 [ 443.264384][T11974] do_syscall_64+0xcd/0x260 [ 443.264433][T11974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.264488][T11974] RIP: 0033:0x7f9a0678e169 [ 443.264513][T11974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.264561][T11974] RSP: 002b:00007f9a0759c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 443.264590][T11974] RAX: ffffffffffffffda RBX: 00007f9a069b5fa0 RCX: 00007f9a0678e169 [ 443.264612][T11974] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000005 [ 443.264631][T11974] RBP: 00007f9a0759c090 R08: 0000000000000000 R09: 0000000000000000 [ 443.264651][T11974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 443.264670][T11974] R13: 0000000000000000 R14: 00007f9a069b5fa0 R15: 00007ffe87379678 [ 443.264717][T11974] [ 443.657607][T11982] FAULT_INJECTION: forcing a failure. [ 443.657607][T11982] name failslab, interval 1, probability 0, space 0, times 0 [ 443.721317][T11982] CPU: 1 UID: 0 PID: 11982 Comm: syz.4.1502 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 443.721368][T11982] Tainted: [U]=USER [ 443.721379][T11982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 443.721396][T11982] Call Trace: [ 443.721406][T11982] [ 443.721417][T11982] dump_stack_lvl+0x16c/0x1f0 [ 443.721459][T11982] should_fail_ex+0x512/0x640 [ 443.721486][T11982] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 443.721524][T11982] should_failslab+0xc2/0x120 [ 443.721545][T11982] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 443.721580][T11982] ? ptlock_alloc+0x1f/0x70 [ 443.721614][T11982] ptlock_alloc+0x1f/0x70 [ 443.721650][T11982] pte_alloc_one+0x6d/0x380 [ 443.721680][T11982] __pte_alloc+0x6d/0x3c0 [ 443.721703][T11982] ? __pfx___pte_alloc+0x10/0x10 [ 443.721729][T11982] ? __lock_acquire+0xaa4/0x1ba0 [ 443.721767][T11982] do_pte_missing+0x2925/0x3fb0 [ 443.721807][T11982] __handle_mm_fault+0x103d/0x2a40 [ 443.721844][T11982] ? const_folio_flags+0x5b/0x100 [ 443.721880][T11982] ? __pfx___handle_mm_fault+0x10/0x10 [ 443.721914][T11982] ? __pfx_folio_mark_accessed+0x10/0x10 [ 443.721938][T11982] ? vm_normal_page+0x13b/0x2b0 [ 443.721960][T11982] ? find_held_lock+0x2b/0x80 [ 443.721987][T11982] ? find_held_lock+0x2b/0x80 [ 443.722032][T11982] handle_mm_fault+0x3fe/0xad0 [ 443.722068][T11982] __get_user_pages+0x771/0x36f0 [ 443.722104][T11982] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 443.722126][T11982] ? look_up_lock_class+0x59/0x150 [ 443.722160][T11982] ? __pfx___get_user_pages+0x10/0x10 [ 443.722187][T11982] ? process_vm_rw+0x2ff/0x360 [ 443.722224][T11982] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 443.722245][T11982] ? do_syscall_64+0xcd/0x260 [ 443.722287][T11982] __gup_longterm_locked+0x20d/0x1850 [ 443.722325][T11982] ? __pfx___gup_longterm_locked+0x10/0x10 [ 443.722370][T11982] pin_user_pages_remote+0xed/0x140 [ 443.722402][T11982] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 443.722434][T11982] ? mm_access+0x22d/0x2e0 [ 443.722494][T11982] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 443.722546][T11982] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 443.722611][T11982] ? iovec_from_user+0xbb/0x140 [ 443.722671][T11982] process_vm_rw+0x2ff/0x360 [ 443.722706][T11982] ? __pfx_process_vm_rw+0x10/0x10 [ 443.722747][T11982] ? fd_install+0x225/0x750 [ 443.722791][T11982] ? putname+0x154/0x1a0 [ 443.722859][T11982] ? xfd_validate_state+0x5d/0x180 [ 443.722908][T11982] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 443.722941][T11982] ? do_syscall_64+0x91/0x260 [ 443.722987][T11982] ? lockdep_hardirqs_on+0x7c/0x110 [ 443.723033][T11982] do_syscall_64+0xcd/0x260 [ 443.723085][T11982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.723116][T11982] RIP: 0033:0x7f9a0678e169 [ 443.723142][T11982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.723174][T11982] RSP: 002b:00007f9a0759c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 443.723204][T11982] RAX: ffffffffffffffda RBX: 00007f9a069b5fa0 RCX: 00007f9a0678e169 [ 