last executing test programs: 6.80480139s ago: executing program 2 (id=2017): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/teql0/queues/tx-0/xps_cpus\x00', 0x40081, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r0, &(0x7f0000000280)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r1, 0x0, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x44001}, 0x2) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x54, 0x0, 0x2, 0x0, 0x4000000000007, 0x22eb}, 0x7fe}, 0x4, 0x1000) socket(0x29, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/nilfs2/features/README\x00', 0x40, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)=""/6, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0xffffffffffffffc0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="120092ff389d48c2fcb1", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8800}, 0x880) recvmmsg$auto(r2, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0xa, 0x1, 0x0) getsockopt$auto(r5, 0x6, 0xa, &(0x7f0000000080)='$\xfe\x88\xc8\x91\x8bo\xc6#\x93\x91^\x01<\xc81\xc0\x80\xd6\xdb>f\x8c\xf7\xb6\xca\xcdi\xa6\x91R\x7f\x00B\x93H9\x19\xb4x\xb1\xb7\xd3\xe4\x00'/60, &(0x7f0000000040)=0xaa) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010028bd7000fddbdf2501"], 0x1c}}, 0x40000) sendmsg$auto_ILA_CMD_FLUSH(r6, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000540)={0x14, r8, 0x1, 0x2, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x40844) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'veth0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'veth0_to_bond\x00', 0x0}) sendmsg$auto_ILA_CMD_ADD(r5, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="200027bd7000fbdbdf250100000005000800fd1ef904bf510a0002be366c7704bef3823f53fe520eaeb4f3f842c45335fcc58c140207933ee67dc1ca7eca7d58718c6714ed2ab05d51e8c6b229cf29595ae57c5eade960bed3630cb7b3c8146eaef4fcf32c2ba71d28925243710f4b7151f2a44c2e46ef84a7c4174d716a5a2205e77d6739a204f46077dbd0e731e5ca9f67f8a5dcf9acd9ecdb62dda47a07d054aed720c9ce50693c75894b5071141097adfc8e701d95c5cac07db78bf60f94c920f9f211364ad48d24f4f1170368dd684fc2e4cbeb0282534f7bb240bd29ae985d3b30831b1c6a5bd614161ba3164d9145f1ad89cf241665fb6a57151bb12a61f0dd8adf2b0000000000000000", @ANYRES32=r9, @ANYBLOB="050008008100000008000400", @ANYRES32=r10, @ANYBLOB="05000800db000000050008000800000005000700060000000c000300a9af000000000000"], 0x58}, 0x1, 0x0, 0x0, 0xc4}, 0x4) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) 5.986592677s ago: executing program 1 (id=2020): r0 = io_uring_setup$auto(0xa, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x8000, 0x0) read$auto(r1, 0x0, 0x9) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000180)) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1a000, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) sendmsg$auto_TIPC_NL_KEY_SET(r2, 0x0, 0x42000) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x400080, 0x0) 5.768946952s ago: executing program 2 (id=2022): r0 = socket(0x10, 0x2, 0xf) bpf$auto(0x0, &(0x7f0000000680)=@bpf_attr_4={0x1e, r0, 0x24000000, r0}, 0x210) (fail_nth: 1) 4.942118113s ago: executing program 1 (id=2024): r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/1/msr\x00', 0xf82, 0x0) readv$auto(r0, 0x0, 0x400) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x5, 0x84) getrandom$auto(0x0, 0x6000000, 0x3) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r1 = socket(0x29, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x1e, 0xfffffffffffffffd, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(r2, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r1, 0x89f2, 0x24) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/lapb5/broadcast\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000100)=""/16, 0x10) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/trigger\x00', 0x202, 0x0) 4.655464763s ago: executing program 2 (id=2025): mmap$auto(0x0, 0x7, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x23, 0x80805, 0x0) shmget$auto(0xffffffffffffffff, 0xb0d, 0xa7db6ba) unshare$auto(0x8000400) r1 = memfd_secret$auto(0x0) fchownat$auto(0x2, 0x0, 0x4, 0x8001, 0x1000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000e80), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}}, 0x4000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), 0xffffffffffffffff) r6 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), r0) r7 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r8 = getpid() process_vm_readv$auto(r8, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0xfffffffffffffffc, 0x100000000}, 0x6, 0x0) sysfs$auto(0x2, 0x3f, 0x0) fsopen$auto(0x0, 0x1) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8814) sendmsg$auto_MACSEC_CMD_DEL_RXSA(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r6, 0x20, 0x70bd26, 0x25dfdbfd, {}, [@MACSEC_ATTR_IFINDEX={0x8, 0x1, r9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x4000) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r4, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000004396409e99ecf1d495a9835ca214101daf324edd606d67c5fb789d0300000074961a42d97fde0ab5fcda318e0a15d8d823979bca9aa19ec35f5e1c8901e4220c1ac51a63c96274dea9d9863d0043b7eaa44bef04c008a55248894bc29c488370466e3c6f2f0f60890e1c95af0b898d2b576da953a9de505532ea4fc25d717c2320c95bef14c5b79a4bf8969c1253852ac25f046b21aebcbef9481ba4917cf417db1aaea3ad89137847cac0dda7f1879d5fd3ffc09be4a42b4bc91b07c4f60712a9", @ANYRES16=r5, @ANYBLOB="01002abd7000fddbdf250400000008000c0003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x404c091}, 0x40000) 4.599789425s ago: executing program 0 (id=2026): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x801, 0x84) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0xc0502, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x180, 0x0) ioctl$auto_BLKSECTGET(r2, 0x1267, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) sysfs$auto(0x2, 0x41, 0x0) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) prctl$auto(0x0, 0x1, 0x0, 0x80000001, 0x8) io_uring_setup$auto(0x2c8, &(0x7f0000000080)={0x9, 0x0, 0xdf, 0xffffffff, 0x2, 0x1, r1, [0x7, 0x2, 0x6], {0xe9, 0x1, 0x86, 0x80000001, 0x6, 0xb2f3, 0x5780, 0xc, 0x80000000}, {0x5, 0x1, 0x8, 0x9, 0x9, 0x7, 0xdf, 0xffffff89, 0x7fffffffffffffff}}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto(0x3, &(0x7f0000000100)=@info={r0, 0xeca, 0x9}, 0xafe) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, 0x0) close_range$auto(r1, 0xffffffffffffffff, 0x0) 4.486224107s ago: executing program 3 (id=2027): mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xf, 0x3, 0x2) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0x8, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0x2, 0xd, 0x6, 0x200000100103}) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x10000, 0x0) (async) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x10000, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) (async) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) r0 = socket(0x10, 0x2, 0x6) read$auto(0x3, 0x0, 0xf3c) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) socket(0x10, 0x2, 0x0) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8085}, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x86}, 0x4000841) (async) sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x86}, 0x4000841) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.410128503s ago: executing program 2 (id=2028): read$auto(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x8) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x40, 0x0) r1 = ioctl$auto_SW_SYNC_GET_DEADLINE(0xffffffffffffffff, 0xc0105702, &(0x7f0000000080)={0x5, 0x0, r0}) r3 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_DEL_SECLEVEL(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r3, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEST_SHORT_ADDR={0x6, 0xe, 0x9}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8c0}, 0x881) sendmsg$auto_IEEE802154_ASSOCIATE_RESP(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0xc4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0xfc, r3, 0x100, 0x70bd27, 0x4, {}, [@IEEE802154_ATTR_LLSEC_ENABLED={0x5}, @IEEE802154_ATTR_SRC_HW_ADDR={0xc, 0xc, 0x5}, @IEEE802154_ATTR_CSMA_RETRIES={0x5, 0x25, 0x9c}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, 0x7}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "4ea7235e0f3f2219e9a7b0564bc5bbe164beb89d0d7f8a1ed5ca06f40b0efb91"}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x1c}, @IEEE802154_ATTR_CHANNEL_PAGE_LIST={0x84, 0x1e, "a5a6e2025dacedd207388da4c54086bd088439bb43574e13d7811e54211286348a156903ad4de9ad5c22fcd89a70d9cf0da04f8da150dd1f838170025ec090d63fd7113bd271c2ab0b83feadd23c5c6682979484fe8887d6057f9c70a3ae04ec35f1de7b8ec3691acd0cf8fccb98bfaca59a54d31824e2bd5f6cb8d5624eb654"}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x81}, @IEEE802154_ATTR_BAT_EXT={0x5}]}, 0xfc}, 0x1, 0x0, 0x0, 0x64008000}, 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000400), r1) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0xc0000800}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x18, r5, 0x10, 0x6, 0x25dfdbfd, {}, [@NL80211_ATTR_ASSOC_SPP_AMSDU={0x4}]}, 0x18}}, 0x4004000) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000500), 0xffffffffffffffff) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000540), r1) lsm_list_modules$auto(&(0x7f0000000580)=0x9, &(0x7f00000005c0)=0x642c, 0x4) r6 = socketpair$auto(0xa62, 0x7, 0x1, &(0x7f0000000600)=0x9) msgctl$auto_IPC_INFO(0x1, 0x3, &(0x7f00000006c0)={{0x4, 0xee01, 0x0, 0x1, 0xff, 0x2, 0x3}, &(0x7f0000000640), &(0x7f0000000680), 0xfffffffffffffff9, 0x40, 0x8, 0x942, 0x1, 0x9, 0x6, 0x40, @inferred=0xffffffffffffffff, @raw=0x6}) fchown$auto(r1, r7, 0xee00) lsm_list_modules$auto(&(0x7f0000000740)=0xa4a, &(0x7f0000000780)=0x10001, 0x9d62) mlockall$auto(0x2) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000800)={'pim6reg0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000840)={'team_slave_1\x00', 0x0}) sendmsg$auto_NL802154_CMD_SET_TX_POWER(r2, &(0x7f0000000940)={&(0x7f00000007c0), 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x44, 0x0, 0x302, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x4}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x2}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_PID={0x8, 0x1c, r8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004011}, 0x40881) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000980)='/dev/input/event2\x00', 0x40c04, 0x0) r11 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000a00), r1) sendmsg$auto_KSMBD_EVENT_SHARE_CONFIG_RESPONSE(r4, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x14, r11, 0x200, 0x70bd25, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x48010}, 0x50) ioctl$auto(r4, 0x0, r6) mlockall$auto(0x3) lsm_list_modules$auto(&(0x7f0000000b00)=0x9, &(0x7f0000000b40)=0xfffffffb, 0xb) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000b80)='/proc/self/fail-nth\x00', 0x200, 0x0) mbind$auto(0x80000000, 0x0, 0x2, &(0x7f0000000bc0)=0xffffffffffff0001, 0x2, 0xff) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000c00), r1) close_range$auto(0xffffffffffffffff, r2, 0x0) 3.822770111s ago: executing program 0 (id=2029): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="036c25bd7000fddbdf2504006a00080017000200000004001d"], 0x20}, 0x1, 0x0, 0x0, 0x404c884}, 0x64004890) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop6\x00', 0x480, 0x0) fdatasync$auto(r2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) statx$auto(0x8, 0x0, 0x1000, 0xfffffffb, 0x0) write$auto(0x1, 0x0, 0x80000000) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r4 = socket(0x2b, 0x1, 0x1) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r4, 0x0, 0x400c0c1) mmap$auto(0x0, 0x400005, 0xe3, 0x9b72, r4, 0x7) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) sysfs$auto(0x1, 0x2, 0xf3) ioctl$auto_XFS_IOC_READLINK_BY_HANDLE(0xffffffffffffffff, 0xc038586c, &(0x7f0000000340)={r3, 0x0, 0x7, 0x0, 0x32cfecc3, &(0x7f00000002c0), &(0x7f0000000300)=0x2}) mq_timedsend$auto(r5, &(0x7f0000000380)='/dev/ppp\x00', 0x80000001, 0x15, &(0x7f00000003c0)={0x3, 0x4}) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) 3.802400929s ago: executing program 1 (id=2030): userfaultfd$auto(0x1) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x14, 0x944, 0x35b, 0x3, 0x806, 0x7, 0x9, 0x400005, 0x4000fff, 0x2, 0x8001, 0x2, 0x5, 0x3, 0x8, 0x7, 0x20, 0xc7, 0x6, 0x0, 0x0, 0x81, 0x0, 0x0, 0xffffffff, 0xfff, 0x0, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x85) msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) mmap$auto(0x0, 0x1004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000) r0 = semctl$auto(0x1ff, 0x100000001, 0x13, 0x9) mmap$auto(0x0, 0x20009, 0x5, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYRESHEX=r0, @ANYRES8=r0, @ANYRES16=r0, @ANYRES8=r0, @ANYRES8, @ANYRESOCT=r0, @ANYRES64=r0, @ANYBLOB="56f826c0", @ANYBLOB], 0x1ac}}, 0x40000) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0) signalfd$auto(0x4, 0x0, 0x8) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/arch_status\x00', 0x80300, 0x0) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub3/info\x00', 0x1a3443, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0) io_uring_setup$auto(0x40000002c55, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) io_uring_setup$auto(0x2, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x500) close_range$auto(0x2, 0x8, 0x0) write$auto(0x3, 0x0, 0x3f00) close_range$auto(0x2, 0x8, 0x0) statmount$auto(&(0x7f0000000080)={0x7e, @raw, 0x80000028, 0xe864, 0x7}, 0x0, 0x40, 0x0) 3.399599173s ago: executing program 3 (id=2031): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) (async) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) r0 = openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/ext4/sda1/es_shrinker_info\x00', 0x8880, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) (async) open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x8000000}, 0x3, 0xf8, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/authorized\x00', 0x10b142, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.3/usb4/4-0:1.0/authorized\x00', 0x10b142, 0x0) pwrite64$auto(r1, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x06\x00\x06\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) ioctl$auto_BCH_IOCTL_FSCK_OFFLINE(r0, 0x4018bc13, 0x0) 3.217648653s ago: executing program 3 (id=2032): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0) ppoll$auto(&(0x7f0000000040)={r0, 0x5, 0xf}, 0x4, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x0) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a2, 0x4e) socket(0x15, 0x5, 0x0) setsockopt$auto(0x3, 0x114, 0xa, 0x0, 0x4) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x4, 0x5, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x40, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x80080001]}, 0x0, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0xa0202, 0x0) sendfile$auto(r2, r2, 0x0, 0x1) socket(0x22, 0x3, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) 3.169182959s ago: executing program 2 (id=2033): r0 = socket(0x10, 0x2, 0xf) bpf$auto(0x0, &(0x7f0000000680)=@bpf_attr_4={0x1e, r0, 0x24000000, r0}, 0x210) (fail_nth: 2) 3.024104739s ago: executing program 3 (id=2034): mq_timedsend$auto(0xffffffffffffffff, &(0x7f0000000040)='@*!:}\xc1-.!\\#[./\',-\x00', 0x7d, 0x9, 0x0) r0 = socket(0x10, 0x2, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}}, 0x40000) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000002c40)=0xd0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x2691c0, 0x0) ioctl$auto_BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f0000000340)={@inferred=r0, 0x9, 0x10000, @unused, @subvolid=0x4}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/hid/drivers/zeroplus/uevent\x00', 0x121681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000000c0)='-', 0x1) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = open(0x0, 0x7ffd, 0x12) umount2$auto(0x0, 0x4) r5 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r5, @new_prog_fd=0x4, 0x4, @old_map_fd=0xffffffffffffffff}, 0xa3) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0xe, 0x4, 0x8) sendmsg$auto_NL80211_CMD_LEAVE_MESH(r6, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001340)={0x464, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_MLO_LINK_ID={0x5, 0x139, 0x63}, @NL80211_ATTR_FILS_KEK={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0xf5}, @NL80211_ATTR_NAN_FUNC={0xb2, 0xf0, 0x0, 0x1, [@typed={0x8, 0x12a, 0x0, 0x0, @ipv4=@private=0xa010100}, @generic="04c718e8b79b536eb4be09652d2562547db522c3195ef077b33d1f6cab0d1607c031f5f344c07e0bc23932aafa1707c444b59903b2ea39e2211019b351d490fca9d19956ece1f4dd5ad179dd78f8eaa368f7b150f09083b5cb4b3b04c9cb5539a6a8d986d387c6d1c6d06689d41aa7d50ee47fa2cc933cae7fec0e5a7956ff3922bf48f43d21a1c80e28e41442c91f5f2c482c55f4e9177436152a3ab2946e6d1f346d8c0c88"]}, @NL80211_ATTR_MESH_CONFIG={0x379, 0x23, 0x0, 0x1, [@generic="ab6347d6fd06d4784be9116cd4fd5e95ec20e43f6e0e6913e6a0f953afe15e9b812eb7dd0ab19614679b2667c0688c456a609b3d0eeceaa86c102cde029d59fc3fab", @typed={0x8, 0x100, 0x0, 0x0, @fd=r4}, @nested={0x9e, 0x72, 0x0, 0x1, [@typed={0x8, 0x41, 0x0, 0x0, @ipv4=@loopback}, @generic="ab7d1418e689a38693d82910c6eb8bb95d1805823cb7ac67caeb84e50d1a8b86e117094cc46d5b7603757eed0615d9b2e24082cd904ebe840ee3875580376b19a0e4e7be5fc11e06041e770e87292ade35887fd955f41c8021b0bf0a97bcde4adc9acde15738895e49c72d62a19291b2b541f924f53dbc00f13d694c7e2a68815e640585b76930574900a1cd02f9d74e4fba"]}, @generic="ff6a0a0e99fbe620a921d392f1805bec8775df3b3c22dd2eb97de5af07ebabe05c7171c90fa09f2f01bc346119f282ba8aba760f0863178b6cff31e9c0cbd28a0c35d21e0942fd8fa74148c94ec1b23c8ac56bfe279ff7739453ec2fd2b5e7aae5075cd97fb33977a153c71df6eacdaf053ed3498a472ce81af76645c5bf6b8a5ceabb35713b19a3375996a5711a47e9c20f698411344cf142fa4a", @generic="8e1cd407ed0c126dc83b117b173a3bf2f5c24c27cc3ef0d4a620d8aa4915e3c2169bbc26e2906d78a0de1c54f52be66bfcddb216a403ca15c8a0840f44c8f85ffdcd13e3cbe04dda75b2c3cef44af9853966d28a94562d7307c253d8417d7da20d994efa51925e86afa2998bbe9a8d21cdd443d8f1de9660ccadf0", @nested={0x4, 0x132}, @generic="5e060724cda0a465afebb169ad57e5d0772a3951af03b7106af920d84da19639e47e2f39f2bf79c1dfa7c20c0dccc4700d0cfa24fa1287cb3f76738809df69514ac4bfd6cce95316c5ed665333cb513425b97719848d10f0695ef1e25350db5ff38a301f07c76ad7a5dedd4b458139f6f0a2b0c5436ee8b2fa736ef12963dd865817aad004ad61aefe078b0fb95265f714105b301ea77676e432a566519decc22f9e8749a974e637a97cf931fef721d632e293d3c7c837fcb21e569ca9b78e5c093653d5004392d0d1f5268d58f3459c8498b70a484959e0", @generic="8da8a73a96a13f9ba911b8c609d9bb8964e42a1964138fa9a2ee8503e2899b74aba947bef102e136f6a030ff69ba3e602b869d13eccd9cc207160b09f0e4d95333c7125d6b88e05b909bb0a4851264d06e280772580678acca385dca885bda8ee3b52fa057618e67e7ac6ff2c3086253a14287c5195936709f333d5b1d26658c9555ef00b24e183c31a43e0320f9cd757d4f5282c41fbe5dba"]}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x4}]}, 