last executing test programs: 27.752386135s ago: executing program 2 (id=1823): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x1ff, 0x7, 0x5, 0x4909b6f8, 0x1ffdd, 0x7, 0x3, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x10003, 0x4080, 0x4, 0x0, 0x7, 0x2000, 0x200, 0x8001, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x1000002000, 0x0, 0xa, 0x70624ce7, 0xefde, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x400000000005b4, 0xc, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0x6, 0xfffffffffffffffc, 0x2, 0x3, 0x4]}, 0x1fe, 0xd) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000000), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x2, 0x6, 0x0) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r1, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r4, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r4) read$auto(r4, &(0x7f0000000100)='nl80211\x00', 0xbe62) sendmsg$auto_NFSD_CMD_VERSION_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd35ae43"], 0x2c}, 0x1, 0x0, 0x0, 0x24000001}, 0x4010) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x40000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c004}, 0x40080c0) fanotify_init$auto(0x2, 0x2) sendfile$auto(0x6, 0x3, 0x0, 0xc01) write$auto(r1, &(0x7f0000000140)='^\x00', 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) adjtimex$auto(&(0x7f0000000c00)={0xfffffff9, 0x0, 0x7, 0x6, 0xea8, 0x1, 0x9, 0x0, 0xfffffffffffffffe, 0x8000000000000000, 0x0, {0x401, 0x7fffffff}, 0x8cd, 0x0, 0x5, 0x3, 0x0, 0x101, 0x2, 0x101, 0x6, 0x51, 0x81}) r6 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0109000000000000002504000000080004000400000004000500"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x8010) 27.437319157s ago: executing program 2 (id=1826): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/iomem\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000001680)=""/266, 0x40) pipe2$auto(&(0x7f0000000100)=r0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xff, 0x400000000000401, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) rmdir$auto(&(0x7f0000000040)='./file0\x00') mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) close_range$auto(0x2, 0xa, 0x0) r2 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x6, 0x0) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x9c0a7fc06f585e63) 27.136617712s ago: executing program 2 (id=1830): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) syz_clone(0x40100100, &(0x7f0000000000), 0x0, 0x0, 0x0, &(0x7f0000000100)) mprotect$auto(0x0, 0x8000000000000001, 0x6) socket(0x11, 0x80003, 0x300) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0x8912, 0x46) prctl$auto(0x1000000003b, 0x1, 0x4, 0x621f, 0x10004) setresuid$auto(0x2, 0x7, 0x8080) ioprio_get$auto(0x3, 0x2) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 26.287907008s ago: executing program 2 (id=1836): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtdblock0\x00', 0xa4300, 0x0) mmap$auto(0x0, 0x9, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) socket(0x25, 0x6, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0x14, 0x0, 0x56b) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x2, 0x1, 0x106) socket(0x2, 0x1, 0x106) mmap$auto(0x6, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) ioctl$auto(r0, 0x89e0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0x800, 0x9b72, 0x41b8e99, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x840, 0x0) read$auto(r1, 0x0, 0x80000001) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x3a) ioctl$auto(0x1, 0x894c, 0x8) eventfd$auto(0x0) socket(0x11, 0x80003, 0x300) pipe2$auto(&(0x7f0000000140)=0x2, 0x800) socket$nl_generic(0x10, 0x3, 0x10) 25.87488513s ago: executing program 2 (id=1838): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffe, @_sigpoll={0x52, 0x7}}}) r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x20480, 0x0) ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r0, 0x5509, 0x6) 24.96280428s ago: executing program 2 (id=1849): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_SEQ={0x6, 0x6, 0xee}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @remote}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x48}, @HSR_A_IF1_AGE={0x8, 0x3, 0x8}, @HSR_A_IF2_AGE={0x8, 0x4, 0x1ff}]}, 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) lsetxattr$auto(0x0, &(0x7f0000005500)='[!*)\x00', &(0x7f0000005540), 0xd843, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x1d, 0x6, 0x1) 24.804104244s ago: executing program 32 (id=1849): mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_SEQ={0x6, 0x6, 0xee}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @remote}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}, @HSR_A_IF1_SEQ={0x6, 0x6, 0x48}, @HSR_A_IF1_AGE={0x8, 0x3, 0x8}, @HSR_A_IF2_AGE={0x8, 0x4, 0x1ff}]}, 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) lsetxattr$auto(0x0, &(0x7f0000005500)='[!*)\x00', &(0x7f0000005540), 0xd843, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x1d, 0x6, 0x1) 19.241803671s ago: executing program 0 (id=1881): r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0xc2000, 0x0) ioctl$auto_USB_RAW_IOCTL_INIT(r0, 0x41015500, &(0x7f00000002c0)={"cd9c361b4eb79958c335e76fcbe6533c700d0fedd08fc536d88edc8989e194138963c58eb8565f9479ca061fb2f2b7cdd4911c9a07e86969eb7dcd5dd66d138f5cc664b17908bb1c3b40364a3515fcb0d7bb61fc7cd0f955bf805a1311b704f7728553deaedb517f1d53fd9d76694e0dec4bd8b3ec0a37f6b38110fb002df552", "a47cb55ed5ee2297e1118b6ae03138b190f10aca776d1e7a2ed9e3e9ed742a856d9c3cb0a5f20605a098e5db505f8913d90cbd813918b2eb323b44b69120ccd4431a063abcef56c231d8ce18e681d455597181113bfe72ca5a78c7175a14a3a991cb75e1619c676639fe46986b389bce66b7e06c0975080c900f552e0a12ad2c", 0xa}) ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r0, 0x5509, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE(r1, 0x7a9, 0x6) 19.241297697s ago: executing program 0 (id=1882): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbf7, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004000}, 0x140000e4) read$auto(0x3, 0x0, 0x7) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0x10000) 18.974273335s ago: executing program 0 (id=1886): open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) (async) r0 = open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) fchown$auto(r0, 0xe5a, 0x5) (async) fchown$auto(r0, 0xe5a, 0x5) mmap$auto(0x0, 0x4, 0x7fff, 0x40eb2, 0x402, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_METER_CMD_SET(r1, 0x0, 0x40) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0x3, 0x0, 0x2, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0x2, 0xa, 0x0) getsockname$auto(0x3, &(0x7f0000000d00), &(0x7f0000000d40)=0x4) memfd_create$auto(0x0, 0xe) fcntl$auto(0xff80000000000000, 0x409, 0x13) (async) fcntl$auto(0xff80000000000000, 0x409, 0x13) mmap$auto(0x0, 0x2020006, 0x4, 0x11, 0x8000000000000000, 0x8000) (async) mmap$auto(0x0, 0x2020006, 0x4, 0x11, 0x8000000000000000, 0x8000) r2 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x20002, 0x0) munmap$auto(0x1ffff000, 0x2000000c) write$auto_ctl_device_fops_user(r2, &(0x7f0000000340)="a504ff4c280e43904055ceb3bc98cf2af453126b06d1f8b678ad4700b35e33bf24e0c6269dd4fcfeafaacd781a02e63a0f9cf51e53d742c6cd3e1a4531a69c151e3714d2418d3a55d79a114e8309e48778a229eef16577bd021ce7b48a29a4e1c32f5f0c3393287d", 0x68) write$auto(0x3, 0x0, 0xfdef) 18.733353109s ago: executing program 0 (id=1888): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r1, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_MLO_LINK_ID={0x5, 0x139, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x600}, 0x4000000) 18.569507717s ago: executing program 0 (id=1891): r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001614af57"], 0x14}, 0x1, 0xf00000000000000, 0x0, 0x20004082}, 0x0) 18.391248619s ago: executing program 0 (id=1896): mmap$auto(0x0, 0x2020009, 0x3, 0x16, 0xfffffffffffffffa, 0x800000007) getgroups$auto(0x1, 0x0) r0 = socket(0xa, 0x3, 0x7fff) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x3, 0x8916, 0x8f) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) pipe$auto(0x0) fcntl$auto(r1, 0x8, 0x1) fcntl$auto(r1, 0x10, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x1, 0x3, 0x2) prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001) setrlimit$auto(0x7, &(0x7f0000007b00)={0x6, 0xff}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffc879, 0x40000000000a5, 0x8000) lsm_list_modules$auto(&(0x7f0000000040)=0x4, &(0x7f0000000080)=0x7fff, 0x6) socketpair$auto(0x1e, 0x5, 0x8, 0x0) socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x86, 0x200075, 0x0, &(0x7f0000000000)=0x9000c) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x40, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, 0x0) socket(0x2b, 0x1, 0x1) acct$auto(&(0x7f0000000340)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/dT\x02\xa2%h\xdd\xfep\x0e\xe6\x96w\x05r\x9c\xb6L\t0\x0f\x954\xf6\b\xa0&C\x83L\xc0\xe9\t\"\xa5\x8f\xce\x03\xb6\x16\x90\xc3\x97\xb7\n\"zB\xedCf\xfd \x87\xdb\x8f\x87\xe9\xea\x89-B\x06\x97\xcb+\xf09\xa1\xa5\x8d\x9b\b\xc8\x15\xb6|\xc7 t\xc8#\xf8,\xab\x96\xf6\x03Z\x93\xf5\xc8\x87\xc9z}]\x85\xcc\xd5d\x02_\xd4>b\x96\xc5\x93\xb1\xa0E\xda\xb8\xb1\xa5G\r\xf4[\xec \"\xd9\x13\x803\xa6V\xe3\x06\xc72\xc0d|?\xfaA\xd2\xd6\xce\xfa\x9a\x98\x01\aXV.\xf15>;\xfaR\xcb\xc2v\x0f\xfc\xb3:f\x8f\xae\xcc\xbb\xd2\xfa\xef%\xfa\x85\xd9\x7fL\xad\xab\xd0\xd1\xc9v{Ze\x8a\xeb~\xf1V<\xc2p~\x90\xe6\x1c\xf86\xeb\x11\xe2\x90\rr\xda.\x82\xbd\x0f\xbd{\x861\x03\xda-#\\^`\xc8\x01%V\xab\r\b\xde\xaa\xf8s\x86K\bR\x12\xbc{\xef\xc5<\xfd\x02\xe2\xf0\br\xb4\n\xe4\xa6\v\xbcd\x1e\xe9\xbd\x18\x89\xa1\xe8w\x0e7\xae\x10e\xb6\xce\xe25\xdf\xd8\x12X`\xec\n\x87\x86X\x9b\x80i7\xcb\xed\xbdQ\xe4\xbb*\xedq\xb0>\x92\xb6W\b\x1eV\xadk\x11\xa9\xa1\x1f\xe1\xac\xb7\xd0\xcc\x94\xc1g\x8c\xe5\xf0\"\xe1\xc2. \\X\xe0\xd30\xa9X\x8d@\xb1\xddS\xbey\xb4]j \x96\xe3\x84\xcc\x02C\xd23\x16T\xden\"\xea\xf2j\b\xd2\xf6\xe5\xc2a\xaa\xefr\x80\rZ\x06s\xa0\xaf\x93MmM|\xfdN\x19\xf0RS\xc4\xca\x84H\x19T\xd4\xc4>\x8e\x050\x9c\x8f\xa9P\x8a\xd0\xd48\xb4\x0e0\xff\x98\xce\x01\'\x83i\xd9\x94\xcf\xd7\x03_|J\x9b\x06q\x0e\xdf_/u\xfa\xcd\xb9\"L\x17\xc3\xdc\x16\xc7\x02\xb7\x91\x85Ot\xd0r\xc2r\xee\xce\xefU\x1a\x89\xd6,\x04\x96o\xb9\x1b\x00\xec\xf17\xbbpu\xeeW\xd7HSXt\xe4\xf07+\xc8\xd3\x87|\x15\x9b\x95t\x195l\xcb\xfd\xae@\xbd>\xdcd\xaa\x19r\xec_>\xf2\x7f\xe6\xe7\x1c\x1dE\x87k(k\x98\x81\xe8\t\"\xed\x94\xe33\xfd*\xc1\xcc\x98\x1d\xdd\x9c\v\xc3\xef\x9b\xc3\xca\x14\xb54\x8aS\xa0`*\xc4\xe6|n\xc7\xbf1\x02yc\xc2\xf3\xb1\x0e\xb4\xc5\xf3\xe2\x10\xa9\xbdQ\xb6') connect$auto(0x3, &(0x7f00000000c0), 0x55) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) fcntl$auto(0x0, 0x407, 0x100000) 18.188461105s ago: executing program 33 (id=1896): mmap$auto(0x0, 0x2020009, 0x3, 0x16, 0xfffffffffffffffa, 0x800000007) getgroups$auto(0x1, 0x0) r0 = socket(0xa, 0x3, 0x7fff) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x3, 0x8916, 0x8f) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) pipe$auto(0x0) fcntl$auto(r1, 0x8, 0x1) fcntl$auto(r1, 0x10, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x1, 0x3, 0x2) prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001) setrlimit$auto(0x7, &(0x7f0000007b00)={0x6, 0xff}) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffc879, 0x40000000000a5, 0x8000) lsm_list_modules$auto(&(0x7f0000000040)=0x4, &(0x7f0000000080)=0x7fff, 0x6) socketpair$auto(0x1e, 0x5, 0x8, 0x0) socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x86, 0x200075, 0x0, &(0x7f0000000000)=0x9000c) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x40, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, 0x0) socket(0x2b, 0x1, 0x1) acct$auto(&(0x7f0000000340)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/dT\x02\xa2%h\xdd\xfep\x0e\xe6\x96w\x05r\x9c\xb6L\t0\x0f\x954\xf6\b\xa0&C\x83L\xc0\xe9\t\"\xa5\x8f\xce\x03\xb6\x16\x90\xc3\x97\xb7\n\"zB\xedCf\xfd \x87\xdb\x8f\x87\xe9\xea\x89-B\x06\x97\xcb+\xf09\xa1\xa5\x8d\x9b\b\xc8\x15\xb6|\xc7 t\xc8#\xf8,\xab\x96\xf6\x03Z\x93\xf5\xc8\x87\xc9z}]\x85\xcc\xd5d\x02_\xd4>b\x96\xc5\x93\xb1\xa0E\xda\xb8\xb1\xa5G\r\xf4[\xec \"\xd9\x13\x803\xa6V\xe3\x06\xc72\xc0d|?\xfaA\xd2\xd6\xce\xfa\x9a\x98\x01\aXV.\xf15>;\xfaR\xcb\xc2v\x0f\xfc\xb3:f\x8f\xae\xcc\xbb\xd2\xfa\xef%\xfa\x85\xd9\x7fL\xad\xab\xd0\xd1\xc9v{Ze\x8a\xeb~\xf1V<\xc2p~\x90\xe6\x1c\xf86\xeb\x11\xe2\x90\rr\xda.\x82\xbd\x0f\xbd{\x861\x03\xda-#\\^`\xc8\x01%V\xab\r\b\xde\xaa\xf8s\x86K\bR\x12\xbc{\xef\xc5<\xfd\x02\xe2\xf0\br\xb4\n\xe4\xa6\v\xbcd\x1e\xe9\xbd\x18\x89\xa1\xe8w\x0e7\xae\x10e\xb6\xce\xe25\xdf\xd8\x12X`\xec\n\x87\x86X\x9b\x80i7\xcb\xed\xbdQ\xe4\xbb*\xedq\xb0>\x92\xb6W\b\x1eV\xadk\x11\xa9\xa1\x1f\xe1\xac\xb7\xd0\xcc\x94\xc1g\x8c\xe5\xf0\"\xe1\xc2. \\X\xe0\xd30\xa9X\x8d@\xb1\xddS\xbey\xb4]j \x96\xe3\x84\xcc\x02C\xd23\x16T\xden\"\xea\xf2j\b\xd2\xf6\xe5\xc2a\xaa\xefr\x80\rZ\x06s\xa0\xaf\x93MmM|\xfdN\x19\xf0RS\xc4\xca\x84H\x19T\xd4\xc4>\x8e\x050\x9c\x8f\xa9P\x8a\xd0\xd48\xb4\x0e0\xff\x98\xce\x01\'\x83i\xd9\x94\xcf\xd7\x03_|J\x9b\x06q\x0e\xdf_/u\xfa\xcd\xb9\"L\x17\xc3\xdc\x16\xc7\x02\xb7\x91\x85Ot\xd0r\xc2r\xee\xce\xefU\x1a\x89\xd6,\x04\x96o\xb9\x1b\x00\xec\xf17\xbbpu\xeeW\xd7HSXt\xe4\xf07+\xc8\xd3\x87|\x15\x9b\x95t\x195l\xcb\xfd\xae@\xbd>\xdcd\xaa\x19r\xec_>\xf2\x7f\xe6\xe7\x1c\x1dE\x87k(k\x98\x81\xe8\t\"\xed\x94\xe33\xfd*\xc1\xcc\x98\x1d\xdd\x9c\v\xc3\xef\x9b\xc3\xca\x14\xb54\x8aS\xa0`*\xc4\xe6|n\xc7\xbf1\x02yc\xc2\xf3\xb1\x0e\xb4\xc5\xf3\xe2\x10\xa9\xbdQ\xb6') connect$auto(0x3, &(0x7f00000000c0), 0x55) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) fcntl$auto(0x0, 0x407, 0x100000) 3.522216036s ago: executing program 1 (id=2000): geteuid() r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) getsockopt$auto(0x3, 0x6, 0x1f, &(0x7f0000000200)=':\x00', &(0x7f0000000240)=0x9) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000003c80), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_LINK_RESET_STATS(r1, &(0x7f00000040c0)={0x0, 0x0, &(0x7f0000004080)={&(0x7f0000004100)=ANY=[@ANYBLOB=' ,\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000ffdbdf250a000000200004800b0001"], 0x2c20}, 0x1, 0x0, 0x0, 0x44000}, 0x10) mbind$auto(0x100000000, 0x5, 0x16, &(0x7f0000000080)=0x59f1, 0x4, 0x6) syz_genetlink_get_family_id$auto_netdev(0x0, r0) socket(0x2, 0x3, 0xa) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mincore$auto(0x0, 0x10000, 0x0) getsockopt$auto(0x6, 0x84, 0x84, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, 0x0, 0x28044004) socket(0xa, 0x3, 0x6) socket(0x2, 0x3, 0xa) set_mempolicy$auto(0x1, &(0x7f0000000000)=0xdfaf, 0x5) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x2, 0x0) setsockopt$auto(0x1, 0x1, 0x48, &(0x7f0000000000)='\x00', 0x4) openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r3, 0x29, 0x11, &(0x7f0000000040)='!\x00', 0x7) 3.289254939s ago: executing program 5 (id=2001): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x8480, 0x0) close_range$auto(r0, r0, 0xfff) (async) r1 = socket(0xa, 0x3, 0x2f) (async, rerun: 64) r2 = socket(0x10, 0x2, 0x0) (rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='^\x00\'a', @ANYRES32, @ANYRES32=r1, @ANYRES64, @ANYRES32=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async, rerun: 64) recvmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x10001, &(0x7f0000000080)={&(0x7f0000000040), 0x200}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) (async, rerun: 64) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 64) ioctl$auto(0x3, 0x401070ca, 0xa742) (async, rerun: 64) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0) ioctl$auto_evdev_fops_evdev(r3, 0x40044591, 0x0) (async, rerun: 64) open(0x0, 0x22240, 0x155) (async, rerun: 64) socket(0x2, 0x80802, 0x0) (async, rerun: 64) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) (async, rerun: 64) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) mmap$auto(0x0, 0x9, 0x40, 0x8000000008012, 0x3, 0x8000) 3.185542145s ago: executing program 1 (id=2003): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0xfffffffffffffffa) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x1, 0xc, 0x9c0f, 0x44eb1, 0x10006, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd4, 0x3, 0x20000000) mprotect$auto(0x1ffff000, 0x810002, 0x3) 3.106830822s ago: executing program 5 (id=2004): mmap$auto(0xe, 0x3, 0xdb, 0x9b73, 0x5, 0x8000) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x1000, 0x8, 0x1, 0x4010, 0x4, 0x6) socket(0x15, 0x5, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x4, 0x0, 0x10) r0 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x20000, 0xb5d1af1605322d0a) open_by_handle_at$auto(r0, &(0x7f0000000040)={0x8, 0x2, "9700000000000000"}, 0x2) shmctl$auto(0x9, 0x92c00000, &(0x7f0000000240)={{0x2, 0x0, 0xee01, 0x9e5, 0x4, 0xfff, 0x7}, 0xb, 0x3, 0x10000000, 0x35, 0xa61, 0x4, 0x2, 0x0, &(0x7f00000001c0)=[0x8, 0x6, 0xdc16, 0x4, 0x3, 0x5, 0xfff], &(0x7f0000000200)=[0x7, 0x2, 0x617f54da, 0xffffffff]}) r2 = getgid() shmctl$auto(0x0, 0x1, &(0x7f0000000380)={{0x5, r1, r2, 0xa9, 0x0, 0x52, 0x3}, 0x6e98e4ec, 0x2, 0x7fffffffffffffff, 0x1, 0x80, 0x29b96e5a, 0x1d1b, 0x0, &(0x7f0000000300), &(0x7f0000000340)=[0x7, 0x1, 0x62a6, 0x9]}) stat$auto(&(0x7f0000000100)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000180)={0x1, 0x8, 0x5, 0x7f, 0xee01, r2, 0x0, 0x3, 0x40, 0x3, 0x1ff, 0x7fff, 0x9, 0x10, 0x7, 0x1ff, 0xd}) read$auto_tracing_saved_cmdlines_size_fops_trace(r0, &(0x7f0000000000)=""/204, 0xcc) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) timer_create$auto(0x8, 0x0, 0x0) timer_getoverrun$auto(0x0) setsockopt$auto(0x3, 0x0, 0x80, 0x0, 0xe) 2.970017789s ago: executing program 5 (id=2006): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(0x0, 0x261c2, 0x84) mmap$auto(0x0, 0x20007, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x4, 0x1ff, 0xffffffffffffffff, @relative_fd=r1, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$auto(0x3, 0xc0104d04, 0x38) 2.958833979s ago: executing program 1 (id=2007): syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/pid_for_children\x00') r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) setns(r0, 0x20000) 2.851537654s ago: executing program 1 (id=2008): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0), 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, &(0x7f0000000a40)=[0x5b84, 0x100000000], 0x8000, 0x40}, 0x8}, 0x1, 0x9) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) ioprio_set$auto(0x1, 0x0, 0x0) ioprio_get$auto(0x2000000002, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x0, 0x0) 2.65568008s ago: executing program 1 (id=2010): r0 = openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/mounts\x00', 0x40800, 0x0) read$auto_proc_mounts_operations_mnt_namespace(r0, &(0x7f00000001c0)=""/4096, 0x1000) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x400, 0x0) io_uring_setup$auto(0x8000, &(0x7f0000000140)={0x3, 0x8, 0x3, 0x0, 0x7, 0x101, 0xffffffffffffffff, [0xd5, 0x9], {0xffffff80, 0x9, 0x10, 0x0, 0x3, 0xdbb, 0x3, 0xee9, 0x81}, {0x8001, 0x6, 0x8, 0x1, 0x8, 0x0, 0x4, 0x6, 0x3}}) write$auto(r1, &(0x7f0000000000)='+!