443.723226][T11982] RDX: 0000040000000001 RSI: 0000200000000000 RDI: 000000000000009b [ 443.723246][T11982] RBP: 00007f9a06810a68 R08: 000000000000000a R09: 0000000000000000 [ 443.723265][T11982] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 443.723285][T11982] R13: 0000000000000000 R14: 00007f9a069b5fa0 R15: 00007ffe87379678 [ 443.723327][T11982] [ 445.119902][T12024] HfR: entered promiscuous mode [ 445.147989][T12024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1510'. [ 445.183550][T12024] HfR: left promiscuous mode [ 445.184561][T12029] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1512'. [ 445.211572][T12031] device-mapper: ioctl: Unable to rename non-existent device,  to [ 445.270243][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.283101][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.361816][T12029] team0: Port device team_slave_0 removed [ 445.861201][T12052] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1515'. [ 446.484223][T12072] FAULT_INJECTION: forcing a failure. [ 446.484223][T12072] name failslab, interval 1, probability 0, space 0, times 0 [ 446.514223][T12072] CPU: 1 UID: 0 PID: 12072 Comm: syz.2.1519 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 446.514271][T12072] Tainted: [U]=USER [ 446.514281][T12072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 446.514299][T12072] Call Trace: [ 446.514309][T12072] [ 446.514320][T12072] dump_stack_lvl+0x16c/0x1f0 [ 446.514365][T12072] should_fail_ex+0x512/0x640 [ 446.514389][T12072] ? fs_reclaim_acquire+0xae/0x150 [ 446.514418][T12072] ? tomoyo_encode2+0x100/0x3e0 [ 446.514447][T12072] should_failslab+0xc2/0x120 [ 446.514468][T12072] __kmalloc_noprof+0xd2/0x510 [ 446.514501][T12072] ? d_absolute_path+0x136/0x1a0 [ 446.514529][T12072] tomoyo_encode2+0x100/0x3e0 [ 446.514562][T12072] tomoyo_encode+0x29/0x50 [ 446.514590][T12072] tomoyo_realpath_from_path+0x18f/0x6e0 [ 446.514628][T12072] tomoyo_path_number_perm+0x245/0x580 [ 446.514653][T12072] ? tomoyo_path_number_perm+0x237/0x580 [ 446.514687][T12072] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 446.514715][T12072] ? find_held_lock+0x2b/0x80 [ 446.514768][T12072] ? find_held_lock+0x2b/0x80 [ 446.514795][T12072] ? hook_file_ioctl_common+0x145/0x410 [ 446.514825][T12072] ? __fget_files+0x20e/0x3c0 [ 446.514861][T12072] security_file_ioctl+0x9b/0x240 [ 446.514890][T12072] __x64_sys_ioctl+0xb7/0x200 [ 446.514919][T12072] do_syscall_64+0xcd/0x260 [ 446.514953][T12072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.514975][T12072] RIP: 0033:0x7f092a18e169 [ 446.514993][T12072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.515015][T12072] RSP: 002b:00007f0927fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 446.515035][T12072] RAX: ffffffffffffffda RBX: 00007f092a3b6240 RCX: 00007f092a18e169 [ 446.515050][T12072] RDX: 0000200000000040 RSI: 00000000405c5503 RDI: 0000000000000003 [ 446.515063][T12072] RBP: 00007f0927fb4090 R08: 0000000000000000 R09: 0000000000000000 [ 446.515077][T12072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 446.515090][T12072] R13: 0000000000000001 R14: 00007f092a3b6240 R15: 00007ffd756473a8 [ 446.515118][T12072] [ 446.515235][T12072] ERROR: Out of memory at tomoyo_realpath_from_path. [ 447.899811][T12102] HfR: entered promiscuous mode [ 447.943684][T12102] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1523'. [ 447.952791][T12102] HfR: left promiscuous mode [ 448.088799][T12108] device-mapper: ioctl: Unable to rename non-existent device,  to [ 449.068107][T12130] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1528'. [ 451.213963][T12174] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1536'. [ 451.218538][T12172] FAULT_INJECTION: forcing a failure. [ 451.218538][T12172] name failslab, interval 1, probability 0, space 0, times 0 [ 451.310783][T12172] CPU: 0 UID: 0 PID: 12172 Comm: syz.4.1535 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 451.310835][T12172] Tainted: [U]=USER [ 