last executing test programs: 2m55.3794352s ago: executing program 1 (id=535): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x2, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x100000006, 0x0, 0x3, 0xffffffffffffffff, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/usb/drivers/cdc_eem/uevent\x00', 0x501, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000200)='4', 0x1) 2m55.256160008s ago: executing program 1 (id=537): prctl$auto_PR_GET_PDEATHSIG(0x2, 0x1, 0xffffffffffffffff, 0x7, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x87) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ppoll$auto(0x0, 0x3, 0x0, 0x0, 0x8) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x4b72, r1) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/bus/pci/drivers/dwc3-pci/remove_id\x00', 0x40081, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/bus/pci/drivers/dwc3-pci/remove_id\x00', 0x40081, 0x0) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r2, 0x0, 0x210000001) (async) read$auto(r2, 0x0, 0x210000001) write$auto(0x4, 0x0, 0x100082) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0) (async) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x112b730c2c00220b, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_KVM_CREATE_VM(r3, 0x4004ae8b, 0x1000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x1cc340, 0x0) 2m54.247381402s ago: executing program 1 (id=543): r0 = openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r1 = pipe$auto(&(0x7f0000000040)=r0) ioctl$auto(r0, 0x45f, r0) mbind$auto(0x8, 0x28f, 0x5, &(0x7f0000000080)=0x2, 0xfffffffffffffff8, 0x7) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram15\x00', 0x2280, 0x0) mbind$auto(0x7, 0x3ea, 0x10001, &(0x7f0000000100), 0xffffffffffffffff, 0x9) sendmsg$auto_NLBL_CIPSOV4_C_LISTALL(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, 0x0, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MLSLVL={0x22, 0x7, 0x0, 0x1, [@generic="756b7a1ca0e0f7afcdde194d2b0e1fcecca2a6a0dca68fa830e0", @nested={0x4, 0x18}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10000}, 0x44045) mbind$auto(0x10000, 0xb4c, 0x101, &(0x7f0000000240)=0x3, 0x8, 0x6) r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/usb/usbmon/35u\x00', 0x305000, 0x0) mbind$auto(0x8000000000000001, 0x5f1, 0x1, &(0x7f00000002c0)=0x3, 0x8, 0x2f18) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000340), r4) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r5, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r6, 0x300, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x3}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0xfffb}]}, 0x28}, 0x1, 0x0, 0x0, 0x10000000}, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000440), r2) setitimer$auto(0xc3, &(0x7f0000000480)={{0xfffffffffffffff7, 0xfeb}, {0x2, 0x2}}, &(0x7f00000004c0)={{0xffffffffffffffa8, 0x7}, {0x0, 0xf6}}) sendmsg$auto_NFC_CMD_DISABLE_SE(r5, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x2c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '^'}, @NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, ':'}, @NFC_ATTR_RF_MODE={0x5, 0xb, 0x5c}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x0) mmap$auto_def_blk_fops_fs(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4, 0x80010, r2, 0x7e) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) madvise$auto(0x2, 0x3, 0x2) sendmmsg$auto(r4, &(0x7f0000000780)={{&(0x7f0000000600)="63164d87529c11a857240369de95386d3b6c34ea969cc90835ce522d662ea3cc2e08da1483cddb36d354635573ec0312ccddad735d944537b6fe9d828f7c947e3021411745d52ac5942ecba417b3bb99a489da42ec7e2508609db8ceffde02f2c6598539bbc69c569634a120df442cf91485b66ae3a8cbdfa2b524d3903118293d269fa994ca2a", 0xa3, &(0x7f0000000700)={&(0x7f00000006c0)="a2700f2aaa1a11e3a344d205", 0x3}, 0x5, &(0x7f0000000740)="11", 0x7, 0x8}, 0x10}, 0x1, 0xfffffff7) r7 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000800), r5) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000840)={'dvmrp0\x00', 0x0}) sendmsg$auto_WG_CMD_SET_DEVICE(r2, &(0x7f0000000ac0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000880)={0x1dc, r7, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x1ff}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'pim6reg\x00'}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r8}, @WGDEVICE_A_PRIVATE_KEY={0xa2, 0x3, "a30dd71674c1106e410dad13f341fd10e7713a20ed590492a1044160aaf256fb36ace1a2093881d3dffd954bd8be8cd2b0cab2dedc69d9bba6e583f639cb0c83485f02041fe406cc50cf86a43ee583eb4b82603ba69cf13b5a0fb0cc302f2cb695498525b791d74023882171c6645ae598e6858b6a5eab040d6600889d3d71f094c4fd6a366243bd51f3fbf857e7bb712808ac84d532eb690b923315a613"}, @WGDEVICE_A_PUBLIC_KEY={0xfe, 0x4, "a18e2e70917f3fe576c3b66259229f927f680c44303e6daa0ea8498aa34bfd7cba110e267040abe3789dc3b29b8d938d0542a230aac1e70c3c7fe5c2cb88e74cb0d4431399a46dfa6cf7cf1f791f55453ae4e35edd893a447b63f75e77c6f66d791f6559ed5105a6966cb87810058621fa0b02142a6139b969cd797db5b98a642395b1dbe25729271715a3af72c872c240e649f41db684f8622645df6fc2720a03dfd2b750de52bf636db5a21f126737d371116dfbf49bb4ac19f906b926b8338f0af164285d217caadda28a4adb803b24551466bcb7075292077c9fbbc2ab19b93502c3b8c8ffa412777f5d6eb9cd5e08ef30429c54e6c251dd"}]}, 0x1dc}}, 0x20000041) process_madvise$auto_MADV_NORMAL(r1, &(0x7f0000000b80)={&(0x7f0000000b00)="2c84770d26073186b9c1087a4d7fb77334be5de120ffe4148ff1b349dc7008054d048fa423a7cb98bf1801ec77a5fba72b42ae4b4d042afc5d22047aa0da566f52c095e25be29ecf2b60", 0x7fffffffffffffff}, 0x5, 0x0, 0x0) close_range$auto(r3, r4, 0x0) setns$auto(r3, 0x9) cachestat$auto(r2, &(0x7f0000000bc0)={0x34, 0xffffffffffffffff}, &(0x7f0000000c00)={0x2, 0x5, 0x7fff, 0x5, 0x7fff}, 0x1) mbind$auto(0xfffffffffffffffe, 0x40, 0x8, &(0x7f0000000c40)=0xfffffffffffffffd, 0x7ff, 0x9) read$auto(r5, &(0x7f0000000c80)='\x00', 0x3) sendmsg$auto_WG_CMD_SET_DEVICE(r2, &(0x7f0000002000)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001fc0)={&(0x7f0000001e80)={0x10c, r7, 0x2, 0x70bd28, 0x25dfdbff, {}, [@WGDEVICE_A_PEERS={0xf6, 0x8, 0x0, 0x1, [@generic="30b20fe26c", @typed={0x8, 0x137, 0x0, 0x0, @uid}, @nested={0xc, 0xb2, 0x0, 0x1, [@typed={0x8, 0x22, 0x0, 0x0, @u32=0xce4}]}, @generic="9979126b91ed84449ec6abae760d37b18e200495dfcb7e500b7f3572990b807046e74dad585d8788fbd3fa611ddfe41bd3641c377a3192de8a311ee53c77b8752795f971e2b9e12eab277fe29d4df4ec211b3393b3d4146fb1bc22880918d95f31e872e496e4707b033c0b7d884d315a5dbcbbd01215ffb378cf296a9c90ef721b5df95f6056cb6d4a96f6333599c283155be11d4358e01c4c9ae7136198559771dedac5017f3d8dd8453f2b7369a03af681b71d298678b01722f89d6a547754c2eeecea2664198e04a56122cb4f559f1963f9d48645185b3a"]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) 2m53.234619014s ago: executing program 1 (id=548): close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4004ae99, 0x0) mmap$auto(0x0, 0x7, 0x3, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x44800}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x2, 0x6) r2 = socket(0x10, 0x3, 0x6) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a0005000700000000000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) mmap$auto(0xffffffffffffffff, 0x400008, 0x5, 0x9b7f, 0x2, 0xc) close_range$auto(0x2, r2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x1d, 0x2, 0x7) connect$auto(r2, &(0x7f0000000140)=@vsock={0x28, 0x0, 0xffffffff, @hyper}, 0x15018) read$auto(0x3, 0x0, 0x80) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4}, 0x6a) sendto$auto(r3, 0x0, 0xc, 0x1ff, &(0x7f0000000440)=@can={0x1d, r5}, 0x36) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) landlock_create_ruleset$auto(&(0x7f0000000100)={0xf0b2, 0x8, 0xbfdc}, 0x3ff, 0x916) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 2m52.935532672s ago: executing program 1 (id=552): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r0, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) select$auto(0x804, 0x0, &(0x7f0000000100)={[0x9, 0x0, 0x0, 0x80000300, 0x1, 0x4, 0x9, 0x3, 0x81, 0x10000005e58296b, 0x1e, 0x9, 0x7ff, 0x200, 0x20000000008, 0x4000000000006]}, 0x0, 0x0) r1 = socket(0x1e, 0x805, 0x0) bpf$auto(0xfffffffc, &(0x7f0000000100)=@bpf_attr_4={0x80, 0xffffffffffffffff, 0x40, r1}, 0x6f4) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xffffffff}, 0x6, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) ioctl$auto(0x3, 0xc0585605, 0x38) 2m52.107426837s ago: executing program 1 (id=558): mmap$auto(0x6, 0xffffffff, 0x7, 0x40eba, 0x401, 0x300000000000) io_setup$auto(0x1, 0x0) 2m36.809700917s ago: executing program 32 (id=558): mmap$auto(0x6, 0xffffffff, 0x7, 0x40eba, 0x401, 0x300000000000) io_setup$auto(0x1, 0x0) 7.426070947s ago: executing program 2 (id=1163): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) (async) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/pcm0p/sub0/hw_params\x00', 0x1c1282, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000280)=""/65, 0x41) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) (async) io_uring_setup$auto(0x42, 0x0) (async) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mbind$auto(0x1, 0x100000004, 0x100000000, 0x0, 0x4, 0x2) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r1, 0x0, 0x39b8) writev$auto(0x3, 0x0, 0x8) (async) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x0, 0x0) read$auto_tomoyo_operations_securityfs_if(r2, &(0x7f0000000040)=""/80, 0x50) 6.293369005s ago: executing program 2 (id=1170): r0 = openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000040), 0x88080, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x1, 0xd, 0x3000, 0x5, 0x4, 0x7fffffff, r0, [], {0x6, 0x6, 0x3b5a, 0x21f, 0x102, 0x7ffffffb, 0x101, 0x8, 0x3}, {0x100, 0x1, 0x52, 0x405, 0x2, 0x40, 0x76c5, 0x8, 0x100000000}}) unshare$auto(0x40000080) syz_clone(0x81200200, &(0x7f0000000340)="5c5c2f8eaeed40a1e2862e999ad933f666d0d700d9292ce3143b89f5dc4199eff7cc5f426bd8a56f0eba64bce9e6085ddb5bbab0942c87a0e1542cee5c658d58283fc22d00430fdb37397665258f51e2e216568b1cd2818df8afd298fb6293fd4d45fdc268a30faaad8393c903e2e835c7f6eec2ef3133443f9e56b0dc1d874ae80fddf31644620763ec8bb6632fa0194c0fa5833e1e84e7edf386476cd40e6327ee09fa27", 0xa5, &(0x7f0000000180), &(0x7f0000000240), &(0x7f0000000400)="005bcd82deff7f042df1c1c628566e42da92c6d6931c103f2da266f9f3c87a806d1084a5a2b7878f3f9ae48254c417dcf002c88dd5239f8695957f9a73b0b147a4f317b3970267add7c188b8dd4615aecbeb1a764a189874442dd8aebb1b1da94223d11e174dc39dca524cb3d441e893031dabec0d0f85139fc6bee1782f8987877cd9f79c9787db49d7cf115cf1648034afdbb4ce664001ca3d8dab3d141aada61c12a0100301c1d659e4915b0e5cb50159e24fbf7484706bbfb198ae1804") openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xffffffffffffffff, 0x2, 0x2, 0xc3, 0x1, 0x7fff, 0x300000000000000, 0x80000001, 0xdc, 0x6d3c, 0x0, 0x2, 0x2e]}, 0x0) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) settimeofday$auto(&(0x7f0000000000)={0x2a9, 0x2}, &(0x7f0000000140)={0x5, 0x4}) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r2, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={&(0x7f0000000a80)={0x28, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x9}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040050}, 0x800) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/nullb0/queue/physical_block_size\x00', 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/conf/ip6gre0/arp_accept\x00', 0x200000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001600)=""/4098, 0x1002) close_range$auto(0x2, 0x8, 0x2) 5.195460126s ago: executing program 2 (id=1173): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) open_by_handle_at$auto(0xffffff9c, &(0x7f0000000040)={0xc, 0x2, "4c6c8e85b194f29b6efd901e"}, 0x2) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) (async) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) (async) socket(0xa, 0x2, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) unshare$auto(0x40000080) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) r1 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x1a6b75d63882a712, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x28000) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20800, 0x0) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) (async) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000100), 0x80000, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0xe9, 0xdf, 0x9b72, 0x2, 0x8000) (async) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xf90000, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) (async) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) (async) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 3.885258664s ago: executing program 4 (id=1178): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x400008, 0xe2, 0x9b7f, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r0, 0x0, 0x39b8) capget$auto(0x0, &(0x7f0000000180)={0x2000ea6a, 0xf, 0x6}) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) (async) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/dev_mcast\x00', 0x101000, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/dev_mcast\x00', 0x101000, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ipv6_route\x00', 0x101000, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') ioctl$auto_MON_IOCX_GETX(r2, 0x4018920a, &(0x7f00000001c0)={&(0x7f0000000080)={0xfff, 0x9d, 0x0, 0xd, 0xc6, 0x8, 0x2, 0x5, 0x100000001, 0x10001, 0x0, 0x9, 0x2, @iso={0x3ff, 0x7f}, 0x9, 0xffffff81, 0x2, 0x6}, 0x0, 0x1001}) (async) ioctl$auto_MON_IOCX_GETX(r2, 0x4018920a, &(0x7f00000001c0)={&(0x7f0000000080)={0xfff, 0x9d, 0x0, 0xd, 0xc6, 0x8, 0x2, 0x5, 0x100000001, 0x10001, 0x0, 0x9, 0x2, @iso={0x3ff, 0x7f}, 0x9, 0xffffff81, 0x2, 0x6}, 0x0, 0x1001}) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, 0x0, 0x40001, 0x0) io_uring_setup$auto(0x5, &(0x7f0000000240)={0x8f0, 0x5d79, 0x0, 0x4, 0x825, 0xcd29, 0xffffffffffffffff, [0xb4b4, 0x5, 0x8], {0x5, 0x4, 0x8, 0x9, 0x6, 0x2, 0x479f337d, 0x2a5, 0x6}, {0xeca, 0x3ff, 0x7ff, 0x5, 0xf692516, 0x3430, 0xfffffffb, 0x5, 0xc}}) socket(0x2, 0x1, 0x106) (async) socket(0x2, 0x1, 0x106) setsockopt$auto(0x3, 0x1, 0x7, 0xffffffffffffffff, 0x0) (async) setsockopt$auto(0x3, 0x1, 0x7, 0xffffffffffffffff, 0x0) socket(0x15, 0x5, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x40000, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop5\x00', 0x0, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r4, 0x4c01, 0x0) (async) ioctl$auto_SG_GET_RESERVED_SIZE(r4, 0x4c01, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) dup2$auto(0xffffffffffffffff, 0xffffffffffffffff) (async) dup2$auto(0xffffffffffffffff, 0xffffffffffffffff) listen$auto(0x3, 0x81) sendfile$auto(0x1, 0x3, 0x0, 0xc01) r5 = socket(0x10, 0x2, 0x6) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async) r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000fddbdf251100fc0006000a00010000000500070006000000080001000400000005001f007f000000050008000e0000008528bb0983cee21150fe02a76f354ae4a8f303efe2dc41ec859d0588ccb1f3a50ff1d5b9dc7039c266fb569733aea12ad078a2d002cf9626b81835cc27c4cbd89b922bb5a44ab7eb907514250020fcbc476fa5f60f37d6f887d8d5c78c58ac6895ac35bf18c0142127daf1cd241875fa4807f019f1e1c259"], 0x3c}, 0x1, 0x9eff}, 0x8044) pread64$auto(r1, 0x0, 0x8, 0xffff) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) (async) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) 3.515772364s ago: executing program 4 (id=1182): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/platform/vhci_hcd.13/usb36/ep_00/type\x00', 0x181000, 0x0) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x39b8) capset$auto(0x0, 0x0) capget$auto(0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') ioctl$auto_MON_IOCX_GETX(r0, 0x4018920a, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) prctl$auto_PR_SCHED_CORE(0x3e, 0x9, 0x0, 0x9, 0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x4000a3d9) socket(0x2b, 0x1, 0x1) r1 = socket(0xf, 0x3, 0x2) lstat$auto(0x0, &(0x7f0000000180)={0x761f, 0x9, 0xe, 0xfffffffe, 0x0, 0x0, 0x0, 0x8, 0x200, 0x2, 0x40000401, 0x9, 0x8, 0x0, 0xffffffff, 0x6, 0x200000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="810b1ebd7080fbdbdf2501"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c11db4f", @ANYRES16=0x0, @ANYBLOB="00012abd7000fcdbdf251f0000001000b0005eb60ede66ec8839d789fbd406006500000400000500d500010000000500880008000000"], 0x3c}}, 0x20000000) r2 = socket(0x10, 0x2, 0x6) read$auto(0x3, 0x0, 0xf3c) fsopen$auto(&(0x7f0000000280)='$].