/:\x00', 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getcwd$auto(0x0, 0xffffffffffffffff) mprotect$auto(0x1ffff000, 0x8000000000000002, 0x5) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0), 0x55) mmap$auto(0x10, 0x5, 0xfffffffffffffffa, 0x17, 0x5, 0x5) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) 2.313857697s ago: executing program 1 (id=2015): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) socket(0xa, 0x6, 0x0) connect$auto(0x3, &(0x7f0000000140), 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setgroups$auto(0xe32, &(0x7f0000000040)=0x9) madvise$auto(0x0, 0x53, 0x9) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty29\x00', 0x400, 0x0) ioctl$auto(r0, 0x4, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x8, 0x4, 0x4, 0x7, 0x7, 0x9]}, &(0x7f00000002c0)={[0xffff, 0x3, 0xfffffffffffff31a, 0x7, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0x7, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000240)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x47dc, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x400004, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200)=[0xfff, 0x33, 0x403, 0x532f, 0x8000, 0x9, 0x3, 0x4]) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00T\x00'/40, 0x9) fallocate$auto(0x3, 0x0, 0xe, 0x8ec8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlockall$auto(0x7) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) sendmsg$auto_NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040800}, 0x40850) r2 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/cmdline\x00', 0x2002, 0x0) read$auto_proc_pid_cmdline_ops_base(r2, &(0x7f0000000140)=""/154, 0x9a) mmap$auto(0x100000005, 0x20009, 0x4000000000df, 0xeb1, 0x405, 0x8000) mmap$auto(0x8000000000000000, 0x8, 0x1, 0x16, 0x7, 0x80) read$auto(0x3, 0x0, 0x80) 2.154265345s ago: executing program 5 (id=2016): r0 = openat$auto_nsim_udp_tunnels_info_reset_fops_udp_tunnels(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/udp_ports_reset\x00', 0x10200, 0x0) connect$auto(r0, &(0x7f00000000c0)=@l2tp={0x2, 0x0, @local, 0x3}, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000080), 0x309100, 0x0) ioctl$auto_VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000040)=0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8801) 1.796837667s ago: executing program 4 (id=2020): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sched_setattr$auto(0x0, &(0x7f0000000200)={0x5, 0x200, 0x6, 0x8, 0x6, 0xffff, 0xffffffffffffff9d, 0x6e0, 0xd, 0xff}, 0x1ff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) connect$auto(0x3, &(0x7f0000000000), 0x55) sendmmsg$auto(0x3, &(0x7f0000000040)={{0x0, 0x2, &(0x7f0000000080)={0x0, 0x1}, 0x10a, 0x0, 0x0, 0x3ff}, 0xed7138c}, 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/amidi2\x00', 0x4201, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_USER_PVERSION(r0, 0x40045702, &(0x7f0000000100)=0x5) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x0) madvise$auto(0x3, 0xffffffffffff0002, 0xaacc) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(&(0x7f0000000000)='^[#@-\x00', 0x3) fcntl$auto(0xff80000000000000, 0x409, 0x13) mmap$auto(0x7ffffdfde000, 0x2020006, 0x3, 0x11, 0x8000000000000000, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x200000, 0x200006, 0x1, 0x40eb1, 0x602, 0xb00000000000) mmap$auto(0x2, 0x5, 0x1, 0x11, 0x3, 0x5) 1.719670904s ago: executing program 5 (id=2021): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') ioctl$NS_GET_PARENT(r0, 0x8008b705, 0x0) socketpair$auto(0x8001, 0x5, 0x5, 0x0) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x9) mprotect$auto(0x3, 0x8000000000000001, 0xf) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) io_getevents$auto(0x4, 0xffffffffffffffff, 0x8000000000000001, 0xfffffffffffffffc, 0x0) 1.646864291s ago: executing program 3 (id=2022): r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r0, &(0x7f0000000700)='/dev/vhc&\xdc', 0x9) 1.474524812s ago: executing program 4 (id=2023): r0 = socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time\x00') socket(0xa, 0x806, 0x0) socket(0xa, 0x801, 0x84) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000180)='ns/ipc\x00') mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000011080)={&(0x7f000000e000)={0x18, r2, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x104}, 0x40) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x2, 0x801, 0x106) socket(0xa, 0x801, 0x84) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040)=[0x8000000000000002], 0x10, &(0x7f0000000080)={0x0, 0x1}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x7fffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.375512612s ago: executing program 4 (id=2024): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioperm$auto(0x7, 0x6, 0x2) ioperm$auto(0x5, 0x8, 0x3) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_SET(r2, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x80000) ioperm$auto(0x100, 0x8140, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002dbd7000fddbdf250800000008000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x80) 1.245694712s ago: executing program 3 (id=2025): r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/partitions\x00', 0x0, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000001040)=""/4096, 0x1000) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000040)=""/169, 0xa9) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500", 0x8}) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999", 0x2}) futex$auto(0x0, 0x8c, 0x6, 0x0, 0x0, 0xc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000900)={0x30, r4, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_NAME={0xc, 0x1, 'nl80211\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x20008004) socket(0x2, 0x801, 0x106) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r5 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r5, @new_prog_fd=0x4, 0x4, @old_prog_fd=r2}, 0xa3) bpf$auto(0x1, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0xb, 0x5}, 0x7) socket(0x8, 0x6, 0xf0c7a9c9) 1.023625435s ago: executing program 3 (id=2026): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\a\x00', @ANYRES16=r1, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="08009e000878"], 0x24}, 0x1, 0x0, 0x0, 0x2000c800}, 0x4000000) 783.753999ms ago: executing program 5 (id=2027): mmap$auto(0x0, 0x2020009, 0x3, 0x10eb1, 0x4, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x16, 0x401, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) (async) fcntl$auto(0xffffffffffffffff, 0x5, 0x9) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x7fffffff) (async) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) (async) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x8, 0x4000000000df, 0x44eb1, 0x6, 0x300000000000) (async) madvise$auto(0xfffffffffffffffe, 0x20000a, 0x8) (async) mmap$auto(0x21a5, 0x2020009, 0x3, 0xfffffffffffffff8, 0x8, 0x8000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) (async) mmap$auto(0xa0, 0x421acade, 0x8, 0x16, 0x200, 0x9) (async) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) setsockopt$auto(0x3, 0x0, 0x60, 0x0, 0x10001) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f00000000c0), r1) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc810) (async) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r1, &(0x7f0000000780)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x48000) (async) shmget$auto(0xffffffffffffffff, 0xb0d, 0xa7db6ba) (async) socket(0x10, 0x2, 0xc) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x27, 0x940, 0x1ffde, 0x3, 0x6, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x2, 0x243efbdf, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x80, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async) sendto$auto(r0, 0x0, 0x1, 0x9, &(0x7f0000000040)=@hci={0x1f, 0xffffffffffffffff}, 0x1c) (async) socket(0x2, 0x5, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) 720.212452ms ago: executing program 4 (id=2028): select$auto(0x5, &(0x7f0000000080)={[0x20000009, 0xfffffffffffffffc, 0x9, 0x5, 0xc, 0x3, 0x3, 0x1ffe000, 0xcad, 0x2, 0x9, 0xf, 0xa657, 0x202, 0x6, 0x1]}, 0x0, 0x0, 0x0) mq_open$auto(&(0x7f0000000000)='SMC_GEN_NETLINK\x00', 0x51, 0xb, &(0x7f00000001c0)={0xe00000, 0xc, 0xfffffffffffffbdc, 0x3daf}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) r2 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(r2, &(0x7f0000000180)={{&(0x7f0000000140)=[0x200000a], 0xb8, 0x0, 0x0, 0x0, 0x4, 0x803}, 0x9}, 0x1, 0x23b8) 611.021889ms ago: executing program 4 (id=2029): r0 = socket(0xa, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f0000000040)=[0x200000a, 0x1ff, 0x3a2e69e6, 0xfffffffff7e0555e], 0xb8, 0x0, 0xf00000000000000, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x8) 425.004626ms ago: executing program 4 (id=2030): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000040)=@nfc={0x27, r0, 0x1, 0x5}, 0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) 337.256318ms ago: executing program 3 (id=2031): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x0) io_cancel$auto(0x5, &(0x7f0000000000)={0x8, 0x9, 0x7, 0x2, 0x7, 0xffffffffffffffff, 0x100000001, 0xf5, 0x2, 0x0, 0xb}, &(0x7f0000000040)={0x2, 0x7fff, 0x8000, 0xe3}) epoll_ctl$auto(r0, 0x1000, r1, &(0x7f0000000080)={0x8, 0x8}) socket(0x10, 0x2, 0xc) socket(0x28, 0x1, 0x0) getpeername$auto(0x3, 0x0, 0x0) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) setresuid$auto(0x2, 0x7, 0x0) socket(0xa, 0x801, 0x106) mmap$auto(0x0, 0xd, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x0, 0x18, 0x0, 0x9) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='}[,&*}\x00', &(0x7f0000000040)={0x220000, 0x0, 0x2d}, 0x18) fchmod$auto(0x3, 0x800000000000) 163.188461ms ago: executing program 3 (id=2032): r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x7, 0x101}, 0x9, &(0x7f0000000080)={0x2, 0x39}, &(0x7f00000000c0)={0x9}, 0x8) ioctl$auto(r0, 0x4004556d, 0x8) 0s ago: executing program 3 (id=2033): r0 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd7000f9dbdf2503000100040008002000018008000f00ac1e000114008fd2b55f00000000ed26c20000000000000000002004000800"], 0x3c}, 0x1, 0x0, 0x0, 0x40010}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000002f80), r2) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_vlan\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r2, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x2c, r3, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NETDEV_A_QUEUE_TYPE={0x8}, @NETDEV_A_QUEUE_IFINDEX={0x8, 0x2, r4}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0x710}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) memfd_create$auto(&(0x7f00000005c0)='%\x00', 0xe) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge_slave_1\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'batadv0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'macvlan0\x00'}) r5 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r6 = socket(0xa, 0x801, 0x84) close_range$auto(0x0, 0xffffeffe, 0x3) pipe$auto(0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) close_range$auto(r6, r7, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(r1, 0x8007ffd, r7, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r5) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r8) kernel console output (not intermixed with test programs): .0.756': attribute type 9 has an invalid length. [ 189.291375][ T8505] netlink: 330 bytes leftover after parsing attributes in process `syz.0.756'. [ 189.418200][ T8508] kernel write not supported for file /tomoyo/query (pid: 8508 comm: syz.1.755) [ 189.732110][ T8521] kernel write not supported for file /tomoyo/query (pid: 8521 comm: syz.1.759) [ 190.102063][ T8535] ima: policy update failed [ 190.107218][ T29] audit: type=1802 audit(8277292064.310:26): pid=8535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.762" res=0 errno=0 [ 191.821224][ T8558] netlink: 4 bytes leftover after parsing attributes in process `syz.0.779'. [ 191.903925][ T8560] netlink: 28 bytes leftover after parsing attributes in process `syz.3.770'. [ 192.466155][ T8577] HfR: entered promiscuous mode [ 192.489362][ T8531] kernel write not supported for file /tomoyo/query (pid: 8531 comm: syz.1.762) [ 192.519355][ T8577] netlink: 16 bytes leftover after parsing attributes in process `syz.3.776'. [ 192.581545][ T8581] netlink: 8 bytes leftover after parsing attributes in process `syz.1.780'. [ 192.676187][ T8581] kernel write not supported for file /tomoyo/query (pid: 8581 comm: syz.1.780) [ 192.850272][ T8584] delete_channel: no stack [ 193.053171][ T8591] kernel write not supported for file /tomoyo/query (pid: 8591 comm: syz.1.790) [ 193.160361][ T8595] FAULT_INJECTION: forcing a failure. [ 193.160361][ T8595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.180037][ T8595] CPU: 1 UID: 0 PID: 8595 Comm: syz.1.784 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 193.190691][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 193.200778][ T8595] Call Trace: [ 193.204090][ T8595] [ 193.207050][ T8595] dump_stack_lvl+0x16c/0x1f0 [ 193.211762][ T8595] should_fail_ex+0x497/0x5b0 [ 193.216479][ T8595] _copy_to_user+0x32/0xd0 [ 193.220936][ T8595] simple_read_from_buffer+0xd0/0x160 [ 193.226351][ T8595] proc_fail_nth_read+0x198/0x270 [ 193.231413][ T8595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 193.236998][ T8595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 193.242587][ T8595] vfs_read+0x1df/0xbe0 [ 193.246777][ T8595] ? __fget_files+0x1fc/0x3a0 [ 193.251494][ T8595] ? __pfx___mutex_lock+0x10/0x10 [ 193.256557][ T8595] ? __pfx_vfs_read+0x10/0x10 [ 193.261280][ T8595] ? __fget_files+0x206/0x3a0 [ 193.266016][ T8595] ksys_read+0x12b/0x250 [ 193.270309][ T8595] ? __pfx_ksys_read+0x10/0x10 [ 193.275128][ T8595] do_syscall_64+0xcd/0x250 [ 193.279698][ T8595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.285631][ T8595] RIP: 0033:0x7f4342f8472c [ 193.290090][ T8595] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 193.309820][ T8595] RSP: 002b:00007f4343e3f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 193.318247][ T8595] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f8472c [ 193.326222][ T8595] RDX: 000000000000000f RSI: 00007f4343e3f0a0 RDI: 0000000000000004 [ 193.334199][ T8595] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 193.342175][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.350157][ T8595] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 193.358150][ T8595] [ 193.453776][ T8594] kernel write not supported for file /tomoyo/query (pid: 8594 comm: syz.1.784) [ 193.641663][ T8598] kernel write not supported for file /tomoyo/query (pid: 8598 comm: syz.1.787) [ 194.644399][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.650824][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.836567][ T8616] kernel write not supported for file /tomoyo/query (pid: 8616 comm: syz.1.791) [ 195.205202][ T8631] TCP: TCP_TX_DELAY enabled [ 195.926791][ T8627] kernel write not supported for file /tomoyo/query (pid: 8627 comm: syz.1.795) [ 196.125440][ T8661] FAULT_INJECTION: forcing a failure. [ 196.125440][ T8661] name failslab, interval 1, probability 0, space 0, times 0 [ 196.175453][ T8661] CPU: 0 UID: 0 PID: 8661 Comm: syz.1.803 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 196.186109][ T8661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 196.196174][ T8661] Call Trace: [ 196.199460][ T8661] [ 196.202402][ T8661] dump_stack_lvl+0x16c/0x1f0 [ 196.207091][ T8661] should_fail_ex+0x497/0x5b0 [ 196.211786][ T8661] ? fs_reclaim_acquire+0xae/0x150 [ 196.216910][ T8661] should_failslab+0xc2/0x120 [ 196.221605][ T8661] __kmalloc_node_noprof+0xd1/0x520 [ 196.226822][ T8661] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 196.232294][ T8661] ? __pfx_lock_release+0x10/0x10 [ 196.237341][ T8661] __kvmalloc_node_noprof+0xad/0x1a0 [ 196.242642][ T8661] seq_read_iter+0x82a/0x12b0 [ 196.247354][ T8661] seq_read+0x39f/0x4e0 [ 196.251519][ T8661] ? __pfx_seq_read+0x10/0x10 [ 196.256258][ T8661] full_proxy_read+0xfb/0x1b0 [ 196.260945][ T8661] ? __pfx_full_proxy_read+0x10/0x10 [ 196.266336][ T8661] vfs_read+0x1df/0xbe0 [ 196.270501][ T8661] ? __fget_files+0x1fc/0x3a0 [ 196.275359][ T8661] ? __pfx___mutex_lock+0x10/0x10 [ 196.280397][ T8661] ? __pfx_vfs_read+0x10/0x10 [ 196.285095][ T8661] ? __fget_files+0x206/0x3a0 [ 196.289848][ T8661] ksys_read+0x12b/0x250 [ 196.294100][ T8661] ? __pfx_ksys_read+0x10/0x10 [ 196.298876][ T8661] do_syscall_64+0xcd/0x250 [ 196.303394][ T8661] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.309328][ T8661] RIP: 0033:0x7f4342f85d19 [ 196.313755][ T8661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.333387][ T8661] RSP: 002b:00007f4343e3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 196.341809][ T8661] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f85d19 [ 196.349784][ T8661] RDX: 000000000000007b RSI: 0000000020001cc0 RDI: 0000000000000003 [ 196.357763][ T8661] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 196.365736][ T8661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.373708][ T8661] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 196.381704][ T8661] [ 196.430112][ T8661] kernel write not supported for file /tomoyo/query (pid: 8661 comm: syz.1.803) [ 196.441258][ T8653] delete_channel: no stack [ 196.773320][ T8669] sock: sock_timestamping_bind_phc: sock not bind to device [ 197.380646][ T29] audit: type=1800 audit(8277292071.590:27): pid=8678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.820" name="discovery_nqn" dev="configfs" ino=18226 res=0 errno=0 [ 197.732341][ T8675] kernel write not supported for file /tomoyo/query (pid: 8675 comm: syz.1.809) [ 198.049672][ T8690] kernel write not supported for file /tomoyo/query (pid: 8690 comm: syz.1.816) [ 198.243484][ T8698] ima: policy update failed [ 198.250699][ T29] audit: type=1802 audit(8277292072.450:28): pid=8698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.815" res=0 errno=0 [ 198.400152][ T8601] kernel write not supported for file /tomoyo/query (pid: 8601 comm: syz.1.787) [ 199.148606][ T8699] kernel write not supported for file /tomoyo/query (pid: 8699 comm: syz.1.818) [ 199.797409][ T8721] Process accounting paused [ 199.942675][ T8724] Process accounting resumed [ 200.569042][ T8751] netlink: 326 bytes leftover after parsing attributes in process `syz.3.836'. [ 200.578611][ T8751] netlink: 326 bytes leftover after parsing attributes in process `syz.3.836'. [ 200.873629][ T8763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.841'. [ 201.524457][ T8777] ima: policy update failed [ 201.544618][ T29] audit: type=1802 audit(8277292075.730:29): pid=8777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.843" res=0 errno=0 [ 201.970883][ T8795] tipc: Started in network mode [ 201.986137][ T8795] tipc: Node identity dd0000ee, cluster identity 4711 [ 201.999829][ T8795] tipc: Node number set to 3707764974 [ 202.791197][ T8795] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 202.816432][ T8795] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 202.824251][ T8795] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 202.832302][ T8795] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 203.032165][ T8819] futex_wake_op: syz.0.854 tries to shift op by -1; fix this program [ 203.044076][ T8817] netlink: 252 bytes leftover after parsing attributes in process `syz.3.853'. [ 203.466391][ T8828] bridge0: port 3(batadv0) entered blocking state [ 203.474312][ T8828] bridge0: port 3(batadv0) entered disabled state [ 203.518291][ T8828] batadv0: entered allmulticast mode [ 203.534543][ T8828] batadv0: entered promiscuous mode [ 203.544143][ T8828] bridge0: port 3(batadv0) entered blocking state [ 203.552083][ T8828] bridge0: port 3(batadv0) entered forwarding state [ 203.934148][ T2977] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 203.943913][ T2977] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 204.113894][ T8846] ovs_: entered promiscuous mode [ 204.139946][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 204.879818][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 204.879853][ T5144] Bluetooth: hci0: command 0x0c1a tx timeout [ 204.885875][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 205.648634][ T8875] ima: policy update failed [ 