0x464}, 0x1, 0x0, 0x0, 0x1}, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x2003f0, 0x15) 3.01582307s ago: executing program 0 (id=2035): mmap$auto(0x2, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8002) r0 = socket(0xa, 0x800, 0x83) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r1, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000002d00)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="f98a"], 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x40) gettid() socket(0x1e, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x1, 0x84) accept$auto(0x3, 0x0, 0x0) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) read$auto(0x3, 0x0, 0x7) getsockopt$auto(r0, 0x84, 0x74, 0x0, 0x0) 2.589402897s ago: executing program 1 (id=2036): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory0/state\x00', 0x1c11c2, 0x0) sendfile$auto(r0, r0, 0x0, 0x1) 2.461485112s ago: executing program 1 (id=2037): openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/gid_map\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xfffffffffffffffe, 0xffff7ffffffffffa, 0x4000000008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setpriority$auto(0x4000000001, 0x100000001, 0x6) mmap$auto(0x2000000, 0x400008, 0xdf, 0x9b72, 0x100000000002, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mkdir$auto(&(0x7f0000000180)='}[,&*}\x00', 0x8001) mount$auto(0x0, 0x0, &(0x7f0000000140)='nfsd.', 0xd, 0x0) ioctl$auto_TIOCSWINSZ2(0xffffffffffffffff, 0x5414, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000003040)='/proc/self/io\x00', 0x440, 0x0) read$auto_proc_single_file_operations_base(0xffffffffffffffff, &(0x7f0000000040)=""/9, 0x9) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x3ff, 0x3, 0x8, 0x10001, 0x12, 0xc05, 0xffffffffffffffff, [0x7ff, 0xfff, 0x8], {0x9, 0x1, 0x5, 0x0, 0x400, 0x0, 0x3fe0, 0x8, 0x1000000000e8}, {0x2, 0x100, 0x54f1, 0x0, 0x101, 0xff, 0x8d6, 0x4, 0x3}}) r0 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0xffffffff, @hyper}, 0x55) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp1\x00', 0x60282, 0x0) r2 = socket(0xa, 0x3, 0x5) sendmmsg$auto(r2, &(0x7f0000000180)={{&(0x7f0000000040), 0x19, 0x0, 0x0, &(0x7f0000000040), 0x8, 0x80008000}, 0x5}, 0x1, 0x1fda) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) msgctl$auto_IPC_INFO(0x44, 0x3, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x2, 0x57e, 0xffff8001}, &(0x7f00000000c0)=0x6, &(0x7f0000000240)=0xff, 0x0, 0x9, 0x400, 0xfffffffffffffff9, 0x2, 0x18, 0x0, 0xfff8, @inferred=r0, @inferred=r0}) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0) write$auto(r1, 0x0, 0x100082) socket(0x23, 0x5, 0x80000000) close_range$auto(0x2, 0x8, 0x0) 2.152633261s ago: executing program 0 (id=2038): r0 = socket(0x10, 0x2, 0xf) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r1, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_DISABLE_EHT={0x4}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x4}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x1000) bpf$auto(0x0, &(0x7f0000000680)=@bpf_attr_4={0x1e, r0, 0x24000000, r0}, 0x210) 2.036599351s ago: executing program 2 (id=2039): r0 = io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty53\x00', 0x200, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x109302, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x7, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x3, 0x95f4da0a, 0xefffffffffffffff, 0x3, 0x62, 0x80000001, 0x10000000000004, 0x6d40, 0x1, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0xb5fe, 0x400008, 0xffffffffffffb7aa, 0x9b72, r0, 0x7fff) r2 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r2, 0x0, 0x1, 0x0, 0x1e) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x7, 0xc45d, 0x80, 0x6, 0x3, 0x2, 0x3, 0x3, 0x62, 0x80000022, 0x7, 0x6d3e, 0x2000000004000009, 0x2, 0x6]}, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, 0x0, 0x1ff) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$auto(0x3, 0xe0, 0x4000000000df, 0xd7, r2, 0x9ba) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2) r4 = prctl$auto_PR_SCHED_CORE_GET(0x7fffffff, 0x0, 0xffffffffffffffff, 0x5a, 0x1) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'pimreg\x00'}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) socket(0x1f, 0x800, 0xffffff01) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) unshare$auto(0x40000080) 2.035440604s ago: executing program 3 (id=2040): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) socket(0x1d, 0x3, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/memory/memory15/online\x00', 0xa001, 0x0) write$auto(r0, &(0x7f0000000140)='0[.[\x00', 0xcd04) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.subtree_control\x00', 0x142, 0x0) write$auto(r1, 0x0, 0x4) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/tunl0/addr_gen_mode\x00', 0x10901, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x88041, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x6, 0x9c0f, 0x44eb2, 0x10006, 0x0) semctl$auto_GETALL(0x0, 0x2, 0xd, 0x2) 1.934591229s ago: executing program 0 (id=2041): r0 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x600, 0x0) readv$auto(r0, &(0x7f0000003dc0)={0x0, 0x4}, 0x1000000000003) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(r1, 0x0, 0x6) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x200000007b, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000", @ANYRES16, @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32"], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x50) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/veth1_vlan/src_valid_mark\x00', 0x41301, 0x0) write$auto(r2, &(0x7f0000000000)='\x00', 0x34) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 898.001523ms ago: executing program 0 (id=2042): r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(r0, r0, 0x8) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) io_uring_register$auto(0xffffffffffffffff, 0xffff5594, 0x0, 0x1) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r2 = getpid() pidfd_open$auto(r2, 0x0) 696.021286ms ago: executing program 1 (id=2043): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x2, 0x0) (async) r0 = socket(0xa, 0x2, 0x0) setsockopt$auto(r0, 0x29, 0x16, 0x0, 0x1) r1 = socket(0x29, 0x2, 0x0) socket(0x10, 0x2, 0x0) (async) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r1, 0x89a3, 0x24) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/sound/ctl-led/speaker/card0/list\x00', 0x80400, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/sound/ctl-led/speaker/card0/list\x00', 0x80400, 0x0) r4 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc40, 0x0) recvmmsg$auto(r4, &(0x7f0000000180)={{&(0x7f0000000480)="c3cb9fa9d03e5eb67f0b53b9a8eb6b97b6fd5e11c08547fe6df65b0ac5446069c96dfbce42671c3981b0a749a5f0b398023f025af056ae52459ea8e007319e6b66ce2648b7a35c00364c8c3c5aee6664f9ba3f876b6d9e3b20e30ec1427a0ccfeeeafde91bad563cc0d3efa477a243ece1eb48e5e42c0478f22b8a1bb32a26d7d93dfc30ff30baa8aad7e0dce81ebb1ebe70ef73029e7569266ed53ae6d0efb764679270e3829dcb86abce2af2ca0c64f6c5fc81f4bde0831d9a98ebc9f720", 0x7, &(0x7f0000000100)={&(0x7f00000000c0)="87f3801f361c04cdeea5ed2c45b9933788aed0196c40ed0c578589a90b32e7c0812aa854375bf4ff73a71f46b3eccde76a", 0xefc}, 0x0, &(0x7f0000000540)="bb41296f951a3f0ce27728a2ad3e54751fbb7bf30905b359dcf58efb36ff8796c3f79b91e22d7c11c49e44aa958721ce2321ed676a2458fd80b33e10671887e89d09556fbae59204b5a21757c669002157d9fcf345bfd4134f9ff91749fff43b8bd78a51d29936ab5513e25b4d18c763dfe24d2a5ffccde659308f06ff429747e9d66132251c0fb9e0427ffdd722ce382aa848424080c01127b9c5b673216b998b0104fb1d3573f8ca1339d3cfc54afc72bb47e4e0edfc356d6bee1c724473db6622e33b9ae9287ff7a451a6c53cbbe58ad6220f1bc4e28a4cd95a7ed4", 0x1, 0x4be8}, 0x10}, 0x0, 0x0, &(0x7f00000001c0)={0x7, 0x9f0}) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x6) memfd_create$auto(&(0x7f0000000280)='ovs_flow\x00', 0xd7) (async) memfd_create$auto(&(0x7f0000000280)='ovs_flow\x00', 0xd7) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) (async) r5 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r3, &(0x7f0000000240)={0x0, 0xfffffffffffffd7c, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="24000000b37dfcbcf93297b96138941d8ec06dcf1d394f31ee8b7568da07136c631ade48318b11698b0d286fb6eda22514fab262bcd2e83ff992f405b51ba8239a269e38f9eea098699fe42809fda7f70332f897ec8c9bd4af603812fa24826f6733d919f01e7c5e341fd142a25e8a26ad48f1e6a9415f1eff503cb6ff847fcf981178f1aba49a1b9aa5ab6d470b6cd9e7463ea5c59424730bc6eadaa33436d2799b00e8b7c1d388bcb9adb2aa3550992c56bc195b7faee8cda50795bbca580dbbe1cd6a2c270ed1dd088c09dc7a0158f8307dab58e2969b12535b33b6c6f602be9b16060a5ee6c6143c846f0b", @ANYRES16=r5, @ANYBLOB="01002dbd7000fddbdf2502000000040001800c00018008000500", @ANYRES32=r3, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x800) 0s ago: executing program 3 (id=2044): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event\x00', 0xa00, 0x0) pread64$auto(r0, 0x0, 0xc404, 0x1000) (fail_nth: 2) kernel console output (not intermixed with test programs): exec"[5831] was attempted by "./syz-executor exec"[9246] [ 334.635522][ T9266] ptrace attach of "./syz-executor exec"[6435] was attempted by "./syz-executor exec"[9266] [ 335.246321][ T9303] netlink: 8 bytes leftover after parsing attributes in process `syz.2.713'. [ 335.686433][ T9313] netlink: 306 bytes leftover after parsing attributes in process `syz.3.716'. [ 336.172240][ T9320] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k [ 345.016483][ T9444] dump_stack_lvl+0x16c/0x1f0 [ 345.016529][ T9444] should_fail_ex+0x512/0x640 [ 345.016573][ T9444] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 345.016625][ T9444] should_failslab+0xc2/0x120 [ 345.016669][ T9444] __kmalloc_cache_noprof+0x6a/0x3e0 [ 345.016718][ T9444] ? __might_fault+0x13b/0x190 [ 345.016753][ T9444] ? alloc_bprm+0x86/0xdd0 [ 345.016800][ T9444] alloc_bprm+0x86/0xdd0 [ 345.016843][ T9444] ? strncpy_from_user+0x203/0x2e0 [ 345.016886][ T9444] do_execveat_common.isra.0+0x1ce/0x610 [ 345.016944][ T9444] __x64_sys_execveat+0xda/0x120 [ 345.016996][ T9444] do_syscall_64+0xcd/0x230 [ 345.017040][ T9444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.017069][ T9444] RIP: 0033:0x7f2ee9f8e969 [ 345.017093][ T9444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.017122][ T9444] RSP: 002b:00007f2eeae04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 345.017151][ T9444] RAX: ffffffffffffffda RBX: 00007f2eea1b5fa0 RCX: 00007f2ee9f8e969 [ 345.017170][ T9444] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 345.017188][ T9444] RBP: 00007f2eeae04090 R08: 0000000000011000 R09: 0000000000000000 [ 345.017207][ T9444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.017225][ T9444] R13: 0000000000000000 R14: 00007f2eea1b5fa0 R15: 00007ffdf3cb4c58 [ 345.017264][ T9444] [ 346.745087][ T9466] zswap: compressor not available [ 347.097874][ T9472] zswap: compressor B%5.h@hr$0;icFhQ7+8yZ51_S0>;c3)Ac [ 347.097874][ T9472] Y]<5_ɻj&ow/KcAhAZ/_%> =AD:כ!=[p]AlÓ~t[ cΊ{Ƀj:Fڍkb՟v\t='HJڽ8#iVg E not available [ 347.250785][ T9480] netlink: 8 bytes leftover after parsing attributes in process `syz.3.752'. [ 348.153429][ T9487] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k [ 355.546888][ T9594] dump_stack_lvl+0x16c/0x1f0 [ 355.546928][ T9594] should_fail_ex+0x512/0x640 [ 355.546961][ T9594] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 355.546991][ T9594] should_failslab+0xc2/0x120 [ 355.547018][ T9594] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 355.547041][ T9594] ? get_close_on_exec+0x137/0x320 [ 355.547062][ T9594] ? mm_alloc+0x1c/0xc0 [ 355.547091][ T9594] mm_alloc+0x1c/0xc0 [ 355.547115][ T9594] alloc_bprm+0x2ab/0xdd0 [ 355.547155][ T9594] ? strncpy_from_user+0x203/0x2e0 [ 355.547189][ T9594] do_execveat_common.isra.0+0x1ce/0x610 [ 355.547232][ T9594] __x64_sys_execveat+0xda/0x120 [ 355.547272][ T9594] do_syscall_64+0xcd/0x230 [ 355.547306][ T9594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.547330][ T9594] RIP: 0033:0x7fceb3d8e969 [ 355.547349][ T9594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.547370][ T9594] RSP: 002b:00007fceb4bfa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 355.547391][ T9594] RAX: ffffffffffffffda RBX: 00007fceb3fb5fa0 RCX: 00007fceb3d8e969 [ 355.547406][ T9594] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 355.547420][ T9594] RBP: 00007fceb4bfa090 R08: 0000000000011000 R09: 0000000000000000 [ 355.547434][ T9594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.547447][ T9594] R13: 0000000000000000 R14: 00007fceb3fb5fa0 R15: 00007ffe82720418 [ 355.547479][ T9594] [ 356.054704][ T9597] netlink: 86 bytes leftover after parsing attributes in process `syz.3.775'. [ 357.023162][ T9615] netlink: 338 bytes leftover after parsing attributes in process `syz.0.780'. [ 357.325262][ T9615] netlink: 4 bytes leftover after parsing attributes in process `syz.0.780'. [ 357.445429][ T9615] cougar: G6 mapped to F18 [ 357.534439][ T9613] netlink: 338 bytes leftover after parsing attributes in process `syz.0.780'. [ 359.161013][ T9642] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[9642] [ 359.574386][ T9644] ptrace attach of "./syz-executor exec"[6435] was attempted by "./syz-executor exec"[9644] [ 360.973650][ T9655] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k 18 [ 392.582333][T10111] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k/[k/[k [ 414.117625][T10450] dump_stack_lvl+0x16c/0x1f0 [ 414.117676][T10450] should_fail_ex+0x512/0x640 [ 414.117720][T10450] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 414.117761][T10450] should_failslab+0xc2/0x120 [ 414.117800][T10450] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 414.117838][T10450] ? proc_alloc_inode+0x25/0x200 [ 414.117874][T10450] ? __pfx_proc_alloc_inode+0x10/0x10 [ 414.117901][T10450] proc_alloc_inode+0x25/0x200 [ 414.117930][T10450] alloc_inode+0x61/0x240 [ 414.117969][T10450] new_inode+0x22/0x1c0 [ 414.118012][T10450] proc_pid_make_inode+0x22/0x160 [ 414.118066][T10450] proc_ns_instantiate+0x57/0x100 [ 414.118120][T10450] proc_ns_dir_lookup+0x1af/0x2f0 [ 414.118175][T10450] ? __pfx_proc_ns_dir_lookup+0x10/0x10 [ 414.118224][T10450] lookup_open.isra.0+0x4d7/0x1580 [ 414.118286][T10450] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 414.118355][T10450] ? mnt_get_write_access+0x20c/0x300 [ 414.118403][T10450] path_openat+0x905/0x2d40 [ 414.118450][T10450] ? __pfx_path_openat+0x10/0x10 [ 414.118493][T10450] do_filp_open+0x20b/0x470 [ 414.118524][T10450] ? __pfx_do_filp_open+0x10/0x10 [ 414.118568][T10450] ? __pfx_kfree_link+0x10/0x10 [ 414.118621][T10450] ? alloc_fd+0x471/0x7d0 [ 414.118682][T10450] do_sys_openat2+0x11b/0x1d0 [ 414.118723][T10450] ? __pfx_do_sys_openat2+0x10/0x10 [ 414.118766][T10450] ? find_held_lock+0x2b/0x80 [ 414.118806][T10450] __x64_sys_openat+0x174/0x210 [ 414.118849][T10450] ? __pfx___x64_sys_openat+0x10/0x10 [ 414.118894][T10450] ? rcu_is_watching+0x12/0xc0 [ 414.118935][T10450] do_syscall_64+0xcd/0x230 [ 414.118982][T10450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.119014][T10450] RIP: 0033:0x7fe895f8d2d0 [ 414.119039][T10450] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 414.119069][T10450] RSP: 002b:00007fe893df5f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 414.119097][T10450] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe895f8d2d0 [ 414.119117][T10450] RDX: 0000000000000002 RSI: 00007fe893df5fa0 RDI: 00000000ffffff9c [ 414.119135][T10450] RBP: 00007fe893df5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 414.119152][T10450] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 414.119170][T10450] R13: 0000000000000000 R14: 00007fe8961b5fa0 R15: 00007ffe798213e8 [ 414.119211][T10450] [ 414.402104][ C1] vkms_vblank_simulate: vblank timer overrun [ 415.484298][T10473] netlink: 'syz.0.972': attribute type 10 has an invalid length. [ 415.520346][T10473] netlink: 230 bytes leftover after parsing attributes in process `syz.0.972'. [ 416.858443][T10481] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[10481] [ 421.230887][T10561] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[10561] [ 422.358895][T10592] can: request_module (can-proto-0) failed. [ 422.392621][T10592] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input13 [ 422.667237][T10604] FAULT_INJECTION: forcing a failure. [ 422.667237][T10604] name failslab, interval 1, probability 0, space 0, times 0 [ 422.720032][T10604] CPU: 1 UID: 0 PID: 10604 Comm: syz.2.1006 Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 422.720076][T10604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 422.720095][T10604] Call Trace: [ 422.720105][T10604] [ 422.720116][T10604] dump_stack_lvl+0x16c/0x1f0 [ 422.720183][T10604] should_fail_ex+0x512/0x640 [ 422.720227][T10604] ? fs_reclaim_acquire+0xae/0x150 [ 422.720277][T10604] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 422.720322][T10604] should_failslab+0xc2/0x120 [ 422.720369][T10604] __kmalloc_noprof+0xd2/0x510 [ 422.720413][T10604] tomoyo_realpath_from_path+0xc2/0x6e0 [ 422.720462][T10604] ? tomoyo_profile+0x47/0x60 [ 422.720516][T10604] tomoyo_path_number_perm+0x245/0x580 [ 422.720551][T10604] ? tomoyo_path_number_perm+0x237/0x580 [ 422.720592][T10604] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 422.720633][T10604] ? find_held_lock+0x2b/0x80 [ 422.720700][T10604] ? find_held_lock+0x2b/0x80 [ 422.720730][T10604] ? hook_file_ioctl_common+0x145/0x410 [ 422.720774][T10604] ? __fget_files+0x20e/0x3c0 [ 422.720831][T10604] security_file_ioctl+0x9b/0x240 [ 422.720873][T10604] __x64_sys_ioctl+0xb7/0x200 [ 422.720921][T10604] do_syscall_64+0xcd/0x230 [ 422.720968][T10604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.720999][T10604] RIP: 0033:0x7f6bba78e969 [ 422.721023][T10604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.721057][T10604] RSP: 002b:00007f6bbb5fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.721086][T10604] RAX: ffffffffffffffda RBX: 00007f6bba9b6080 RCX: 00007f6bba78e969 [ 422.721106][T10604] RDX: 0000200000000180 RSI: 00000000c4c85513 RDI: 0000000000000004 [ 422.721125][T10604] RBP: 00007f6bbb5fc090 R08: 0000000000000000 R09: 0000000000000000 [ 422.721144][T10604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.721162][T10604] R13: 0000000000000000 R14: 00007f6bba9b6080 R15: 00007ffe607fb1d8 [ 422.721201][T10604] [ 422.721273][T10604] ERROR: Out of memory at tomoyo_realpath_from_path. [ 423.923567][T10617] Invalid ELF header magic: != ELF [ 424.008557][T10629] zswap: compressor Ȯ9Qz%;0*lH`Bkjwjӳ<85'.Y[`2Y$`Yvgִq"b%zN[O EiFi(Sh3Kx>ԝRS=kHɟ{?Bbޝ4)> not