\x00', 0x3) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0xfcff, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c2, 0x0) sendfile$auto(0xffffffffffffffff, r0, 0x0, 0xbff) socket(0x10, 0x2, 0x6) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config/target/version\x00', 0x6d0500, 0x0) 3.306017478s ago: executing program 2 (id=1184): mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) getpeername$auto(0x3, 0x0, 0x0) (async) getpeername$auto(0x3, 0x0, 0x0) unshare$auto(0x40000080) ioctl$auto(0x3, 0x80084d17, 0x38) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/can/reset_stats\x00', 0x4a0642, 0x0) (async) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/can/reset_stats\x00', 0x4a0642, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0) ioctl$auto_UI_DEV_SETUP(r1, 0x405c5503, 0x0) socket(0x2, 0x1, 0x0) (async) socket(0x2, 0x1, 0x0) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x82002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/del/a\x16\x0e\xf6\xe0\xe8p', 0x100000a3d9) epoll_ctl$auto(0xffffffffffffffff, 0x1, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) (async) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyyb\x00', 0x218, 0x0) ioctl$auto_TIOCSTI2(r3, 0x545c, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) (async) ioctl$auto(0xffffffffffffffff, 0x4, 0xffffffffffffffff) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x4b7, 0x62, 0x8000001f, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/dev\x00', 0x210801, 0x0) pread64$auto(r4, 0x0, 0x10001, 0x830) getsockopt$auto_SO_NO_CHECK(0xffffffffffffffff, 0x4, 0xb, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/set\x00', &(0x7f0000000080)=0xff) (async) r5 = getsockopt$auto_SO_NO_CHECK(0xffffffffffffffff, 0x4, 0xb, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/set\x00', &(0x7f0000000080)=0xff) read$auto_regulator_summary_fops_(r5, &(0x7f0000000200)=""/160, 0xa0) (async) read$auto_regulator_summary_fops_(r5, &(0x7f0000000200)=""/160, 0xa0) setsockopt$auto_SO_BROADCAST(r0, 0x3, 0x6, &(0x7f00000002c0)='/proc/fs/cifs/traceSMB\x00', 0x4) (async) setsockopt$auto_SO_BROADCAST(r0, 0x3, 0x6, &(0x7f00000002c0)='/proc/fs/cifs/traceSMB\x00', 0x4) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/traceSMB\x00', 0x40c01, 0x0) write$auto_proc_reg_file_ops_compat_inode(r6, 0x0, 0x0) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/apparmor/exec\x00', 0x200200, 0x0) 3.212158709s ago: executing program 3 (id=1185): r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/mem\x00', 0x2001, 0x0) truncate$auto(&(0x7f00000000c0)='./cgroup\x00', 0x100000000000001) lseek$auto(r0, 0x8001, 0x4) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) prctl$auto(0x23, 0xe, 0x0, 0x68, 0x0) settimeofday$auto(0x0, &(0x7f0000000100)={0x82, 0x4}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x0, 0x200) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) fcntl$auto(0x0, 0x407, 0x100000) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x600000, 0x0) mmap$auto(0x0, 0x2020009, 0x7fffffff, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x4, 0x0) mlock$auto(0x4, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x40045431, 0x0) mlock$auto(0x7c89, 0x47fff) r2 = clone$auto(0x3, 0x7, 0x0, 0x0, 0xdd6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sched_getaffinity$auto(r2, 0xca5, &(0x7f0000000040)=0x5) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/shm\x00', 0x1a3000, 0x0) readv$auto(0x3, &(0x7f0000000600)={0x0, 0xc}, 0x1da) 2.281233459s ago: executing program 4 (id=1191): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x112b730c2c00220b, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4140aecd, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/hid/drivers/holtek_mouse/uevent\x00', 0x501, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000200)="34aeede84184", 0x6) 2.150823386s ago: executing program 3 (id=1192): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) mlockall$auto(0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2a, 0x2, 0x9) sendto$auto(r1, 0x0, 0x402, 0x0, &(0x7f0000000700)=@generic={0x2a, "e2e18340cba8fe8000"}, 0x2) ioctl$auto(r0, 0x3, r1) 1.872281471s ago: executing program 0 (id=1193): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) futex_requeue$auto(0x0, 0x401, 0xf9b, 0xcde8) r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa}, 0x1f) close_range$auto(0x2, 0x8000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29e, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x51, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_enter$auto(r1, 0x9, 0x820e, 0x4, 0x0, 0x18) r3 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x100000000, 0x5, 0x1b, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x2, 0x9, 0x1, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200, 0x0, 0x0, [0x0, 0x9, 0x0, 0xffffffffeffffffd, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x400200, 0x0, 0x80000000000, 0x3fffffffffffffd, 0x0, 0x8000000000000000, 0x80000000000000, 0x2, 0x0, 0x0, 0xfffffffffffffbfe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0xfffffffffffffffe, 0x80000000, 0x0, 0x0, 0x0, 0x200000000008, 0x0, 0x0, 0x80000001, 0x1]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000040)={0x0, 0x2a, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[], 0x1ac}}, 0x44001) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x9, 0xa505}, 0x800}, 0x7, 0x4008) 1.694633757s ago: executing program 0 (id=1194): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x400041, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket(0x2, 0x2, 0x1) r2 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1b, r1, 0x10000}, 0x10) mmap$auto(0x80000000000, 0x9, 0xe994, 0x8000000008011, r2, 0x8000) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\x00', 0x1) openat$auto_dma_buf_debug_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x82202, 0x0) epoll_pwait$auto(r0, &(0x7f0000000040)={0x8, 0x5}, 0x456, 0x2, &(0x7f0000000080)={0x8}, 0x8) r3 = open(&(0x7f0000000140)='./file0\x00', 0x220c0, 0x20) pread64$auto(r3, 0x0, 0x5, 0x1d8f) r4 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000180), 0x200902, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, 0x55) sendmsg$auto_OVS_DP_CMD_GET(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x50}, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0x700}, 0x55) sendmsg$auto_HWSIM_CMD_FRAME(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) epoll_ctl$auto(r0, 0x0, r3, &(0x7f0000000000)={0x2, 0x4}) socket$nl_generic(0x10, 0x3, 0x10) 1.686336056s ago: executing program 3 (id=1195): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) madvise$auto(0x101, 0x6, 0xe93) read$auto(0x3, 0x0, 0x80) 1.500816355s ago: executing program 0 (id=1196): sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200000d4}, 0x4040010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e23}, 0x67) r1 = openat$auto_deferred_devs_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x40480, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000000)="2b188a471b423757fdcbc74570fc5e3118c993f1e0df99a1628309183a4355b523b9", 0x16, 0x0, 0x9, 0x0, 0x7, 0xb}, 0x800009}, 0x5, 0x20000000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x2000b, 0x2, 0xeb1, 0x3fe, 0x8000) close_range$auto(0x2, 0x8000, 0x0) sendmsg$auto_IPVS_CMD_ZERO(0xffffffffffffffff, 0x0, 0x80) 1.450932129s ago: executing program 4 (id=1197): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x28, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@HWSIM_ATTR_CIPHER_SUPPORT={0x13, 0x18, "c28634e6de69a1509e3e2906366733"}]}, 0x28}, 0x1, 0x0, 0x0, 0x44048058}, 0x4000800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x805, 0x0) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x2) r2 = openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000005700), 0x28000, 0x0) read$auto_proc_coredump_filter_operations_base(r2, 0x0, 0x0) ioctl$auto(0x3, 0xff07, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x102, 0x0, 0xfffffffffffffffd) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) mmap$auto(0x0, 0x20000a, 0xffffffffffffffff, 0x20000040eb1, 0xffffffffffffffff, 0x300000000000) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, &(0x7f0000004100)={0x0, 0x0, &(0x7f00000040c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="cd8e3641d90f1d637b97694a497cb8b0903fdf43dbb60fb2b87c9474538461bf49a05dca9afbdba4301173cd9d534696", @ANYRES16=0x0, @ANYBLOB="010026bd7000fcdbdf2501000000451003808979d537b15e7b269e9709c30666825ba8856ad6ab3ad99e85500cfcb077edaa5b915dd1f18d8e7a6b4d0b7cb61f05410078b526f7c55e160e456600b550bc4608675b2863e17ed770ed3c99520a794968efa84653a54d5768ad32e84b1000d3800c003b00ffff0000000000001c0078800c00740009000000000000000c00eb00070000000000000018005e8014000c00fe88000000000000000000000000fd01a00f318050120c124ea20387f709960370226a528831e2c7003a007dc8d19a93c6cc044c0066c80de0de14ee212d710d753e8554fafa5a24710687045676bedd95568efc15f9319fb8c6c94641d19c7c60d4c7fc82a879fd9f34ae08874f5b0c55456fb00830350fd797f3cb7c641e5e33b5b1e4a61db1c0e5d1a9d89fe8a700ecedf1dfcb2c8e0bf394350dd225bc56d563f625cca2ead7b69526a6755f11247962e0f5d93cc2fbadbb6331fb0ad5fa62307af0630e7277ed5a22256ebba223af5482d2b0ee57c8fe775b49f2d30334d4b3981a5da5a8731344295e5df700f02d72fc59d62a29c71a93936fe78cc8de3bea381cd6297070bffe162d4e3e6b3a7cd931a27f", @ANYBLOB="bb14bd00e3f48983e1f63f1cfc9b7e0112c2afa22ab11aa8574e8e31810a133eddd8eeb428cd75cb3c120f77718fa58dab40372cb3749988e6a59a6f8217ae37563468ac64ad4a7576691ce6d5138768ed3bb6042992b4156c2568ec5f2a9b2850f816e01b08de22cde3aa289c7eaa05f3fa6faba112119160f5a19548fe08681470e11d3cdf63793826544e6654a53cacaecfe59cfe81eaaae8f85b63dcad53fd94cfdca2eaadec8e5eda0020436de288f74d70b56027e79a9cc617b376ad85ad1470d6acdc80671a4924d5e2344f3387eac815e0edb13bc67241fbcdf4617092fac0c2eeb3a24dec8c7c5108e5efd75cf77c404e74c37ad174229f4e22587fb8512467c7c478572fe50cc134c94ad1c590befbdb9ae03d"], 0x105c}, 0x1, 0x0, 0x0, 0x20040801}, 0x4000000) mount$auto(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x8000, &(0x7f0000001580)) write$auto(0x3, 0x0, 0xfffffdef) 1.345114311s ago: executing program 3 (id=1198): bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x3fe, 0xffffffffffffffff, @relative_id=0x13e, 0xe5ff}, 0xf) r0 = socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001480), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110827bd7000fcdbdf"], 0x28}, 0x1, 0x0, 0x0, 0x40040}, 0x4040810) 1.256589736s ago: executing program 0 (id=1199): socket(0x3, 0x800, 0x1) (async) mmap$auto(0x1, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x3) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x20082, 0x0) socket(0xa, 0x2, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyua\x00', 0x20804, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) getpgrp(0x0) (async) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000031c0)='/dev/ttys9\x00', 0x10b000, 0x0) read$auto(r0, 0x0, 0x800) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) (async, rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) socket(0xf, 0x2, 0x5) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) ioctl$auto_USBDEVFS_ALLOC_STREAMS(r3, 0x8008551c, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x20}}, 0x4000000) (async) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r4, 0x7f, 0x99, 0xffff90db, 0x1, @relative_id=0xa, 0x1}, 0x92) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0xa, 0x3, 0x3a) (async) setsockopt$auto(0x400000000000003, 0x29, 0x101, 0x0, 0x7b8e) r6 = fcntl$auto(0xff80000000000000, 0x409, 0x3f) (async, rerun: 32) r7 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r8 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000001100), r7) sendmsg$auto_CTRL_CMD_GETFAMILY(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000380)=ANY=[@ANYRES16=r5, @ANYRES8=r1, @ANYRESOCT=r5, @ANYRES32=r0, @ANYRESOCT=r8], 0x1c}}, 0x48014) (async) syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), r7) (async) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[], 0x20}}, 0x40000) fallocate$auto(r6, 0x0, 0xc000000000000004, 0x8000000000cbd5d) 1.127842599s ago: executing program 2 (id=1200): openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/etherd/discover\x00', 0x4243, 0x0) socket(0x28, 0x1, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) r3 = open(0x0, 0x261c2, 0x84) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) r4 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) openat$auto_comedi_fops_comedi_fops(0xffffffffffffff9c, &(0x7f0000001040), 0x20000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_frmr_depth\x00', 0x40302, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) fcntl$auto_F_SETLK(0xffffffffffffffff, 0x6, 0xffffffffffffffff) r5 = openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) write$auto_buffer_subbuf_size_fops_trace(r5, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.042067599s ago: executing program 0 (id=1201): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/system/clocksource/clocksource0/available_clocksource\x00', 0x42440, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000003800)=""/140, 0x8c) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) clone3$auto(&(0x7f0000000400)={0x100000800, 0x980, 0x4, 0x6, 0x2, 0x80000000, 0x1, 0x8, 0xe, 0x9, 0x3}, 0x40) mmap$auto(0x0, 0x5, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) ioctl$auto(r1, 0x4b44, r1) swapon$auto(&(0x7f0000000000)='/dev/loop7\x00', 0x4) 1.029717594s ago: executing program 3 (id=1202): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/netfs/cookies\x00', 0x4d82, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0) mount$auto(0xfffffffffffffffe, 0x0, 0x0, 0x7f, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0xfffc) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40008, 0xb3, 0x9b72, r1, 0x28000) r3 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$auto_dma_heap_fops_dma_heap(r3, 0xffffffffffdffe00, &(0x7f0000000140)=';') socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r4, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="01000080", @ANYRES16, @ANYRES32=r3], 0x20}, 0x1, 0x0, 0x0, 0x4040005}, 0x11) pread64$auto(r0, &(0x7f0000000000)='MAC80211_HWSIM\x00', 0x7ffe, 0x1) 772.047907ms ago: executing program 2 (id=1203): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000040), 0x48400, 0x0) io_uring_register$auto(r0, 0x80000000, 0x0, 0x76a7ceb) socket(0x2b, 0x5, 0xfffffffd) (async) socket(0x2b, 0x5, 0xfffffffd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000080), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000080), 0xffffffffffffffff) getpid() write$auto(0xca, &(0x7f00000000c0)='\x04>2\x04!