205.729862][ T29] audit: type=1802 audit(8277292079.860:30): pid=8875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.866" res=0 errno=0 [ 205.757891][ T8889] FAULT_INJECTION: forcing a failure. [ 205.757891][ T8889] name failslab, interval 1, probability 0, space 0, times 0 [ 205.770738][ T8889] CPU: 0 UID: 0 PID: 8889 Comm: syz.1.877 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 205.781371][ T8889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 205.791447][ T8889] Call Trace: [ 205.794734][ T8889] [ 205.797665][ T8889] dump_stack_lvl+0x16c/0x1f0 [ 205.802358][ T8889] should_fail_ex+0x497/0x5b0 [ 205.807045][ T8889] ? fs_reclaim_acquire+0xae/0x150 [ 205.812164][ T8889] should_failslab+0xc2/0x120 [ 205.816858][ T8889] __kmalloc_noprof+0xce/0x4f0 [ 205.821638][ T8889] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 205.827285][ T8889] ? tomoyo_realpath_from_path+0xbf/0x710 [ 205.833020][ T8889] tomoyo_realpath_from_path+0xbf/0x710 [ 205.838577][ T8889] ? tomoyo_path_number_perm+0x235/0x5b0 [ 205.844230][ T8889] tomoyo_path_number_perm+0x248/0x5b0 [ 205.849718][ T8889] ? tomoyo_path_number_perm+0x235/0x5b0 [ 205.855378][ T8889] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 205.861398][ T8889] ? __pfx_lock_release+0x10/0x10 [ 205.866625][ T8889] ? trace_lock_acquire+0x14e/0x1f0 [ 205.871836][ T8889] ? lock_acquire+0x2f/0xb0 [ 205.876342][ T8889] ? __fget_files+0x40/0x3a0 [ 205.880945][ T8889] ? __fget_files+0x206/0x3a0 [ 205.885634][ T8889] security_file_ioctl+0x9b/0x240 [ 205.890668][ T8889] __x64_sys_ioctl+0xb7/0x200 [ 205.895365][ T8889] do_syscall_64+0xcd/0x250 [ 205.899880][ T8889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.905780][ T8889] RIP: 0033:0x7f4342f85d19 [ 205.910198][ T8889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.929812][ T8889] RSP: 002b:00007f4343e3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 205.938234][ T8889] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f85d19 [ 205.946229][ T8889] RDX: 0000000000000000 RSI: 0000000000005386 RDI: 0000000000000003 [ 205.954214][ T8889] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 205.962194][ T8889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.970172][ T8889] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 205.978164][ T8889] [ 206.095561][ T8889] ERROR: Out of memory at tomoyo_realpath_from_path. [ 206.353045][ T8900] program syz.2.879 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 208.301420][ T8931] netlink: 342 bytes leftover after parsing attributes in process `syz.1.889'. [ 208.454601][ T8936] bridge0: port 3(batadv0) entered blocking state [ 208.498310][ T8936] bridge0: port 3(batadv0) entered disabled state [ 208.524526][ T8936] batadv0: entered allmulticast mode [ 208.543787][ T8936] batadv0: entered promiscuous mode [ 208.576270][ T8936] bridge0: port 3(batadv0) entered blocking state [ 208.582875][ T8936] bridge0: port 3(batadv0) entered forwarding state [ 208.602868][ T1131] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 208.612223][ T1131] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 209.701262][ T8961] netlink: 28 bytes leftover after parsing attributes in process `syz.1.898'. [ 209.840307][ T8967] netlink: 4 bytes leftover after parsing attributes in process `syz.2.900'. [ 209.899547][ T8961] netlink: 'syz.1.898': attribute type 46 has an invalid length. [ 209.900491][ T8967] netlink: 4 bytes leftover after parsing attributes in process `syz.2.900'. [ 210.322957][ T29] audit: type=1800 audit(8277292084.530:31): pid=8987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.905" name="dbroot" dev="configfs" ino=19034 res=0 errno=0 [ 210.487864][ T8981] ima: policy update failed [ 210.506140][ T29] audit: type=1802 audit(8277292084.710:32): pid=8981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.904" res=0 errno=0 [ 210.558901][ T8993] netlink: 342 bytes leftover after parsing attributes in process `syz.2.907'. [ 210.569513][ T8993] netlink: 342 bytes leftover after parsing attributes in process `syz.2.907'. [ 211.077103][ T9016] ima: policy update failed [ 211.124002][ T29] audit: type=1802 audit(8277292085.310:33): pid=9016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.919" res=0 errno=0 [ 212.418455][ T9059] ima: policy update failed [ 212.429797][ T29] audit: type=1802 audit(8277292086.630:34): pid=9059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.927" res=0 errno=0 [ 212.557686][ T9072] netlink: 342 bytes leftover after parsing attributes in process `syz.3.931'. [ 213.393570][ T9099] delete_channel: no stack [ 213.621768][ T9101] ima: policy update failed [ 213.645053][ T29] audit: type=1802 audit(8277292087.840:35): pid=9101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.939" res=0 errno=0 [ 214.536639][ T9148] netlink: 28 bytes leftover after parsing attributes in process `syz.3.952'. [ 214.631421][ T9147] ima: policy update failed [ 214.640184][ T29] audit: type=1802 audit(8277292088.840:36): pid=9147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.953" res=0 errno=0 [ 214.843225][ T9160] netlink: 342 bytes leftover after parsing attributes in process `syz.3.956'. [ 214.921561][ T9164] netlink: 342 bytes leftover after parsing attributes in process `syz.3.956'. [ 214.990738][ T9160] netlink: 342 bytes leftover after parsing attributes in process `syz.3.956'. [ 215.391989][ T9182] netlink: 20 bytes leftover after parsing attributes in process `syz.2.965'. [ 215.598637][ T9187] ima: policy update failed [ 215.610434][ T29] audit: type=1802 audit(8277292089.820:37): pid=9187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.966" res=0 errno=0 [ 215.773403][ T9195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.969'. [ 215.842903][ T9197] ima: policy update failed [ 215.847613][ T29] audit: type=1802 audit(8277292090.050:38): pid=9197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.978" res=0 errno=0 [ 215.985137][ T9208] netlink: 342 bytes leftover after parsing attributes in process `syz.0.972'. [ 216.130117][ T9208] netlink: 342 bytes leftover after parsing attributes in process `syz.0.972'. [ 216.288732][ T9215] netlink: 85 bytes leftover after parsing attributes in process `syz.2.975'. [ 216.677169][ T9218] ima: policy update failed [ 216.696801][ T29] audit: type=1802 audit(8277292090.900:39): pid=9218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.976" res=0 errno=0 [ 216.842332][ T9236] ima: policy update failed [ 216.855193][ T29] audit: type=1802 audit(8277292091.050:40): pid=9236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.982" res=0 errno=0 [ 216.881570][ T9238] netlink: 11 bytes leftover after parsing attributes in process `syz.0.983'. [ 217.548884][ T9259] FAULT_INJECTION: forcing a failure. [ 217.548884][ T9259] name failslab, interval 1, probability 0, space 0, times 0 [ 217.665780][ T9259] CPU: 1 UID: 0 PID: 9259 Comm: syz.0.991 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 217.676448][ T9259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 217.686551][ T9259] Call Trace: [ 217.689858][ T9259] [ 217.692811][ T9259] dump_stack_lvl+0x16c/0x1f0 [ 217.697535][ T9259] should_fail_ex+0x497/0x5b0 [ 217.702254][ T9259] ? fs_reclaim_acquire+0xae/0x150 [ 217.707409][ T9259] should_failslab+0xc2/0x120 [ 217.712130][ T9259] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 217.717553][ T9259] ? vm_area_dup+0x21/0x300 [ 217.722111][ T9259] vm_area_dup+0x21/0x300 [ 217.726503][ T9259] __split_vma+0x181/0x1210 [ 217.731061][ T9259] ? mark_lock+0xb5/0xc60 [ 217.735458][ T9259] ? __pfx___split_vma+0x10/0x10 [ 217.740460][ T9259] vms_gather_munmap_vmas+0x1c3/0x1730 [ 217.745978][ T9259] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 217.751922][ T9259] ? mas_walk+0x6a6/0x910 [ 217.756395][ T9259] __mmap_region+0x31d/0x2670 [ 217.761125][ T9259] ? __pfx___mmap_region+0x10/0x10 [ 217.766282][ T9259] ? hlock_class+0x4e/0x130 [ 217.770914][ T9259] ? mark_lock+0xb5/0xc60 [ 217.775305][ T9259] ? hlock_class+0x4e/0x130 [ 217.779850][ T9259] ? __pfx___lock_acquire+0x10/0x10 [ 217.785167][ T9259] ? cap_mmap_addr+0x53/0x320 [ 217.789900][ T9259] mmap_region+0x270/0x320 [ 217.794386][ T9259] do_mmap+0xc00/0xfc0 [ 217.798516][ T9259] vm_mmap_pgoff+0x1ba/0x360 [ 217.803157][ T9259] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 217.808328][ T9259] ? __fget_files+0x206/0x3a0 [ 217.813047][ T9259] ksys_mmap_pgoff+0x32c/0x5c0 [ 217.817848][ T9259] ? __pfx_ksys_write+0x10/0x10 [ 217.822736][ T9259] __x64_sys_mmap+0x125/0x190 [ 217.827459][ T9259] do_syscall_64+0xcd/0x250 [ 217.832017][ T9259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.837952][ T9259] RIP: 0033:0x7faec1385d19 [ 217.842404][ T9259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.862064][ T9259] RSP: 002b:00007faec21c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 217.870537][ T9259] RAX: ffffffffffffffda RBX: 00007faec1575fa0 RCX: 00007faec1385d19 [ 217.878552][ T9259] RDX: 0000000000000002 RSI: 0000000000000009 RDI: 0000000000002000 [ 217.886559][ T9259] RBP: 00007faec21c5090 R08: 0000000000000004 R09: 0000000000000000 [ 217.894567][ T9259] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000001 [ 217.902575][ T9259] R13: 0000000000000000 R14: 00007faec1575fa0 R15: 00007fffe275f618 [ 217.910605][ T9259] [ 218.170834][ T9268] ima: policy update failed [ 218.177702][ T29] audit: type=1802 audit(8277292092.380:41): pid=9268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.992" res=0 errno=0 [ 218.496046][ T9279] ima: policy update failed [ 218.530274][ T29] audit: type=1802 audit(8277292092.740:42): pid=9279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1002" res=0 errno=0 [ 218.780063][ T9294] openvswitch: netlink: ufid size 41 bytes exceeds the range (1, 16) [ 219.129476][ T9303] ima: policy update failed [ 219.146149][ T29] audit: type=1802 audit(8277292093.340:43): pid=9303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1001" res=0 errno=0 [ 219.479876][ T9314] ima: policy update failed [ 219.494511][ T29] audit: type=1802 audit(8277292093.700:44): pid=9314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1005" res=0 errno=0 [ 219.813476][ T9322] ima: policy update failed [ 219.818202][ T29] audit: type=1802 audit(8277292094.020:45): pid=9322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1008" res=0 errno=0 [ 220.056532][ T9337] ima: policy update failed [ 220.086300][ T29] audit: type=1802 audit(8277292094.280:46): pid=9337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1012" res=0 errno=0 [ 222.006327][ T9380] __nla_validate_parse: 4 callbacks suppressed [ 222.006351][ T9380] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1027'. [ 222.739866][ T9381] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 222.766305][ T9381] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 222.804326][ T9381] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 222.839927][ T9381] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 223.245976][ T9401] [ 224.379871][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 224.663431][ T9430] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1043'. [ 224.690999][ T9430] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1043'. [ 224.785585][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 224.816468][ T9434] FAULT_INJECTION: forcing a failure. [ 224.816468][ T9434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.859868][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 224.865975][ T5144] Bluetooth: hci2: command 0x0c1a tx timeout [ 224.900002][ T9434] CPU: 1 UID: 0 PID: 9434 Comm: syz.2.1044 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 224.910742][ T9434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 224.920841][ T9434] Call Trace: [ 224.924150][ T9434] [ 224.927204][ T9434] dump_stack_lvl+0x16c/0x1f0 [ 224.931927][ T9434] should_fail_ex+0x497/0x5b0 [ 224.936651][ T9434] _copy_from_user+0x2e/0xd0 [ 224.941294][ T9434] __sys_bpf+0x215/0x57a0 [ 224.945669][ T9434] ? __pfx_lock_release+0x10/0x10 [ 224.950754][ T9434] ? __pfx___sys_bpf+0x10/0x10 [ 224.955577][ T9434] ? vfs_write+0x306/0x1150 [ 224.960189][ T9434] ? __mutex_unlock_slowpath+0x164/0x690 [ 224.965952][ T9434] ? fput+0x67/0x440 [ 224.969872][ T9434] ? ksys_write+0x1ba/0x250 [ 224.974383][ T9434] ? __pfx_ksys_write+0x10/0x10 [ 224.979243][ T9434] __x64_sys_bpf+0x78/0xc0 [ 224.984188][ T9434] ? lockdep_hardirqs_on+0x7c/0x110 [ 224.989397][ T9434] do_syscall_64+0xcd/0x250 [ 224.993923][ T9434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.999843][ T9434] RIP: 0033:0x7fbbb7f85d19 [ 225.004346][ T9434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.023987][ T9434] RSP: 002b:00007fbbb8e00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 225.032445][ T9434] RAX: ffffffffffffffda RBX: 00007fbbb8175fa0 RCX: 00007fbbb7f85d19 [ 225.040420][ T9434] RDX: 0000000000000091 RSI: 00000000200000c0 RDI: 0000000000000002 [ 225.048392][ T9434] RBP: 00007fbbb8e00090 R08: 0000000000000000 R09: 0000000000000000 [ 225.056364][ T9434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.064342][ T9434] R13: 0000000000000000 R14: 00007fbbb8175fa0 R15: 00007ffc1bb2ba18 [ 225.072344][ T9434] [ 225.091554][ T9437] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1045'. [ 225.790192][ T9449] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1048'. [ 226.148197][ T9454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1049'. [ 228.299223][ T9512] netlink: 'syz.3.1065': attribute type 8 has an invalid length. [ 228.703845][ T9521] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1068'. [ 228.755292][ T9521] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1068'. [ 228.770028][ T9527] ptrace attach of "./syz-executor exec"[5828] was attempted by ""[9527] [ 229.054714][ T9532] FAULT_INJECTION: forcing a failure. [ 229.054714][ T9532] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 229.088315][ T9532] CPU: 0 UID: 0 PID: 9532 Comm: syz.0.1072 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 229.099062][ T9532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 229.109150][ T9532] Call Trace: [ 229.112462][ T9532] [ 229.115417][ T9532] dump_stack_lvl+0x16c/0x1f0 [ 229.120142][ T9532] should_fail_ex+0x497/0x5b0 [ 229.124868][ T9532] _copy_from_user+0x2e/0xd0 [ 229.129507][ T9532] do_sock_getsockopt+0x319/0x870 [ 229.134588][ T9532] ? trace_lock_acquire+0x140/0x1f0 [ 229.139833][ T9532] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 229.145437][ T9532] ? lock_acquire+0x2f/0xb0 [ 229.149989][ T9532] ? __fget_files+0x40/0x3a0 [ 229.154632][ T9532] ? __fget_files+0x206/0x3a0 [ 229.159452][ T9532] __sys_getsockopt+0x12f/0x260 [ 229.164364][ T9532] __x64_sys_getsockopt+0xbd/0x160 [ 229.169524][ T9532] ? do_syscall_64+0x91/0x250 [ 229.174245][ T9532] ? lockdep_hardirqs_on+0x7c/0x110 [ 229.179491][ T9532] do_syscall_64+0xcd/0x250 [ 229.184042][ T9532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.189979][ T9532] RIP: 0033:0x7faec1385d19 [ 229.194425][ T9532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.214081][ T9532] RSP: 002b:00007faec21c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 229.222535][ T9532] RAX: ffffffffffffffda RBX: 00007faec1575fa0 RCX: 00007faec1385d19 [ 229.230623][ T9532] RDX: 0000000000000483 RSI: 0000000000000000 RDI: 0000000000000003 [ 229.238633][ T9532] RBP: 00007faec21c5090 R08: 0000000020000040 R09: 0000000000000000 [ 229.246643][ T9532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 229.254742][ T9532] R13: 0000000000000000 R14: 00007faec1575fa0 R15: 00007fffe275f618 [ 229.262764][ T9532] [ 229.265891][ C0] vkms_vblank_simulate: vblank timer overrun [ 229.611934][ T9544] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1077'. [ 230.039352][ T9550] Process accounting resumed [ 230.080961][ T9559] netlink: 'syz.0.1088': attribute type 4 has an invalid length. [ 230.107313][ T9550] kernel write not supported for file /tomoyo/query (pid: 9550 comm: syz.1.1078) [ 230.484449][ T9578] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[9578] [ 230.705857][ T9553] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 230.716644][ T9553] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 230.728912][ T9553] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 230.739095][ T9553] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 230.745711][ T9553] Process accounting paused [ 230.953866][ T9572] kernel write not supported for file /tomoyo/query (pid: 9572 comm: syz.1.1082) [ 231.370967][ T9604] FAULT_INJECTION: forcing a failure. [ 231.370967][ T9604] name failslab, interval 1, probability 0, space 0, times 0 [ 231.387387][ T9604] CPU: 1 UID: 0 PID: 9604 Comm: syz.0.1096 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 231.398129][ T9604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 231.408229][ T9604] Call Trace: [ 231.411624][ T9604] [ 231.414588][ T9604] dump_stack_lvl+0x16c/0x1f0 [ 231.419312][ T9604] should_fail_ex+0x497/0x5b0 [ 231.424036][ T9604] ? fs_reclaim_acquire+0xae/0x150 [ 231.429206][ T9604] should_failslab+0xc2/0x120 [ 231.433933][ T9604] __kmalloc_noprof+0xce/0x4f0 [ 231.438750][ T9604] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 231.444423][ T9604] ? tomoyo_realpath_from_path+0xbf/0x710 [ 231.450200][ T9604] tomoyo_realpath_from_path+0xbf/0x710 [ 231.455797][ T9604] ? tomoyo_path_number_perm+0x235/0x5b0 [ 231.461484][ T9604] tomoyo_path_number_perm+0x248/0x5b0 [ 231.466997][ T9604] ? tomoyo_path_number_perm+0x235/0x5b0 [ 231.472697][ T9604] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 231.478767][ T9604] ? __pfx_lock_release+0x10/0x10 [ 231.483848][ T9604] ? trace_lock_acquire+0x14e/0x1f0 [ 231.489104][ T9604] ? lock_acquire+0x2f/0xb0 [ 231.493648][ T9604] ? __fget_files+0x40/0x3a0 [ 231.498293][ T9604] ? __fget_files+0x206/0x3a0 [ 231.503201][ T9604] security_file_ioctl+0x9b/0x240 [ 231.508273][ T9604] __x64_sys_ioctl+0xb7/0x200 [ 231.513057][ T9604] do_syscall_64+0xcd/0x250 [ 231.517659][ T9604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.523667][ T9604] RIP: 0033:0x7faec1385d19 [ 231.528119][ T9604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.547785][ T9604] RSP: 002b:00007faec21c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 231.556264][ T9604] RAX: ffffffffffffffda RBX: 00007faec1575fa0 RCX: 00007faec1385d19 [ 231.564282][ T9604] RDX: 0000000000005c8d RSI: 00000000400454d1 RDI: 00000000000000c8 [ 231.572292][ T9604] RBP: 00007faec21c5090 R08: 0000000000000000 R09: 0000000000000000 [ 231.580307][ T9604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.588316][ T9604] R13: 0000000000000000 R14: 00007faec1575fa0 R15: 00007fffe275f618 [ 231.596357][ T9604] [ 231.609868][ T9604] ERROR: Out of memory at tomoyo_realpath_from_path. [ 232.021571][ T9597] kernel write not supported for file /tomoyo/query (pid: 9597 comm: syz.1.1091) [ 232.064875][ T9536] kernel write not supported for file /tomoyo/query (pid: 9536 comm: syz.1.1068) [ 232.429809][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 232.779869][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 232.780404][ T5144] Bluetooth: hci2: command 0x0c1a tx timeout [ 232.785924][ T5836] Bluetooth: hci0: command 0x0c1a tx timeout [ 232.947101][ T9631] kernel write not supported for file /tomoyo/query (pid: 9631 comm: syz.1.1098) [ 233.277908][ T9614] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 233.310209][ T9614] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 233.316308][ T9614] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 233.381059][ T9614] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 233.552271][ T9614] kernel write not supported for file /tomoyo/query (pid: 9614 comm: syz.1.1098) [ 233.749230][ T9649] h: entered promiscuous mode [ 233.780430][ T9646] kernel write not supported for file /tomoyo/query (pid: 9646 comm: syz.1.1108) [ 233.939289][ T9655] kernel write not supported for file /tomoyo/query (pid: 9655 comm: syz.1.1111) [ 234.040465][ T9664] kernel write not supported for file /tomoyo/query (pid: 9664 comm: syz.1.1114) [ 234.206273][ T9668] kernel write not supported for file /tomoyo/query (pid: 9668 comm: syz.1.1115) [ 234.349462][ T9680] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1116'. [ 234.399170][ T9680] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.475202][ T9680] bridge_slave_1 (unregistering): left allmulticast mode [ 234.489925][ T9680] bridge_slave_1 (unregistering): left promiscuous mode [ 234.507924][ T9680] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.850226][ T9693] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1123'. [ 234.939939][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 235.135849][ T9713] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1129'. [ 235.293937][ T9714] warn_unsupported: 4 callbacks suppressed [ 235.293959][ T9714] kernel write not supported for file /tomoyo/query (pid: 9714 comm: syz.1.1130) [ 235.339897][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 235.339950][ T5144] Bluetooth: hci0: command 0x0c1a tx timeout [ 235.421833][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout [ 235.506945][ T5144] Bluetooth: hci3: unexpected event 0x04 length: 49 > 10 [ 235.506988][ T5144] Bluetooth: unknown link type 102 [ 235.520398][ T5144] Bluetooth: hci3: connection err: -111 [ 235.552602][ T9713] bond0: (slave bond_slave_0): Releasing backup interface [ 235.798378][ T9733] kernel write not supported for file /tomoyo/query (pid: 9733 comm: syz.1.1134) [ 236.574956][ T9737] kernel write not supported for file /tomoyo/query (pid: 9737 comm: syz.1.1135) [ 236.781017][ T9749] GUP no longer grows the stack in syz.3.1139 (9749): 5000-401000 (4000) [ 236.794257][ T9751] kernel write not supported for file /tomoyo/query (pid: 9751 comm: syz.1.1140) [ 236.823702][ T9749] CPU: 0 UID: 0 PID: 9749 Comm: syz.3.1139 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 236.834452][ T9749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 236.844549][ T9749] Call Trace: [ 236.847862][ T9749] [ 236.850825][ T9749] dump_stack_lvl+0x16c/0x1f0 [ 236.855556][ T9749] gup_vma_lookup+0x1d2/0x220 [ 236.860297][ T9749] __get_user_pages+0x236/0x3b50 [ 236.865285][ T9749] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 236.870883][ T9749] ? __gup_longterm_locked+0x123/0x1870 [ 236.876489][ T9749] ? __gup_longterm_locked+0x123/0x1870 [ 236.882094][ T9749] ? __pfx___get_user_pages+0x10/0x10 [ 236.887511][ T9749] ? down_read_killable+0xcc/0x380 [ 236.892682][ T9749] ? __pfx_down_read_killable+0x10/0x10 [ 236.898291][ T9749] ? find_held_lock+0x2d/0x110 [ 236.903110][ T9749] __gup_longterm_locked+0x211/0x1870 [ 236.908534][ T9749] ? __pfx_lock_release+0x10/0x10 [ 236.913616][ T9749] ? trace_lock_acquire+0x14e/0x1f0 [ 236.918880][ T9749] ? __pfx___gup_longterm_locked+0x10/0x10 [ 236.924742][ T9749] ? gup_fast_fallback+0x84c/0x2690 [ 236.930005][ T9749] ? __pfx_lock_release+0x10/0x10 [ 236.935115][ T9749] ? try_get_folio+0x517/0x800 [ 236.939929][ T9749] ? sanity_check_pinned_pages+0x3ab/0x11e0 [ 236.944579][ T9757] FAULT_INJECTION: forcing a failure. [ 236.944579][ T9757] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.945856][ T9749] gup_fast_fallback+0x1802/0x2690 [ 236.964056][ T9749] ? __pfx_gup_fast_fallback+0x10/0x10 [ 236.969655][ T9749] ? __kasan_kmalloc+0xaa/0xb0 [ 236.974482][ T9749] ? __pfx_mark_lock+0x10/0x10 [ 236.979310][ T9749] ? find_held_lock+0x2d/0x110 [ 236.984139][ T9749] pin_user_pages_fast+0xa8/0x100 [ 236.989223][ T9749] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 236.995003][ T9749] iov_iter_extract_pages+0x3a5/0x2010 [ 237.000523][ T9749] ? xfs_defer_relog+0x9d/0xa70 [ 237.005419][ T9749] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 237.011365][ T9749] ? lock_acquire.part.0+0x11b/0x380 [ 237.016698][ T9749] ? find_held_lock+0x2d/0x110 [ 237.021522][ T9749] ? find_held_lock+0x2d/0x110 [ 237.026334][ T9749] bio_iov_iter_get_pages+0x37c/0x1100 [ 237.031852][ T9749] ? _raw_spin_unlock+0x28/0x50 [ 237.036774][ T9749] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 237.042734][ T9749] __blkdev_direct_IO_simple+0x318/0x7c0 [ 237.048420][ T9749] ? __pfx___blkdev_direct_IO_simple+0x10/0x10 [ 237.054652][ T9749] ? rcu_is_watching+0x12/0xc0 [ 237.059473][ T9749] ? trace_inode_set_ctime_to_ts+0x17f/0x1f0 [ 237.065534][ T9749] ? iov_iter_is_aligned+0xf2/0x5a0 [ 237.070790][ T9749] ? iov_iter_npages+0xf0/0x5a0 [ 237.075690][ T9749] blkdev_direct_IO+0xa1c/0x1ad0 [ 237.080702][ T9749] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 237.086114][ T9749] ? rcu_is_watching+0x12/0xc0 [ 237.090927][ T9749] ? __mark_inode_dirty+0x2a5/0xe50 [ 237.096166][ T9749] ? filemap_check_errors+0xa9/0x160 [ 237.101514][ T9749] blkdev_write_iter+0x6f9/0xd40 [ 237.106499][ T9749] vfs_write+0x5ae/0x1150 [ 237.110874][ T9749] ? __pfx_blkdev_write_iter+0x10/0x10 [ 237.116378][ T9749] ? __pfx_vfs_write+0x10/0x10 [ 237.121180][ T9749] ? do_futex+0x123/0x350 [ 237.125562][ T9749] ? __fget_files+0x40/0x3a0 [ 237.130214][ T9749] ksys_write+0x12b/0x250 [ 237.134585][ T9749] ? __pfx_ksys_write+0x10/0x10 [ 237.139485][ T9749] do_syscall_64+0xcd/0x250 [ 237.144028][ T9749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.149970][ T9749] RIP: 0033:0x7f2203585d19 [ 237.154420][ T9749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.174071][ T9749] RSP: 002b:00007f2204380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 237.182534][ T9749] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f2203585d19 [ 237.190548][ T9749] RDX: 00000000fffffffc RSI: 0000000000000000 RDI: 0000000000000005 [ 237.198541][ T9749] RBP: 00007f2203601a20 R08: 0000000000000000 R09: 0000000000000000 [ 237.206544][ T9749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 237.214564][ T9749] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 237.222593][ T9749] [ 237.225657][ T9757] CPU: 1 UID: 0 PID: 9757 Comm: syz.2.1143 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 237.236375][ T9757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 237.246550][ T9757] Call Trace: [ 237.249838][ T9757] [ 237.252769][ T9757] dump_stack_lvl+0x16c/0x1f0 [ 237.257456][ T9757] should_fail_ex+0x497/0x5b0 [ 237.262145][ T9757] _copy_to_user+0x32/0xd0 [ 237.266572][ T9757] simple_read_from_buffer+0xd0/0x160 [ 237.271965][ T9757] proc_fail_nth_read+0x198/0x270 [ 237.277009][ T9757] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 237.282577][ T9757] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 237.288140][ T9757] vfs_read+0x1df/0xbe0 [ 237.292303][ T9757] ? __fget_files+0x1fc/0x3a0 [ 237.296991][ T9757] ? __pfx___mutex_lock+0x10/0x10 [ 237.302025][ T9757] ? __pfx_vfs_read+0x10/0x10 [ 237.306722][ T9757] ? __fget_files+0x206/0x3a0 [ 237.311500][ T9757] ksys_read+0x12b/0x250 [ 237.315749][ T9757] ? __pfx_ksys_read+0x10/0x10 [ 237.320527][ T9757] do_syscall_64+0xcd/0x250 [ 237.325038][ T9757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.330940][ T9757] RIP: 0033:0x7fbbb7f8472c [ 237.335357][ T9757] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 237.354974][ T9757] RSP: 002b:00007fbbb8e00030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 237.363398][ T9757] RAX: ffffffffffffffda RBX: 00007fbbb8175fa0 RCX: 00007fbbb7f8472c [ 237.371378][ T9757] RDX: 000000000000000f RSI: 00007fbbb8e000a0 RDI: 0000000000000004 [ 237.379356][ T9757] RBP: 00007fbbb8e00090 R08: 0000000000000000 R09: 0000000000000000 [ 237.387339][ T9757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 237.395315][ T9757] R13: 0000000000000000 R14: 00007fbbb8175fa0 R15: 00007ffc1bb2ba18 [ 237.403306][ T9757] [ 237.488996][ T9758] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1142'. [ 237.779624][ T9755] kernel write not supported for file /tomoyo/query (pid: 9755 comm: syz.1.1142) [ 238.279226][ T9768] kernel write not supported for file /tomoyo/query (pid: 9768 comm: syz.1.1148) [ 238.434935][ T29] audit: type=1800 audit(8277292112.639:47): pid=9788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1153" name="features" dev="configfs" ino=22564 res=0 errno=0 [ 238.505308][ T9787] kernel write not supported for file /tomoyo/query (pid: 9787 comm: syz.1.1153) [ 238.704076][ T9790] kernel write not supported for file /tomoyo/query (pid: 9790 comm: syz.1.1154) [ 238.863894][ T9795] kernel write not supported for file /tomoyo/query (pid: 9795 comm: syz.1.1156) [ 239.067160][ T9799] kernel write not supported for file /tomoyo/query (pid: 9799 comm: syz.1.1157) [ 239.438319][ T9817] FAULT_INJECTION: forcing a failure. [ 239.438319][ T9817] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.466112][ T9817] CPU: 0 UID: 0 PID: 9817 Comm: syz.0.1162 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 239.476864][ T9817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 239.486953][ T9817] Call Trace: [ 239.490257][ T9817] [ 239.493205][ T9817] dump_stack_lvl+0x16c/0x1f0 [ 239.497915][ T9817] should_fail_ex+0x497/0x5b0 [ 239.502631][ T9817] _copy_from_user+0x2e/0xd0 [ 239.507260][ T9817] set_user_sigmask+0xad/0x2a0 [ 239.512061][ T9817] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 239.518073][ T9817] ? __pfx_set_user_sigmask+0x10/0x10 [ 239.523483][ T9817] ? __fget_files+0x206/0x3a0 [ 239.528198][ T9817] __x64_sys_ppoll+0x1dc/0x2d0 [ 239.533013][ T9817] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 239.538331][ T9817] ? ksys_write+0x1ba/0x250 [ 239.542870][ T9817] ? __pfx_ksys_write+0x10/0x10 [ 239.547763][ T9817] do_syscall_64+0xcd/0x250 [ 239.552303][ T9817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.558240][ T9817] RIP: 0033:0x7faec1385d19 [ 239.562680][ T9817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.582329][ T9817] RSP: 002b:00007faec21c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 239.590793][ T9817] RAX: ffffffffffffffda RBX: 00007faec1575fa0 RCX: 00007faec1385d19 [ 239.598799][ T9817] RDX: 0000000000000000 RSI: 000000000000007f RDI: 0000000020000140 [ 239.606817][ T9817] RBP: 00007faec21c5090 R08: 0000000000000008 R09: 0000000000000000 [ 239.614826][ T9817] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000001 [ 239.622834][ T9817] R13: 0000000000000000 R14: 00007faec1575fa0 R15: 00007fffe275f618 [ 239.630854][ T9817] [ 239.945726][ T9826] FAULT_INJECTION: forcing a failure. [ 239.945726][ T9826] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.989974][ T9826] CPU: 0 UID: 0 PID: 9826 Comm: syz.1.1167 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 240.000719][ T9826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 240.010807][ T9826] Call Trace: [ 240.014135][ T9826] [ 240.017087][ T9826] dump_stack_lvl+0x16c/0x1f0 [ 240.021805][ T9826] should_fail_ex+0x497/0x5b0 [ 240.026532][ T9826] _copy_from_user+0x2e/0xd0 [ 240.031167][ T9826] copy_msghdr_from_user+0x99/0x160 [ 240.036415][ T9826] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 240.042287][ T9826] ___sys_sendmsg+0xff/0x1e0 [ 240.046933][ T9826] ? __pfx____sys_sendmsg+0x10/0x10 [ 240.052186][ T9826] ? __pfx_lock_release+0x10/0x10 [ 240.057282][ T9826] ? trace_lock_acquire+0x14e/0x1f0 [ 240.062537][ T9826] ? __fget_files+0x206/0x3a0 [ 240.067264][ T9826] __sys_sendmsg+0x16e/0x220 [ 240.071909][ T9826] ? __pfx___sys_sendmsg+0x10/0x10 [ 240.077084][ T9826] do_syscall_64+0xcd/0x250 [ 240.081637][ T9826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.087567][ T9826] RIP: 0033:0x7f4342f85d19 [ 240.092016][ T9826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.111662][ T9826] RSP: 002b:00007f4343e3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 240.120118][ T9826] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f85d19 [ 240.128124][ T9826] RDX: 0000000000040810 RSI: 0000000020000280 RDI: 0000000000000003 [ 240.136132][ T9826] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 240.144141][ T9826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.152149][ T9826] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 240.160173][ T9826] [ 240.305172][ T9826] warn_unsupported: 2 callbacks suppressed [ 240.305195][ T9826] kernel write not supported for file /tomoyo/query (pid: 9826 comm: syz.1.1167) [ 240.496719][ T9839] FAULT_INJECTION: forcing a failure. [ 240.496719][ T9839] name failslab, interval 1, probability 0, space 0, times 0 [ 240.521076][ T9837] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1172'. [ 240.561612][ T9839] CPU: 0 UID: 0 PID: 9839 Comm: syz.0.1174 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 240.572466][ T9839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 240.582735][ T9839] Call Trace: [ 240.586043][ T9839] [ 240.589007][ T9839] dump_stack_lvl+0x16c/0x1f0 [ 240.593733][ T9839] should_fail_ex+0x497/0x5b0 [ 240.598456][ T9839] ? fs_reclaim_acquire+0xae/0x150 [ 240.603611][ T9839] should_failslab+0xc2/0x120 [ 240.608334][ T9839] __kmalloc_noprof+0xce/0x4f0 [ 240.613143][ T9839] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 240.618812][ T9839] ? tomoyo_realpath_from_path+0xbf/0x710 [ 240.624584][ T9839] tomoyo_realpath_from_path+0xbf/0x710 [ 240.630181][ T9839] ? tomoyo_path_number_perm+0x235/0x5b0 [ 240.635865][ T9839] tomoyo_path_number_perm+0x248/0x5b0 [ 240.641377][ T9839] ? tomoyo_path_number_perm+0x235/0x5b0 [ 240.647089][ T9839] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 240.653157][ T9839] ? __pfx_lock_release+0x10/0x10 [ 240.658240][ T9839] ? trace_lock_acquire+0x14e/0x1f0 [ 240.663501][ T9839] ? lock_acquire+0x2f/0xb0 [ 240.668052][ T9839] ? __fget_files+0x40/0x3a0 [ 240.672692][ T9839] ? __fget_files+0x206/0x3a0 [ 240.677420][ T9839] security_file_ioctl+0x9b/0x240 [ 240.682491][ T9839] __x64_sys_ioctl+0xb7/0x200 [ 240.687225][ T9839] do_syscall_64+0xcd/0x250 [ 240.691783][ T9839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.697724][ T9839] RIP: 0033:0x7faec1385d19 [ 240.702178][ T9839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.721826][ T9839] RSP: 002b:00007faec21c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 240.730290][ T9839] RAX: ffffffffffffffda RBX: 00007faec1575fa0 RCX: 00007faec1385d19 [ 240.738304][ T9839] RDX: fffffffffffff4e0 RSI: 000000000000541b RDI: 0000000000000003 [ 240.746314][ T9839] RBP: 00007faec21c5090 R08: 0000000000000000 R09: 0000000000000000 [ 240.754322][ T9839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.762443][ T9839] R13: 0000000000000000 R14: 00007faec1575fa0 R15: 00007fffe275f618 [ 240.770472][ T9839] [ 240.789636][ T9837] kernel write not supported for file /tomoyo/query (pid: 9837 comm: syz.1.1172) [ 240.829883][ T9839] ERROR: Out of memory at tomoyo_realpath_from_path. [ 240.905185][ T9845] netlink: 'syz.1.1175': attribute type 21 has an invalid length. [ 240.930151][ T9845] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1175'. [ 240.990548][ T9845] kernel write not supported for file /tomoyo/query (pid: 9845 comm: syz.1.1175) [ 241.216671][ T9849] kernel write not supported for file /tomoyo/query (pid: 9849 comm: syz.1.1178) [ 241.485446][ T9862] kernel write not supported for file /tomoyo/query (pid: 9862 comm: syz.1.1181) [ 241.708312][ T9865] kernel write not supported for file /tomoyo/query (pid: 9865 comm: syz.1.1184) [ 242.159284][ T9872] kernel write not supported for file /tomoyo/query (pid: 9872 comm: syz.1.1186) [ 242.296761][ T9873] kernel write not supported for file /tomoyo/query (pid: 9873 comm: syz.1.1186) [ 242.385875][ T9881] [U] [ 242.388662][ T9881] [U] [ 242.391403][ T9881] [U] [ 242.394144][ T9881] [U] [ 242.426708][ T9881] [U] [ 242.429493][ T9881] [U] [ 242.432240][ T9881] [U] [ 242.434980][ T9881] [U] [ 242.478048][ T9879] [U] [ 242.569668][ T9881] kernel write not supported for file /tomoyo/query (pid: 9881 comm: syz.1.1189) [ 242.652342][ T9888] [U] [ 242.655114][ T9888] [U] [ 242.657850][ T9888] [U] [ 242.660587][ T9888] [U] [ 242.681189][ T9888] [U] [ 242.683962][ T9888] [U] [ 242.686691][ T9888] [U] [ 242.689426][ T9888] [U] [ 242.708593][ T9887] [U] [ 242.792557][ T9890] kernel write not supported for file /tomoyo/query (pid: 9890 comm: syz.1.1193) [ 242.806180][ T9894] FAULT_INJECTION: forcing a failure. [ 242.806180][ T9894] name failslab, interval 1, probability 0, space 0, times 0 [ 242.885514][ T9894] CPU: 1 UID: 0 PID: 9894 Comm: syz.2.1191 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 242.896261][ T9894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 242.896708][ T9898] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1195'. [ 242.906332][ T9894] Call Trace: [ 242.906379][ T9894] [ 242.906390][ T9894] dump_stack_lvl+0x16c/0x1f0 [ 242.906423][ T9894] should_fail_ex+0x497/0x5b0 [ 242.906449][ T9894] ? fs_reclaim_acquire+0xae/0x150 [ 242.906477][ T9894] should_failslab+0xc2/0x120 [ 242.906510][ T9894] __kmalloc_node_noprof+0xd1/0x520 [ 242.906540][ T9894] ? file_tty_write.constprop.0+0x281/0x9a0 [ 242.906572][ T9894] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 242.906610][ T9894] __kvmalloc_node_noprof+0xad/0x1a0 [ 242.906641][ T9894] file_tty_write.constprop.0+0x6dd/0x9a0 [ 242.959333][ T9898] : renamed from gre0 (while UP) [ 242.963152][ T9894] ? security_file_permission+0x71/0x210 [ 242.963193][ T9894] vfs_write+0x5ae/0x1150 [ 242.963220][ T9894] ? __pfx_tty_write+0x10/0x10 [ 242.988753][ T9894] ? __pfx_vfs_write+0x10/0x10 [ 242.993570][ T9894] ? __fget_files+0x40/0x3a0 [ 242.998224][ T9894] ksys_write+0x12b/0x250 [ 243.002595][ T9894] ? __pfx_ksys_write+0x10/0x10 [ 243.007514][ T9894] do_syscall_64+0xcd/0x250 [ 243.012071][ T9894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.018016][ T9894] RIP: 0033:0x7fbbb7f85d19 [ 243.022476][ T9894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.042132][ T9894] RSP: 002b:00007fbbb8e00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 243.050607][ T9894] RAX: ffffffffffffffda RBX: 00007fbbb8175fa0 RCX: 00007fbbb7f85d19 [ 243.058617][ T9894] RDX: 000000000000effd RSI: 0000000000000000 RDI: 0000000000000004 [ 243.066626][ T9894] RBP: 00007fbbb8e00090 R08: 0000000000000000 R09: 0000000000000000 [ 243.074643][ T9894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.082673][ T9894] R13: 0000000000000000 R14: 00007fbbb8175fa0 R15: 00007ffc1bb2ba18 [ 243.090794][ T9894] [ 243.471705][ T9915] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1202'. [ 243.481956][ T9915] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1202'. [ 243.998471][ T9929] FAULT_INJECTION: forcing a failure. [ 243.998471][ T9929] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.033034][ T9929] CPU: 0 UID: 0 PID: 9929 Comm: syz.1.1206 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 244.043782][ T9929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 244.053881][ T9929] Call Trace: [ 244.057184][ T9929] [ 244.060150][ T9929] dump_stack_lvl+0x16c/0x1f0 [ 244.064880][ T9929] should_fail_ex+0x497/0x5b0 [ 244.069609][ T9929] _copy_from_user+0x2e/0xd0 [ 244.074250][ T9929] do_sock_getsockopt+0x319/0x870 [ 244.079328][ T9929] ? trace_lock_acquire+0x140/0x1f0 [ 244.084577][ T9929] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 244.090170][ T9929] ? lock_acquire+0x2f/0xb0 [ 244.094710][ T9929] ? __fget_files+0x40/0x3a0 [ 244.099337][ T9929] ? __fget_files+0x206/0x3a0 [ 244.104056][ T9929] __sys_getsockopt+0x12f/0x260 [ 244.108968][ T9929] __x64_sys_getsockopt+0xbd/0x160 [ 244.114184][ T9929] ? do_syscall_64+0x91/0x250 [ 244.118912][ T9929] ? lockdep_hardirqs_on+0x7c/0x110 [ 244.124159][ T9929] do_syscall_64+0xcd/0x250 [ 244.128714][ T9929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.134670][ T9929] RIP: 0033:0x7f4342f85d19 [ 244.139117][ T9929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.158766][ T9929] RSP: 002b:00007f4343e3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 244.167195][ T9929] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f85d19 [ 244.175172][ T9929] RDX: 000000000000003f RSI: 0000200000000001 RDI: 0000000000000003 [ 244.183325][ T9929] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 244.191301][ T9929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.199278][ T9929] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 244.207270][ T9929] [ 244.784792][ T9948] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1214'. [ 245.044231][ T9954] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1216'. [ 245.198198][ T9952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1214'. [ 245.375067][ T9960] warn_unsupported: 9 callbacks suppressed [ 245.375090][ T9960] kernel write not supported for file /tomoyo/query (pid: 9960 comm: syz.1.1218) [ 245.508785][ T9964] kernel write not supported for file /tomoyo/query (pid: 9964 comm: syz.1.1219) [ 245.666370][ T9968] kernel write not supported for file /tomoyo/query (pid: 9968 comm: syz.1.1221) [ 245.787532][ T9971] kernel write not supported for file /tomoyo/query (pid: 9971 comm: syz.1.1224) [ 245.896172][ T9982] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1225'. [ 245.972919][ T9982] kernel write not supported for file /tomoyo/query (pid: 9982 comm: syz.1.1225) [ 246.868660][T10011] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1235'. [ 246.994266][ T9998] kernel write not supported for file /tomoyo/query (pid: 9998 comm: syz.1.1229) [ 247.952831][T10060] block nbd0: Unsupported socket: shutdown callout must be supported. [ 248.062900][T10022] kernel write not supported for file /tomoyo/query (pid: 10022 comm: syz.1.1239) [ 248.155715][T10067] FAULT_INJECTION: forcing a failure. [ 248.155715][T10067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 248.203776][T10067] CPU: 0 UID: 0 PID: 10067 Comm: syz.3.1253 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 248.214620][T10067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 248.224714][T10067] Call Trace: [ 248.228016][T10067] [ 248.230976][T10067] dump_stack_lvl+0x16c/0x1f0 [ 248.235700][T10067] should_fail_ex+0x497/0x5b0 [ 248.240427][T10067] _copy_to_iter+0x4a5/0x1400 [ 248.245157][T10067] ? __pfx_seq_printf+0x10/0x10 [ 248.250052][T10067] ? __pfx__copy_to_iter+0x10/0x10 [ 248.255213][T10067] ? __virt_addr_valid+0x1a4/0x590 [ 248.260388][T10067] ? __virt_addr_valid+0x5e/0x590 [ 248.265910][T10067] ? __phys_addr_symbol+0x30/0x80 [ 248.270984][T10067] ? __check_object_size+0x488/0x710 [ 248.276335][T10067] seq_read_iter+0xd00/0x12b0 [ 248.281074][T10067] seq_read+0x39f/0x4e0 [ 248.285274][T10067] ? __pfx_seq_read+0x10/0x10 [ 248.290013][T10067] full_proxy_read+0xfb/0x1b0 [ 248.294726][T10067] ? __pfx_full_proxy_read+0x10/0x10 [ 248.300117][T10067] vfs_read+0x1df/0xbe0 [ 248.304286][T10067] ? __fget_files+0x1fc/0x3a0 [ 248.308981][T10067] ? __pfx___mutex_lock+0x10/0x10 [ 248.314019][T10067] ? __pfx_vfs_read+0x10/0x10 [ 248.318713][T10067] ? __fget_files+0x206/0x3a0 [ 248.323410][T10067] ksys_read+0x12b/0x250 [ 248.327660][T10067] ? __pfx_ksys_read+0x10/0x10 [ 248.332449][T10067] do_syscall_64+0xcd/0x250 [ 248.336977][T10067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.342886][T10067] RIP: 0033:0x7f2203585d19 [ 248.347309][T10067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.366924][T10067] RSP: 002b:00007f2204380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 248.375371][T10067] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f2203585d19 [ 248.383361][T10067] RDX: 0000000000000024 RSI: 0000000020000080 RDI: 0000000000000003 [ 248.391358][T10067] RBP: 00007f2204380090 R08: 0000000000000000 R09: 0000000000000000 [ 248.399344][T10067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 248.407428][T10067] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 248.415454][T10067] [ 248.418792][ C0] vkms_vblank_simulate: vblank timer overrun [ 248.675572][T10069] kernel write not supported for file /tomoyo/query (pid: 10069 comm: syz.1.1254) [ 248.937902][T10078] kernel write not supported for file /tomoyo/query (pid: 10078 comm: syz.1.1257) [ 249.271345][T10086] kernel write not supported for file /tomoyo/query (pid: 10086 comm: syz.1.1259) [ 250.398759][T10109] warn_unsupported: 2 callbacks suppressed [ 250.398781][T10109] kernel write not supported for file /tomoyo/query (pid: 10109 comm: syz.1.1267) [ 251.331151][T10115] kernel write not supported for file /tomoyo/query (pid: 10115 comm: syz.1.1270) [ 253.114698][T10071] kernel write not supported for file /tomoyo/query (pid: 10071 comm: syz.1.1254) [ 254.260764][T10135] kernel write not supported for file /tomoyo/query (pid: 10135 comm: syz.1.1275) [ 254.438033][T10180] kernel write not supported for file /tomoyo/query (pid: 10180 comm: syz.1.1288) [ 254.689957][T10185] kernel write not supported for file /tomoyo/query (pid: 10185 comm: syz.1.1290) [ 254.814331][T10189] kernel write not supported for file /tomoyo/query (pid: 10189 comm: syz.1.1291) [ 254.943559][T10190] kernel write not supported for file /tomoyo/query (pid: 10190 comm: syz.1.1292) [ 255.043301][T10194] kernel write not supported for file /tomoyo/query (pid: 10194 comm: syz.1.1295) [ 255.235439][T10205] kernel write not supported for file /tomoyo/query (pid: 10205 comm: syz.1.1296) [ 255.412799][T10211] kernel write not supported for file /tomoyo/query (pid: 10211 comm: syz.1.1299) [ 255.639254][T10214] kernel write not supported for file /tomoyo/query (pid: 10214 comm: syz.1.1300) [ 256.001812][T10223] kernel write not supported for file /tomoyo/query (pid: 10223 comm: syz.1.1302) [ 256.070233][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.076584][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.126051][T10231] ptrace attach of "./syz-executor exec"[5827] was attempted by ""[10231] [ 256.418508][T10230] kernel write not supported for file /tomoyo/query (pid: 10230 comm: syz.1.1307) [ 256.483187][T10250] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1313'. [ 256.631504][T10252] kernel write not supported for file /tomoyo/query (pid: 10252 comm: syz.1.1313) [ 256.682783][T10255] kernel write not supported for file /tomoyo/query (pid: 10255 comm: syz.1.1314) [ 257.596848][T10258] kernel write not supported for file /tomoyo/query (pid: 10258 comm: syz.1.1315) [ 257.742272][ T29] audit: type=1806 audit(8277292131.949:48): xattr="" res=-22 [ 257.905339][T10280] kernel write not supported for file /tomoyo/query (pid: 10280 comm: syz.1.1325) [ 257.969173][T10289] netlink: Unknown conntrack attr (0) [ 258.080408][T10293] openvswitch: netlink: nsh attr 160 is out of range max 3 [ 258.190980][T10292] kernel write not supported for file /tomoyo/query (pid: 10292 comm: syz.1.1329) [ 258.376068][T10300] kernel write not supported for file /tomoyo/query (pid: 10300 comm: syz.1.1332) [ 258.547275][T10311] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1336'. [ 258.913106][T10317] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1337'. [ 261.475913][T10359] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1350'. [ 261.551815][T10359] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1350'. [ 262.204205][T10371] delete_channel: no stack [ 262.785485][T10383] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd31 [ 262.788333][T10339] Process accounting paused [ 264.635281][T10422] FAULT_INJECTION: forcing a failure. [ 264.635281][T10422] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.692766][T10422] CPU: 0 UID: 0 PID: 10422 Comm: syz.1.1369 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 264.703604][T10422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 264.713694][T10422] Call Trace: [ 264.717010][T10422] [ 264.719971][T10422] dump_stack_lvl+0x16c/0x1f0 [ 264.724667][T10422] should_fail_ex+0x497/0x5b0 [ 264.729358][T10422] _copy_from_user+0x2e/0xd0 [ 264.733963][T10422] copy_msghdr_from_user+0x99/0x160 [ 264.739173][T10422] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 264.744998][T10422] ___sys_sendmsg+0xff/0x1e0 [ 264.749686][T10422] ? __pfx____sys_sendmsg+0x10/0x10 [ 264.754918][T10422] ? __pfx_lock_release+0x10/0x10 [ 264.760081][T10422] ? trace_lock_acquire+0x14e/0x1f0 [ 264.765349][T10422] ? __fget_files+0x206/0x3a0 [ 264.770047][T10422] __sys_sendmsg+0x16e/0x220 [ 264.774652][T10422] ? __pfx___sys_sendmsg+0x10/0x10 [ 264.779793][T10422] do_syscall_64+0xcd/0x250 [ 264.784339][T10422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.790257][T10422] RIP: 0033:0x7f4342f85d19 [ 264.794679][T10422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.814296][T10422] RSP: 002b:00007f4343e3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 264.822727][T10422] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f85d19 [ 264.830723][T10422] RDX: 0000000000040000 RSI: 0000000020000240 RDI: 0000000000000003 [ 264.839143][T10422] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 264.847132][T10422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.855199][T10422] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 264.863199][T10422] [ 265.003345][T10424] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1370'. [ 265.024974][T10424] macsec0: entered promiscuous mode [ 268.525828][ T5144] Bluetooth: hci2: unexpected event 0x04 length: 49 > 10 [ 268.525871][ T5144] Bluetooth: unknown link type 233 [ 268.538833][ T5144] Bluetooth: hci2: connection err: -111 [ 269.132996][T10518] mkiss: ax0: crc mode is auto. [ 269.398755][T10522] FAULT_INJECTION: forcing a failure. [ 269.398755][T10522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.426686][T10522] CPU: 0 UID: 0 PID: 10522 Comm: syz.3.1395 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 269.437511][T10522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 269.447595][T10522] Call Trace: [ 269.450896][T10522] [ 269.453847][T10522] dump_stack_lvl+0x16c/0x1f0 [ 269.458562][T10522] should_fail_ex+0x497/0x5b0 [ 269.463290][T10522] _copy_from_user+0x2e/0xd0 [ 269.467932][T10522] copy_msghdr_from_user+0x99/0x160 [ 269.473169][T10522] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 269.479025][T10522] ___sys_sendmsg+0xff/0x1e0 [ 269.483647][T10522] ? __pfx____sys_sendmsg+0x10/0x10 [ 269.488891][T10522] ? __pfx_lock_release+0x10/0x10 [ 269.493951][T10522] ? trace_lock_acquire+0x14e/0x1f0 [ 269.499190][T10522] ? __fget_files+0x206/0x3a0 [ 269.503905][T10522] __sys_sendmsg+0x16e/0x220 [ 269.508529][T10522] ? __pfx___sys_sendmsg+0x10/0x10 [ 269.513690][T10522] do_syscall_64+0xcd/0x250 [ 269.518399][T10522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.524498][T10522] RIP: 0033:0x7f2203585d19 [ 269.528935][T10522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.548575][T10522] RSP: 002b:00007f2204380038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 269.557027][T10522] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f2203585d19 [ 269.565077][T10522] RDX: 0000000000040000 RSI: 0000000020000240 RDI: 0000000000000003 [ 269.573084][T10522] RBP: 00007f2204380090 R08: 0000000000000000 R09: 0000000000000000 [ 269.581087][T10522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.589087][T10522] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 269.597195][T10522] [ 270.502956][T10543] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1402'. [ 270.527634][T10550] FAULT_INJECTION: forcing a failure. [ 270.527634][T10550] name failslab, interval 1, probability 0, space 0, times 0 [ 270.545117][T10550] CPU: 0 UID: 0 PID: 10550 Comm: syz.2.1404 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 270.556118][T10550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 270.566182][T10550] Call Trace: [ 270.569462][T10550] [ 270.572405][T10550] dump_stack_lvl+0x16c/0x1f0 [ 270.577095][T10550] should_fail_ex+0x497/0x5b0 [ 270.581780][T10550] ? fs_reclaim_acquire+0xae/0x150 [ 270.586926][T10550] should_failslab+0xc2/0x120 [ 270.591645][T10550] __kmalloc_noprof+0xce/0x4f0 [ 270.596519][T10550] ? d_absolute_path+0x137/0x1b0 [ 270.601478][T10550] ? tomoyo_encode2+0x100/0x3e0 [ 270.606345][T10550] tomoyo_encode2+0x100/0x3e0 [ 270.611060][T10550] tomoyo_realpath_from_path+0x1a7/0x710 [ 270.616712][T10550] tomoyo_path_number_perm+0x248/0x5b0 [ 270.622186][T10550] ? tomoyo_path_number_perm+0x235/0x5b0 [ 270.627838][T10550] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 270.633856][T10550] ? __pfx_lock_release+0x10/0x10 [ 270.638897][T10550] ? trace_lock_acquire+0x14e/0x1f0 [ 270.644117][T10550] ? lock_acquire+0x2f/0xb0 [ 270.648624][T10550] ? __fget_files+0x40/0x3a0 [ 270.653225][T10550] ? __fget_files+0x206/0x3a0 [ 270.657916][T10550] security_file_ioctl+0x9b/0x240 [ 270.662953][T10550] __x64_sys_ioctl+0xb7/0x200 [ 270.667649][T10550] do_syscall_64+0xcd/0x250 [ 270.672168][T10550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.678069][T10550] RIP: 0033:0x7fbbb7f85d19 [ 270.682492][T10550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.702113][T10550] RSP: 002b:00007fbbb8e00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 270.710532][T10550] RAX: ffffffffffffffda RBX: 00007fbbb8175fa0 RCX: 00007fbbb7f85d19 [ 270.718517][T10550] RDX: 000000000000007f RSI: 000000000000541b RDI: 0000000000000003 [ 270.726489][T10550] RBP: 00007fbbb8e00090 R08: 0000000000000000 R09: 0000000000000000 [ 270.734460][T10550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.742436][T10550] R13: 0000000000000000 R14: 00007fbbb8175fa0 R15: 00007ffc1bb2ba18 [ 270.750424][T10550] [ 270.856992][T10550] ERROR: Out of memory at tomoyo_realpath_from_path. [ 271.066340][T10561] FAULT_INJECTION: forcing a failure. [ 271.066340][T10561] name failslab, interval 1, probability 0, space 0, times 0 [ 271.110049][T10561] CPU: 0 UID: 0 PID: 10561 Comm: syz.1.1409 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 271.120893][T10561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 271.130989][T10561] Call Trace: [ 271.134295][T10561] [ 271.137272][T10561] dump_stack_lvl+0x16c/0x1f0 [ 271.142012][T10561] should_fail_ex+0x497/0x5b0 [ 271.146729][T10561] ? fs_reclaim_acquire+0xae/0x150 [ 271.151881][T10561] should_failslab+0xc2/0x120 [ 271.156605][T10561] __kmalloc_noprof+0xce/0x4f0 [ 271.161413][T10561] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 271.167089][T10561] ? tomoyo_realpath_from_path+0xbf/0x710 [ 271.172860][T10561] tomoyo_realpath_from_path+0xbf/0x710 [ 271.178450][T10561] ? tomoyo_path_number_perm+0x235/0x5b0 [ 271.184138][T10561] tomoyo_path_number_perm+0x248/0x5b0 [ 271.189654][T10561] ? tomoyo_path_number_perm+0x235/0x5b0 [ 271.195345][T10561] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 271.201411][T10561] ? __pfx_lock_release+0x10/0x10 [ 271.206491][T10561] ? trace_lock_acquire+0x14e/0x1f0 [ 271.211753][T10561] ? lock_acquire+0x2f/0xb0 [ 271.216274][T10561] ? __fget_files+0x40/0x3a0 [ 271.220886][T10561] ? __fget_files+0x206/0x3a0 [ 271.225577][T10561] security_file_ioctl+0x9b/0x240 [ 271.230645][T10561] __x64_sys_ioctl+0xb7/0x200 [ 271.235358][T10561] do_syscall_64+0xcd/0x250 [ 271.239872][T10561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.245783][T10561] RIP: 0033:0x7f4342f85d19 [ 271.250202][T10561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.269815][T10561] RSP: 002b:00007f4343e3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 271.278243][T10561] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f85d19 [ 271.286220][T10561] RDX: 0000000000000008 RSI: 0000000000000004 RDI: 0000000000000003 [ 271.294194][T10561] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 271.302255][T10561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 271.310233][T10561] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 271.318220][T10561] [ 271.389018][T10561] ERROR: Out of memory at tomoyo_realpath_from_path. [ 271.798068][T10578] ima: policy update failed [ 271.805368][ T29] audit: type=1802 audit(8277292146.009:49): pid=10578 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1413" res=0 errno=0 [ 273.311802][T10620] FAULT_INJECTION: forcing a failure. [ 273.311802][T10620] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 273.358657][T10620] CPU: 0 UID: 0 PID: 10620 Comm: syz.1.1421 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 273.369494][T10620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 273.379587][T10620] Call Trace: [ 273.383067][T10620] [ 273.386029][T10620] dump_stack_lvl+0x16c/0x1f0 [ 273.390750][T10620] should_fail_ex+0x497/0x5b0 [ 273.395467][T10620] ? fs_reclaim_acquire+0xae/0x150 [ 273.400619][T10620] should_fail_alloc_page+0xe7/0x130 [ 273.405960][T10620] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 273.412162][T10620] __alloc_pages_noprof+0x190/0x25b0 [ 273.417496][T10620] ? __pfx_mark_lock+0x10/0x10 [ 273.422314][T10620] ? find_held_lock+0x2d/0x110 [ 273.427122][T10620] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 273.432917][T10620] ? __pfx___lock_acquire+0x10/0x10 [ 273.438160][T10620] ? __pfx___lock_acquire+0x10/0x10 [ 273.443407][T10620] ___kmalloc_large_node+0x84/0x1b0 [ 273.448643][T10620] __kmalloc_large_noprof+0x1c/0x70 [ 273.453897][T10620] nsim_dev_take_snapshot_write+0xa7/0x1f0 [ 273.459764][T10620] ? __pfx_nsim_dev_take_snapshot_write+0x10/0x10 [ 273.466229][T10620] ? rcu_is_watching+0x12/0xc0 [ 273.471124][T10620] ? trace_lock_acquire+0x14e/0x1f0 [ 273.476380][T10620] full_proxy_write+0xfb/0x1b0 [ 273.481188][T10620] ? __pfx_full_proxy_write+0x10/0x10 [ 273.486601][T10620] vfs_write+0x24c/0x1150 [ 273.490973][T10620] ? __fget_files+0x1fc/0x3a0 [ 273.495691][T10620] ? __pfx___mutex_lock+0x10/0x10 [ 273.500759][T10620] ? __pfx_vfs_write+0x10/0x10 [ 273.505571][T10620] ? __fget_files+0x206/0x3a0 [ 273.510295][T10620] ksys_write+0x12b/0x250 [ 273.514663][T10620] ? __pfx_ksys_write+0x10/0x10 [ 273.519564][T10620] do_syscall_64+0xcd/0x250 [ 273.524108][T10620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.530075][T10620] RIP: 0033:0x7f4342f85d19 [ 273.534527][T10620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.554177][T10620] RSP: 002b:00007f4343e3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 273.562635][T10620] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f85d19 [ 273.570733][T10620] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 273.578815][T10620] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 273.586836][T10620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.594856][T10620] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 273.602891][T10620] [ 274.150702][T10642] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1426'. [ 274.788851][T10647] netlink: 'syz.2.1429': attribute type 1 has an invalid length. [ 275.401376][T10666] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1435'. [ 276.160386][T10687] netlink: 'syz.1.1442': attribute type 1 has an invalid length. [ 278.466995][T10739] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1458'. [ 279.549265][T10767] svc: failed to register nfsdv3 RPC service (errno 22). [ 279.561352][T10767] svc: failed to register nfsaclv3 RPC service (errno 22). [ 279.701671][T10768] could not allocate digest TFM handle binfmt_misc [ 281.040834][T10806] FAULT_INJECTION: forcing a failure. [ 281.040834][T10806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 