available [ 424.087741][T10631] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k/[k [ 429.306833][T10722] dump_stack_lvl+0x16c/0x1f0 [ 429.306878][T10722] should_fail_ex+0x512/0x640 [ 429.306920][T10722] should_failslab+0xc2/0x120 [ 429.306954][T10722] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 429.306986][T10722] ? zswap_store+0x839/0x25c0 [ 429.307031][T10722] zswap_store+0x839/0x25c0 [ 429.307086][T10722] ? find_held_lock+0x2b/0x80 [ 429.307118][T10722] ? __pfx_zswap_store+0x10/0x10 [ 429.307157][T10722] ? do_raw_spin_lock+0x12c/0x2b0 [ 429.307196][T10722] ? find_held_lock+0x2b/0x80 [ 429.307221][T10722] ? folio_free_swap+0x171/0x580 [ 429.307255][T10722] ? do_raw_spin_unlock+0x172/0x230 [ 429.307294][T10722] ? swp_swap_info+0xce/0x130 [ 429.307327][T10722] ? __pfx_swp_swap_info+0x10/0x10 [ 429.307370][T10722] swap_writepage+0x3bd/0x1170 [ 429.307422][T10722] ? folio_clear_dirty_for_io+0x112/0x810 [ 429.307482][T10722] pageout+0x3b0/0xa90 [ 429.307510][T10722] ? __pfx_pageout+0x10/0x10 [ 429.307573][T10722] ? __pfx_try_to_unmap_one+0x10/0x10 [ 429.307599][T10722] ? __pfx_folio_not_mapped+0x10/0x10 [ 429.307646][T10722] ? __pfx_folio_lock_anon_vma_read+0x10/0x10 [ 429.307679][T10722] ? noop_dirty_folio+0x96/0xb0 [ 429.307721][T10722] shrink_folio_list+0x2f27/0x40e0 [ 429.307763][T10722] ? __pfx_shrink_folio_list+0x10/0x10 [ 429.307883][T10722] ? __lock_acquire+0x5ca/0x1ba0 [ 429.307933][T10722] ? __lock_acquire+0x5ca/0x1ba0 [ 429.308008][T10722] reclaim_folio_list+0xd7/0x5d0 [ 429.308042][T10722] ? cgroup_rstat_updated+0x2a/0xb20 [ 429.308107][T10722] ? __pfx_reclaim_folio_list+0x10/0x10 [ 429.308154][T10722] ? lru_gen_update_size+0x543/0xe10 [ 429.308191][T10722] ? lru_gen_del_folio+0x32b/0x540 [ 429.308221][T10722] reclaim_pages+0x47b/0x650 [ 429.308256][T10722] ? __pfx_reclaim_pages+0x10/0x10 [ 429.308284][T10722] ? find_held_lock+0x2b/0x80 [ 429.308309][T10722] ? madvise_cold_or_pageout_pte_range+0x601/0x20f0 [ 429.308355][T10722] madvise_cold_or_pageout_pte_range+0x13a9/0x20f0 [ 429.308409][T10722] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 429.308466][T10722] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 429.308506][T10722] walk_pgd_range+0xba7/0x1a90 [ 429.308550][T10722] ? mt_find+0x3ef/0xa30 [ 429.308599][T10722] ? __pfx_walk_pgd_range+0x10/0x10 [ 429.308636][T10722] ? folios_put_refs+0x5ce/0x740 [ 429.308675][T10722] __walk_page_range+0x163/0x820 [ 429.308711][T10722] ? find_vma+0xbf/0x140 [ 429.308747][T10722] ? __pfx_find_vma+0x10/0x10 [ 429.308787][T10722] ? walk_page_test+0x9b/0x180 [ 429.308821][T10722] walk_page_range_mm+0x54d/0x8a0 [ 429.308860][T10722] ? __pfx_walk_page_range_mm+0x10/0x10 [ 429.308900][T10722] ? find_held_lock+0x2b/0x80 [ 429.308926][T10722] ? mlock_drain_local+0x22d/0x4f0 [ 429.308961][T10722] walk_page_range+0x63/0x90 [ 429.308997][T10722] madvise_pageout+0x316/0x800 [ 429.309036][T10722] ? __pfx_madvise_pageout+0x10/0x10 [ 429.309098][T10722] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 429.309143][T10722] madvise_vma_behavior+0x416/0x1d50 [ 429.309188][T10722] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 429.309227][T10722] ? find_vma_prev+0xda/0x160 [ 429.309275][T10722] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 429.309312][T10722] ? find_vma+0xbf/0x140 [ 429.309351][T10722] ? __pfx_find_vma+0x10/0x10 [ 429.309408][T10722] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 429.309443][T10722] madvise_walk_vmas+0x1ce/0x2c0 [ 429.309481][T10722] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 429.309525][T10722] madvise_do_behavior+0x12b/0x3b0 [ 429.309560][T10722] ? __pfx___might_resched+0x10/0x10 [ 429.309590][T10722] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 429.309628][T10722] ? __pfx_madvise_do_behavior+0x10/0x10 [ 429.309674][T10722] ? fput+0x70/0xf0 [ 429.309712][T10722] do_madvise+0x10b/0x170 [ 429.309749][T10722] __x64_sys_madvise+0xa9/0x110 [ 429.309785][T10722] ? lockdep_hardirqs_on+0x7c/0x110 [ 429.309820][T10722] do_syscall_64+0xcd/0x230 [ 429.309861][T10722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.309887][T10722] RIP: 0033:0x7f2ee9f8e969 [ 429.309910][T10722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.309934][T10722] RSP: 002b:00007f2eeae04038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 429.309959][T10722] RAX: ffffffffffffffda RBX: 00007f2eea1b5fa0 RCX: 00007f2ee9f8e969 [ 429.309976][T10722] RDX: 0000000000000015 RSI: ffffffffffff0001 RDI: 0000000000000000 [ 429.309992][T10722] RBP: 00007f2eeae04090 R08: 0000000000000000 R09: 0000000000000000 [ 429.310007][T10722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 429.310022][T10722] R13: 0000000000000001 R14: 00007f2eea1b5fa0 R15: 00007ffdf3cb4c58 [ 429.310054][T10722] [ 432.031723][T10764] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k [ 445.946719][T11031] dump_stack_lvl+0x16c/0x1f0 [ 445.946768][T11031] should_fail_ex+0x512/0x640 [ 445.946812][T11031] ? fs_reclaim_acquire+0xae/0x150 [ 445.946861][T11031] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 445.946903][T11031] should_failslab+0xc2/0x120 [ 445.946941][T11031] __kmalloc_noprof+0xd2/0x510 [ 445.946984][T11031] tomoyo_realpath_from_path+0xc2/0x6e0 [ 445.947029][T11031] ? tomoyo_profile+0x47/0x60 [ 445.947082][T11031] tomoyo_path_number_perm+0x245/0x580 [ 445.947118][T11031] ? tomoyo_path_number_perm+0x237/0x580 [ 445.947159][T11031] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 445.947199][T11031] ? find_held_lock+0x2b/0x80 [ 445.947267][T11031] ? find_held_lock+0x2b/0x80 [ 445.947296][T11031] ? hook_file_ioctl_common+0x145/0x410 [ 445.947339][T11031] ? __fget_files+0x20e/0x3c0 [ 445.947396][T11031] security_file_ioctl+0x9b/0x240 [ 445.947463][T11031] __x64_sys_ioctl+0xb7/0x200 [ 445.947514][T11031] do_syscall_64+0xcd/0x230 [ 445.947562][T11031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.947593][T11031] RIP: 0033:0x7f2ee9f8e969 [ 445.947617][T11031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 445.947647][T11031] RSP: 002b:00007f2eeae04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 445.947675][T11031] RAX: ffffffffffffffda RBX: 00007f2eea1b5fa0 RCX: 00007f2ee9f8e969 [ 445.947693][T11031] RDX: 0000000000000000 RSI: 0000000040047459 RDI: 0000000000000003 [ 445.947762][T11031] RBP: 00007f2eeae04090 R08: 0000000000000000 R09: 0000000000000000 [ 445.947778][T11031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 445.947795][T11031] R13: 0000000000000000 R14: 00007f2eea1b5fa0 R15: 00007ffdf3cb4c58 [ 445.947829][T11031] [ 445.948339][T11031] ERROR: Out of memory at tomoyo_realpath_from_path. [ 446.607706][T11044] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1118'. [ 447.815779][T11075] FAULT_INJECTION: forcing a failure. [ 447.815779][T11075] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 447.866580][T11075] CPU: 1 UID: 0 PID: 11075 Comm: syz.0.1128 Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 447.866623][T11075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 447.866641][T11075] Call Trace: [ 447.866651][T11075] [ 447.866663][T11075] dump_stack_lvl+0x16c/0x1f0 [ 447.866712][T11075] should_fail_ex+0x512/0x640 [ 447.866763][T11075] _copy_to_iter+0x477/0x15a0 [ 447.866823][T11075] ? __pfx__copy_to_iter+0x10/0x10 [ 447.866879][T11075] ? seq_read_iter+0x826/0x12c0 [ 447.866935][T11075] seq_read_iter+0xcf8/0x12c0 [ 447.866999][T11075] seq_read+0x39e/0x4e0 [ 447.867044][T11075] ? __pfx_seq_read+0x10/0x10 [ 447.867093][T11075] ? get_pid_task+0xfc/0x250 [ 447.867157][T11075] full_proxy_read+0x13c/0x200 [ 447.867189][T11075] ? __pfx_full_proxy_read+0x10/0x10 [ 447.867227][T11075] vfs_read+0x1de/0xc70 [ 447.867263][T11075] ? __pfx___mutex_lock+0x10/0x10 [ 447.867319][T11075] ? __pfx_vfs_read+0x10/0x10 [ 447.867361][T11075] ? __fget_files+0x20e/0x3c0 [ 447.867421][T11075] ksys_read+0x12a/0x240 [ 447.867450][T11075] ? __pfx_ksys_read+0x10/0x10 [ 447.867495][T11075] do_syscall_64+0xcd/0x230 [ 447.867542][T11075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.867574][T11075] RIP: 0033:0x7fceb3d8e969 [ 447.867599][T11075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.867628][T11075] RSP: 002b:00007fceb4bfa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 447.867657][T11075] RAX: ffffffffffffffda RBX: 00007fceb3fb5fa0 RCX: 00007fceb3d8e969 [ 447.867678][T11075] RDX: 000000000000001a RSI: 0000200000000040 RDI: 0000000000000003 [ 447.867696][T11075] RBP: 00007fceb4bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 447.867714][T11075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.867733][T11075] R13: 0000000000000000 R14: 00007fceb3fb5fa0 R15: 00007ffe82720418 [ 447.867774][T11075] [ 448.406204][T11057] kexec: Could not allocate control_code_buffer [ 448.525583][T11086] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k [ 448.816078][T11087] dump_stack_lvl+0x16c/0x1f0 [ 448.816133][T11087] should_fail_ex+0x512/0x640 [ 448.816176][T11087] ? fs_reclaim_acquire+0xae/0x150 [ 448.816226][T11087] ? tomoyo_encode2+0x100/0x3e0 [ 448.816266][T11087] should_failslab+0xc2/0x120 [ 448.816400][T11087] __kmalloc_noprof+0xd2/0x510 [ 448.816439][T11087] ? d_absolute_path+0x136/0x1a0 [ 448.816482][T11087] tomoyo_encode2+0x100/0x3e0 [ 448.816529][T11087] tomoyo_encode+0x29/0x50 [ 448.816577][T11087] tomoyo_realpath_from_path+0x18f/0x6e0 [ 