451.310846][T12172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 451.310864][T12172] Call Trace: [ 451.310875][T12172] [ 451.310887][T12172] dump_stack_lvl+0x16c/0x1f0 [ 451.310940][T12172] should_fail_ex+0x512/0x640 [ 451.310984][T12172] ? fs_reclaim_acquire+0xae/0x150 [ 451.311026][T12172] ? tomoyo_encode2+0x100/0x3e0 [ 451.311068][T12172] should_failslab+0xc2/0x120 [ 451.311118][T12172] __kmalloc_noprof+0xd2/0x510 [ 451.311177][T12172] tomoyo_encode2+0x100/0x3e0 [ 451.311229][T12172] tomoyo_encode+0x29/0x50 [ 451.311273][T12172] tomoyo_realpath_from_path+0x18f/0x6e0 [ 451.311331][T12172] tomoyo_check_open_permission+0x2ab/0x3c0 [ 451.311374][T12172] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 451.311458][T12172] ? find_held_lock+0x2b/0x80 [ 451.311511][T12172] tomoyo_file_open+0x6b/0x90 [ 451.311565][T12172] security_file_open+0x84/0x1e0 [ 451.311609][T12172] do_dentry_open+0x596/0x1c10 [ 451.311671][T12172] vfs_open+0x82/0x3f0 [ 451.311710][T12172] path_openat+0x1e5e/0x2d40 [ 451.311775][T12172] ? __pfx_path_openat+0x10/0x10 [ 451.311842][T12172] do_filp_open+0x20b/0x470 [ 451.311892][T12172] ? __pfx_do_filp_open+0x10/0x10 [ 451.311983][T12172] ? alloc_fd+0x471/0x7d0 [ 451.312045][T12172] do_sys_openat2+0x11b/0x1d0 [ 451.312080][T12172] ? __pfx_do_sys_openat2+0x10/0x10 [ 451.312112][T12172] ? __sock_release+0x20b/0x270 [ 451.312181][T12172] __x64_sys_openat+0x174/0x210 [ 451.312220][T12172] ? __pfx___x64_sys_openat+0x10/0x10 [ 451.312259][T12172] ? rcu_is_watching+0x12/0xc0 [ 451.312312][T12172] do_syscall_64+0xcd/0x260 [ 451.312364][T12172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.312397][T12172] RIP: 0033:0x7f9a0678e169 [ 451.312422][T12172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.312454][T12172] RSP: 002b:00007f9a0759c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 451.312483][T12172] RAX: ffffffffffffffda RBX: 00007f9a069b5fa0 RCX: 00007f9a0678e169 [ 451.312503][T12172] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 451.312522][T12172] RBP: 00007f9a06810a68 R08: 0000000000000000 R09: 0000000000000000 [ 451.312540][T12172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.312559][T12172] R13: 0000000000000000 R14: 00007f9a069b5fa0 R15: 00007ffe87379678 [ 451.312600][T12172] [ 451.567301][T12172] ERROR: Out of memory at tomoyo_realpath_from_path. [ 452.030691][T12187] HfR: entered promiscuous mode [ 452.063602][T12187] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1538'. [ 452.093204][T12187] HfR: left promiscuous mode [ 452.336049][T12190] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1539'. [ 452.381923][T12193] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1537'. [ 452.430909][T12198] device-mapper: ioctl: Unable to rename non-existent device,  to [ 453.210839][T12208] netlink: 'syz.0.1542': attribute type 3 has an invalid length. [ 453.219378][T12208] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1542'. [ 453.727922][T12224] ima: policy update failed [ 453.733752][ T30] audit: type=1802 audit(4311745796.932:7): pid=12224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1546" res=0 errno=0 [ 454.646250][T12238] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1550'. [ 454.817451][T12241] HfR: entered promiscuous mode [ 454.867276][T12241] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1551'. [ 454.913577][T12246] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1552'. [ 454.958035][T12241] HfR: left promiscuous mode [ 454.969810][T12245] device-mapper: ioctl: Unable to rename non-existent device,  to [ 454.998950][T12248] device-mapper: ioctl: Unable to rename non-existent device,  to [ 455.816625][T12272] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input23 [ 456.058354][T12268] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1556'. [ 456.352830][T12268] device-mapper: ioctl: Unable to rename non-existent device,  to [ 458.717168][T12327] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1566'. [ 462.701551][T12401] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input25 [ 463.972351][T12409] delete_channel: no stack [ 464.149432][T12428] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1583'. [ 464.181027][T12430] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1583'. [ 464.336236][T12433] blktrace: Concurrent blktraces are not allowed on loop2 [ 464.578221][ T30] audit: type=1800 audit(4311745807.782:8): pid=12439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1586" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 464.901823][T12450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1587'. [ 464.977750][T12450] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1587'. [ 466.806681][T12481] kexec: Could not allocate control_code_buffer [ 468.400979][T12538] CIFS mount error: No usable UNC path provided in device string! [ 468.400979][T12538] [ 468.445980][T12538] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 472.846237][T12639] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1616'. [ 472.907205][T12634] HfR: entered promiscuous mode [ 472.987732][T12639] HfR: left promiscuous mode [ 473.592365][T12661] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1618'. [ 474.231769][ T5848] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 476.674304][T12694] HfR: entered promiscuous mode [ 476.709758][T12694] device-mapper: ioctl: Unable to rename non-existent device,  to [ 477.619641][T12711] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1631'. [ 478.461890][T12724] HfR: entered promiscuous mode [ 478.512205][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1633'. [ 478.567208][T12725] device-mapper: ioctl: Unable to rename non-existent device,  to [ 478.588263][T12724] HfR: left promiscuous mode [ 480.341416][T12734] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1635'. [ 480.366102][T12733] [ 480.368495][T12733] ====================================================== [ 480.375545][T12733] WARNING: possible circular locking dependency detected [ 480.382600][T12733] 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 Tainted: G U [ 480.391313][T12733] ------------------------------------------------------ [ 480.398350][T12733] syz.0.1634/12733 is trying to acquire lock: [ 480.404440][T12733] ffff88807b439628 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_switch_to_fallback+0x2d/0x9f0 [ 480.415191][T12733] [ 480.415191][T12733] but task is already holding lock: [ 480.422562][T12733] ffff88807b438dd8 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_sendmsg+0x47/0x520 [ 480.431393][T12733] [ 480.431393][T12733] which lock already depends on the new lock. [ 480.431393][T12733] [ 480.441808][T12733] [ 480.441808][T12733] the existing dependency chain (in reverse order) is: [ 480.450828][T12733] [ 480.450828][T12733] -> #2 (sk_lock-AF_INET){+.+.}-{0:0}: [ 480.458508][T12733] lock_sock_nested+0x41/0xf0 [ 480.463745][T12733] sockopt_lock_sock+0x54/0x70 [ 480.469085][T12733] do_ip_setsockopt+0xfe/0x3240 [ 480.474472][T12733] ip_setsockopt+0x59/0xf0 [ 480.479421][T12733] udp_setsockopt+0x7d/0xd0 [ 480.484481][T12733] do_sock_setsockopt+0x221/0x470 [ 480.490055][T12733] __sys_setsockopt+0x1a0/0x230 [ 480.495459][T12733] __x64_sys_setsockopt+0xbd/0x160 [ 480.501114][T12733] do_syscall_64+0xcd/0x260 [ 480.506170][T12733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.512606][T12733] [ 480.512606][T12733] -> #1 (rtnl_mutex){+.+.}-{4:4}: [ 480.519847][T12733] __mutex_lock+0x199/0xb90 [ 480.524908][T12733] do_ipv6_setsockopt+0x2042/0x4420 [ 480.530658][T12733] ipv6_setsockopt+0xcb/0x170 [ 480.535886][T12733] tcp_setsockopt+0xa4/0x100 [ 480.541018][T12733] smc_setsockopt+0x1b3/0xa00 [ 480.546235][T12733] do_sock_setsockopt+0x221/0x470 [ 480.551811][T12733] __sys_setsockopt+0x1a0/0x230 [ 480.557207][T12733] __x64_sys_setsockopt+0xbd/0x160 [ 480.562862][T12733] do_syscall_64+0xcd/0x260 [ 480.567952][T12733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.574390][T12733] [ 480.574390][T12733] -> #0 