281.112400][T10806] CPU: 0 UID: 0 PID: 10806 Comm: syz.2.1479 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 281.123237][T10806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 281.133331][T10806] Call Trace: [ 281.136648][T10806] [ 281.139606][T10806] dump_stack_lvl+0x16c/0x1f0 [ 281.144325][T10806] should_fail_ex+0x497/0x5b0 [ 281.149066][T10806] _copy_from_user+0x2e/0xd0 [ 281.153701][T10806] copy_msghdr_from_user+0x99/0x160 [ 281.158944][T10806] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 281.164812][T10806] ? __lock_acquire+0xcc5/0x3c40 [ 281.169810][T10806] ___sys_sendmsg+0xff/0x1e0 [ 281.174446][T10806] ? __pfx____sys_sendmsg+0x10/0x10 [ 281.179700][T10806] ? trace_lock_acquire+0x14e/0x1f0 [ 281.184955][T10806] __sys_sendmmsg+0x201/0x420 [ 281.189672][T10806] ? __pfx___sys_sendmmsg+0x10/0x10 [ 281.194916][T10806] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 281.200946][T10806] ? fput+0x67/0x440 [ 281.204888][T10806] ? ksys_write+0x1ba/0x250 [ 281.209431][T10806] ? __pfx_ksys_write+0x10/0x10 [ 281.214324][T10806] __x64_sys_sendmmsg+0x9c/0x100 [ 281.219308][T10806] ? lockdep_hardirqs_on+0x7c/0x110 [ 281.224547][T10806] do_syscall_64+0xcd/0x250 [ 281.229092][T10806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.235026][T10806] RIP: 0033:0x7fbbb7f85d19 [ 281.239475][T10806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.259129][T10806] RSP: 002b:00007fbbb8e00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 281.267587][T10806] RAX: ffffffffffffffda RBX: 00007fbbb8175fa0 RCX: 00007fbbb7f85d19 [ 281.275595][T10806] RDX: 0000000000000003 RSI: 0000000020000080 RDI: 0000000000000003 [ 281.283599][T10806] RBP: 00007fbbb8e00090 R08: 0000000000000000 R09: 0000000000000000 [ 281.291616][T10806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.299632][T10806] R13: 0000000000000000 R14: 00007fbbb8175fa0 R15: 00007ffc1bb2ba18 [ 281.307659][T10806] [ 281.480788][T10816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1483'. [ 281.507974][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1483'. [ 284.399630][T10866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1496'. [ 284.410305][T10866] netlink: 222 bytes leftover after parsing attributes in process `syz.1.1496'. [ 284.719127][T10869] netlink: zone id is out of range [ 284.756827][T10869] netlink: set zone limit has 8 unknown bytes [ 285.065388][T10869] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1497'. [ 285.909449][ T5144] Bluetooth: hci1: SCO packet for unknown connection handle 16 [ 286.265014][T10897] IPVS: length: 11322 != 8 [ 287.769947][T10937] netlink: zone id is out of range [ 287.809901][T10937] netlink: zone id is out of range [ 287.815071][T10937] netlink: zone id is out of range [ 287.909818][T10937] netlink: zone id is out of range [ 287.915006][T10937] netlink: zone id is out of range [ 288.006014][T10937] netlink: zone id is out of range [ 288.042980][T10937] netlink: zone id is out of range [ 288.088889][T10937] netlink: zone id is out of range [ 293.954386][T11057] FAULT_INJECTION: forcing a failure. [ 293.954386][T11057] name failslab, interval 1, probability 0, space 0, times 0 [ 294.026858][T11057] CPU: 0 UID: 0 PID: 11057 Comm: syz.3.1542 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 294.037786][T11057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 294.047881][T11057] Call Trace: [ 294.051199][T11057] [ 294.054518][T11057] dump_stack_lvl+0x16c/0x1f0 [ 294.059242][T11057] should_fail_ex+0x497/0x5b0 [ 294.063969][T11057] ? fs_reclaim_acquire+0xae/0x150 [ 294.069124][T11057] should_failslab+0xc2/0x120 [ 294.073853][T11057] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 294.079279][T11057] ? getname_flags.part.0+0x4c/0x550 [ 294.084616][T11057] ? vfs_write+0x306/0x1150 [ 294.089165][T11057] getname_flags.part.0+0x4c/0x550 [ 294.094330][T11057] getname+0x8d/0xe0 [ 294.098263][T11057] do_sys_openat2+0x104/0x1e0 [ 294.102986][T11057] ? __pfx_do_sys_openat2+0x10/0x10 [ 294.108234][T11057] ? __fget_files+0x206/0x3a0 [ 294.112976][T11057] __x64_sys_openat+0x175/0x210 [ 294.117870][T11057] ? __pfx___x64_sys_openat+0x10/0x10 [ 294.123288][T11057] ? ksys_write+0x1ba/0x250 [ 294.128101][T11057] do_syscall_64+0xcd/0x250 [ 294.132646][T11057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.138593][T11057] RIP: 0033:0x7f2203585d19 [ 294.143044][T11057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.162692][T11057] RSP: 002b:00007f2204380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 294.171253][T11057] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f2203585d19 [ 294.179345][T11057] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 294.187445][T11057] RBP: 00007f2204380090 R08: 0000000000000000 R09: 0000000000000000 [ 294.195458][T11057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.203469][T11057] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 294.211500][T11057] [ 296.822456][T11104] netlink: 'syz.1.1554': attribute type 1 has an invalid length. [ 297.485836][T11121] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1557'. [ 298.620549][T11136] net_ratelimit: 28 callbacks suppressed [ 298.620573][T11136] openvswitch: netlink: Port -2134900732 exceeds max allowable 65535 [ 298.845488][T11146] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1566'. [ 300.020495][T11169] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1575'. [ 301.200431][T11210] openvswitch: netlink: IP tunnel dst address not specified [ 301.223455][T11211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1587'. [ 304.828850][T11318] FAULT_INJECTION: forcing a failure. [ 304.828850][T11318] name failslab, interval 1, probability 0, space 0, times 0 [ 304.909906][T11318] CPU: 0 UID: 0 PID: 11318 Comm: syz.3.1623 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 304.920785][T11318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 304.931053][T11318] Call Trace: [ 304.934354][T11318] [ 304.937309][T11318] dump_stack_lvl+0x16c/0x1f0 [ 304.942033][T11318] should_fail_ex+0x497/0x5b0 [ 304.946750][T11318] ? fs_reclaim_acquire+0xae/0x150 [ 304.951897][T11318] should_failslab+0xc2/0x120 [ 304.956626][T11318] __kmalloc_noprof+0xce/0x4f0 [ 304.961455][T11318] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 304.967129][T11318] ? tomoyo_realpath_from_path+0xbf/0x710 [ 304.972893][T11318] tomoyo_realpath_from_path+0xbf/0x710 [ 304.978461][T11318] ? tomoyo_path_number_perm+0x235/0x5b0 [ 304.984115][T11318] tomoyo_path_number_perm+0x248/0x5b0 [ 304.989593][T11318] ? tomoyo_path_number_perm+0x235/0x5b0 [ 304.995253][T11318] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 305.001282][T11318] ? __pfx_lock_release+0x10/0x10 [ 305.006323][T11318] ? trace_lock_acquire+0x14e/0x1f0 [ 305.011534][T11318] ? lock_acquire+0x2f/0xb0 [ 305.016041][T11318] ? __fget_files+0x40/0x3a0 [ 305.020650][T11318] ? __fget_files+0x206/0x3a0 [ 305.025342][T11318] security_file_ioctl+0x9b/0x240 [ 305.030382][T11318] __x64_sys_ioctl+0xb7/0x200 [ 305.035079][T11318] do_syscall_64+0xcd/0x250 [ 305.039600][T11318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.045500][T11318] RIP: 0033:0x7f2203585d19 [ 305.049926][T11318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.069545][T11318] RSP: 002b:00007f2204380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 305.077977][T11318] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f2203585d19 [ 305.085958][T11318] RDX: 0000000000000004 RSI: 0000000000000720 RDI: 0000000000000003 [ 305.093934][T11318] RBP: 00007f2204380090 R08: 0000000000000000 R09: 0000000000000000 [ 305.101911][T11318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.109884][T11318] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 305.117876][T11318] [ 305.135690][T11318] ERROR: Out of memory at tomoyo_realpath_from_path. [ 305.620125][ T5144] Bluetooth: hci1: unexpected event 0x04 length: 49 > 10 [ 306.128661][T11349] FAULT_INJECTION: forcing a failure. [ 306.128661][T11349] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.179791][T11349] CPU: 1 UID: 0 PID: 11349 Comm: syz.0.1636 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 306.190623][T11349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 306.200685][T11349] Call Trace: [ 306.203964][T11349] [ 306.206900][T11349] dump_stack_lvl+0x16c/0x1f0 [ 306.211589][T11349] should_fail_ex+0x497/0x5b0 [ 306.216278][T11349] _copy_from_user+0x2e/0xd0 [ 306.220882][T11349] copy_msghdr_from_user+0x99/0x160 [ 306.226091][T11349] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 306.231909][T11349] ? __lock_acquire+0xcc5/0x3c40 [ 306.236880][T11349] ___sys_sendmsg+0xff/0x1e0 [ 306.241484][T11349] ? __pfx____sys_sendmsg+0x10/0x10 [ 306.246706][T11349] ? trace_lock_acquire+0x14e/0x1f0 [ 306.251931][T11349] __sys_sendmmsg+0x201/0x420 [ 306.256649][T11349] ? __pfx___sys_sendmmsg+0x10/0x10 [ 306.261867][T11349] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 306.267865][T11349] ? fput+0x67/0x440 [ 306.271773][T11349] ? ksys_write+0x1ba/0x250 [ 306.276289][T11349] ? __pfx_ksys_write+0x10/0x10 [ 306.281146][T11349] __x64_sys_sendmmsg+0x9c/0x100 [ 306.286093][T11349] ? lockdep_hardirqs_on+0x7c/0x110 [ 306.291298][T11349] do_syscall_64+0xcd/0x250 [ 306.295817][T11349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.301744][T11349] RIP: 0033:0x7faec1385d19 [ 306.306164][T11349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.325777][T11349] RSP: 002b:00007faec21c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 306.334199][T11349] RAX: ffffffffffffffda RBX: 00007faec1575fa0 RCX: 00007faec1385d19 [ 306.342172][T11349] RDX: 0000000000000008 RSI: 0000000020000300 RDI: 0000000000000003 [ 306.350144][T11349] RBP: 00007faec21c5090 R08: 0000000000000000 R09: 0000000000000000 [ 306.358117][T11349] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000001 [ 306.366089][T11349] R13: 0000000000000000 R14: 00007faec1575fa0 R15: 00007fffe275f618 [ 306.374078][T11349] [ 306.727773][T11362] tipc: Started in network mode [ 306.734144][T11362] tipc: Node identity ffffffff, cluster identity 4711 [ 306.759837][T11362] tipc: Node number set to 4294967295 [ 306.860491][T11368] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1642'. [ 306.872925][T11368] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1642'. [ 307.019057][T11376] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1645'. [ 307.034717][T11376] bridge0: port 3(batadv0) entered disabled state [ 307.394612][T11395] FAULT_INJECTION: forcing a failure. [ 307.394612][T11395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 307.419830][T11395] CPU: 0 UID: 0 PID: 11395 Comm: syz.3.1653 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 307.430660][T11395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 307.440749][T11395] Call Trace: [ 307.444059][T11395] [ 307.447011][T11395] dump_stack_lvl+0x16c/0x1f0 [ 307.451732][T11395] should_fail_ex+0x497/0x5b0 [ 307.456470][T11395] _copy_to_user+0x32/0xd0 [ 307.460931][T11395] simple_read_from_buffer+0xd0/0x160 [ 307.466348][T11395] proc_fail_nth_read+0x198/0x270 [ 307.471427][T11395] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 307.477016][T11395] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 307.482599][T11395] vfs_read+0x1df/0xbe0 [ 307.486771][T11395] ? __fget_files+0x1fc/0x3a0 [ 307.491463][T11395] ? __pfx___mutex_lock+0x10/0x10 [ 307.496495][T11395] ? __pfx_vfs_read+0x10/0x10 [ 307.501185][T11395] ? __fget_files+0x206/0x3a0 [ 307.505880][T11395] ksys_read+0x12b/0x250 [ 307.510130][T11395] ? __pfx_ksys_read+0x10/0x10 [ 307.514908][T11395] do_syscall_64+0xcd/0x250 [ 307.519423][T11395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.525329][T11395] RIP: 0033:0x7f220358472c [ 307.529753][T11395] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 307.549380][T11395] RSP: 002b:00007f2204380030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 307.557808][T11395] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f220358472c [ 307.565784][T11395] RDX: 000000000000000f RSI: 00007f22043800a0 RDI: 0000000000000004 [ 307.573777][T11395] RBP: 00007f2204380090 R08: 0000000000000000 R09: 0000000000000000 [ 307.581767][T11395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.589775][T11395] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 307.597770][T11395] [ 307.613504][T11359] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 307.628429][T11359] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 307.634952][T11359] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 307.641816][T11359] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 307.867918][T11402] netlink: 8244 bytes leftover after parsing attributes in process `syz.1.1656'. [ 308.108929][T11418] FAULT_INJECTION: forcing a failure. [ 308.108929][T11418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.146130][T11418] CPU: 0 UID: 0 PID: 11418 Comm: syz.0.1661 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 308.156959][T11418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 308.167044][T11418] Call Trace: [ 308.170343][T11418] [ 308.173292][T11418] dump_stack_lvl+0x16c/0x1f0 [ 308.177999][T11418] should_fail_ex+0x497/0x5b0 [ 308.182715][T11418] _copy_to_user+0x32/0xd0 [ 308.187158][T11418] simple_read_from_buffer+0xd0/0x160 [ 308.192556][T11418] proc_fail_nth_read+0x198/0x270 [ 308.197623][T11418] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 308.203214][T11418] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 308.208905][T11418] vfs_read+0x1df/0xbe0 [ 308.213107][T11418] ? __fget_files+0x1fc/0x3a0 [ 308.217819][T11418] ? __pfx___mutex_lock+0x10/0x10 [ 308.222880][T11418] ? __pfx_vfs_read+0x10/0x10 [ 308.227614][T11418] ? __fget_files+0x206/0x3a0 [ 308.232346][T11418] ksys_read+0x12b/0x250 [ 308.236718][T11418] ? __pfx_ksys_read+0x10/0x10 [ 308.241539][T11418] do_syscall_64+0xcd/0x250 [ 308.246173][T11418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.252117][T11418] RIP: 0033:0x7faec138472c [ 308.256573][T11418] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 308.276224][T11418] RSP: 002b:00007faec21c5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 308.284692][T11418] RAX: ffffffffffffffda RBX: 00007faec1575fa0 RCX: 00007faec138472c [ 308.292703][T11418] RDX: 000000000000000f RSI: 00007faec21c50a0 RDI: 0000000000000004 [ 308.300712][T11418] RBP: 00007faec21c5090 R08: 0000000000000000 R09: 0000000000000000 [ 308.308717][T11418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.316725][T11418] R13: 0000000000000000 R14: 00007faec1575fa0 R15: 00007fffe275f618 [ 308.324758][T11418] [ 308.860039][ T5144] Bluetooth: hci1: command 0x0c1a tx timeout [ 309.102229][T11444] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1671'. [ 309.120387][T11444] veth1_macvtap: left promiscuous mode [ 309.561119][T11462] kAFS: No cell specified [ 309.660028][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout [ 309.666182][ T5144] Bluetooth: hci2: command 0x0c1a tx timeout [ 309.673073][ T5144] Bluetooth: hci0: command 0x0c1a tx timeout [ 309.748430][T11447] delete_channel: no stack [ 309.995128][T11472] kAFS: No cell specified [ 310.549537][T11488] Process accounting resumed [ 310.641030][T11490] bridge0: port 2(team0) entered blocking state [ 310.662840][T11490] bridge0: port 2(team0) entered disabled state [ 310.730066][T11490] team0: entered allmulticast mode [ 310.735269][T11490] team_slave_0: entered allmulticast mode [ 310.763672][T11490] team_slave_1: entered allmulticast mode [ 310.798330][T11490] team0: entered promiscuous mode [ 310.820163][T11490] team_slave_0: entered promiscuous mode [ 310.826064][T11490] team_slave_1: entered promiscuous mode [ 310.849802][T11497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1686'. [ 311.108344][T11503] aoe: copy from user failed [ 311.121014][T11503] aoe: could not set interface list: too many interfaces [ 311.483975][ T29] audit: type=1800 audit(8277292045.520:50): pid=11517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1692" name="dbroot" dev="configfs" ino=29315 res=0 errno=0 [ 311.974333][T11523] Process accounting resumed [ 311.978997][T11523] warn_unsupported: 2 callbacks suppressed [ 311.979012][T11523] kernel write not supported for file /tomoyo/query (pid: 11523 comm: syz.1.1694) [ 312.592703][T11541] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1700'. [ 313.389960][T11528] kernel write not supported for file /tomoyo/query (pid: 11528 comm: syz.1.1697) [ 313.735943][T11557] kernel write not supported for file /tomoyo/query (pid: 11557 comm: syz.1.1702) [ 313.918741][T11567] netlink: 122 bytes leftover after parsing attributes in process `syz.0.1707'. [ 313.958311][T11567] netlink: 122 bytes leftover after parsing attributes in process `syz.0.1707'. [ 314.099125][T11572] HSR: entered promiscuous mode [ 314.277903][T11577] can: request_module (can-proto-0) failed. [ 314.509390][T11576] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1710'. [ 314.595633][T11584] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1712'. [ 314.735175][T11564] kernel write not supported for file /tomoyo/query (pid: 11564 comm: syz.1.1706) [ 315.191645][T11599] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1716'. [ 315.246919][T11585] kernel write not supported for file /tomoyo/query (pid: 11585 comm: syz.1.1714) [ 315.484634][T11603] kernel write not supported for file /tomoyo/query (pid: 11603 comm: syz.1.1719) [ 315.565746][T11609] kernel write not supported for file /tomoyo/query (pid: 11609 comm: syz.1.1721) [ 315.582063][T11599] bond0: (slave bond_slave_0): Releasing backup interface [ 315.797027][T11612] kernel write not supported for file /tomoyo/query (pid: 11612 comm: syz.1.1722) [ 316.239143][T11619] kernel write not supported for file /tomoyo/query (pid: 11619 comm: syz.1.1724) [ 316.577051][T11630] kernel write not supported for file /tomoyo/query (pid: 11630 comm: syz.1.1728) [ 317.273297][T11636] kernel write not supported for file /tomoyo/query (pid: 11636 comm: syz.1.1730) [ 317.447221][T11649] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1736'. [ 317.510160][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.516504][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.593116][T11650] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1736'. [ 317.688346][T11651] kernel write not supported for file /tomoyo/query (pid: 11651 comm: syz.1.1737) [ 317.919755][ T29] audit: type=1326 audit(4294967300.950:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11660 comm="syz.1.1740" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4342f85d19 code=0x0 [ 318.822708][T11666] kernel write not supported for file /tomoyo/query (pid: 11666 comm: syz.1.1740) [ 318.962289][ T29] audit: type=1326 audit(4294967302.000:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11674 comm="syz.3.1743" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2203585d19 code=0x0 [ 319.066929][T11681] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1743'. [ 319.112749][T11679] netlink: 'syz.1.1745': attribute type 1 has an invalid length. [ 319.419283][T11676] kernel write not supported for file /tomoyo/query (pid: 11676 comm: syz.1.1745) [ 319.661925][T11614] kernel write not supported for file /tomoyo/query (pid: 11614 comm: syz.1.1722) [ 319.818446][T11690] kernel write not supported for file /tomoyo/query (pid: 11690 comm: syz.1.1747) [ 320.080965][T11697] kernel write not supported for file /tomoyo/query (pid: 11697 comm: syz.1.1752) [ 320.233613][T11703] kernel write not supported for file /tomoyo/query (pid: 11703 comm: syz.1.1752) [ 320.261604][T11707] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1753'. [ 