448.816630][T11087] tomoyo_path_number_perm+0x245/0x580 [ 448.816666][T11087] ? tomoyo_path_number_perm+0x237/0x580 [ 448.816706][T11087] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 448.816745][T11087] ? find_held_lock+0x2b/0x80 [ 448.816815][T11087] ? find_held_lock+0x2b/0x80 [ 448.816844][T11087] ? hook_file_ioctl_common+0x145/0x410 [ 448.816888][T11087] ? __fget_files+0x20e/0x3c0 [ 448.816947][T11087] security_file_ioctl+0x9b/0x240 [ 448.816987][T11087] __x64_sys_ioctl+0xb7/0x200 [ 448.817032][T11087] do_syscall_64+0xcd/0x230 [ 448.817076][T11087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.817105][T11087] RIP: 0033:0x7fe895f8e969 [ 448.817129][T11087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.817156][T11087] RSP: 002b:00007fe893df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 448.817183][T11087] RAX: ffffffffffffffda RBX: 00007fe8961b5fa0 RCX: 00007fe895f8e969 [ 448.817203][T11087] RDX: 0000000000000000 RSI: 0000000040047459 RDI: 0000000000000003 [ 448.817222][T11087] RBP: 00007fe893df6090 R08: 0000000000000000 R09: 0000000000000000 [ 448.817241][T11087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 448.817258][T11087] R13: 0000000000000000 R14: 00007fe8961b5fa0 R15: 00007ffe798213e8 [ 448.817300][T11087] [ 449.133639][T11087] ERROR: Out of memory at tomoyo_realpath_from_path. [ 449.509001][T11101] random: crng reseeded on system resumption [ 449.710000][T11110] FAULT_INJECTION: forcing a failure. [ 449.710000][T11110] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 449.729525][T11110] CPU: 0 UID: 0 PID: 11110 Comm: syz.0.1139 Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 449.729571][T11110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 449.729588][T11110] Call Trace: [ 449.729598][T11110] [ 449.729610][T11110] dump_stack_lvl+0x16c/0x1f0 [ 449.729658][T11110] should_fail_ex+0x512/0x640 [ 449.729711][T11110] _copy_to_user+0x32/0xd0 [ 449.729764][T11110] simple_read_from_buffer+0xcb/0x170 [ 449.729816][T11110] proc_fail_nth_read+0x197/0x270 [ 449.729863][T11110] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 449.729926][T11110] ? rw_verify_area+0xcf/0x680 [ 449.729972][T11110] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 449.730018][T11110] vfs_read+0x1de/0xc70 [ 449.730054][T11110] ? __pfx___mutex_lock+0x10/0x10 [ 449.730097][T11110] ? __pfx_vfs_read+0x10/0x10 [ 449.730148][T11110] ? __fget_files+0x20e/0x3c0 [ 449.730210][T11110] ksys_read+0x12a/0x240 [ 449.730239][T11110] ? __pfx_ksys_read+0x10/0x10 [ 449.730267][T11110] ? rcu_is_watching+0x12/0xc0 [ 449.730308][T11110] do_syscall_64+0xcd/0x230 [ 449.730355][T11110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.730386][T11110] RIP: 0033:0x7fceb3d8d37c [ 449.730411][T11110] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 449.730440][T11110] RSP: 002b:00007fceb4bfa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 449.730469][T11110] RAX: ffffffffffffffda RBX: 00007fceb3fb5fa0 RCX: 00007fceb3d8d37c [ 449.730489][T11110] RDX: 000000000000000f RSI: 00007fceb4bfa0a0 RDI: 0000000000000004 [ 449.730507][T11110] RBP: 00007fceb4bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 449.730526][T11110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 449.730544][T11110] R13: 0000000000000000 R14: 00007fceb3fb5fa0 R15: 00007ffe82720418 [ 449.730585][T11110]                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           syzkaller syzkaller login: [ 603.531383][T13713] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[13713] [ 603.564652][T13712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1757'. [ 604.081656][T13718] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[13718] [ 604.554239][T13724] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k/[k/[k [ 621.524547][T14071] dump_stack_lvl+0x16c/0x1f0 [ 621.524599][T14071] should_fail_ex+0x512/0x640 [ 621.524644][T14071] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 621.524703][T14071] should_failslab+0xc2/0x120 [ 621.524744][T14071] __kmalloc_cache_noprof+0x6a/0x3e0 [ 621.524796][T14071] ? alloc_netdev_mqs+0xf3a/0x1570 [ 621.524843][T14071] alloc_netdev_mqs+0xf3a/0x1570 [ 621.524892][T14071] slip_open+0x35c/0x1150 [ 621.524935][T14071] ? __pfx___might_resched+0x10/0x10 [ 621.524970][T14071] ? __pfx_n_tty_close+0x10/0x10 [ 621.525016][T14071] ? find_held_lock+0x2b/0x80 [ 621.525045][T14071] ? __pfx_slip_open+0x10/0x10 [ 621.525087][T14071] ? down_write+0x14d/0x200 [ 621.525141][T14071] ? __pfx_slip_open+0x10/0x10 [ 621.525197][T14071] tty_ldisc_open+0x9c/0x120 [ 621.525232][T14071] tty_set_ldisc+0x32b/0x780 [ 621.525274][T14071] tty_ioctl+0xc42/0x1610 [ 621.525314][T14071] ? __pfx_tty_ioctl+0x10/0x10 [ 621.525366][T14071] ? __sys_sendmsg+0x199/0x220 [ 621.525400][T14071] ? hook_file_ioctl_common+0x145/0x410 [ 621.525448][T14071] ? xfd_validate_state+0x5d/0x180 [ 621.525506][T14071] ? __pfx_tty_ioctl+0x10/0x10 [ 621.525546][T14071] __x64_sys_ioctl+0x190/0x200 [ 621.525596][T14071] do_syscall_64+0xcd/0x230 [ 621.525646][T14071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.525678][T14071] RIP: 0033:0x7f6bba78e969 [ 621.525705][T14071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.525738][T14071] RSP: 002b:00007f6bbb61d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.525769][T14071] RAX: ffffffffffffffda RBX: 00007f6bba9b5fa0 RCX: 00007f6bba78e969 [ 621.525790][T14071] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000001 [ 621.525810][T14071] RBP: 00007f6bba810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 621.525830][T14071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.525849][T14071] R13: 0000000000000000 R14: 00007f6bba9b5fa0 R15: 00007ffe607fb1d8 [ 621.525894][T14071] [ 621.734597][T14079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1841'. [ 622.296974][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 622.600769][T14101] netlink: 'syz.0.1846': attribute type 1 has an invalid length. [ 622.754084][T14104] netlink: 'syz.0.1846': attribute type 1 has an invalid length. [ 622.762593][T14101] FAULT_INJECTION: forcing a failure. [ 622.762593][T14101] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 622.768181][T14086] ptrace attach of "./syz-executor exec"[6435] was attempted by "./syz-executor exec"[14086] [ 622.788805][T14101] CPU: 0 UID: 0 PID: 14101 Comm: syz.0.1846 Not tainted 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 622.788846][T14101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 622.788862][T14101] Call Trace: [ 622.788871][T14101] [ 622.788880][T14101] dump_stack_lvl+0x16c/0x1f0 [ 622.788923][T14101] should_fail_ex+0x512/0x640 [ 622.788965][T14101] _copy_to_iter+0x2a4/0x15a0 [ 622.789010][T14101] ? chacha_block_generic+0x189/0x260 [ 622.789046][T14101] ? __pfx__copy_to_iter+0x10/0x10 [ 622.789093][T14101] ? lockdep_hardirqs_on+0x7c/0x110 [ 622.789128][T14101] ? crng_make_state+0x48e/0x6d0 [ 622.789168][T14101] get_random_bytes_user+0x17f/0x3c0 [ 622.789209][T14101] ? __pfx_get_random_bytes_user+0x10/0x10 [ 622.789253][T14101] ? do_futex+0x122/0x350 [ 622.789290][T14101] ? import_ubuf+0x1b6/0x220 [ 622.789336][T14101] __x64_sys_getrandom+0x183/0x290 [ 622.789377][T14101] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 622.789417][T14101] ? xfd_validate_state+0x5d/0x180 [ 622.789461][T14101] ? rcu_is_watching+0x12/0xc0 [ 622.789494][T14101] do_syscall_64+0xcd/0x230 [ 622.789537][T14101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.789563][T14101] RIP: 0033:0x7fceb3d8e969 [ 622.789583][T14101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.789609][T14101] RSP: 002b:00007fceb4bfa038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 622.789633][T14101] RAX: ffffffffffffffda RBX: 00007fceb3fb5fa0 RCX: 00007fceb3d8e969 [ 622.789650][T14101] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 622.789666][T14101] RBP: 00007fceb3e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 622.789682][T14101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 622.789697][T14101] R13: 0000000000000000 R14: 00007fceb3fb5fa0 R15: 00007ffe82720418 [ 622.789729][T14101] [ 623.121227][T14102] bond0: left allmulticast mode [ 623.127321][T14102] bond_slave_0: left allmulticast mode [ 623.133135][T14102] bond0: left promiscuous mode [ 623.138234][T14102] bond_slave_0: left promiscuous mode [ 623.145089][T14102] bridge0: port 3(bond0) entered disabled state [ 623.159100][T14112] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1848'. [ 623.364701][T14116] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1849'. [ 623.393708][T14116] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1849'. [ 623.540526][T14118] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7f28c6122 pfn:0x78400 [ 623.628912][T14118] flags: 0xfff18000000004(referenced|node=0|zone=1|lastcpupid=0x7ff) [ 623.700034][T14118] raw: 00fff18000000004 0000000000000000 dead000000000122 0000000000000000 [ 623.739445][T14118] raw: 00000007f28c6122 0000000000000000 00000001ffffffff 0000000000000000 [ 623.753505][T14118] page dumped because: unmovable page [ 623.762924][T14118] page_owner tracks the page as allocated [ 623.814147][T14118] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5826, tgid 5826 (syz-executor), ts 107755046783, free_ts 107203913094 [ 623.836014][T14118] post_alloc_hook+0x181/0x1b0 [ 623.842308][T14118] get_page_from_freelist+0x135c/0x3920 [ 623.849699][T14118] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 623.856035][T14118] alloc_pages_mpol+0x1fb/0x550 [ 623.861497][T14118] alloc_pages_noprof+0x131/0x390 [ 623.867116][T14118] __vmalloc_node_range_noprof+0x732/0x1540 [ 623.873375][T14118] vmalloc_user_noprof+0x6b/0x90 [ 623.879061][T14118] kcov_ioctl+0x4c/0x730 [ 623.883567][T14118] __x64_sys_ioctl+0x190/0x200 [ 623.889101][T14118] do_syscall_64+0xcd/0x230 [ 623.893849][T14118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.900713][T14118] page last free pid 5819 tgid 5819 stack trace: [ 623.908392][T14118] free_unref_folios+0x999/0x1630 [ 623.913737][T14118] folios_put_refs+0x56f/0x740 [ 623.931691][T14118] free_pages_and_swap_cache+0x245/0x4a0 [ 623.937662][T14118] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 623.945020][T14118] tlb_finish_mmu+0x168/0x7b0 [ 623.952003][T14118] vms_clear_ptes+0x55e/0x770 [ 623.954482][T14125] rnbd_client L213: map_device: Parameters missing [ 623.957020][T14118] vms_complete_munmap_vmas+0x1ca/0x970 [ 623.971737][T14118] do_vmi_align_munmap+0x43b/0x7d0 [ 623.977348][T14118] do_vmi_munmap+0x208/0x3e0 [ 623.982830][T14118] __vm_munmap+0x19a/0x390 [ 623.990216][T14118] __x64_sys_munmap+0x59/0x80 [ 623.995377][T14118] do_syscall_64+0xcd/0x230 [ 624.000916][T14118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.037564][T14153] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7f28c6122 pfn:0x78400 [ 626.127732][T14153] flags: 0xfff18000000004(referenced|node=0|zone=1|lastcpupid=0x7ff) [ 626.135953][T14153] raw: 00fff18000000004 0000000000000000 dead000000000122 0000000000000000 [ 626.234662][T14153] raw: 00000007f28c6122 0000000000000000 00000001ffffffff 0000000000000000 [ 626.243417][T14157] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1860'. [ 626.248063][T14157] device-mapper: ioctl: Unable to rename non-existent device,  to [ 626.272915][T14153] page dumped because: unmovable page [ 626.297638][T14153] page_owner tracks the page as allocated [ 626.303785][T14153] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5826, tgid 5826 (syz-executor), ts 107755046783, free_ts 107203913094 [ 626.367625][T14153] post_alloc_hook+0x181/0x1b0 [ 626.372599][T14153] get_page_from_freelist+0x135c/0x3920 [ 626.379150][T14153] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 626.385236][T14153] alloc_pages_mpol+0x1fb/0x550 [ 626.390856][T14153] alloc_pages_noprof+0x131/0x390 [ 626.396064][T14153] __vmalloc_node_range_noprof+0x732/0x1540 [ 626.403658][T14153] vmalloc_user_noprof+0x6b/0x90 [ 626.409118][T14153] kcov_ioctl+0x4c/0x730 [ 626.413779][T14153] __x64_sys_ioctl+0x190/0x200 [ 626.419277][T14153] do_syscall_64+0xcd/0x230 [ 626.424185][T14153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.432743][T14153] page last free pid 5819 tgid 5819 stack trace: [ 626.441711][T14153] free_unref_folios+0x999/0x1630 [ 626.450061][T14153] folios_put_refs+0x56f/0x740 [ 626.456095][T14153] free_pages_and_swap_cache+0x245/0x4a0 [ 626.463031][T14153] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 626.511879][T14136] ptrace attach of "./syz-executor exec"[6435] was attempted by "./syz-executor exec"[14136] [ 626.526689][T14153] tlb_finish_mmu+0x168/0x7b0 [ 626.535415][T14153] vms_clear_ptes+0x55e/0x770 [ 626.553859][T14153] vms_complete_munmap_vmas+0x1ca/0x970 [ 626.560222][T14153] do_vmi_align_munmap+0x43b/0x7d0 [ 626.565822][T14153] do_vmi_munmap+0x208/0x3e0 [ 626.571079][T14153] __vm_munmap+0x19a/0x390 [ 626.575666][T14153] __x64_sys_munmap+0x59/0x80 [ 626.581138][T14153] do_syscall_64+0xcd/0x230 [ 626.586046][T14153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.062076][ T5876] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 628.066645][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 629.583102][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.592887][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.440127][T14205] zero sized request [ 631.541138][T14223] rnbd_client L213: map_device: Parameters missing [ 632.289089][T14230] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[14230] [ 635.493703][T14284] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1887'. [ 636.189357][ T5876] smpboot: CPU 1 is now offline [ 636.633919][T14303] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1892'. [ 636.771026][T14303] Process accounting resumed [ 637.184452][T14320] svc: failed to register nfsdv3 RPC service (errno 101). [ 637.211478][T14320] svc: failed to register nfsaclv3 RPC service (errno 101). [ 639.932922][T14327] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[14327] [ 642.681239][T14378] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[14378] [ 643.177469][T14385] Setting dangerous option i915.mitigations - tainting kernel [ 643.404114][T14393] Line length is too long: Should be less than 4094 [ 644.471387][T14376] nbd: socks must be embedded in a SOCK_ITEM attr [ 644.512755][T14376] block nbd0: shutting down sockets [ 645.070482][T14409] snd_virmidi snd_virmidi.0: control 5:9:1:IA>/[k/[k/[k/[k/[k [ 672.439530][T14925] dump_stack_lvl+0x16c/0x1f0 [ 672.439569][T14925] should_fail_ex+0x512/0x640 [ 672.439606][T14925] _copy_from_user+0x2e/0xd0 [ 672.439641][T14925] __sys_bpf+0x21d/0x4d80 [ 672.439676][T14925] ? __pfx___sys_bpf+0x10/0x10 [ 672.439708][T14925] ? ksys_write+0x190/0x240 [ 672.439733][T14925] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 672.439781][T14925] ? fput+0x70/0xf0 [ 672.439806][T14925] ? ksys_write+0x1b9/0x240 [ 672.439825][T14925] ? __pfx_ksys_write+0x10/0x10 [ 672.439845][T14925] ? rcu_is_watching+0x12/0xc0 [ 672.439870][T14925] __x64_sys_bpf+0x78/0xc0 [ 672.439905][T14925] ? lockdep_hardirqs_on+0x7c/0x110 [ 672.439935][T14925] do_syscall_64+0xcd/0x230 [ 672.439970][T14925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.439994][T14925] RIP: 0033:0x7f6bba78e969 [ 672.440013][T14925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.440035][T14925] RSP: 002b:00007f6bbb61d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 672.440067][T14925] RAX: ffffffffffffffda RBX: 00007f6bba9b5fa0 RCX: 00007f6bba78e969 [ 672.440083][T14925] RDX: 0000000000000210 RSI: 0000200000000680 RDI: 0000000000000000 [ 672.440097][T14925] RBP: 00007f6bbb61d090 R08: 0000000000000000 R09: 0000000000000000 [ 672.440111][T14925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 672.440124][T14925] R13: 0000000000000000 R14: 00007f6bba9b5fa0 R15: 00007ffe607fb1d8 [ 672.440153][T14925] [ 673.775669][T14948] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2027'. [ 674.962480][T14969] FAULT_INJECTION: forcing a failure. [ 674.962480][T14969] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 675.015673][T14969] CPU: 0 UID: 0 PID: 14969 Comm: syz.2.2033 Tainted: G U 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 675.015712][T14969] Tainted: [U]=USER [ 675.015720][T14969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 675.015734][T14969] Call Trace: [ 675.015741][T14969] [ 675.015750][T14969] dump_stack_lvl+0x16c/0x1f0 [ 675.015787][T14969] should_fail_ex+0x512/0x640 [ 675.015825][T14969] _copy_to_user+0x32/0xd0 [ 675.015863][T14969] simple_read_from_buffer+0xcb/0x170 [ 675.015910][T14969] proc_fail_nth_read+0x197/0x270 [ 675.015944][T14969] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 675.015979][T14969] ? rw_verify_area+0xcf/0x680 [ 675.016013][T14969] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 675.016046][T14969] vfs_read+0x1de/0xc70 [ 675.016071][T14969] ? __pfx___mutex_lock+0x10/0x10 [ 675.016105][T14969] ? __pfx_vfs_read+0x10/0x10 [ 675.016134][T14969] ? __fget_files+0x20e/0x3c0 [ 675.016179][T14969] ksys_read+0x12a/0x240 [ 675.016200][T14969] ? __pfx_ksys_read+0x10/0x10 [ 675.016219][T14969] ? rcu_is_watching+0x12/0xc0 [ 675.016249][T14969] do_syscall_64+0xcd/0x230 [ 675.016284][T14969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.016312][T14969] RIP: 0033:0x7f6bba78d37c [ 675.016330][T14969] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 675.016353][T14969] RSP: 002b:00007f6bbb61d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 675.016375][T14969] RAX: ffffffffffffffda RBX: 00007f6bba9b5fa0 RCX: 00007f6bba78d37c [ 675.016390][T14969] RDX: 000000000000000f RSI: 00007f6bbb61d0a0 RDI: 0000000000000004 [ 675.016404][T14969] RBP: 00007f6bbb61d090 R08: 0000000000000000 R09: 0000000000000000 [ 675.016418][T14969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 675.016432][T14969] R13: 0000000000000000 R14: 00007f6bba9b5fa0 R15: 00007ffe607fb1d8 [ 675.016461][T14969] [ 675.233778][T14971] synth uevent: /bus/hid/drivers/zeroplus: unknown uevent action string [ 676.166402][T14988] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7f28c6122 pfn:0x78400 [ 676.196879][T14988] flags: 0xfff18000000204(referenced|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 676.258350][T14988] raw: 00fff18000000204 0000000000000000 dead000000000122 0000000000000000 [ 676.430843][T14988] raw: 00000007f28c6122 0000000000000000 00000001ffffffff 0000000000000000 [ 676.502158][T14988] page dumped because: unmovable page [ 676.538120][T14988] page_owner tracks the page as allocated [ 676.545316][T14991] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2041'. [ 676.571514][T14988] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5826, tgid 5826 (syz-executor), ts 107755046783, free_ts 107203913094 [ 676.659526][T14988] post_alloc_hook+0x181/0x1b0 [ 676.692833][T14988] get_page_from_freelist+0x135c/0x3920 [ 676.711577][T14988] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 676.754633][T14988] alloc_pages_mpol+0x1fb/0x550 [ 676.772993][T14988] alloc_pages_noprof+0x131/0x390 [ 676.805324][T14988] __vmalloc_node_range_noprof+0x732/0x1540 [ 676.825495][T14988] vmalloc_user_noprof+0x6b/0x90 [ 676.854138][T14988] kcov_ioctl+0x4c/0x730 [ 676.880032][T14988] __x64_sys_ioctl+0x190/0x200 [ 676.905420][T14988] do_syscall_64+0xcd/0x230 [ 676.939457][T14988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.976474][T14988] page last free pid 5819 tgid 5819 stack trace: [ 677.003297][T14988] free_unref_folios+0x999/0x1630 [ 677.026838][T14988] folios_put_refs+0x56f/0x740 [ 677.052526][T14988] free_pages_and_swap_cache+0x245/0x4a0 [ 677.076595][T14988] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 677.107643][T14988] tlb_finish_mmu+0x168/0x7b0 [ 677.137029][T14988] vms_clear_ptes+0x55e/0x770 [ 677.176656][T14988] vms_complete_munmap_vmas+0x1ca/0x970 [ 677.182374][T14988] do_vmi_align_munmap+0x43b/0x7d0 [ 677.239185][T14988] do_vmi_munmap+0x208/0x3e0 [ 677.259367][T14988] __vm_munmap+0x19a/0x390 [ 677.263876][T14988] __x64_sys_munmap+0x59/0x80 [ 677.303711][T15007] FAULT_INJECTION: forcing a failure. [ 677.303711][T15007] name fail_futex, interval 1, probability 0, space 0, times 0 [ 677.334175][T14988] do_syscall_64+0xcd/0x230 [ 677.355736][T14988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.534941][T15007] CPU: 0 UID: 0 PID: 15007 Comm: syz.0.2042 Tainted: G U 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 677.534982][T15007] Tainted: [U]=USER [ 677.534990][T15007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 677.535004][T15007] Call Trace: [ 677.535011][T15007] [ 677.535022][T15007] dump_stack_lvl+0x16c/0x1f0 [ 677.535060][T15007] should_fail_ex+0x512/0x640 [ 677.535104][T15007] get_futex_key+0x49e/0x1000 [ 677.535132][T15007] ? __pfx_get_futex_key+0x10/0x10 [ 677.535159][T15007] ? find_held_lock+0x2b/0x80 [ 677.535187][T15007] futex_wait_setup+0x78/0x290 [ 677.535226][T15007] __futex_wait+0x266/0x3c0 [ 677.535259][T15007] ? __pfx___futex_wait+0x10/0x10 [ 677.535309][T15007] ? __pfx_futex_wake_mark+0x10/0x10 [ 677.535351][T15007] futex_wait+0xe8/0x380 [ 677.535380][T15007] ? __pfx_futex_wait+0x10/0x10 [ 677.535416][T15007] ? kmem_cache_free+0x2d4/0x4d0 [ 677.535439][T15007] ? find_held_lock+0x2b/0x80 [ 677.535458][T15007] ? putname+0x154/0x1a0 [ 677.535484][T15007] ? do_sys_openat2+0x1b0/0x1d0 [ 677.535518][T15007] do_futex+0x229/0x350 [ 677.535543][T15007] ? __pfx_do_futex+0x10/0x10 [ 677.535575][T15007] __x64_sys_futex+0x1e0/0x4c0 [ 677.535604][T15007] ? __pfx___x64_sys_futex+0x10/0x10 [ 677.535641][T15007] ? __task_pid_nr_ns+0x17c/0x500 [ 677.535682][T15007] do_syscall_64+0xcd/0x230 [ 677.535717][T15007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.535742][T15007] RIP: 0033:0x7fceb3d8e969 [ 677.535759][T15007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.535782][T15007] RSP: 002b:00007fceb4bfa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 677.535804][T15007] RAX: ffffffffffffffda RBX: 00007fceb3fb5fa8 RCX: 00007fceb3d8e969 [ 677.535820][T15007] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fceb3fb5fa8 [ 677.535834][T15007] RBP: 00007fceb3fb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 677.535848][T15007] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fceb3fb5fac [ 677.535862][T15007] R13: 0000000000000000 R14: 00007ffe82720330 R15: 00007ffe82720418 [ 677.535890][T15007] [ 678.097710][T15014] FAULT_INJECTION: forcing a failure. [ 678.097710][T15014] name failslab, interval 1, probability 0, space 0, times 0 [ 678.145045][T15014] CPU: 0 UID: 0 PID: 15014 Comm: syz.3.2044 Tainted: G U 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 678.145087][T15014] Tainted: [U]=USER [ 678.145094][T15014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 678.145108][T15014] Call Trace: [ 678.145116][T15014] [ 678.145124][T15014] dump_stack_lvl+0x16c/0x1f0 [ 678.145162][T15014] should_fail_ex+0x512/0x640 [ 678.145193][T15014] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 678.145235][T15014] should_failslab+0xc2/0x120 [ 678.145265][T15014] __kmalloc_cache_noprof+0x6a/0x3e0 [ 678.145302][T15014] ? rcu_is_watching+0x12/0xc0 [ 678.145324][T15014] ? s_start+0x7b/0x320 [ 678.145356][T15014] s_start+0x7b/0x320 [ 678.145387][T15014] traverse.part.0.constprop.0+0xac/0x640 [ 678.145433][T15014] seq_read_iter+0x932/0x12c0 [ 678.145479][T15014] seq_read+0x39e/0x4e0 [ 678.145512][T15014] ? __pfx_seq_read+0x10/0x10 [ 678.145546][T15014] ? get_pid_task+0xfc/0x250 [ 678.145591][T15014] ? rw_verify_area+0xcf/0x680 [ 678.145625][T15014] ? __pfx_seq_read+0x10/0x10 [ 678.145665][T15014] vfs_read+0x1de/0xc70 [ 678.145692][T15014] ? __pfx_vfs_read+0x10/0x10 [ 678.145711][T15014] ? find_held_lock+0x2b/0x80 [ 678.145733][T15014] ? __fget_files+0x204/0x3c0 [ 678.145775][T15014] ? __fget_files+0x20e/0x3c0 [ 678.145808][T15014] ? __fget_files+0x110/0x3c0 [ 678.145852][T15014] __x64_sys_pread64+0x1f4/0x250 [ 678.145876][T15014] ? __pfx___x64_sys_pread64+0x10/0x10 [ 678.145899][T15014] ? rcu_is_watching+0x12/0xc0 [ 678.145927][T15014] do_syscall_64+0xcd/0x230 [ 678.145963][T15014] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.145987][T15014] RIP: 0033:0x7fe895f8e969 [ 678.146005][T15014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.146028][T15014] RSP: 002b:00007fe893df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 678.146049][T15014] RAX: ffffffffffffffda RBX: 00007fe8961b5fa0 RCX: 00007fe895f8e969 [ 678.146064][T15014] RDX: 000000000000c404 RSI: 0000000000000000 RDI: 0000000000000003 [ 678.146078][T15014] RBP: 00007fe893df6090 R08: 0000000000000000 R09: 0000000000000000 [ 678.146092][T15014] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001 [ 678.146106][T15014] R13: 0000000000000000 R14: 00007fe8961b5fa0 R15: 00007ffe798213e8 [ 678.146135][T15014] [ 678.146158][T15014] [ 678.381481][T15014] ===================================== [ 678.387023][T15014] WARNING: bad unlock balance detected! [ 678.392603][T15014] 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 Tainted: G U [ 678.401274][T15014] ------------------------------------- [ 678.406811][T15014] syz.3.2044/15014 is trying to release lock (event_mutex) at: [ 678.414367][T15014] [] traverse.part.0.constprop.0+0x2bd/0x640 [ 678.422014][T15014] but there are no more locks to release! [ 678.427740][T15014] [ 678.427740][T15014] other info that might help us debug this: [ 678.435802][T15014] 1 lock held by syz.3.2044/15014: [ 678.440911][T15014] #0: ffff8880638d9c30 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0 [ 678.449827][T15014] [ 678.449827][T15014] stack backtrace: [ 678.455720][T15014] CPU: 0 UID: 0 PID: 15014 Comm: syz.3.2044 Tainted: G U 6.15.0-rc5-syzkaller-00043-gd76bb1ebb558 #0 PREEMPT(full) [ 678.455756][T15014] Tainted: [U]=USER [ 678.455763][T15014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 678.455777][T15014] Call Trace: [ 678.455785][T15014] [ 678.455794][T15014] dump_stack_lvl+0x116/0x1f0 [ 678.455828][T15014] ? traverse.part.0.constprop.0+0x2bd/0x640 [ 678.455862][T15014] print_unlock_imbalance_bug+0x11b/0x130 [ 678.455891][T15014] ? traverse.part.0.constprop.0+0x2bd/0x640 [ 678.455925][T15014] lock_release+0x242/0x2f0 [ 678.455956][T15014] __mutex_unlock_slowpath+0xa2/0x6a0 [ 678.455990][T15014] ? rcu_is_watching+0x12/0xc0 [ 678.456011][T15014] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 678.456044][T15014] ? __kmalloc_cache_noprof+0x249/0x3e0 [ 678.456083][T15014] ? rcu_is_watching+0x12/0xc0 [ 678.456103][T15014] ? kfree+0x252/0x4d0 [ 678.456122][T15014] ? s_start+0x28c/0x320 [ 678.456151][T15014] traverse.part.0.constprop.0+0x2bd/0x640 [ 678.456189][T15014] seq_read_iter+0x932/0x12c0 [ 678.456227][T15014] seq_read+0x39e/0x4e0 [ 678.456259][T15014] ? __pfx_seq_read+0x10/0x10 [ 678.456291][T15014] ? get_pid_task+0xfc/0x250 [ 678.456328][T15014] ? rw_verify_area+0xcf/0x680 [ 678.456361][T15014] ? __pfx_seq_read+0x10/0x10 [ 678.456394][T15014] vfs_read+0x1de/0xc70 [ 678.456416][T15014] ? __pfx_vfs_read+0x10/0x10 [ 678.456434][T15014] ? find_held_lock+0x2b/0x80 [ 678.456455][T15014] ? __fget_files+0x204/0x3c0 [ 678.456493][T15014] ? __fget_files+0x20e/0x3c0 [ 678.456527][T15014] ? __fget_files+0x110/0x3c0 [ 678.456569][T15014] __x64_sys_pread64+0x1f4/0x250 [ 678.456593][T15014] ? __pfx___x64_sys_pread64+0x10/0x10 [ 678.456615][T15014] ? rcu_is_watching+0x12/0xc0 [ 678.456639][T15014] do_syscall_64+0xcd/0x230 [ 678.456673][T15014] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.456697][T15014] RIP: 0033:0x7fe895f8e969 [ 678.456716][T15014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.456739][T15014] RSP: 002b:00007fe893df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 678.456761][T15014] RAX: ffffffffffffffda RBX: 00007fe8961b5fa0 RCX: 00007fe895f8e969 [ 678.456776][T15014] RDX: 000000000000c404 RSI: 0000000000000000 RDI: 0000000000000003 [ 678.456790][T15014] RBP: 00007fe893df6090 R08: 0000000000000000 R09: 0000000000000000 [ 678.456804][T15014] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001 [ 678.456818][T15014] R13: 0000000000000000 R14: 00007fe8961b5fa0 R15: 00007ffe798213e8 [ 678.456839][T15014]