\xe2\x00\x94\xf2\xa2\x00\x00', 0x7e) getresuid$auto(&(0x7f0000000080)=0x7, 0x0, 0xfffffffffffffffc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(r1, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x3ff, 0x0, 0x3, 0x5f, 0x0, 0x3}, 0x6f3) (async) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x3ff, 0x0, 0x3, 0x5f, 0x0, 0x3}, 0x6f3) socket(0xa, 0x2, 0x88) (async) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x28) r2 = fcntl$auto_F_SETLK(r1, 0x6, 0xffffffffffffffff) openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/msft_opcode\x00', 0x0, 0x0) (async) r3 = openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/msft_opcode\x00', 0x0, 0x0) read$auto(r3, &(0x7f0000006740)='^%-[)>\'\xdf\x00', 0xffff) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r2, 0x1, &(0x7f0000000140)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x40000, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/lru_gen/min_ttl_ms\x00', 0x40000, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) (async) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) (async) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) 723.747414ms ago: executing program 0 (id=1204): gettid() mmap$auto(0x0, 0x8, 0x0, 0x9b72, 0x2, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xebe, r0, 0x8000) unshare$auto(0x40000080) socket(0xa, 0x4, 0x4) r1 = socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume\x00', 0x8100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000002140)=""/4111, 0x100f) close_range$auto(0xffffffffffffffff, 0xfffffffffffff000, 0x4000000000002) socketpair$auto(0xb, 0x4, 0x4, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) move_pages$auto(0x1, 0x2000000000003, 0xffffffffffffffff, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) unshare$auto(0x9) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, 0x0, 0x3a1402, 0x0) mmap$auto(0x0, 0x10000, 0xd7, 0x9b72, r1, 0x7fff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r3 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x20040, 0x0) signalfd4$auto(r3, &(0x7f0000000040)={0x40}, 0x79, 0xfffffff9) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) madvise$auto(0x9, 0xfffffffffffeffff, 0x456) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x103140, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000040)=0x5) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80182, 0x0) 619.015513ms ago: executing program 4 (id=1205): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000100)="17") mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000800)='/proc/self/net/afs/stats\x00', 0x2080, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000840)=""/47, 0x2f) (async) r2 = waitid$auto_P_ALL(0x0, 0xffffffffffffffff, &(0x7f0000000000)={@_si_pad}, 0x68a, &(0x7f0000000080)={{0x81, 0x3}, {0x0, 0x3471}, 0x9, 0x2, 0xffffffffffff322a, 0xfb77, 0x330a, 0x5, 0xc, 0x1, 0x8, 0x3, 0x10001, 0x80000000, 0x1fb2, 0x6}) process_vm_writev$auto(r2, &(0x7f00000001c0)={&(0x7f0000000140)="ea424b86cc81ded82cf735e31e17f347af9ca1ce8c35e099cf2fc321227a6fb16d28a02ba19319869b341e0b90d319bbd8fee217c53c648a876e00be3ccaa7ca1077f08408b30903a20d7d23f249c502b16ab46936329f683fe882e824412cd1efd085a44af1cdf801bd92", 0x80}, 0x1, &(0x7f0000000240)={&(0x7f0000000200)="e80d7b5949c317fa4822c0e87aa1aa9ae49642f819175ee2aa7262f21d3f70cf", 0x329}, 0x9838, 0x5) (async) close_range$auto(0x2, 0x8000, 0x0) (async) r3 = io_uring_setup$auto(0x6, 0x0) (async) mmap$auto(0x0, 0x400008, 0x8, 0x211, 0x2, 0x8000) dup$auto(r3) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) 285.823383ms ago: executing program 3 (id=1206): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x25, 0x1, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop7/queue/rq_affinity\x00', 0xe3102, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.1/usb2/authorized\x00', 0x8401, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r0, 0x0, 0xf2ad) write$auto(r1, 0x0, 0xfdef) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x18, 0x6, 0x2) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000010", @ANYRES16=0x0, @ANYBLOB="010325bd7040ffdbdf250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x90}, 0x20004000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) syz_genetlink_get_family_id$auto_thermal(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x402000c, 0x6, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0x20682, 0x0) mmap$auto(0x0, 0x4000000004020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xa, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x821a, 0x0, 0x17, 0x2, 0x8000) r3 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0xc2423, 0x0) read$auto(r3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0x7, 0x9b78, 0x2, 0x2000008000) move_pages$auto(0x0, 0x8, 0x0, 0x0, 0x0, 0x5) 0s ago: executing program 4 (id=1207): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) (async) futex$auto(&(0x7f0000000000)=0x80000001, 0x8a, 0x0, 0x0, 0x0, 0x440a48d2) kernel console output (not intermixed with test programs): 73.309008][ T5833] veth0_vlan: entered promiscuous mode [ 73.326117][ T5840] veth0_vlan: entered promiscuous mode [ 73.331899][ T5832] veth0_vlan: entered promiscuous mode [ 73.343282][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.358607][ T5832] veth1_vlan: entered promiscuous mode [ 73.370894][ T5833] veth1_vlan: entered promiscuous mode [ 73.379412][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.388468][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.398594][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.408180][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.428882][ T5840] veth1_vlan: entered promiscuous mode [ 73.502263][ T5833] veth0_macvtap: entered promiscuous mode [ 73.511999][ T5832] veth0_macvtap: entered promiscuous mode [ 73.530137][ T5840] veth0_macvtap: entered promiscuous mode [ 73.542185][ T5833] veth1_macvtap: entered promiscuous mode [ 73.551712][ T5832] veth1_macvtap: entered promiscuous mode [ 73.575004][ T5840] veth1_macvtap: entered promiscuous mode [ 73.591775][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.598155][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.615811][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.618639][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.628151][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.661838][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.674412][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.685764][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.717333][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.719170][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.736708][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.740515][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.756122][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.768133][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.779006][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.789024][ T5833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.798103][ T5833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.806949][ T5833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.815855][ T5833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.837544][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.848240][ T5845] Bluetooth: hci1: command tx timeout [ 73.858138][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.871037][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.881659][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.891511][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.902061][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.916252][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.923942][ T5845] Bluetooth: hci0: command tx timeout [ 73.929397][ T5843] Bluetooth: hci2: command tx timeout [ 73.929418][ T5847] Bluetooth: hci3: command tx timeout [ 73.946600][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.962466][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.975881][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.986687][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.998131][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.019772][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.023979][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 74.031952][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.056828][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.068346][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.078302][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.091427][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.104265][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.114476][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.123194][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.132118][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.140949][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.154402][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.163160][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.173207][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.182022][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.339497][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.360871][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.407642][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.416466][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.452636][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.462052][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.519269][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.543379][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.606066][ T1161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.648894][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.664024][ T1161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.678175][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.568281][ T29] audit: type=1800 audit(1740453664.527:2): pid=5914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4" name="dbroot" dev="configfs" ino=7155 res=0 errno=0 [ 75.924156][ T5847] Bluetooth: hci1: command tx timeout [ 75.949854][ T5947] Zero length message leads to an empty skb [ 76.012097][ T5847] Bluetooth: hci2: command tx timeout [ 76.018584][ T5847] Bluetooth: hci0: command tx timeout [ 76.033007][ T5843] Bluetooth: hci3: command tx timeout [ 77.544217][ T5982] Invalid ELF header magic: != ELF [ 78.004382][ T5845] Bluetooth: hci1: command tx timeout [ 78.083897][ T5845] Bluetooth: hci3: command tx timeout [ 78.089361][ T5845] Bluetooth: hci0: command tx timeout [ 78.094852][ T5843] Bluetooth: hci2: command tx timeout [ 79.285377][ T6006] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 79.452739][ T6013] process 'syz.2.16' launched './file0' with NULL argv: empty string added [ 80.172788][ T6016] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 80.486751][ T6038] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 81.517777][ T6041] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 83.638579][ T6090] mmap: syz.2.30 (6090) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 85.758840][ T6114] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 85.786165][ T6114] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 85.790820][ T29] audit: type=1800 audit(1740453674.747:3): pid=6113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.36" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 85.835051][ T6114] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 85.879688][ T6114] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 85.900824][ T6114] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 85.916896][ T6114] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 85.930278][ T6114] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 85.949652][ T6114] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 85.963489][ T6114] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 85.996924][ T6114] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 86.003046][ T6114] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 86.025877][ T6114] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 86.157437][ T6130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.39'. [ 86.444466][ T6138] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 87.045560][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 87.058546][ T1209] cfg80211: failed to load regulatory.db [ 87.475330][ T1209] Process accounting resumed [ 87.923693][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 88.003810][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 88.003844][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 88.527098][ T6192] netlink: 12 bytes leftover after parsing attributes in process `syz.1.54'. [ 89.124289][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 89.192480][ T5847] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 89.400727][ T6219] Invalid ELF header magic: != ELF [ 89.532234][ T6223] netlink: 40 bytes leftover after parsing attributes in process `syz.3.60'. [ 89.890641][ T6234] Invalid ELF header magic: != ELF [ 89.900115][ T6223] netlink: 69 bytes leftover after parsing attributes in process `syz.3.60'. [ 90.016933][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 90.083932][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 90.084036][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 90.704558][ T6261] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 90.925961][ T6270] netlink: 28 bytes leftover after parsing attributes in process `syz.0.73'. [ 91.213565][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 91.798541][ T6312] FAULT_INJECTION: forcing a failure. [ 91.798541][ T6312] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 91.854989][ T6312] CPU: 0 UID: 0 PID: 6312 Comm: syz.2.79 Not tainted 6.14.0-rc4-syzkaller #0 [ 91.855019][ T6312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 