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 480.583032][T12733] __lock_acquire+0x1173/0x1ba0 [ 480.588446][T12733] lock_acquire+0x179/0x350 [ 480.593491][T12733] __mutex_lock+0x199/0xb90 [ 480.598544][T12733] smc_switch_to_fallback+0x2d/0x9f0 [ 480.604364][T12733] smc_sendmsg+0x13d/0x520 [ 480.609319][T12733] ____sys_sendmsg+0xa95/0xc70 [ 480.614619][T12733] ___sys_sendmsg+0x134/0x1d0 [ 480.619890][T12733] __sys_sendmsg+0x16d/0x220 [ 480.625029][T12733] do_syscall_64+0xcd/0x260 [ 480.630088][T12733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.636522][T12733] [ 480.636522][T12733] other info that might help us debug this: [ 480.636522][T12733] [ 480.646764][T12733] Chain exists of: [ 480.646764][T12733] &smc->clcsock_release_lock --> rtnl_mutex --> sk_lock-AF_INET [ 480.646764][T12733] [ 480.660390][T12733] Possible unsafe locking scenario: [ 480.660390][T12733] [ 480.667852][T12733] CPU0 CPU1 [ 480.673227][T12733] ---- ---- [ 480.678595][T12733] lock(sk_lock-AF_INET); [ 480.683026][T12733] lock(rtnl_mutex); [ 480.689548][T12733] lock(sk_lock-AF_INET); [ 480.696505][T12733] lock(&smc->clcsock_release_lock); [ 480.701897][T12733] [ 480.701897][T12733] *** DEADLOCK *** [ 480.701897][T12733] [ 480.710044][T12733] 1 lock held by syz.0.1634/12733: [ 480.715162][T12733] #0: ffff88807b438dd8 (sk_lock-AF_INET){+.+.}-{0:0}, at: smc_sendmsg+0x47/0x520 [ 480.724451][T12733] [ 480.724451][T12733] stack backtrace: [ 480.730358][T12733] CPU: 0 UID: 0 PID: 12733 Comm: syz.0.1634 Tainted: G U 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) [ 480.730399][T12733] Tainted: [U]=USER [ 480.730408][T12733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 480.730424][T12733] Call Trace: [ 480.730435][T12733] [ 480.730444][T12733] dump_stack_lvl+0x116/0x1f0 [ 480.730487][T12733] print_circular_bug+0x275/0x350 [ 480.730528][T12733] check_noncircular+0x14c/0x170 [ 480.730571][T12733] __lock_acquire+0x1173/0x1ba0 [ 480.730616][T12733] lock_acquire+0x179/0x350 [ 480.730638][T12733] ? smc_switch_to_fallback+0x2d/0x9f0 [ 480.730666][T12733] ? __pfx___might_resched+0x10/0x10 [ 480.730707][T12733] ? finish_task_switch.isra.0+0x221/0xc10 [ 480.730740][T12733] ? lockdep_hardirqs_on+0x7c/0x110 [ 480.730777][T12733] __mutex_lock+0x199/0xb90 [ 480.730814][T12733] ? smc_switch_to_fallback+0x2d/0x9f0 [ 480.730839][T12733] ? __lock_acquire+0xaa4/0x1ba0 [ 480.730879][T12733] ? smc_switch_to_fallback+0x2d/0x9f0 [ 480.730905][T12733] ? __pfx___mutex_lock+0x10/0x10 [ 480.730947][T12733] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 480.730978][T12733] ? smc_switch_to_fallback+0x2d/0x9f0 [ 480.731003][T12733] smc_switch_to_fallback+0x2d/0x9f0 [ 480.731030][T12733] smc_sendmsg+0x13d/0x520 [ 480.731054][T12733] ____sys_sendmsg+0xa95/0xc70 [ 480.731078][T12733] ? copy_msghdr_from_user+0x10a/0x160 [ 480.731111][T12733] ? __pfx_____sys_sendmsg+0x10/0x10 [ 480.731137][T12733] ? try_to_wake_up+0xa2f/0x1680 [ 480.731171][T12733] ___sys_sendmsg+0x134/0x1d0 [ 480.731204][T12733] ? __pfx____sys_sendmsg+0x10/0x10 [ 480.731255][T12733] __sys_sendmsg+0x16d/0x220 [ 480.731287][T12733] ? __pfx___sys_sendmsg+0x10/0x10 [ 480.731320][T12733] ? __x64_sys_futex+0x1e0/0x4c0 [ 480.731360][T12733] ? rcu_is_watching+0x12/0xc0 [ 480.731395][T12733] do_syscall_64+0xcd/0x260 [ 480.731436][T12733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.731462][T12733] RIP: 0033:0x7f6467f8e169 [ 480.731482][T12733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.731507][T12733] RSP: 002b:00007f6468de7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 480.731531][T12733] RAX: ffffffffffffffda RBX: 00007f64681b5fa0 RCX: 00007f6467f8e169 [ 480.731548][T12733] RDX: 0000000020004000 RSI: 0000200000001980 RDI: 0000000000000003 [ 480.731564][T12733] RBP: 00007f6468010a68 R08: 0000000000000000 R09: 0000000000000000 [ 480.731579][T12733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.731594][T12733] R13: 0000000000000000 R14: 00007f64681b5fa0 R15: 00007fff14a723b8 [ 480.731618][T12733]