320.334368][T11711] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1753'. [ 320.460583][T11710] kernel write not supported for file /tomoyo/query (pid: 11710 comm: syz.1.1755) [ 321.145496][T11727] kernel write not supported for file /tomoyo/query (pid: 11727 comm: syz.1.1756) [ 321.610585][T11746] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1763'. [ 322.275470][T11773] openvswitch: netlink: Key 32 has unexpected len 8 expected 2 [ 322.490579][T11769] warn_unsupported: 4 callbacks suppressed [ 322.490601][T11769] kernel write not supported for file /tomoyo/query (pid: 11769 comm: syz.1.1770) [ 323.600972][T11784] kernel write not supported for file /tomoyo/query (pid: 11784 comm: syz.1.1775) [ 323.785159][T11804] program syz.3.1779 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 324.131742][T11805] kernel write not supported for file /tomoyo/query (pid: 11805 comm: syz.1.1780) [ 324.571556][T11819] kernel write not supported for file /tomoyo/query (pid: 11819 comm: syz.1.1783) [ 324.830150][T11825] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1785'. [ 324.934204][T11832] kAFS: No cell specified [ 325.092355][T11825] kernel write not supported for file /tomoyo/query (pid: 11825 comm: syz.1.1785) [ 325.311860][T11837] kernel write not supported for file /tomoyo/query (pid: 11837 comm: syz.1.1790) [ 326.221981][T11858] kernel write not supported for file /tomoyo/query (pid: 11858 comm: syz.1.1793) [ 326.360430][T11861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1795'. [ 326.479609][T11861] kernel write not supported for file /tomoyo/query (pid: 11861 comm: syz.1.1795) [ 326.950257][T11866] kernel write not supported for file /tomoyo/query (pid: 11866 comm: syz.1.1798) [ 327.199966][T11881] netlink: 'syz.3.1802': attribute type 2 has an invalid length. [ 327.304718][T11884] can: request_module (can-proto-0) failed. [ 327.565936][T11879] kernel write not supported for file /tomoyo/query (pid: 11879 comm: syz.1.1801) [ 327.585780][T11892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1805'. [ 327.722626][T11895] kernel write not supported for file /tomoyo/query (pid: 11895 comm: syz.1.1807) [ 327.893064][T11902] kernel write not supported for file /tomoyo/query (pid: 11902 comm: syz.1.1810) [ 328.426256][T11913] kernel write not supported for file /tomoyo/query (pid: 11913 comm: syz.1.1811) [ 328.479256][T11923] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1815'. [ 328.489446][T11923] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 328.497458][T11923] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 328.689610][T11932] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1817'. [ 329.082426][T11942] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1822'. [ 329.170350][T11945] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1823'. [ 329.185921][T11945] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1823'. [ 329.211688][T11945] netlink: 'syz.2.1823': attribute type 1 has an invalid length. [ 329.219503][T11945] netlink: 'syz.2.1823': attribute type 1 has an invalid length. [ 329.245454][T11945] netlink: 'syz.2.1823': attribute type 8 has an invalid length. [ 329.255412][T11945] netlink: 'syz.2.1823': attribute type 9 has an invalid length. [ 329.266301][T11945] netlink: 162 bytes leftover after parsing attributes in process `syz.2.1823'. [ 329.347398][T11924] kernel write not supported for file /tomoyo/query (pid: 11924 comm: syz.1.1816) [ 329.553171][T11960] kernel write not supported for file /tomoyo/query (pid: 11960 comm: syz.1.1825) [ 329.575308][T11959] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1825'. [ 330.347502][T11953] kernel write not supported for file /tomoyo/query (pid: 11953 comm: syz.1.1825) [ 330.458322][T11984] random: crng reseeded on system resumption [ 331.336738][T11985] kernel write not supported for file /tomoyo/query (pid: 11985 comm: syz.1.1835) [ 331.488001][T12004] kernel write not supported for file /tomoyo/query (pid: 12004 comm: syz.1.1842) [ 331.577467][T12008] kernel write not supported for file /tomoyo/query (pid: 12008 comm: syz.1.1844) [ 331.676843][T12013] __nla_validate_parse: 1 callbacks suppressed [ 331.676866][T12013] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1845'. [ 332.365582][T12026] binder: 12024:12026 ioctl 40046205 800000000000003 returned -22 [ 332.593608][T12027] warn_unsupported: 2 callbacks suppressed [ 332.593628][T12027] kernel write not supported for file /tomoyo/query (pid: 12027 comm: syz.1.1848) [ 332.737792][ T5144] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 332.755018][ T5144] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 332.775594][ T5144] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 332.792716][ T5144] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 332.801665][ T5144] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 332.809128][ T5144] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 333.108071][T12030] chnl_net:caif_netlink_parms(): no params data found [ 333.165789][T12028] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1848'. [ 333.218047][T12028] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.226796][T12028] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.236460][T12028] bridge0: entered promiscuous mode [ 333.294264][T12030] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.305683][T12030] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.323487][T12030] bridge_slave_0: entered allmulticast mode [ 333.344815][T12030] bridge_slave_0: entered promiscuous mode [ 333.366061][T12030] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.399909][T12030] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.419893][T12030] bridge_slave_1: entered allmulticast mode [ 333.449819][T12030] bridge_slave_1: entered promiscuous mode [ 333.456487][T12019] kernel write not supported for file /tomoyo/query (pid: 12019 comm: syz.1.1848) [ 333.531228][T12030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 333.553813][T12030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 333.596683][T12040] netlink: 11244 bytes leftover after parsing attributes in process `syz.1.1853'. [ 333.622599][T12040] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1853'. [ 333.625934][T12030] team0: Port device team_slave_0 added [ 333.658788][ T29] audit: type=1800 audit(4294967316.690:53): pid=12040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1853" name="members" dev="configfs" ino=31194 res=0 errno=0 [ 333.662525][T12030] team0: Port device team_slave_1 added [ 333.773677][T12041] kernel write not supported for file /tomoyo/query (pid: 12041 comm: syz.1.1853) [ 333.784953][T12030] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 333.792407][T12030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.859888][T12030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 333.881813][T12030] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 333.888813][T12030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.934083][T12030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 334.009237][T12043] kernel write not supported for file /tomoyo/query (pid: 12043 comm: syz.1.1854) [ 334.185996][T12030] hsr_slave_0: entered promiscuous mode [ 334.195365][T12030] hsr_slave_1: entered promiscuous mode [ 334.215058][T12030] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 334.224674][T12030] Cannot create hsr debugfs directory [ 334.257643][T12047] kernel write not supported for file /tomoyo/query (pid: 12047 comm: syz.1.1856) [ 334.465788][T12052] kernel write not supported for file /tomoyo/query (pid: 12052 comm: syz.1.1859) [ 334.681368][T12030] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 334.683050][T12060] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1861'. [ 334.689344][T12058] kernel write not supported for file /tomoyo/query (pid: 12058 comm: syz.1.1860) [ 334.726664][T12030] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 334.741690][T12030] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 334.802648][T12030] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 334.860568][ T5840] Bluetooth: hci0: command tx timeout [ 334.941882][T12030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 334.992334][T12030] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.028802][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.036098][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.050421][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.057623][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 335.175550][T12067] kernel write not supported for file /tomoyo/query (pid: 12067 comm: syz.1.1862) [ 335.318397][T12072] kernel write not supported for file /tomoyo/query (pid: 12072 comm: syz.1.1864) [ 335.362150][T12030] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 335.482580][T12079] kernel write not supported for file /tomoyo/query (pid: 12079 comm: syz.1.1865) [ 335.796574][T12030] veth0_vlan: entered promiscuous mode [ 335.826446][T12030] veth1_vlan: entered promiscuous mode [ 335.861151][T12030] veth0_macvtap: entered promiscuous mode [ 335.878399][T12030] veth1_macvtap: entered promiscuous mode [ 335.924987][T12030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.937667][T12030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.949266][T12030] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 335.982290][T12030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.013148][T12030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.029179][T12030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.050850][T12030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.082789][T12030] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 336.135125][T12030] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.170137][T12030] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.178927][T12030] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.206293][T12030] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.395870][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.423716][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.446886][T12111] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1870'. [ 336.490858][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.506042][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.621843][T12123] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1873'. [ 336.940501][ T5840] Bluetooth: hci0: command tx timeout [ 337.206580][T12144] FAULT_INJECTION: forcing a failure. [ 337.206580][T12144] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 337.225149][T12144] CPU: 1 UID: 0 PID: 12144 Comm: syz.3.1877 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 337.235981][T12144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 337.246070][T12144] Call Trace: [ 337.249378][T12144] [ 337.252338][T12144] dump_stack_lvl+0x16c/0x1f0 [ 337.257056][T12144] should_fail_ex+0x497/0x5b0 [ 337.261786][T12144] ? fs_reclaim_acquire+0xae/0x150 [ 337.266926][T12144] should_fail_alloc_page+0xe7/0x130 [ 337.272240][T12144] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 337.278444][T12144] __alloc_pages_noprof+0x190/0x25b0 [ 337.283786][T12144] ? hlock_class+0x4e/0x130 [ 337.288326][T12144] ? __lock_acquire+0x15a9/0x3c40 [ 337.293400][T12144] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 337.299165][T12144] ? __pfx___lock_acquire+0x10/0x10 [ 337.304420][T12144] ? lock_acquire.part.0+0x11b/0x380 [ 337.309732][T12144] ? find_held_lock+0x2d/0x110 [ 337.314511][T12144] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 337.320419][T12144] ? policy_nodemask+0xea/0x4e0 [ 337.325315][T12144] alloc_pages_mpol_noprof+0x2c9/0x610 [ 337.330818][T12144] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 337.336847][T12144] ? do_raw_spin_unlock+0x172/0x230 [ 337.342087][T12144] ? _raw_spin_unlock+0x28/0x50 [ 337.346983][T12144] ? swap_swapcount+0x13c/0x220 [ 337.351871][T12144] ? __pfx_swap_swapcount+0x10/0x10 [ 337.357111][T12144] folio_alloc_mpol_noprof+0x36/0xd0 [ 337.362446][T12144] __read_swap_cache_async+0x50a/0x660 [ 337.367953][T12144] ? __pfx___read_swap_cache_async+0x10/0x10 [ 337.373973][T12144] ? swp_swap_info+0xcf/0x130 [ 337.378697][T12144] ? __pfx_swp_swap_info+0x10/0x10 [ 337.383861][T12144] swap_cluster_readahead+0x4e2/0x740 [ 337.389272][T12144] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 337.395204][T12144] ? filemap_get_entry+0x1a8/0x3c0 [ 337.400387][T12144] ? get_vma_policy+0x248/0x3c0 [ 337.405289][T12144] swapin_readahead+0x12c/0xd60 [ 337.410188][T12144] ? get_swap_device+0x362/0x5e0 [ 337.415180][T12144] ? __pfx_swapin_readahead+0x10/0x10 [ 337.420599][T12144] ? __filemap_get_folio+0x2a5/0xaf0 [ 337.425937][T12144] ? swap_cache_get_folio+0x1e0/0x460 [ 337.431351][T12144] ? get_swap_device+0x245/0x5e0 [ 337.436334][T12144] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 337.442101][T12144] ? __pfx___lock_acquire+0x10/0x10 [ 337.447350][T12144] do_swap_page+0x680/0x5970 [ 337.451987][T12144] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 337.457657][T12144] ? rcu_is_watching+0x12/0xc0 [ 337.462467][T12144] ? trace_lock_acquire+0x14e/0x1f0 [ 337.467711][T12144] ? __pfx_do_swap_page+0x10/0x10 [ 337.472787][T12144] ? lock_acquire+0x2f/0xb0 [ 337.477326][T12144] ? __pte_offset_map+0x42/0x540 [ 337.482306][T12144] ? __pfx_default_wake_function+0x10/0x10 [ 337.488159][T12144] ? __pte_offset_map+0x1b9/0x540 [ 337.493237][T12144] __handle_mm_fault+0x1055/0x2a40 [ 337.498400][T12144] ? lock_vma_under_rcu+0x6b9/0x980 [ 337.503642][T12144] ? __pfx___handle_mm_fault+0x10/0x10 [ 337.509159][T12144] ? __mpol_put+0x2b/0x50 [ 337.513557][T12144] handle_mm_fault+0x3fa/0xaa0 [ 337.518375][T12144] do_user_addr_fault+0x60d/0x13f0 [ 337.523550][T12144] exc_page_fault+0x5c/0xc0 [ 337.528116][T12144] asm_exc_page_fault+0x26/0x30 [ 337.533012][T12144] RIP: 0033:0x7f2203585d21 [ 337.537455][T12144] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 337.557105][T12144] RSP: 002b:00007f220435f038 EFLAGS: 00010217 [ 337.563209][T12144] RAX: 0000000000000000 RBX: 00007f2203776080 RCX: 00007f2203585d19 [ 337.571211][T12144] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000 [ 337.579217][T12144] RBP: 00007f220435f090 R08: 0000000000000003 R09: 0000000000000000 [ 337.587228][T12144] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 337.595241][T12144] R13: 0000000000000000 R14: 00007f2203776080 R15: 00007ffe8ba1ce98 [ 337.603264][T12144] [ 337.644711][T12144] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 337.684287][T12156] warn_unsupported: 3 callbacks suppressed [ 337.684308][T12156] kernel write not supported for file /tomoyo/query (pid: 12156 comm: syz.1.1880) [ 337.903152][T12174] kernel write not supported for file /tomoyo/query (pid: 12174 comm: syz.1.1883) [ 337.971008][T12181] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1885'. [ 338.174087][T12186] kernel write not supported for file /tomoyo/query (pid: 12186 comm: syz.1.1887) [ 338.260235][T12191] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1890'. [ 338.295858][T12192] kernel write not supported for file /tomoyo/query (pid: 12192 comm: syz.1.1890) [ 338.357392][T12195] netlink: 'syz.1.1892': attribute type 1 has an invalid length. [ 338.406828][T12197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1891'. [ 338.417016][T12195] kernel write not supported for file /tomoyo/query (pid: 12195 comm: syz.1.1892) [ 338.514720][T12202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1895'. [ 338.547410][T12201] kernel write not supported for file /tomoyo/query (pid: 12201 comm: syz.1.1895) [ 338.635008][T12208] FAULT_INJECTION: forcing a failure. [ 338.635008][T12208] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.659598][T12208] CPU: 0 UID: 0 PID: 12208 Comm: syz.1.1897 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 338.670435][T12208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 338.680527][T12208] Call Trace: [ 338.683823][T12208] [ 338.686767][T12208] dump_stack_lvl+0x16c/0x1f0 [ 338.691485][T12208] should_fail_ex+0x497/0x5b0 [ 338.696213][T12208] _copy_from_user+0x2e/0xd0 [ 338.700854][T12208] copy_msghdr_from_user+0x99/0x160 [ 338.706094][T12208] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 338.711961][T12208] ___sys_sendmsg+0xff/0x1e0 [ 338.716591][T12208] ? __pfx____sys_sendmsg+0x10/0x10 [ 338.721851][T12208] ? __pfx_lock_release+0x10/0x10 [ 338.726915][T12208] ? trace_lock_acquire+0x14e/0x1f0 [ 338.732161][T12208] ? __fget_files+0x206/0x3a0 [ 338.736900][T12208] __sys_sendmsg+0x16e/0x220 [ 338.741534][T12208] ? __pfx___sys_sendmsg+0x10/0x10 [ 338.746703][T12208] do_syscall_64+0xcd/0x250 [ 338.751325][T12208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.757233][T12208] RIP: 0033:0x7f4342f85d19 [ 338.761669][T12208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 338.781291][T12208] RSP: 002b:00007f4343e3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 338.789719][T12208] RAX: ffffffffffffffda RBX: 00007f4343175fa0 RCX: 00007f4342f85d19 [ 338.797696][T12208] RDX: 0000000000040000 RSI: 0000000020000200 RDI: 0000000000000007 [ 338.805669][T12208] RBP: 00007f4343e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 338.813647][T12208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 338.821620][T12208] R13: 0000000000000000 R14: 00007f4343175fa0 R15: 00007fffcfd7aef8 [ 338.829612][T12208] [ 339.012880][T12208] kernel write not supported for file /tomoyo/query (pid: 12208 comm: syz.1.1897) [ 339.022824][ T5840] Bluetooth: hci0: command tx timeout [ 339.128399][T12211] kernel write not supported for file /tomoyo/query (pid: 12211 comm: syz.1.1900) [ 339.208311][T12214] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1899'. [ 339.436272][ T5144] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 339.446328][ T5144] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 339.455011][ T5144] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 339.463849][ T5144] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 339.472877][ T5144] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 339.480315][ T5144] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 339.537848][T12221] kernel write not supported for file /tomoyo/query (pid: 12221 comm: syz.1.1901) [ 340.039242][T12233] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1904'. [ 340.292936][T12225] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 340.299462][T12225] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 340.314301][T12225] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 340.321046][T12225] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 340.335302][T12225] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 340.344773][T12225] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 340.355148][T12225] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 340.367468][T12225] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 340.593625][T12219] chnl_net:caif_netlink_parms(): no params data found [ 340.763707][T12249] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1908'. [ 340.777052][T12249] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1908'. [ 340.778184][T12219] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.794317][T12219] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.802054][T12219] bridge_slave_0: entered allmulticast mode [ 340.809545][T12219] bridge_slave_0: entered promiscuous mode [ 340.817536][T12219] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.824953][T12219] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.832258][T12219] bridge_slave_1: entered allmulticast mode [ 340.839353][T12219] bridge_slave_1: entered promiscuous mode [ 340.871896][T12219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 340.883926][T12219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 340.951153][T12219] team0: Port device team_slave_0 added [ 340.959437][T12219] team0: Port device team_slave_1 added [ 341.009265][T12219] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 341.027415][T12219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.054594][T12219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 341.066866][T12252] bridge0: port 3(batadv0) entered blocking state [ 341.073576][T12252] bridge0: port 3(batadv0) entered disabled state [ 341.080577][T12252] batadv0: entered allmulticast mode [ 341.087307][T12252] batadv0: entered promiscuous mode [ 341.093395][T12252] bridge0: port 3(batadv0) entered blocking state [ 341.099956][T12252] bridge0: port 3(batadv0) entered forwarding state [ 341.108087][T12219] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 341.115733][T12219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.165188][T12219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 341.268391][T12219] hsr_slave_0: entered promiscuous mode [ 341.278815][T12219] hsr_slave_1: entered promiscuous mode [ 341.300055][T12219] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 341.323251][T12219] Cannot create hsr debugfs directory [ 341.432491][ T11] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 341.441998][ T11] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 341.715520][T12219] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 341.739980][ T5144] Bluetooth: hci1: command 0x0c1a tx timeout [ 341.767328][T12219] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 341.809424][T12219] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 341.830319][T12219] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 342.084251][T12219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 342.157571][T12219] 8021q: adding VLAN 0 to HW filter on device team0 [ 342.200528][T12121] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.207731][T12121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 342.253420][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.260640][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 342.300337][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout [ 342.382151][ T5144] Bluetooth: hci2: command 0x041b tx timeout [ 342.389876][ T5144] Bluetooth: hci0: command 0x0c1a tx timeout [ 342.533026][T12218] Process accounting paused [ 343.228871][T12219] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 343.885698][T12219] veth0_vlan: entered promiscuous mode [ 343.920912][T12219] veth1_vlan: entered promiscuous mode [ 344.014276][T12219] veth0_macvtap: entered promiscuous mode [ 344.049958][T12219] veth1_macvtap: entered promiscuous mode [ 344.112027][T12219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.142096][T12219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.171769][T12219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.215683][T12219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.251013][T12219] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 344.302680][T12219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.329882][T12219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.439841][T12219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.450923][T12219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.461618][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 344.467668][ T5840] Bluetooth: hci2: command 0x041b tx timeout [ 344.606215][T12219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.617176][T12219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.629116][T12219] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 344.654557][T12219] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.680101][T12219] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.708171][T12219] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.722285][T12219] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.927343][T12120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.989958][T12120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.032317][T12120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.057724][T12120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.217923][T12310] program syz.4.1925 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 345.924847][T12334] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1933'. [ 346.136787][T12328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1932'. [ 346.539930][ T5840] Bluetooth: hci2: command 0x041b tx timeout [ 346.546020][ T5144] Bluetooth: hci0: command 0x0c1a tx timeout [ 348.202076][T12394] futex_wake_op: syz.3.1951 tries to shift op by -1; fix this program [ 348.620116][ T5840] Bluetooth: hci2: command 0x041b tx timeout [ 348.707684][T12416] netlink: zone id is out of range [ 348.714917][T12416] netlink: zone id is out of range [ 348.723435][T12416] netlink: zone id is out of range [ 348.728595][T12416] netlink: zone id is out of range [ 348.735300][T12416] netlink: zone id is out of range [ 348.760395][T12416] netlink: zone id is out of range [ 348.765671][T12416] netlink: zone id is out of range [ 348.788911][T12416] netlink: zone id is out of range [ 348.804294][T12416] netlink: zone id is out of range [ 348.839916][T12416] netlink: zone id is out of range [ 350.699882][ T5840] Bluetooth: hci2: command 0x041b tx timeout [ 350.875942][T12469] HSR: entered promiscuous mode [ 352.257881][T12491] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1984'. [ 352.779814][ T5840] Bluetooth: hci2: command 0x041b tx timeout [ 352.937744][T12521] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1992'. [ 352.946019][T12523] block nbd12: NBD_DISCONNECT [ 352.953793][T12521] gre0: entered promiscuous mode [ 353.320648][T12535] FAULT_INJECTION: forcing a failure. [ 353.320648][T12535] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 353.354446][T12535] CPU: 0 UID: 0 PID: 12535 Comm: syz.3.1997 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 353.365283][T12535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 353.372233][T12546] netlink: 11244 bytes leftover after parsing attributes in process `syz.1.2000'. [ 353.375348][T12535] Call Trace: [ 353.375363][T12535] [ 353.375373][T12535] dump_stack_lvl+0x16c/0x1f0 [ 353.375406][T12535] should_fail_ex+0x497/0x5b0 [ 353.384957][T12546] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2000'. [ 353.387875][T12535] _copy_from_user+0x2e/0xd0 [ 353.387918][T12535] do_ipv6_setsockopt+0x99f/0x4660 [ 353.418910][T12535] ? mark_lock+0xb5/0xc60 [ 353.423296][T12535] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 353.428885][T12535] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 353.434317][T12535] ? find_held_lock+0x2d/0x110 [ 353.439150][T12535] ? __pfx___might_resched+0x10/0x10 [ 353.444496][T12535] ? aa_sk_perm+0x2f5/0xb20 [ 353.449056][T12535] ? ksys_write+0x191/0x250 [ 353.453613][T12535] ? __pfx_aa_sk_perm+0x10/0x10 [ 353.458517][T12535] ? ipv6_setsockopt+0xcb/0x170 [ 353.463417][T12535] ? sock_common_setsockopt+0x2e/0xf0 [ 353.468840][T12535] ipv6_setsockopt+0xcb/0x170 [ 353.473562][T12535] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 353.479508][T12535] do_sock_setsockopt+0x222/0x480 [ 353.484593][T12535] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 353.490199][T12535] ? lock_acquire+0x2f/0xb0 [ 353.494759][T12535] __sys_setsockopt+0x1a0/0x230 [ 353.499662][T12535] __x64_sys_setsockopt+0xbd/0x160 [ 353.504815][T12535] ? do_syscall_64+0x91/0x250 [ 353.509538][T12535] ? lockdep_hardirqs_on+0x7c/0x110 [ 353.514782][T12535] do_syscall_64+0xcd/0x250 [ 353.519380][T12535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.525320][T12535] RIP: 0033:0x7f2203585d19 [ 353.529772][T12535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.549424][T12535] RSP: 002b:00007f2204380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 353.557888][T12535] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f2203585d19 [ 353.565904][T12535] RDX: 0000000000000011 RSI: 0000000000000029 RDI: 0000000000000007 [ 353.573921][T12535] RBP: 00007f2204380090 R08: 00000000000001ff R09: 0000000000000000 [ 353.581934][T12535] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 353.589951][T12535] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 353.598064][T12535] [ 354.476468][T12584] unsupported nla_type 32969 [ 355.549576][T12629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2024'. [ 355.711697][T12631] nl80211: entered promiscuous mode [ 356.617117][ T29] audit: type=1800 audit(4294967339.620:54): pid=12649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2031" name="dbroot" dev="configfs" ino=35099 res=0 errno=0 [ 356.830352][T12641] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2027'. [ 356.947364][T12641] team0: Port device team_slave_1 removed [ 356.990634][T12656] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2033'. [ 357.013502][T12656] net_ratelimit: 7 callbacks suppressed [ 357.013525][T12656] openvswitch: netlink: Key type 4751 is out of range max 32 [ 357.039415][T12656] ------------[ cut here ]------------ [ 357.045913][T12656] skb_assert_len [ 357.057986][T12656] WARNING: CPU: 1 PID: 12656 at ./include/linux/skbuff.h:2680 __dev_queue_xmit+0x234a/0x43e0 [ 357.068472][T12656] Modules linked in: [ 357.072690][T12656] CPU: 1 UID: 0 PID: 12656 Comm: syz.3.2033 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 357.083894][T12656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 357.094783][T12656] RIP: 0010:__dev_queue_xmit+0x234a/0x43e0 [ 357.101294][T12656] Code: 3c d9 99 f8 45 84 e4 75 25 e8 52 d7 99 f8 c6 05 76 10 06 07 01 90 48 c7 c6 60 6b 7b 8c 48 c7 c7 80 3a 7b 8c e8 77 ae 5a f8 90 <0f> 0b 90 90 e8 2d d7 99 f8 44 0f b6 25 4f 10 06 07 31 ff 44 89 e6 [ 357.121058][T12656] RSP: 0018:ffffc9000445f178 EFLAGS: 00010282 [ 357.127180][T12656] RAX: 0000000000000000 RBX: ffff888034aa2000 RCX: ffffc9000cc99000 [ 357.135265][T12656] RDX: 0000000000080000 RSI: ffffffff815a16d6 RDI: 0000000000000001 [ 357.143354][T12656] RBP: ffff888034aa2010 R08: 0000000000000001 R09: 0000000000000000 [ 357.151694][T12656] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 357.159904][T12656] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888012264000 [ 357.167918][T12656] FS: 00007f22043806c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 357.176985][T12656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 357.185186][T12656] CR2: 0000000020003040 CR3: 00000000287aa000 CR4: 00000000003526f0 [ 357.194670][T12656] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 357.203274][T12656] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 357.211370][T12656] Call Trace: [ 357.214676][T12656] [ 357.217635][T12656] ? __warn+0xea/0x3c0 [ 357.221926][T12656] ? preempt_schedule_notrace+0x62/0xe0 [ 357.227518][T12656] ? __dev_queue_xmit+0x234a/0x43e0 [ 357.232809][T12656] ? report_bug+0x3c0/0x580 [ 357.237356][T12656] ? handle_bug+0x54/0xa0 [ 357.241816][T12656] ? exc_invalid_op+0x17/0x50 [ 357.246538][T12656] ? asm_exc_invalid_op+0x1a/0x20 [ 357.251715][T12656] ? __warn_printk+0x1a6/0x350 [ 357.256533][T12656] ? __dev_queue_xmit+0x234a/0x43e0 [ 357.262001][T12656] ? __dev_queue_xmit+0x2349/0x43e0 [ 357.267255][T12656] ? ___sys_sendmsg+0x135/0x1e0 [ 357.272201][T12656] ? __pfx___dev_queue_xmit+0x10/0x10 [ 357.277638][T12656] ? rcu_is_watching+0x12/0xc0 [ 357.282549][T12656] ? trace_kmem_cache_alloc+0x2d/0xd0 [ 357.288257][T12656] ? kmem_cache_alloc_noprof+0x21b/0x3b0 [ 357.294575][T12656] ? __copy_skb_header+0x2e8/0x5b0 [ 357.300058][T12656] ? __skb_clone+0x570/0x760 [ 357.304664][T12656] netlink_deliver_tap+0xa61/0xca0 [ 357.309857][T12656] netlink_unicast+0x6b4/0x7f0 [ 357.314622][T12656] ? __pfx_netlink_unicast+0x10/0x10 [ 357.319987][T12656] ? __nla_parse+0x40/0x60 [ 357.324561][T12656] netdev_nl_queue_get_doit+0x37f/0x6a0 [ 357.330252][T12656] genl_family_rcv_msg_doit+0x202/0x2f0 [ 357.335854][T12656] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 357.342187][T12656] ? __dev_queue_xmit+0x89b/0x43e0 [ 357.347339][T12656] ? genl_get_cmd+0x195/0x580 [ 357.352114][T12656] ? __radix_tree_lookup+0x21f/0x2c0 [ 357.357456][T12656] genl_rcv_msg+0x565/0x800 [ 357.362089][T12656] ? __pfx_genl_rcv_msg+0x10/0x10 [ 357.367162][T12656] ? __pfx_netdev_nl_queue_get_doit+0x10/0x10 [ 357.373347][T12656] netlink_rcv_skb+0x165/0x410 [ 357.378157][T12656] ? __pfx_genl_rcv_msg+0x10/0x10 [ 357.383330][T12656] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 357.388977][T12656] ? down_read+0xc9/0x330 [ 357.393664][T12656] ? __pfx_down_read+0x10/0x10 [ 357.398996][T12656] ? netlink_deliver_tap+0x1ae/0xca0 [ 357.404820][T12656] genl_rcv+0x28/0x40 [ 357.408847][T12656] netlink_unicast+0x53c/0x7f0 [ 357.413707][T12656] ? __pfx_netlink_unicast+0x10/0x10 [ 357.419479][T12656] ? __phys_addr_symbol+0x30/0x80 [ 357.424684][T12656] ? __check_object_size+0x488/0x710 [ 357.430105][T12656] netlink_sendmsg+0x8b8/0xd70 [ 357.434921][T12656] ? __pfx_netlink_sendmsg+0x10/0x10 [ 357.440342][T12656] ____sys_sendmsg+0x9ae/0xb40 [ 357.445149][T12656] ? copy_msghdr_from_user+0x10b/0x160 [ 357.450742][T12656] ? __pfx_____sys_sendmsg+0x10/0x10 [ 357.456095][T12656] ___sys_sendmsg+0x135/0x1e0 [ 357.460935][T12656] ? __pfx____sys_sendmsg+0x10/0x10 [ 357.466208][T12656] ? __pfx_lock_release+0x10/0x10 [ 357.471360][T12656] ? trace_lock_acquire+0x14e/0x1f0 [ 357.476626][T12656] ? __fget_files+0x206/0x3a0 [ 357.481507][T12656] __sys_sendmsg+0x16e/0x220 [ 357.486150][T12656] ? __pfx___sys_sendmsg+0x10/0x10 [ 357.491676][T12656] ? __x64_sys_futex+0x1e1/0x4c0 [ 357.497416][T12656] do_syscall_64+0xcd/0x250 [ 357.502464][T12656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.508422][T12656] RIP: 0033:0x7f2203585d19 [ 357.512958][T12656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.532665][T12656] RSP: 002b:00007f2204380038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 357.541188][T12656] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f2203585d19 [ 357.549187][T12656] RDX: 0000000020008810 RSI: 0000000020003040 RDI: 0000000000000004 [ 357.557274][T12656] RBP: 00007f2203601a20 R08: 0000000000000000 R09: 0000000000000000 [ 357.565360][T12656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 357.573457][T12656] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 357.581624][T12656] [ 357.584685][T12656] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 357.591982][T12656] CPU: 1 UID: 0 PID: 12656 Comm: syz.3.2033 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0 [ 357.602753][T12656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 357.612836][T12656] Call Trace: [ 357.616144][T12656] [ 357.619090][T12656] dump_stack_lvl+0x3d/0x1f0 [ 357.623706][T12656] panic+0x71d/0x800 [ 357.627627][T12656] ? __pfx_panic+0x10/0x10 [ 357.632062][T12656] ? show_trace_log_lvl+0x29d/0x3d0 [ 357.637288][T12656] ? __dev_queue_xmit+0x234a/0x43e0 [ 357.642497][T12656] check_panic_on_warn+0xab/0xb0 [ 357.647454][T12656] __warn+0xf6/0x3c0 [ 357.651366][T12656] ? preempt_schedule_notrace+0x62/0xe0 [ 357.656945][T12656] ? __dev_queue_xmit+0x234a/0x43e0 [ 357.662171][T12656] report_bug+0x3c0/0x580 [ 357.666520][T12656] handle_bug+0x54/0xa0 [ 357.670687][T12656] exc_invalid_op+0x17/0x50 [ 357.675200][T12656] asm_exc_invalid_op+0x1a/0x20 [ 357.680060][T12656] RIP: 0010:__dev_queue_xmit+0x234a/0x43e0 [ 357.685872][T12656] Code: 3c d9 99 f8 45 84 e4 75 25 e8 52 d7 99 f8 c6 05 76 10 06 07 01 90 48 c7 c6 60 6b 7b 8c 48 c7 c7 80 3a 7b 8c e8 77 ae 5a f8 90 <0f> 0b 90 90 e8 2d d7 99 f8 44 0f b6 25 4f 10 06 07 31 ff 44 89 e6 [ 357.705493][T12656] RSP: 0018:ffffc9000445f178 EFLAGS: 00010282 [ 357.711579][T12656] RAX: 0000000000000000 RBX: ffff888034aa2000 RCX: ffffc9000cc99000 [ 357.719568][T12656] RDX: 0000000000080000 RSI: ffffffff815a16d6 RDI: 0000000000000001 [ 357.727541][T12656] RBP: ffff888034aa2010 R08: 0000000000000001 R09: 0000000000000000 [ 357.735517][T12656] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 357.743511][T12656] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888012264000 [ 357.751542][T12656] ? __warn_printk+0x1a6/0x350 [ 357.756352][T12656] ? __dev_queue_xmit+0x2349/0x43e0 [ 357.761566][T12656] ? ___sys_sendmsg+0x135/0x1e0 [ 357.766443][T12656] ? __pfx___dev_queue_xmit+0x10/0x10 [ 357.771866][T12656] ? rcu_is_watching+0x12/0xc0 [ 357.776665][T12656] ? trace_kmem_cache_alloc+0x2d/0xd0 [ 357.782052][T12656] ? kmem_cache_alloc_noprof+0x21b/0x3b0 [ 357.787698][T12656] ? __copy_skb_header+0x2e8/0x5b0 [ 357.792828][T12656] ? __skb_clone+0x570/0x760 [ 357.797435][T12656] netlink_deliver_tap+0xa61/0xca0 [ 357.802569][T12656] netlink_unicast+0x6b4/0x7f0 [ 357.807344][T12656] ? __pfx_netlink_unicast+0x10/0x10 [ 357.812637][T12656] ? __nla_parse+0x40/0x60 [ 357.817076][T12656] netdev_nl_queue_get_doit+0x37f/0x6a0 [ 357.822638][T12656] genl_family_rcv_msg_doit+0x202/0x2f0 [ 357.828201][T12656] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 357.834295][T12656] ? __dev_queue_xmit+0x89b/0x43e0 [ 357.839410][T12656] ? genl_get_cmd+0x195/0x580 [ 357.844106][T12656] ? __radix_tree_lookup+0x21f/0x2c0 [ 357.849403][T12656] genl_rcv_msg+0x565/0x800 [ 357.853918][T12656] ? __pfx_genl_rcv_msg+0x10/0x10 [ 357.858950][T12656] ? __pfx_netdev_nl_queue_get_doit+0x10/0x10 [ 357.865034][T12656] netlink_rcv_skb+0x165/0x410 [ 357.869813][T12656] ? __pfx_genl_rcv_msg+0x10/0x10 [ 357.874850][T12656] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 357.880152][T12656] ? down_read+0xc9/0x330 [ 357.884495][T12656] ? __pfx_down_read+0x10/0x10 [ 357.889268][T12656] ? netlink_deliver_tap+0x1ae/0xca0 [ 357.894573][T12656] genl_rcv+0x28/0x40 [ 357.898565][T12656] netlink_unicast+0x53c/0x7f0 [ 357.903339][T12656] ? __pfx_netlink_unicast+0x10/0x10 [ 357.908630][T12656] ? __phys_addr_symbol+0x30/0x80 [ 357.913669][T12656] ? __check_object_size+0x488/0x710 [ 357.918968][T12656] netlink_sendmsg+0x8b8/0xd70 [ 357.923742][T12656] ? __pfx_netlink_sendmsg+0x10/0x10 [ 357.929047][T12656] ____sys_sendmsg+0x9ae/0xb40 [ 357.933817][T12656] ? copy_msghdr_from_user+0x10b/0x160 [ 357.939288][T12656] ? __pfx_____sys_sendmsg+0x10/0x10 [ 357.944592][T12656] ___sys_sendmsg+0x135/0x1e0 [ 357.949283][T12656] ? __pfx____sys_sendmsg+0x10/0x10 [ 357.954505][T12656] ? __pfx_lock_release+0x10/0x10 [ 357.959546][T12656] ? trace_lock_acquire+0x14e/0x1f0 [ 357.964765][T12656] ? __fget_files+0x206/0x3a0 [ 357.969462][T12656] __sys_sendmsg+0x16e/0x220 [ 357.974070][T12656] ? __pfx___sys_sendmsg+0x10/0x10 [ 357.979192][T12656] ? __x64_sys_futex+0x1e1/0x4c0 [ 357.984156][T12656] do_syscall_64+0xcd/0x250 [ 357.988757][T12656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.994676][T12656] RIP: 0033:0x7f2203585d19 [ 357.999105][T12656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.018724][T12656] RSP: 002b:00007f2204380038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 358.027157][T12656] RAX: ffffffffffffffda RBX: 00007f2203775fa0 RCX: 00007f2203585d19 [ 358.035155][T12656] RDX: 0000000020008810 RSI: 0000000020003040 RDI: 0000000000000004 [ 358.043149][T12656] RBP: 00007f2203601a20 R08: 0000000000000000 R09: 0000000000000000 [ 358.051136][T12656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 358.059113][T12656] R13: 0000000000000000 R14: 00007f2203775fa0 R15: 00007ffe8ba1ce98 [ 358.067103][T12656] [ 358.070428][T12656] Kernel Offset: disabled [ 358.074802][T12656] Rebooting in 86400 seconds..