91.855035][ T6312] Call Trace: [ 91.855042][ T6312] [ 91.855054][ T6312] dump_stack_lvl+0x16c/0x1f0 [ 91.855087][ T6312] should_fail_ex+0x50a/0x650 [ 91.855124][ T6312] _copy_from_user+0x2e/0xd0 [ 91.855149][ T6312] video_usercopy+0xedb/0x1620 [ 91.855177][ T6312] ? __pfx_subdev_do_ioctl_lock+0x10/0x10 [ 91.855203][ T6312] ? __pfx_video_usercopy+0x10/0x10 [ 91.855249][ T6312] v4l2_ioctl+0x1ba/0x250 [ 91.855270][ T6312] ? __pfx_v4l2_ioctl+0x10/0x10 [ 91.855294][ T6312] __x64_sys_ioctl+0x190/0x200 [ 91.855324][ T6312] do_syscall_64+0xcd/0x250 [ 91.855354][ T6312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.855384][ T6312] RIP: 0033:0x7fa0c818d169 [ 91.855402][ T6312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.855427][ T6312] RSP: 002b:00007fa0c8fcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.855448][ T6312] RAX: ffffffffffffffda RBX: 00007fa0c83a5fa0 RCX: 00007fa0c818d169 [ 91.855462][ T6312] RDX: 0000000000000038 RSI: 00000000c0585605 RDI: 0000000000000003 [ 91.855475][ T6312] RBP: 00007fa0c8fcc090 R08: 0000000000000000 R09: 0000000000000000 [ 91.855489][ T6312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.855502][ T6312] R13: 0000000000000000 R14: 00007fa0c83a5fa0 R15: 00007fff4382d948 [ 91.855531][ T6312] [ 92.093580][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 92.163656][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 92.177500][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 93.576035][ T6357] netlink: 12 bytes leftover after parsing attributes in process `syz.3.89'. [ 93.627157][ T6358] netlink: 12 bytes leftover after parsing attributes in process `syz.3.89'. [ 93.829254][ T6353] netlink: 28 bytes leftover after parsing attributes in process `syz.0.87'. [ 93.847787][ T6353] ipvlan1: entered allmulticast mode [ 93.851643][ T6361] netlink: 28 bytes leftover after parsing attributes in process `syz.0.87'. [ 93.862379][ T6353] veth0_vlan: entered allmulticast mode [ 94.726784][ T5845] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 94.726823][ T5845] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 94.742885][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 94.742960][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 94.750714][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x37 [ 94.758088][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x3c [ 94.765262][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x40 [ 94.772311][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x40 [ 94.779436][ T5845] Bluetooth: hci0: Malformed LE Event: 0x0d [ 96.109188][ T6408] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 96.577481][ T6419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.99'. [ 97.261843][ T6428] Invalid ELF header magic: != ELF [ 98.753965][ T6474] FAULT_INJECTION: forcing a failure. [ 98.753965][ T6474] name fail_futex, interval 1, probability 0, space 0, times 1 [ 98.991309][ T6474] CPU: 0 UID: 0 PID: 6474 Comm: syz.3.116 Not tainted 6.14.0-rc4-syzkaller #0 [ 98.991341][ T6474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 98.991354][ T6474] Call Trace: [ 98.991361][ T6474] [ 98.991370][ T6474] dump_stack_lvl+0x16c/0x1f0 [ 98.991403][ T6474] should_fail_ex+0x50a/0x650 [ 98.991441][ T6474] get_futex_key+0x4a3/0x1000 [ 98.991474][ T6474] ? __pfx_get_futex_key+0x10/0x10 [ 98.991512][ T6474] futex_wake+0xe8/0x4e0 [ 98.991545][ T6474] ? __pfx_futex_wake+0x10/0x10 [ 98.991577][ T6474] ? kmem_cache_free+0x2e2/0x4d0 [ 98.991607][ T6474] ? putname+0x13c/0x180 [ 98.991635][ T6474] do_futex+0x1e5/0x350 [ 98.991661][ T6474] ? __pfx_do_futex+0x10/0x10 [ 98.991690][ T6474] ? __pfx___might_resched+0x10/0x10 [ 98.991727][ T6474] __x64_sys_futex+0x1e1/0x4c0 [ 98.991755][ T6474] ? __x64_sys_openat+0x175/0x210 [ 98.991780][ T6474] ? __pfx___x64_sys_futex+0x10/0x10 [ 98.991818][ T6474] do_syscall_64+0xcd/0x250 [ 98.991850][ T6474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.991879][ T6474] RIP: 0033:0x7f0374f8d169 [ 98.991898][ T6474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.991923][ T6474] RSP: 002b:00007f0375ddd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 98.991945][ T6474] RAX: ffffffffffffffda RBX: 00007f03751a5fa8 RCX: 00007f0374f8d169 [ 98.991961][ T6474] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f03751a5fac [ 98.991975][ T6474] RBP: 00007f03751a5fa0 R08: 00007f0375dde000 R09: 0000000000000000 [ 98.991989][ T6474] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f03751a5fac [ 98.992002][ T6474] R13: 0000000000000000 R14: 00007fff2d85ed90 R15: 00007fff2d85ee78 [ 98.992031][ T6474] [ 100.463108][ T6501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium syzkaller syzkaller login: [ 101.308850][ T6528] netlink: 334 bytes leftover after parsing attributes in process `syz.0.127'. [ 101.460890][ T6522] netlink: 32 bytes leftover after parsing attributes in process `syz.1.126'. [ 101.500358][ T6536] netlink: 334 bytes leftover after parsing attributes in process `syz.0.127'. [ 101.989373][ T6539] delete_channel: no stack [ 102.681502][ T6545] cifs: Unknown parameter '#ʑC ˀH/R{<' [ 104.077770][ T6588] capability: warning: `syz.1.139' uses 32-bit capabilities (legacy support in use) [ 104.260600][ T6546] kexec: Could not allocate control_code_buffer [ 104.701987][ T6605] lo: entered allmulticast mode [ 104.811669][ T6610] lo: left allmulticast mode [ 106.899534][ T6651] WARNING! power/level is deprecated; use power/control instead [ 106.964649][ T29] audit: type=1800 audit(4294967300.350:4): pid=6655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.151" name="version" dev="configfs" ino=11276 res=0 errno=0 [ 109.520889][ T29] audit: type=1107 audit(4294967302.910:5): pid=6704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 110.118657][ T6720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'. [ 110.180986][ T6720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'. [ 111.195266][ T6734] zswap: compressor not available [ 112.735815][ T6761] netlink: 326 bytes leftover after parsing attributes in process `syz.0.176'. [ 112.776350][ T6761] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.784905][ T6761] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.888756][ T6809] netlink: 342 bytes leftover after parsing attributes in process `syz.2.185'. [ 115.904898][ T6809] FAULT_INJECTION: forcing a failure. [ 115.904898][ T6809] name failslab, interval 1, probability 0, space 0, times 0 [ 115.975509][ T6809] CPU: 1 UID: 0 PID: 6809 Comm: syz.2.185 Not tainted 6.14.0-rc4-syzkaller #0 [ 115.975545][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 115.975560][ T6809] Call Trace: [ 115.975567][ T6809] [ 115.975577][ T6809] dump_stack_lvl+0x16c/0x1f0 [ 115.975615][ T6809] should_fail_ex+0x50a/0x650 [ 115.975650][ T6809] ? fs_reclaim_acquire+0xae/0x150 [ 115.975684][ T6809] should_failslab+0xc2/0x120 [ 115.975708][ T6809] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 115.975745][ T6809] ? lockdep_rtnl_is_held+0x26/0x40 [ 115.975770][ T6809] ? fib_trie_unmerge+0x26d/0xc30 [ 115.975802][ T6809] fib_trie_unmerge+0x26d/0xc30 [ 115.975837][ T6809] ? __pfx_fib_trie_unmerge+0x10/0x10 [ 115.975877][ T6809] fib_unmerge+0xf8/0x520 [ 115.975905][ T6809] ? __pfx_fib_nl2rule.constprop.0.isra.0+0x10/0x10 [ 115.975947][ T6809] fib4_rule_configure+0x253/0xe00 [ 115.975990][ T6809] fib_nl_newrule+0x34e/0x1bd0 [ 115.976022][ T6809] ? __pfx_lock_release+0x10/0x10 [ 115.976062][ T6809] ? __pfx_fib_nl_newrule+0x10/0x10 [ 115.976092][ T6809] ? __pfx__raw_spin_unlock_irq+0x10/0x10 [ 115.976140][ T6809] ? trace_lock_acquire+0x14e/0x1f0 [ 115.976174][ T6809] ? __pfx_fib_nl_newrule+0x10/0x10 [ 115.976207][ T6809] rtnetlink_rcv_msg+0x3c7/0xea0 [ 115.976245][ T6809] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 115.976293][ T6809] netlink_rcv_skb+0x16b/0x440 [ 115.976325][ T6809] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 115.976359][ T6809] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 115.976416][ T6809] ? netlink_deliver_tap+0x1ae/0xd30 [ 115.976454][ T6809] netlink_unicast+0x53c/0x7f0 [ 115.976490][ T6809] ? __pfx_netlink_unicast+0x10/0x10 [ 115.976523][ T6809] ? __phys_addr_symbol+0x30/0x80 [ 115.976547][ T6809] ? __check_object_size+0x488/0x710 [ 115.976576][ T6809] netlink_sendmsg+0x8b8/0xd70 [ 115.976612][ T6809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.976656][ T6809] ____sys_sendmsg+0xaaf/0xc90 [ 115.976682][ T6809] ? copy_msghdr_from_user+0x10b/0x160 [ 115.976715][ T6809] ? __pfx_____sys_sendmsg+0x10/0x10 [ 115.976757][ T6809] ___sys_sendmsg+0x135/0x1e0 [ 115.976792][ T6809] ? __pfx____sys_sendmsg+0x10/0x10 [ 115.976856][ T6809] ? do_futex+0x123/0x350 [ 115.976892][ T6809] __sys_sendmsg+0x16e/0x220 [ 115.976926][ T6809] ? __pfx___sys_sendmsg+0x10/0x10 [ 115.976958][ T6809] ? __x64_sys_futex+0x1e1/0x4c0 [ 115.977007][ T6809] do_syscall_64+0xcd/0x250 [ 115.977039][ T6809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.977071][ T6809] RIP: 0033:0x7fa0c818d169 [ 115.977091][ T6809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.977113][ T6809] RSP: 002b:00007fa0c8fcc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 115.977134][ T6809] RAX: ffffffffffffffda RBX: 00007fa0c83a5fa0 RCX: 00007fa0c818d169 [ 115.977150][ T6809] RDX: 0000000000040000 RSI: 0000400000000240 RDI: 0000000000000003 [ 115.977165][ T6809] RBP: 00007fa0c820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 115.977179][ T6809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.977192][ T6809] R13: 0000000000000000 R14: 00007fa0c83a5fa0 R15: 00007fff4382d948 [ 115.977223][ T6809] [ 116.301269][ T6813] netlink: 342 bytes leftover after parsing attributes in process `syz.1.187'. [ 116.313291][ T6813] netlink: 342 bytes leftover after parsing attributes in process `syz.1.187'. [ 119.842337][ T6869] Invalid ELF header magic: != ELF [ 119.963964][ T6872] Invalid ELF header magic: != ELF [ 122.353379][ T6913] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 122.383860][ T6913] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 122.390023][ T6913] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 122.433692][ T6913] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 122.439807][ T6913] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 122.728832][ T6928] FAULT_INJECTION: forcing a failure. [ 122.728832][ T6928] name failslab, interval 1, probability 0, space 0, times 0 [ 122.757967][ T6928] CPU: 0 UID: 0 PID: 6928 Comm: syz.3.213 Not tainted 6.14.0-rc4-syzkaller #0 [ 122.758003][ T6928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 122.758017][ T6928] Call Trace: [ 122.758025][ T6928] [ 122.758035][ T6928] dump_stack_lvl+0x16c/0x1f0 [ 122.758073][ T6928] should_fail_ex+0x50a/0x650 [ 122.758108][ T6928] ? fs_reclaim_acquire+0xae/0x150 [ 122.758141][ T6928] ? file_f_owner_allocate+0x8a/0x140 [ 122.758165][ T6928] should_failslab+0xc2/0x120 [ 122.758188][ T6928] __kmalloc_cache_noprof+0x68/0x410 [ 122.758227][ T6928] file_f_owner_allocate+0x8a/0x140 [ 122.758252][ T6928] generic_setlease+0x5c3/0x1310 [ 122.758282][ T6928] ? __pfx_lock_release+0x10/0x10 [ 122.758320][ T6928] ? __pfx_generic_setlease+0x10/0x10 [ 122.758357][ T6928] kernel_setlease+0x106/0x140 [ 122.758386][ T6928] vfs_setlease+0x258/0x2d0 [ 122.758422][ T6928] fcntl_setlease+0x3ee/0x5a0 [ 122.758453][ T6928] ? __pfx_fcntl_setlease+0x10/0x10 [ 122.758491][ T6928] ? __fget_files+0x1fc/0x3a0 [ 122.758529][ T6928] do_fcntl+0x768/0x15b0 [ 122.758554][ T6928] ? __pfx_do_fcntl+0x10/0x10 [ 122.758583][ T6928] ? tomoyo_file_fcntl+0x6c/0xc0 [ 122.758615][ T6928] __x64_sys_fcntl+0x170/0x200 [ 122.758644][ T6928] do_syscall_64+0xcd/0x250 [ 122.758676][ T6928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.758708][ T6928] RIP: 0033:0x7f0374f8d169 [ 122.758728][ T6928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.758751][ T6928] RSP: 002b:00007f0375ddd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 122.758774][ T6928] RAX: ffffffffffffffda RBX: 00007f03751a5fa0 RCX: 00007f0374f8d169 [ 122.758790][ T6928] RDX: 9ec0000000000000 RSI: 0000000000000400 RDI: 0000000000000003 [ 122.758805][ T6928] RBP: 00007f037500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 122.758820][ T6928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.758840][ T6928] R13: 0000000000000000 R14: 00007f03751a5fa0 R15: 00007fff2d85ee78 [ 122.758870][ T6928] [ 123.656963][ T5845] Bluetooth: hci3: unexpected event 0x35 length: 13 > 6 [ 124.323954][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 124.403923][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 124.410081][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 124.484802][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 125.543992][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.693854][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 126.490558][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 126.996917][ T6996] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 129.009593][ T7051] netlink: 'syz.1.239': attribute type 1 has an invalid length. [ 129.752243][ T7063] can: request_module (can-proto-0) failed. [ 129.965017][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 129.975119][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 130.140552][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 130.166296][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 130.435085][ T7069] sg_read: process 229 (syz.3.243) changed security contexts after opening file descriptor, this is not allowed. [ 130.854319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 131.444225][ T7083] Invalid ELF header magic: != ELF [ 133.136254][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.142917][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.553934][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 133.903919][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 134.391660][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 136.153090][ T7181] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 137.564167][ T5845] Bluetooth: hci1: unexpected event 0x35 length: 13 > 6 [ 137.808444][ T7239] zswap: compressor not available [ 141.295011][ T7336] block mtdblock0: the capability attribute has been deprecated. [ 144.037799][ T7360] sctp: [Deprecated]: syz.1.306 (pid 7360) Use of struct sctp_assoc_value in delayed_ack socket option. [ 144.037799][ T7360] Use struct sctp_sack_info instead [ 144.263781][ T7362] sctp: [Deprecated]: syz.1.306 (pid 7362) Use of struct sctp_assoc_value in delayed_ack socket option. [ 144.263781][ T7362] Use struct sctp_sack_info instead [ 145.217900][ T7376] netlink: 28 bytes leftover after parsing attributes in process `syz.1.312'. [ 146.763706][ T7406] netlink: 'syz.0.318': attribute type 19 has an invalid length. [ 146.776447][ T7406] netlink: 114 bytes leftover after parsing attributes in process `syz.0.318'. [ 148.005184][ T7432] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 148.249063][ T7429] cougar: G6 mapped to space [ 148.326881][ T29] audit: type=1800 audit(4294967350.720:6): pid=7429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.323" name="features" dev="configfs" ino=14175 res=0 errno=0 [ 148.346969][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.490292][ T7434] FAULT_INJECTION: forcing a failure. [ 148.490292][ T7434] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 148.602363][ T7434] CPU: 0 UID: 0 PID: 7434 Comm: syz.0.326 Not tainted 6.14.0-rc4-syzkaller #0 [ 148.602397][ T7434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.602411][ T7434] Call Trace: [ 148.602418][ T7434] [ 148.602428][ T7434] dump_stack_lvl+0x16c/0x1f0 [ 148.602466][ T7434] should_fail_ex+0x50a/0x650 [ 148.602503][ T7434] ? __pfx___might_resched+0x10/0x10 [ 148.602547][ T7434] should_fail_alloc_page+0xe7/0x130 [ 148.602573][ T7434] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 148.602612][ T7434] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 148.602650][ T7434] ? hlock_class+0x4e/0x130 [ 148.602674][ T7434] ? mark_lock+0xb5/0xc60 [ 148.602709][ T7434] ? __pfx_mark_lock+0x10/0x10 [ 148.602744][ T7434] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 148.602782][ T7434] ? hlock_class+0x4e/0x130 [ 148.602806][ T7434] ? mark_lock+0xb5/0xc60 [ 148.602836][ T7434] ? hlock_class+0x4e/0x130 [ 148.602869][ T7434] ? hlock_class+0x4e/0x130 [ 148.602892][ T7434] ? __lock_acquire+0xcc5/0x3c40 [ 148.602925][ T7434] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 148.602963][ T7434] ? policy_nodemask+0xea/0x4e0 [ 148.603003][ T7434] alloc_pages_mpol+0x1fc/0x540 [ 148.603028][ T7434] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 148.603051][ T7434] ? __lock_acquire+0x15a9/0x3c40 [ 148.603090][ T7434] folio_alloc_mpol_noprof+0x36/0x2f0 [ 148.603120][ T7434] vma_alloc_folio_noprof+0xee/0x1b0 [ 148.603147][ T7434] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 148.603175][ T7434] ? find_held_lock+0x2d/0x110 [ 148.603208][ T7434] do_pte_missing+0x202f/0x3e10 [ 148.603261][ T7434] __handle_mm_fault+0x1166/0x2c60 [ 148.603311][ T7434] ? __pfx___handle_mm_fault+0x10/0x10 [ 148.603345][ T7434] ? follow_page_pte+0x3ac/0x1490 [ 148.603379][ T7434] ? __pfx_lock_release+0x10/0x10 [ 148.603439][ T7434] handle_mm_fault+0x3fa/0xaa0 [ 148.603481][ T7434] __get_user_pages+0x773/0x36f0 [ 148.603517][ T7434] ? __pfx_mt_find+0x10/0x10 [ 148.603543][ T7434] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 148.603575][ T7434] ? __pfx___get_user_pages+0x10/0x10 [ 148.603612][ T7434] ? __mm_populate+0x21d/0x380 [ 148.603652][ T7434] populate_vma_page_range+0x27f/0x3a0 [ 148.603690][ T7434] ? __pfx_populate_vma_page_range+0x10/0x10 [ 148.603723][ T7434] ? __pfx_find_vma_intersection+0x10/0x10 [ 148.603755][ T7434] ? vm_mmap_pgoff+0x29b/0x3a0 [ 148.603793][ T7434] __mm_populate+0x1d6/0x380 [ 148.603828][ T7434] ? __pfx___mm_populate+0x10/0x10 [ 148.603865][ T7434] ? up_write+0x1b2/0x520 [ 148.603903][ T7434] vm_mmap_pgoff+0x2d3/0x3a0 [ 148.603940][ T7434] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 148.603978][ T7434] ? __x64_sys_futex+0x1e1/0x4c0 [ 148.604005][ T7434] ? __x64_sys_futex+0x1ea/0x4c0 [ 148.604039][ T7434] ksys_mmap_pgoff+0x7d/0x5c0 [ 148.604068][ T7434] ? rcu_is_watching+0x12/0xc0 [ 148.604097][ T7434] __x64_sys_mmap+0x125/0x190 [ 148.604136][ T7434] do_syscall_64+0xcd/0x250 [ 148.604168][ T7434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.604202][ T7434] RIP: 0033:0x7fd0c898d169 [ 148.604222][ T7434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.604252][ T7434] RSP: 002b:00007fd0c9804038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 148.604276][ T7434] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898d169 [ 148.604293][ T7434] RDX: fffffffffffffffe RSI: 0000000000400005 RDI: 0000000000000000 [ 148.604308][ T7434] RBP: 00007fd0c8a0e2a0 R08: 0000000000000002 R09: 0000000000008000 [ 148.604324][ T7434] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 148.604338][ T7434] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 148.604371][ T7434] [ 149.096099][ T7436] nbd: socks must be embedded in a SOCK_ITEM attr [ 149.105572][ T7436] block nbd0: shutting down sockets [ 149.684591][ T7449] netlink: 28 bytes leftover after parsing attributes in process `syz.1.329'. [ 149.713620][ T7449] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.721368][ T7449] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.814840][ T7449] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.830727][ T7449] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.034306][ T7467] random: crng reseeded on system resumption [ 151.135519][ T7490] netlink: 'syz.1.335': attribute type 19 has an invalid length. [ 151.153717][ T7490] netlink: 114 bytes leftover after parsing attributes in process `syz.1.335'. [ 152.505896][ T7515] netlink: 28 bytes leftover after parsing attributes in process `syz.2.342'. [ 153.181014][ T7524] FAULT_INJECTION: forcing a failure. [ 153.181014][ T7524] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 153.253580][ T7524] CPU: 0 UID: 0 PID: 7524 Comm: syz.0.345 Not tainted 6.14.0-rc4-syzkaller #0 [ 153.253611][ T7524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 153.253624][ T7524] Call Trace: [ 153.253631][ T7524] [ 153.253640][ T7524] dump_stack_lvl+0x16c/0x1f0 [ 153.253674][ T7524] should_fail_ex+0x50a/0x650 [ 153.253713][ T7524] ? __pfx___might_resched+0x10/0x10 [ 153.253753][ T7524] should_fail_alloc_page+0xe7/0x130 [ 153.253779][ T7524] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 153.253817][ T7524] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 153.253856][ T7524] ? save_trace+0x53/0xb60 [ 153.253895][ T7524] ? add_lock_to_list+0x17d/0x390 [ 153.253928][ T7524] ? hlock_class+0x4e/0x130 [ 153.253953][ T7524] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 153.254007][ T7524] ? __pfx___lock_acquire+0x10/0x10 [ 153.254044][ T7524] ? add_lock_to_list+0x17d/0x390 [ 153.254073][ T7524] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 153.254112][ T7524] ? policy_nodemask+0xea/0x4e0 [ 153.254150][ T7524] alloc_pages_mpol+0x1fc/0x540 [ 153.254176][ T7524] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 153.254197][ T7524] ? __page_table_check_ptes_set+0x16b/0x3e0 [ 153.254233][ T7524] ? do_raw_spin_lock+0x12d/0x2c0 [ 153.254257][ T7524] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 153.254289][ T7524] alloc_pages_noprof+0x131/0x390 [ 153.254312][ T7524] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 153.254345][ T7524] get_free_pages_noprof+0xc/0x40 [ 153.254370][ T7524] kasan_populate_vmalloc_pte+0x2d/0x160 [ 153.254403][ T7524] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 153.254435][ T7524] __apply_to_page_range+0x5fd/0xd30 [ 153.254470][ T7524] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 153.254509][ T7524] ? __pfx___apply_to_page_range+0x10/0x10 [ 153.254543][ T7524] ? insert_vmap_area+0x2ef/0x4d0 [ 153.254575][ T7524] alloc_vmap_area+0x93e/0x2a60 [ 153.254619][ T7524] ? __pfx_alloc_vmap_area+0x10/0x10 [ 153.254647][ T7524] ? __kmalloc_cache_node_noprof+0x2ad/0x420 [ 153.254689][ T7524] __get_vm_area_node+0x19e/0x2f0 [ 153.254726][ T7524] vmap+0x15a/0x350 [ 153.254754][ T7524] ? relay_open_buf.part.0+0x446/0xb90 [ 153.254787][ T7524] ? __pfx_vmap+0x10/0x10 [ 153.254814][ T7524] ? alloc_pages_noprof+0x172/0x390 [ 153.254844][ T7524] relay_open_buf.part.0+0x446/0xb90 [ 153.254887][ T7524] relay_open+0x653/0xad0 [ 153.254920][ T7524] ? debugfs_create_file_full+0x41/0x60 [ 153.254964][ T7524] do_blk_trace_setup+0x503/0xb50 [ 153.254997][ T7524] blk_trace_setup+0xee/0x1b0 [ 153.255024][ T7524] ? __pfx_blk_trace_setup+0x10/0x10 [ 153.255051][ T7524] ? __pfx_snprintf+0x10/0x10 [ 153.255098][ T7524] blk_trace_ioctl+0x147/0x280 [ 153.255125][ T7524] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 153.255155][ T7524] ? trace_lock_acquire+0x14e/0x1f0 [ 153.255180][ T7524] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 153.255220][ T7524] blkdev_ioctl+0x109/0x6d0 [ 153.255245][ T7524] ? __pfx_blkdev_ioctl+0x10/0x10 [ 153.255266][ T7524] ? __fget_files+0x206/0x3a0 [ 153.255304][ T7524] ? __pfx_blkdev_ioctl+0x10/0x10 [ 153.255329][ T7524] __x64_sys_ioctl+0x190/0x200 [ 153.255361][ T7524] do_syscall_64+0xcd/0x250 [ 153.255393][ T7524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.255426][ T7524] RIP: 0033:0x7fd0c898d169 [ 153.255447][ T7524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.255468][ T7524] RSP: 002b:00007fd0c9804038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 153.255491][ T7524] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898d169 [ 153.255508][ T7524] RDX: 0000400000000180 RSI: 00000000c0481273 RDI: 0000000000000006 [ 153.255523][ T7524] RBP: 00007fd0c8a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 153.255538][ T7524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 153.255553][ T7524] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 153.255587][ T7524] [ 153.927190][ T7532] Invalid ELF header magic: != ELF [ 154.744062][ T7552] netlink: 28 bytes leftover after parsing attributes in process `syz.0.353'. [ 156.188720][ T7572] netlink: 346 bytes leftover after parsing attributes in process `syz.1.358'. [ 156.464397][ T7575] netlink: 'syz.2.357': attribute type 19 has an invalid length. [ 156.505947][ T7575] netlink: 114 bytes leftover after parsing attributes in process `syz.2.357'. [ 156.567371][ T7574] Process accounting resumed [ 156.603159][ T7587] Invalid ELF header magic: != ELF [ 156.631853][ T7587] Invalid ELF header magic: != ELF [ 156.673307][ T7587] Invalid ELF header magic: != ELF [ 156.695485][ T7587] Invalid ELF header magic: != ELF [ 156.741124][ T7587] Invalid ELF header magic: != ELF [ 156.785648][ T7587] Invalid ELF header magic: != ELF [ 156.834791][ T7587] Invalid ELF header magic: != ELF [ 156.889451][ T7587] Invalid ELF header magic: != ELF [ 156.940194][ T7587] Invalid ELF header magic: != ELF [ 157.014331][ T7587] Invalid ELF header magic: != ELF [ 157.072308][ T7587] Invalid ELF header magic: != ELF [ 157.110466][ T7587] Invalid ELF header magic: != ELF [ 157.160272][ T7587] Invalid ELF header magic: != ELF [ 163.662325][ T7729] Line length is too long: Should be less than 4094 [ 164.175007][ T7733] FAULT_INJECTION: forcing a failure. [ 164.175007][ T7733] name failslab, interval 1, probability 0, space 0, times 0 [ 164.203614][ T7733] CPU: 0 UID: 0 PID: 7733 Comm: syz.2.395 Not tainted 6.14.0-rc4-syzkaller #0 [ 164.203647][ T7733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 164.203662][ T7733] Call Trace: [ 164.203668][ T7733] [ 164.203676][ T7733] dump_stack_lvl+0x16c/0x1f0 [ 164.203710][ T7733] should_fail_ex+0x50a/0x650 [ 164.203745][ T7733] ? fs_reclaim_acquire+0xae/0x150 [ 164.203773][ T7733] ? lsm_blob_alloc+0x68/0x90 [ 164.203806][ T7733] should_failslab+0xc2/0x120 [ 164.203829][ T7733] __kmalloc_noprof+0xcb/0x510 [ 164.203870][ T7733] lsm_blob_alloc+0x68/0x90 [ 164.203914][ T7733] security_sk_alloc+0x30/0x270 [ 164.203944][ T7733] sk_prot_alloc+0xfb/0x2a0 [ 164.203972][ T7733] sk_alloc+0x36/0xb90 [ 164.204004][ T7733] sctp_v6_create_accept_sk+0x12e/0x730 [ 164.204037][ T7733] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 164.204067][ T7733] ? __pfx_sctp_v6_create_accept_sk+0x10/0x10 [ 164.204097][ T7733] sctp_accept+0x62d/0x800 [ 164.204123][ T7733] ? errseq_sample+0x53/0x70 [ 164.204153][ T7733] ? __pfx_sctp_accept+0x10/0x10 [ 164.204180][ T7733] ? aa_sk_perm+0x2f5/0xb20 [ 164.204207][ T7733] ? __pfx_autoremove_wake_function+0x10/0x10 [ 164.204241][ T7733] ? __pfx_aa_sk_perm+0x10/0x10 [ 164.204275][ T7733] inet_accept+0xc4/0x180 [ 164.204313][ T7733] do_accept+0x337/0x530 [ 164.204344][ T7733] ? __pfx_do_accept+0x10/0x10 [ 164.204394][ T7733] __sys_accept4+0xfe/0x1b0 [ 164.204423][ T7733] ? __pfx___sys_accept4+0x10/0x10 [ 164.204451][ T7733] ? rcu_is_watching+0x12/0xc0 [ 164.204483][ T7733] __x64_sys_accept+0x74/0xb0 [ 164.204510][ T7733] ? lockdep_hardirqs_on+0x7c/0x110 [ 164.204538][ T7733] do_syscall_64+0xcd/0x250 [ 164.204570][ T7733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.204602][ T7733] RIP: 0033:0x7fa0c818d169 [ 164.204622][ T7733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.204643][ T7733] RSP: 002b:00007fa0c8fcc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 164.204665][ T7733] RAX: ffffffffffffffda RBX: 00007fa0c83a5fa0 RCX: 00007fa0c818d169 [ 164.204681][ T7733] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 164.204695][ T7733] RBP: 00007fa0c820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 164.204710][ T7733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.204724][ T7733] R13: 0000000000000000 R14: 00007fa0c83a5fa0 R15: 00007fff4382d948 [ 164.204757][ T7733] [ 164.509950][ T7735] FAULT_INJECTION: forcing a failure. [ 164.509950][ T7735] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 164.523287][ T7735] CPU: 0 UID: 0 PID: 7735 Comm: syz.3.396 Not tainted 6.14.0-rc4-syzkaller #0 [ 164.523318][ T7735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 164.523333][ T7735] Call Trace: [ 164.523340][ T7735] [ 164.523349][ T7735] dump_stack_lvl+0x16c/0x1f0 [ 164.523387][ T7735] should_fail_ex+0x50a/0x650 [ 164.523422][ T7735] ? __pfx___might_resched+0x10/0x10 [ 164.523463][ T7735] should_fail_alloc_page+0xe7/0x130 [ 164.523490][ T7735] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 164.523530][ T7735] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 164.523559][ T7735] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 164.523591][ T7735] ? unwind_get_return_address+0x59/0xa0 [ 164.523621][ T7735] ? arch_stack_walk+0xa7/0x100 [ 164.523648][ T7735] ? hlock_class+0x4e/0x130 [ 164.523674][ T7735] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 164.523721][ T7735] ? __pfx___lock_acquire+0x10/0x10 [ 164.523751][ T7735] ? kasan_save_stack+0x42/0x60 [ 164.523783][ T7735] ? kasan_save_stack+0x33/0x60 [ 164.523813][ T7735] ? kasan_save_track+0x14/0x30 [ 164.523843][ T7735] ? __kasan_slab_alloc+0x89/0x90 [ 164.523874][ T7735] ? kmem_cache_alloc_node_noprof+0x223/0x3c0 [ 164.523908][ T7735] ? alloc_vmap_area+0x636/0x2a60 [ 164.523934][ T7735] ? __get_vm_area_node+0x19e/0x2f0 [ 164.523961][ T7735] ? vmap+0x15a/0x350 [ 164.523987][ T7735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 164.524025][ T7735] ? policy_nodemask+0xea/0x4e0 [ 164.524065][ T7735] alloc_pages_mpol+0x1fc/0x540 [ 164.524090][ T7735] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 164.524120][ T7735] ? __page_table_check_ptes_set+0x16b/0x3e0 [ 164.524159][ T7735] ? do_raw_spin_lock+0x12d/0x2c0 [ 164.524184][ T7735] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 164.524214][ T7735] alloc_pages_noprof+0x131/0x390 [ 164.524238][ T7735] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 164.524270][ T7735] get_free_pages_noprof+0xc/0x40 [ 164.524295][ T7735] kasan_populate_vmalloc_pte+0x2d/0x160 [ 164.524328][ T7735] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 164.524361][ T7735] __apply_to_page_range+0x5fd/0xd30 [ 164.524396][ T7735] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 164.524435][ T7735] ? __pfx___apply_to_page_range+0x10/0x10 [ 164.524469][ T7735] ? insert_vmap_area+0x2ef/0x4d0 [ 164.524501][ T7735] alloc_vmap_area+0x93e/0x2a60 [ 164.524545][ T7735] ? __pfx_alloc_vmap_area+0x10/0x10 [ 164.524583][ T7735] __get_vm_area_node+0x19e/0x2f0 [ 164.524620][ T7735] vmap+0x15a/0x350 [ 164.524648][ T7735] ? relay_open_buf.part.0+0x446/0xb90 [ 164.524681][ T7735] ? __pfx_vmap+0x10/0x10 [ 164.524721][ T7735] relay_open_buf.part.0+0x446/0xb90 [ 164.524765][ T7735] relay_open+0x653/0xad0 [ 164.524796][ T7735] ? debugfs_create_file_full+0x41/0x60 [ 164.524838][ T7735] do_blk_trace_setup+0x503/0xb50 [ 164.524863][ T7735] blk_trace_setup+0xee/0x1b0 [ 164.524890][ T7735] ? __pfx_blk_trace_setup+0x10/0x10 [ 164.524917][ T7735] ? __pfx_snprintf+0x10/0x10 [ 164.524963][ T7735] blk_trace_ioctl+0x147/0x280 [ 164.524991][ T7735] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 164.525021][ T7735] ? trace_lock_acquire+0x14e/0x1f0 [ 164.525046][ T7735] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 164.525086][ T7735] blkdev_ioctl+0x109/0x6d0 [ 164.525118][ T7735] ? __pfx_blkdev_ioctl+0x10/0x10 [ 164.525141][ T7735] ? __fget_files+0x206/0x3a0 [ 164.525179][ T7735] ? __pfx_blkdev_ioctl+0x10/0x10 [ 164.525205][ T7735] __x64_sys_ioctl+0x190/0x200 [ 164.525236][ T7735] do_syscall_64+0xcd/0x250 [ 164.525266][ T7735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.525297][ T7735] RIP: 0033:0x7f0374f8d169 [ 164.525318][ T7735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.525340][ T7735] RSP: 002b:00007f0375ddd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.525363][ T7735] RAX: ffffffffffffffda RBX: 00007f03751a5fa0 RCX: 00007f0374f8d169 [ 164.525381][ T7735] RDX: 0000400000000180 RSI: 00000000c0481273 RDI: 0000000000000006 [ 164.525396][ T7735] RBP: 00007f037500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 164.525411][ T7735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.525426][ T7735] R13: 0000000000000000 R14: 00007f03751a5fa0 R15: 00007fff2d85ee78 [ 164.525459][ T7735] [ 165.102426][ T7738] netlink: 'syz.1.397': attribute type 33 has an invalid length. [ 165.166176][ T7738] netlink: 322 bytes leftover after parsing attributes in process `syz.1.397'. [ 167.223198][ T7782] FAULT_INJECTION: forcing a failure. [ 167.223198][ T7782] name failslab, interval 1, probability 0, space 0, times 0 [ 167.279268][ T7782] CPU: 0 UID: 0 PID: 7782 Comm: syz.3.408 Not tainted 6.14.0-rc4-syzkaller #0 [ 167.279298][ T7782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 167.279310][ T7782] Call Trace: [ 167.279317][ T7782] [ 167.279326][ T7782] dump_stack_lvl+0x16c/0x1f0 [ 167.279362][ T7782] should_fail_ex+0x50a/0x650 [ 167.279396][ T7782] ? fs_reclaim_acquire+0xae/0x150 [ 167.279428][ T7782] ? snd_seq_prioq_new+0x3f/0x110 [ 167.279459][ T7782] should_failslab+0xc2/0x120 [ 167.279481][ T7782] __kmalloc_cache_noprof+0x68/0x410 [ 167.279511][ T7782] ? lockdep_init_map_type+0x16d/0x7d0 [ 167.279543][ T7782] ? __raw_spin_lock_init+0x3a/0x110 [ 167.279581][ T7782] snd_seq_prioq_new+0x3f/0x110 [ 167.279622][ T7782] snd_seq_queue_alloc+0x12b/0x550 [ 167.279657][ T7782] snd_seq_ioctl_create_queue+0xa9/0x380 [ 167.279696][ T7782] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 167.279734][ T7782] alloc_seq_queue+0xda/0x180 [ 167.279757][ T7782] ? __pfx_alloc_seq_queue+0x10/0x10 [ 167.279798][ T7782] ? mark_held_locks+0x9f/0xe0 [ 167.279829][ T7782] ? _raw_spin_unlock_irq+0x23/0x50 [ 167.279856][ T7782] snd_seq_oss_open+0x38c/0xa20 [ 167.279884][ T7782] odev_open+0x6f/0x90 [ 167.279902][ T7782] ? __pfx_odev_open+0x10/0x10 [ 167.279921][ T7782] soundcore_open+0x409/0x580 [ 167.279959][ T7782] ? __pfx_soundcore_open+0x10/0x10 [ 167.279991][ T7782] chrdev_open+0x237/0x6a0 [ 167.280024][ T7782] ? __pfx_apparmor_file_open+0x10/0x10 [ 167.280053][ T7782] ? __pfx_chrdev_open+0x10/0x10 [ 167.280090][ T7782] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 167.280126][ T7782] do_dentry_open+0x735/0x1c40 [ 167.280158][ T7782] ? __pfx_chrdev_open+0x10/0x10 [ 167.280193][ T7782] ? inode_permission+0xdd/0x5f0 [ 167.280221][ T7782] vfs_open+0x82/0x3f0 [ 167.280242][ T7782] ? may_open+0x1f2/0x400 [ 167.280270][ T7782] path_openat+0x1e88/0x2d80 [ 167.280314][ T7782] ? __pfx_path_openat+0x10/0x10 [ 167.280345][ T7782] ? __pfx___lock_acquire+0x10/0x10 [ 167.280374][ T7782] ? lock_acquire.part.0+0x11b/0x380 [ 167.280404][ T7782] ? find_held_lock+0x2d/0x110 [ 167.280432][ T7782] do_filp_open+0x20c/0x470 [ 167.280463][ T7782] ? __pfx_do_filp_open+0x10/0x10 [ 167.280491][ T7782] ? find_held_lock+0x2d/0x110 [ 167.280535][ T7782] ? alloc_fd+0x41f/0x760 [ 167.280575][ T7782] do_sys_openat2+0x17a/0x1e0 [ 167.280612][ T7782] ? __pfx_do_sys_openat2+0x10/0x10 [ 167.280638][ T7782] ? do_raw_spin_unlock+0x172/0x230 [ 167.280670][ T7782] __x64_sys_openat+0x175/0x210 [ 167.280697][ T7782] ? __pfx___x64_sys_openat+0x10/0x10 [ 167.280733][ T7782] do_syscall_64+0xcd/0x250 [ 167.280763][ T7782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.280792][ T7782] RIP: 0033:0x7f0374f8d169 [ 167.280811][ T7782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.280832][ T7782] RSP: 002b:00007f0375ddd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 167.280853][ T7782] RAX: ffffffffffffffda RBX: 00007f03751a5fa0 RCX: 00007f0374f8d169 [ 167.280868][ T7782] RDX: 0000000000000080 RSI: 0000400000000500 RDI: ffffffffffffff9c [ 167.280882][ T7782] RBP: 00007f037500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 167.280895][ T7782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.280907][ T7782] R13: 0000000000000000 R14: 00007f03751a5fa0 R15: 00007fff2d85ee78 [ 167.280935][ T7782] [ 169.812268][ T7848] netlink: 186 bytes leftover after parsing attributes in process `syz.2.422'. [ 171.734091][ T7900] random: crng reseeded on system resumption [ 172.776250][ T5845] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 173.037551][ T7888] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 174.803376][ T7962] can: request_module (can-proto-0) failed. [ 175.588324][ T7981] erspan0: entered allmulticast mode [ 177.320864][ T8009] HfR: entered promiscuous mode [ 177.957189][ T8021] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 182.546047][ T8098] Console: switching to colour VGA+ 80x25 [ 183.258438][ T8108] svc: failed to register nfsdv3 RPC service (errno 111). [ 183.263021][ T8109] netlink: 28 bytes leftover after parsing attributes in process `syz.1.476'. [ 183.321036][ T8108] svc: failed to register nfsaclv3 RPC service (errno 111). [ 184.866518][ T8109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.915275][ T8109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.975083][ T8109] bond0 (unregistering): Released all slaves [ 186.017783][ T8127] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 186.473903][ T8141] netlink: 4 bytes leftover after parsing attributes in process `syz.1.486'. [ 186.547708][ T8141] svc: failed to register nfsdv3 RPC service (errno 111). [ 186.576192][ T8141] svc: failed to register nfsaclv3 RPC service (errno 111). [ 186.688717][ T8124] Process accounting paused [ 187.286622][ T8159] svc: failed to register nfsdv3 RPC service (errno 111). [ 187.309063][ T8159] svc: failed to register nfsaclv3 RPC service (errno 111). [ 187.523304][ T8150] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 187.569790][ T8150] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 187.594470][ T8150] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 187.652098][ T8164] FAULT_INJECTION: forcing a failure. [ 187.652098][ T8164] name failslab, interval 1, probability 0, space 0, times 0 [ 187.665188][ T8150] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 187.672366][ T8150] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 187.702337][ T8164] CPU: 1 UID: 0 PID: 8164 Comm: syz.0.491 Not tainted 6.14.0-rc4-syzkaller #0 [ 187.702374][ T8164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 187.702393][ T8164] Call Trace: [ 187.702401][ T8164] [ 187.702414][ T8164] dump_stack_lvl+0x16c/0x1f0 [ 187.702451][ T8164] should_fail_ex+0x50a/0x650 [ 187.702488][ T8164] ? fs_reclaim_acquire+0xae/0x150 [ 187.702523][ T8164] should_failslab+0xc2/0x120 [ 187.702547][ T8164] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 187.702585][ T8164] ? security_file_alloc+0x34/0x2b0 [ 187.702622][ T8164] security_file_alloc+0x34/0x2b0 [ 187.702653][ T8164] init_file+0x93/0x4c0 [ 187.702678][ T8164] alloc_empty_file+0x91/0x1e0 [ 187.702705][ T8164] alloc_file_pseudo+0x13b/0x230 [ 187.702733][ T8164] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 187.702760][ T8164] ? alloc_fd+0x41f/0x760 [ 187.702796][ T8164] sock_alloc_file+0x50/0x210 [ 187.702839][ T8164] __sys_socket+0x1c2/0x260 [ 187.702866][ T8164] ? native_tss_update_io_bitmap+0x3cc/0x730 [ 187.702911][ T8164] ? __pfx___sys_socket+0x10/0x10 [ 187.702943][ T8164] ? do_user_addr_fault+0x83d/0x13f0 [ 187.702981][ T8164] __x64_sys_socket+0x72/0xb0 [ 187.703008][ T8164] ? lockdep_hardirqs_on+0x7c/0x110 [ 187.703037][ T8164] do_syscall_64+0xcd/0x250 [ 187.703079][ T8164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.703114][ T8164] RIP: 0033:0x7fd0c898f087 [ 187.703134][ T8164] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.703158][ T8164] RSP: 002b:00007fd0c9802fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 187.703182][ T8164] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898f087 [ 187.703198][ T8164] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 187.703213][ T8164] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 187.703227][ T8164] R10: 00004000000000c0 R11: 0000000000000286 R12: 0000000000000000 [ 187.703243][ T8164] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 187.703278][ T8164] [ 187.907793][ C1] vkms_vblank_simulate: vblank timer overrun [ 189.005962][ T8182] nbd: socks must be embedded in a SOCK_ITEM attr [ 189.043916][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 189.607154][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 189.683677][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 189.689761][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 189.756089][ T8196] svc: failed to register nfsdv3 RPC service (errno 111). [ 189.792074][ T8196] svc: failed to register nfsaclv3 RPC service (errno 111). [ 190.464633][ T8211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.505'. [ 190.692167][ T8218] netlink: 354 bytes leftover after parsing attributes in process `syz.0.505'. [ 191.763644][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 192.288195][ T8221] kexec: Could not allocate control_code_buffer [ 194.383104][ T8279] netlink: 28 bytes leftover after parsing attributes in process `syz.2.518'. [ 194.582328][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.589629][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.677005][ T8279] team_slave_0: entered allmulticast mode [ 198.255653][ T8307] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 198.290685][ T8372] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 199.277641][ T8397] netlink: 8 bytes leftover after parsing attributes in process `syz.2.539'. [ 200.240655][ T8417] Invalid ELF header magic: != ELF [ 200.599036][ T8430] Invalid ELF header magic: != ELF [ 201.629516][ T8463] mkiss: ax0: crc mode is auto. [ 201.784818][ T8472] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 201.866469][ T8472] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 202.212624][ T29] audit: type=1800 audit(4294967414.590:7): pid=8488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.559" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 202.411705][ T8492] tipc: Started in network mode [ 202.423646][ T8492] tipc: Node identity 8e4e6f15, cluster identity 4711 [ 202.443645][ T8492] tipc: Node number set to 2387504917 [ 203.109220][ T8507] netlink: 'syz.2.565': attribute type 1 has an invalid length. [ 204.214949][ T8529] program syz.0.571 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 204.226840][ T5845] Bluetooth: hci3: unexpected subevent 0x04 length: 122 > 11 [ 204.235460][ T5845] Bluetooth: hci3: unexpected subevent 0x04 length: 122 > 11 [ 205.514700][ T8557] netlink: 130 bytes leftover after parsing attributes in process `syz.0.576'. syzkaller syzkaller login: [ 210.229575][ T29] audit: type=1800 audit(4294967422.620:8): pid=8653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.592" name="dbroot" dev="configfs" ino=20029 res=0 errno=0 [ 210.858960][ T8664] Invalid ELF header magic: != ELF [ 218.139004][ T8680] program syz.0.605 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 218.208227][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 218.218808][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 218.230241][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 218.245655][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 218.255163][ T5847] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 218.264663][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 218.294969][ T8691] Invalid ELF header magic: != ELF [ 218.744598][ T8698] cougar: G6 mapped to space [ 219.310341][ T8692] chnl_net:caif_netlink_parms(): no params data found [ 219.539079][ T8692] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.546545][ T8692] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.554232][ T8692] bridge_slave_0: entered allmulticast mode [ 219.561281][ T8692] bridge_slave_0: entered promiscuous mode [ 219.570465][ T8692] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.578037][ T8692] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.585981][ T8692] bridge_slave_1: entered allmulticast mode [ 219.593255][ T8692] bridge_slave_1: entered promiscuous mode [ 219.621888][ T8692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.634232][ T8692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.715047][ T8692] team0: Port device team_slave_0 added [ 219.729202][ T8692] team0: Port device team_slave_1 added [ 219.814937][ T8692] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.821921][ T8692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.892859][ T8692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.920351][ T8692] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.938185][ T8692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.989457][ T8692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 220.071923][ T8692] hsr_slave_0: entered promiscuous mode [ 220.088901][ T8692] hsr_slave_1: entered promiscuous mode [ 220.106473][ T8692] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.125991][ T8692] Cannot create hsr debugfs directory [ 220.323632][ T5847] Bluetooth: hci4: command tx timeout [ 220.431909][ T8692] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 220.460894][ T8692] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 220.496092][ T8692] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 220.526624][ T8692] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 220.708233][ T8692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.772197][ T8692] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.854658][ T6287] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.861839][ T6287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.877328][ T6287] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.884524][ T6287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.919757][ T8692] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 220.935332][ T8692] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.353205][ T8692] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.574782][ T8722] FAULT_INJECTION: forcing a failure. [ 221.574782][ T8722] name failslab, interval 1, probability 0, space 0, times 0 [ 221.634318][ T8722] CPU: 0 UID: 0 PID: 8722 Comm: syz.3.601 Not tainted 6.14.0-rc4-syzkaller #0 [ 221.634352][ T8722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 221.634366][ T8722] Call Trace: [ 221.634372][ T8722] [ 221.634382][ T8722] dump_stack_lvl+0x16c/0x1f0 [ 221.634418][ T8722] should_fail_ex+0x50a/0x650 [ 221.634460][ T8722] should_failslab+0xc2/0x120 [ 221.634485][ T8722] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 221.634521][ T8722] ? skb_clone+0x190/0x3f0 [ 221.634560][ T8722] skb_clone+0x190/0x3f0 [ 221.634595][ T8722] netlink_deliver_tap+0xabd/0xd30 [ 221.634632][ T8722] netlink_unicast+0x5e1/0x7f0 [ 221.634667][ T8722] ? __pfx_netlink_unicast+0x10/0x10 [ 221.634699][ T8722] ? __phys_addr_symbol+0x30/0x80 [ 221.634724][ T8722] ? __check_object_size+0x488/0x710 [ 221.634761][ T8722] netlink_sendmsg+0x8b8/0xd70 [ 221.634799][ T8722] ? __pfx_netlink_sendmsg+0x10/0x10 [ 221.634846][ T8722] ____sys_sendmsg+0xaaf/0xc90 [ 221.634873][ T8722] ? copy_msghdr_from_user+0x10b/0x160 [ 221.634907][ T8722] ? __pfx_____sys_sendmsg+0x10/0x10 [ 221.634951][ T8722] ___sys_sendmsg+0x135/0x1e0 [ 221.634988][ T8722] ? __pfx____sys_sendmsg+0x10/0x10 [ 221.635035][ T8722] ? __pfx_lock_release+0x10/0x10 [ 221.635067][ T8722] ? trace_lock_acquire+0x14e/0x1f0 [ 221.635106][ T8722] ? __fget_files+0x206/0x3a0 [ 221.635148][ T8722] __sys_sendmsg+0x16e/0x220 [ 221.635181][ T8722] ? __pfx___sys_sendmsg+0x10/0x10 [ 221.635214][ T8722] ? __x64_sys_futex+0x1e1/0x4c0 [ 221.635264][ T8722] do_syscall_64+0xcd/0x250 [ 221.635297][ T8722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.635329][ T8722] RIP: 0033:0x7f0374f8d169 [ 221.635348][ T8722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.635370][ T8722] RSP: 002b:00007f0375dbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 221.635393][ T8722] RAX: ffffffffffffffda RBX: 00007f03751a6080 RCX: 00007f0374f8d169 [ 221.635408][ T8722] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000009 [ 221.635422][ T8722] RBP: 00007f037500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 221.635434][ T8722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.635447][ T8722] R13: 0000000000000000 R14: 00007f03751a6080 R15: 00007fff2d85ee78 [ 221.635479][ T8722] [ 221.816638][ T8725] openvswitch: netlink: IP tunnel dst address not specified [ 222.180060][ T8692] veth0_vlan: entered promiscuous mode [ 222.228027][ T8692] veth1_vlan: entered promiscuous mode [ 222.285835][ T8712] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 222.299465][ T8712] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 222.305448][ T8692] veth0_macvtap: entered promiscuous mode [ 222.317651][ T8692] veth1_macvtap: entered promiscuous mode [ 222.325580][ T8712] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 222.332317][ T8712] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 222.349100][ T8712] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 222.362372][ T8712] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 222.391660][ T8712] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 222.430326][ T8712] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 222.460146][ T8692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.511496][ T8692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.534111][ T8692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.554189][ T8692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.583573][ T8692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.603591][ T8692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.625768][ T8692] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.757412][ T8692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.783329][ T8692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.810640][ T8692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.847412][ T8692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.871781][ T8692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.902470][ T8692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.939655][ T8692] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.980372][ T8692] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.005315][ T8692] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.028618][ T8692] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.051605][ T8692] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.436994][ T6287] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.453787][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 223.460131][ T6287] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.493741][ T8351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.533411][ T8351] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.326748][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 224.414052][ T5847] Bluetooth: hci4: command 0x040f tx timeout [ 224.420130][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 224.423590][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 224.508339][ T8752] program syz.3.614 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.372345][ T8768] cougar: G6 mapped to space [ 226.483631][ T5843] Bluetooth: hci4: command 0x040f tx timeout [ 226.494814][ T5843] Bluetooth: hci0: command 0x0c1a tx timeout [ 228.563616][ T5843] Bluetooth: hci4: command 0x040f tx timeout [ 230.444681][ T8813] program syz.2.629 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.643645][ T5843] Bluetooth: hci4: command 0x040f tx timeout [ 230.794403][ T29] audit: type=1800 audit(4294967443.180:9): pid=8812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.621" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 231.305521][ T8826] cougar: G6 mapped to space [ 232.733634][ T5845] Bluetooth: hci4: command 0x040f tx timeout [ 239.023388][ T8947] netlink: 12 bytes leftover after parsing attributes in process `syz.0.648'. [ 239.092808][ T8949] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 239.242257][ T29] audit: type=1800 audit(4294967451.630:10): pid=8947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.648" name="members" dev="configfs" ino=22342 res=0 errno=0 [ 244.017785][ T9044] netlink: 28 bytes leftover after parsing attributes in process `syz.2.670'. [ 244.067420][ T9045] FAULT_INJECTION: forcing a failure. [ 244.067420][ T9045] name failslab, interval 1, probability 0, space 0, times 0 [ 244.085743][ T9045] CPU: 0 UID: 0 PID: 9045 Comm: syz.0.673 Not tainted 6.14.0-rc4-syzkaller #0 [ 244.085771][ T9045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 244.085783][ T9045] Call Trace: [ 244.085790][ T9045] [ 244.085798][ T9045] dump_stack_lvl+0x16c/0x1f0 [ 244.085828][ T9045] should_fail_ex+0x50a/0x650 [ 244.085857][ T9045] ? fs_reclaim_acquire+0xae/0x150 [ 244.085885][ T9045] should_failslab+0xc2/0x120 [ 244.085904][ T9045] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 244.085934][ T9045] ? __d_alloc+0x31/0xaa0 [ 244.085965][ T9045] __d_alloc+0x31/0xaa0 [ 244.085982][ T9045] ? mark_lock+0xb5/0xc60 [ 244.086010][ T9045] d_alloc+0x4a/0x1e0 [ 244.086031][ T9045] d_alloc_parallel+0xe7/0x12b0 [ 244.086056][ T9045] ? __d_lookup+0x25c/0x4a0 [ 244.086080][ T9045] ? trace_lock_acquire+0x14e/0x1f0 [ 244.086102][ T9045] ? lookup_open.isra.0+0x233/0x1580 [ 244.086128][ T9045] ? __pfx_d_alloc_parallel+0x10/0x10 [ 244.086156][ T9045] ? __d_lookup+0x266/0x4a0 [ 244.086187][ T9045] lookup_open.isra.0+0x667/0x1580 [ 244.086218][ T9045] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 244.086249][ T9045] ? path_openat+0x88a/0x2d80 [ 244.086284][ T9045] ? lookup_fast+0x153/0x5f0 [ 244.086313][ T9045] path_openat+0x904/0x2d80 [ 244.086359][ T9045] ? __pfx_path_openat+0x10/0x10 [ 244.086386][ T9045] ? __pfx___lock_acquire+0x10/0x10 [ 244.086411][ T9045] ? lock_acquire.part.0+0x11b/0x380 [ 244.086436][ T9045] ? find_held_lock+0x2d/0x110 [ 244.086466][ T9045] do_filp_open+0x20c/0x470 [ 244.086494][ T9045] ? __pfx_do_filp_open+0x10/0x10 [ 244.086518][ T9045] ? find_held_lock+0x2d/0x110 [ 244.086562][ T9045] ? alloc_fd+0x41f/0x760 [ 244.086597][ T9045] do_sys_openat2+0x17a/0x1e0 [ 244.086619][ T9045] ? __pfx_do_sys_openat2+0x10/0x10 [ 244.086652][ T9045] __x64_sys_openat+0x175/0x210 [ 244.086673][ T9045] ? __pfx___x64_sys_openat+0x10/0x10 [ 244.086707][ T9045] do_syscall_64+0xcd/0x250 [ 244.086735][ T9045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.086763][ T9045] RIP: 0033:0x7fd0c898d169 [ 244.086780][ T9045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.086805][ T9045] RSP: 002b:00007fd0c9804038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 244.086824][ T9045] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898d169 [ 244.086837][ T9045] RDX: 0000000000002000 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 244.086849][ T9045] RBP: 00007fd0c8a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 244.086861][ T9045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 244.086872][ T9045] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 244.086900][ T9045] [ 244.358755][ C0] vkms_vblank_simulate: vblank timer overrun [ 245.107206][ T9059] netlink: 504 bytes leftover after parsing attributes in process `syz.2.675'. [ 245.139934][ T9065] netlink: 350 bytes leftover after parsing attributes in process `syz.2.675'. [ 245.155328][ T9060] netlink: 350 bytes leftover after parsing attributes in process `syz.2.675'. [ 247.245772][ T9109] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.253744][ T9111] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 247.515533][ T9109] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.867950][ T9109] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.139310][ T9109] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.309107][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 248.309145][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 248.343720][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 248.343791][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 248.351144][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x37 [ 248.353939][ T9110] Format for deleting device is "id" (uint). [ 248.358844][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x3c [ 248.371853][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x40 [ 248.379047][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x40 [ 248.386225][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 249.083895][ T9147] FAULT_INJECTION: forcing a failure. [ 249.083895][ T9147] name failslab, interval 1, probability 0, space 0, times 0 [ 249.103641][ T9147] CPU: 1 UID: 0 PID: 9147 Comm: syz.4.695 Not tainted 6.14.0-rc4-syzkaller #0 [ 249.103672][ T9147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 249.103684][ T9147] Call Trace: [ 249.103691][ T9147] [ 249.103699][ T9147] dump_stack_lvl+0x16c/0x1f0 [ 249.103734][ T9147] should_fail_ex+0x50a/0x650 [ 249.103769][ T9147] ? fs_reclaim_acquire+0xae/0x150 [ 249.103800][ T9147] should_failslab+0xc2/0x120 [ 249.103822][ T9147] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 249.103857][ T9147] ? security_file_alloc+0x34/0x2b0 [ 249.103892][ T9147] security_file_alloc+0x34/0x2b0 [ 249.103922][ T9147] init_file+0x93/0x4c0 [ 249.103947][ T9147] alloc_empty_file+0x91/0x1e0 [ 249.103974][ T9147] path_openat+0xe1/0x2d80 [ 249.104005][ T9147] ? hlock_class+0x4e/0x130 [ 249.104029][ T9147] ? __lock_acquire+0x15a9/0x3c40 [ 249.104071][ T9147] ? __pfx_path_openat+0x10/0x10 [ 249.104104][ T9147] ? __pfx___lock_acquire+0x10/0x10 [ 249.104134][ T9147] ? lock_acquire.part.0+0x11b/0x380 [ 249.104166][ T9147] ? find_held_lock+0x2d/0x110 [ 249.104196][ T9147] do_filp_open+0x20c/0x470 [ 249.104231][ T9147] ? __pfx_do_filp_open+0x10/0x10 [ 249.104262][ T9147] ? find_held_lock+0x2d/0x110 [ 249.104310][ T9147] ? alloc_fd+0x41f/0x760 [ 249.104350][ T9147] do_sys_openat2+0x17a/0x1e0 [ 249.104375][ T9147] ? __pfx_do_sys_openat2+0x10/0x10 [ 249.104413][ T9147] __x64_sys_openat+0x175/0x210 [ 249.104439][ T9147] ? __pfx___x64_sys_openat+0x10/0x10 [ 249.104478][ T9147] do_syscall_64+0xcd/0x250 [ 249.104510][ T9147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.104542][ T9147] RIP: 0033:0x7f085898d169 [ 249.104568][ T9147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.104592][ T9147] RSP: 002b:00007f0859828038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 249.104612][ T9147] RAX: ffffffffffffffda RBX: 00007f0858ba5fa0 RCX: 00007f085898d169 [ 249.104625][ T9147] RDX: 0000000000040400 RSI: 0000400000000280 RDI: ffffffffffffff9c [ 249.104640][ T9147] RBP: 00007f0858a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 249.104653][ T9147] R10: 0000000000000048 R11: 0000000000000246 R12: 0000000000000000 [ 249.104668][ T9147] R13: 0000000000000000 R14: 00007f0858ba5fa0 R15: 00007fff35261118 [ 249.104690][ T9147] [ 252.142354][ T9192] mkiss: ax0: crc mode is auto. [ 254.779514][ T9214] kexec: Could not allocate control_code_buffer [ 255.574290][ T9241] netlink: 28 bytes leftover after parsing attributes in process `syz.2.717'. [ 255.603907][ T9241] team_slave_0: left allmulticast mode [ 256.021861][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.028965][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.266083][ T9256] netlink: 350 bytes leftover after parsing attributes in process `syz.2.719'. [ 256.275484][ T9255] netlink: 350 bytes leftover after parsing attributes in process `syz.2.719'. [ 256.445880][ T9261] lo: entered allmulticast mode [ 256.570618][ T9265] lo: left allmulticast mode [ 260.808950][ T9291] kexec: Could not allocate control_code_buffer [ 265.083858][ T25] Process accounting resumed [ 265.293316][ T9381] random: crng reseeded on system resumption [ 265.338564][ T9367] netlink: 186 bytes leftover after parsing attributes in process `syz.4.747'. [ 267.370765][ T9411] netlink: 8 bytes leftover after parsing attributes in process `syz.4.755'. [ 267.847530][ T5845] Bluetooth: hci4: unexpected event 0x35 length: 13 > 6 [ 271.798311][ T5845] Bluetooth: hci2: unexpected event 0x35 length: 13 > 6 [ 272.129831][ T9495] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma? [ 273.021374][ T9500] ubi0: attaching mtd0 [ 273.028460][ T9500] ubi0: scanning is finished [ 273.047204][ T9500] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 273.398981][ T9500] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 274.939149][ T9530] netlink: 28 bytes leftover after parsing attributes in process `syz.2.782'. [ 274.987973][ T9530] macvlan1: entered allmulticast mode [ 275.013303][ T9530] veth1_vlan: entered allmulticast mode [ 276.731360][ T9550] Process accounting resumed [ 278.442389][ T29] audit: type=1326 audit(4294967322.026:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9598 comm="syz.2.797" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa0c818d169 code=0x0 [ 279.218980][ T9618] < [ 279.298579][ T9618] netlink: 'syz.2.801': attribute type 2 has an invalid length. [ 279.380052][ T9620] [ 282.177750][ T9664] kexec: Could not allocate control_code_buffer [ 282.363163][ T9680] netlink: 'syz.4.813': attribute type 1 has an invalid length. [ 284.106057][ T9725] netlink: 4 bytes leftover after parsing attributes in process `syz.4.821'. [ 284.521172][ T9733] FAULT_INJECTION: forcing a failure. [ 284.521172][ T9733] name failslab, interval 1, probability 0, space 0, times 0 [ 284.521221][ T9733] CPU: 0 UID: 0 PID: 9733 Comm: syz.0.823 Not tainted 6.14.0-rc4-syzkaller #0 [ 284.521247][ T9733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 284.521259][ T9733] Call Trace: [ 284.521266][ T9733] [ 284.521274][ T9733] dump_stack_lvl+0x16c/0x1f0 [ 284.521306][ T9733] should_fail_ex+0x50a/0x650 [ 284.521339][ T9733] ? fs_reclaim_acquire+0xae/0x150 [ 284.521369][ T9733] ? tomoyo_encode2+0x100/0x3e0 [ 284.521403][ T9733] should_failslab+0xc2/0x120 [ 284.521425][ T9733] __kmalloc_noprof+0xcb/0x510 [ 284.521461][ T9733] ? d_absolute_path+0x137/0x1b0 [ 284.521485][ T9733] ? rcu_is_watching+0x12/0xc0 [ 284.521512][ T9733] tomoyo_encode2+0x100/0x3e0 [ 284.521545][ T9733] tomoyo_encode+0x29/0x50 [ 284.521571][ T9733] tomoyo_realpath_from_path+0x19d/0x720 [ 284.521611][ T9733] tomoyo_path_number_perm+0x248/0x590 [ 284.521636][ T9733] ? tomoyo_path_number_perm+0x235/0x590 [ 284.521665][ T9733] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 284.521722][ T9733] ? __pfx_lock_release+0x10/0x10 [ 284.521751][ T9733] ? trace_lock_acquire+0x14e/0x1f0 [ 284.521780][ T9733] ? lock_acquire+0x2f/0xb0 [ 284.521807][ T9733] ? __fget_files+0x40/0x3a0 [ 284.521842][ T9733] ? __fget_files+0x206/0x3a0 [ 284.521877][ T9733] security_file_ioctl+0x9b/0x240 [ 284.521906][ T9733] __x64_sys_ioctl+0xb7/0x200 [ 284.521935][ T9733] do_syscall_64+0xcd/0x250 [ 284.521966][ T9733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.521996][ T9733] RIP: 0033:0x7fd0c898d169 [ 284.522014][ T9733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.522035][ T9733] RSP: 002b:00007fd0c9804038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 284.522056][ T9733] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898d169 [ 284.522071][ T9733] RDX: 0000000000000038 RSI: 00000000c0585605 RDI: 0000000000000003 [ 284.522085][ T9733] RBP: 00007fd0c9804090 R08: 0000000000000000 R09: 0000000000000000 [ 284.522099][ T9733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 284.522112][ T9733] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 284.522143][ T9733] [ 284.534831][ T9733] ERROR: Out of memory at tomoyo_realpath_from_path. [ 285.401858][ T9755] FAULT_INJECTION: forcing a failure. [ 285.401858][ T9755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 285.435967][ T9755] CPU: 0 UID: 0 PID: 9755 Comm: syz.3.827 Not tainted 6.14.0-rc4-syzkaller #0 [ 285.436000][ T9755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 285.436013][ T9755] Call Trace: [ 285.436020][ T9755] [ 285.436029][ T9755] dump_stack_lvl+0x16c/0x1f0 [ 285.436066][ T9755] should_fail_ex+0x50a/0x650 [ 285.436106][ T9755] _copy_to_iter+0x2a1/0x1560 [ 285.436132][ T9755] ? chacha_block_generic+0x18a/0x270 [ 285.436168][ T9755] ? __pfx__copy_to_iter+0x10/0x10 [ 285.436199][ T9755] ? __pfx___might_resched+0x10/0x10 [ 285.436233][ T9755] ? crng_make_state+0x48e/0x6d0 [ 285.436272][ T9755] get_random_bytes_user+0x180/0x3c0 [ 285.436319][ T9755] ? __pfx_get_random_bytes_user+0x10/0x10 [ 285.436361][ T9755] ? do_futex+0x123/0x350 [ 285.436397][ T9755] ? import_ubuf+0x1b6/0x220 [ 285.436423][ T9755] __x64_sys_getrandom+0x184/0x290 [ 285.436459][ T9755] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 285.436495][ T9755] ? xfd_validate_state+0x5d/0x180 [ 285.436540][ T9755] do_syscall_64+0xcd/0x250 [ 285.436572][ T9755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.436604][ T9755] RIP: 0033:0x7f0374f8d169 [ 285.436623][ T9755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.436645][ T9755] RSP: 002b:00007f0375ddd038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 285.436668][ T9755] RAX: ffffffffffffffda RBX: 00007f03751a5fa0 RCX: 00007f0374f8d169 [ 285.436684][ T9755] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 285.436699][ T9755] RBP: 00007f037500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 285.436714][ T9755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.436729][ T9755] R13: 0000000000000000 R14: 00007f03751a5fa0 R15: 00007fff2d85ee78 [ 285.436759][ T9755] [ 286.730260][ T8351] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.898217][ T8351] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.109260][ T8351] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.124967][ T29] audit: type=1326 audit(4294967330.700:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9782 comm="syz.3.833" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0374f8d169 code=0x0 [ 287.178492][ T9787] FAULT_INJECTION: forcing a failure. [ 287.178492][ T9787] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.193974][ T9787] CPU: 1 UID: 0 PID: 9787 Comm: syz.4.834 Not tainted 6.14.0-rc4-syzkaller #0 [ 287.194003][ T9787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 287.194015][ T9787] Call Trace: [ 287.194021][ T9787] [ 287.194030][ T9787] dump_stack_lvl+0x16c/0x1f0 [ 287.194064][ T9787] should_fail_ex+0x50a/0x650 [ 287.194102][ T9787] _copy_from_user+0x2e/0xd0 [ 287.194125][ T9787] video_usercopy+0xedb/0x1620 [ 287.194153][ T9787] ? __pfx_subdev_do_ioctl_lock+0x10/0x10 [ 287.194180][ T9787] ? __pfx_video_usercopy+0x10/0x10 [ 287.194225][ T9787] v4l2_ioctl+0x1ba/0x250 [ 287.194247][ T9787] ? __pfx_v4l2_ioctl+0x10/0x10 [ 287.194272][ T9787] __x64_sys_ioctl+0x190/0x200 [ 287.194302][ T9787] do_syscall_64+0xcd/0x250 [ 287.194332][ T9787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.194362][ T9787] RIP: 0033:0x7f085898d169 [ 287.194381][ T9787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.194402][ T9787] RSP: 002b:00007f0859828038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.194429][ T9787] RAX: ffffffffffffffda RBX: 00007f0858ba5fa0 RCX: 00007f085898d169 [ 287.194444][ T9787] RDX: 0000000000000038 RSI: 00000000c0585605 RDI: 0000000000000003 [ 287.194457][ T9787] RBP: 00007f0859828090 R08: 0000000000000000 R09: 0000000000000000 [ 287.194471][ T9787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.194484][ T9787] R13: 0000000000000000 R14: 00007f0858ba5fa0 R15: 00007fff35261118 [ 287.194514][ T9787] [ 287.653127][ T8351] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.990630][ T8351] bridge_slave_1: left allmulticast mode [ 288.011428][ T8351] bridge_slave_1: left promiscuous mode [ 288.027296][ T8351] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.164549][ T8351] bridge_slave_0: left allmulticast mode [ 288.180335][ T8351] bridge_slave_0: left promiscuous mode [ 288.196788][ T8351] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.465918][ T9819] program syz.0.840 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 289.042677][ T9833] FAULT_INJECTION: forcing a failure. [ 289.042677][ T9833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 289.080693][ T9833] CPU: 1 UID: 0 PID: 9833 Comm: syz.0.845 Not tainted 6.14.0-rc4-syzkaller #0 [ 289.080723][ T9833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 289.080736][ T9833] Call Trace: [ 289.080742][ T9833] [ 289.080751][ T9833] dump_stack_lvl+0x16c/0x1f0 [ 289.080785][ T9833] should_fail_ex+0x50a/0x650 [ 289.080823][ T9833] _copy_to_user+0x32/0xd0 [ 289.080849][ T9833] video_usercopy+0xf3e/0x1620 [ 289.080878][ T9833] ? __pfx_subdev_do_ioctl_lock+0x10/0x10 [ 289.080904][ T9833] ? __pfx_video_usercopy+0x10/0x10 [ 289.080950][ T9833] v4l2_ioctl+0x1ba/0x250 [ 289.080978][ T9833] ? __pfx_v4l2_ioctl+0x10/0x10 [ 289.081002][ T9833] __x64_sys_ioctl+0x190/0x200 [ 289.081032][ T9833] do_syscall_64+0xcd/0x250 [ 289.081063][ T9833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.081093][ T9833] RIP: 0033:0x7fd0c898d169 [ 289.081112][ T9833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.081133][ T9833] RSP: 002b:00007fd0c9804038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 289.081155][ T9833] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898d169 [ 289.081170][ T9833] RDX: 0000000000000038 RSI: 00000000c0585605 RDI: 0000000000000003 [ 289.081184][ T9833] RBP: 00007fd0c9804090 R08: 0000000000000000 R09: 0000000000000000 [ 289.081198][ T9833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.081211][ T9833] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 289.081241][ T9833] [ 290.598058][ T8351] hsr_slave_0: left promiscuous mode [ 290.623995][ T8351] hsr_slave_1: left promiscuous mode [ 290.652866][ T8351] veth1_macvtap: left promiscuous mode [ 290.673457][ T8351] veth0_macvtap: left promiscuous mode [ 290.681380][ T8351] veth1_vlan: left promiscuous mode [ 290.716312][ T8351] veth0_vlan: left promiscuous mode [ 291.296313][ T9878] zram: Removed device: zram0 [ 291.593378][ T9875] Invalid ELF header magic: != ELF [ 292.339292][ T9898] FAULT_INJECTION: forcing a failure. [ 292.339292][ T9898] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.412729][ T9898] CPU: 0 UID: 0 PID: 9898 Comm: syz.0.856 Not tainted 6.14.0-rc4-syzkaller #0 [ 292.412759][ T9898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 292.412771][ T9898] Call Trace: [ 292.412778][ T9898] [ 292.412787][ T9898] dump_stack_lvl+0x16c/0x1f0 [ 292.412820][ T9898] should_fail_ex+0x50a/0x650 [ 292.412857][ T9898] _copy_to_user+0x32/0xd0 [ 292.412884][ T9898] simple_read_from_buffer+0xd0/0x160 [ 292.412915][ T9898] proc_fail_nth_read+0x198/0x270 [ 292.412943][ T9898] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 292.412972][ T9898] ? rw_verify_area+0xcf/0x680 [ 292.412999][ T9898] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 292.413026][ T9898] vfs_read+0x1df/0xbf0 [ 292.413056][ T9898] ? __fget_files+0x1fc/0x3a0 [ 292.413086][ T9898] ? __pfx___mutex_lock+0x10/0x10 [ 292.413114][ T9898] ? __pfx_vfs_read+0x10/0x10 [ 292.413152][ T9898] ? __fget_files+0x206/0x3a0 [ 292.413191][ T9898] ksys_read+0x12b/0x250 [ 292.413219][ T9898] ? __pfx_ksys_read+0x10/0x10 [ 292.413258][ T9898] do_syscall_64+0xcd/0x250 [ 292.413288][ T9898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.413317][ T9898] RIP: 0033:0x7fd0c898bb7c [ 292.413336][ T9898] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 292.413356][ T9898] RSP: 002b:00007fd0c9804030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 292.413377][ T9898] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898bb7c [ 292.413392][ T9898] RDX: 000000000000000f RSI: 00007fd0c98040a0 RDI: 0000000000000004 [ 292.413404][ T9898] RBP: 00007fd0c9804090 R08: 0000000000000000 R09: 0000000000000000 [ 292.413417][ T9898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.413430][ T9898] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 292.413460][ T9898] [ 293.180000][ T29] audit: type=1326 audit(4294967336.763:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9908 comm="syz.4.861" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f085898d169 code=0x0 [ 293.617212][ T9916] netlink: 8912 bytes leftover after parsing attributes in process `syz.0.863'. [ 293.851029][ T8351] team0 (unregistering): Port device team_slave_1 removed [ 294.269787][ T8351] team0 (unregistering): Port device team_slave_0 removed [ 294.898906][ T9927] Falling back ldisc for ptm0. [ 296.629886][ T9961] cougar: G6 mapped to space [ 300.258565][T10045] can: request_module (can-proto-0) failed. [ 306.788858][T10165] Process accounting paused [ 307.887332][T10199] input: f as /devices/virtual/input/input13 [ 308.236889][T10230] vivid-003: ================= START STATUS ================= [ 308.328790][T10230] vivid-003: Radio HW Seek Mode: Bounded [ 308.485179][T10230] vivid-003: Radio Programmable HW Seek: false [ 308.491435][T10230] vivid-003: RDS Rx I/O Mode: Block I/O [ 308.605534][T10236] netlink: 350 bytes leftover after parsing attributes in process `syz.2.917'. [ 308.784281][T10230] vivid-003: Generate RBDS Instead of RDS: false [ 308.850671][T10230] vivid-003: RDS Reception: true [ 309.056561][T10230] vivid-003: RDS Program Type: 0 inactive [ 309.062703][T10230] vivid-003: RDS PS Name: inactive [ 309.128530][T10230] vivid-003: RDS Radio Text: inactive [ 309.142669][T10230] vivid-003: RDS Traffic Announcement: false inactive [ 309.157742][T10230] vivid-003: RDS Traffic Program: false inactive [ 309.214344][T10230] vivid-003: RDS Music: false inactive [ 309.219984][T10230] vivid-003: ================== END STATUS ================== [ 312.825798][T10295] netlink: 40 bytes leftover after parsing attributes in process `syz.2.926'. [ 317.251880][T10373] netlink: 334 bytes leftover after parsing attributes in process `syz.3.940'. [ 317.438219][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.453638][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.050666][T10382] netlink: 172 bytes leftover after parsing attributes in process `syz.4.941'. [ 326.954156][T10580] FAULT_INJECTION: forcing a failure. [ 326.954156][T10580] name fail_futex, interval 1, probability 0, space 0, times 0 [ 327.028374][T10580] CPU: 1 UID: 0 PID: 10580 Comm: syz.2.968 Not tainted 6.14.0-rc4-syzkaller #0 [ 327.028406][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 327.028420][T10580] Call Trace: [ 327.028427][T10580] [ 327.028437][T10580] dump_stack_lvl+0x16c/0x1f0 [ 327.028472][T10580] should_fail_ex+0x50a/0x650 [ 327.028526][T10580] get_futex_key+0x4a3/0x1000 [ 327.028560][T10580] ? __pfx_get_futex_key+0x10/0x10 [ 327.028595][T10580] ? do_raw_spin_unlock+0x172/0x230 [ 327.028620][T10580] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 327.028647][T10580] ? find_held_lock+0x2d/0x110 [ 327.028677][T10580] futex_wait_setup+0x78/0x290 [ 327.028715][T10580] __futex_wait+0x267/0x3c0 [ 327.028746][T10580] ? __pfx___futex_wait+0x10/0x10 [ 327.028778][T10580] ? try_to_wake_up+0x158/0x1490 [ 327.028810][T10580] ? __pfx_futex_wake_mark+0x10/0x10 [ 327.028854][T10580] futex_wait+0xe9/0x380 [ 327.028885][T10580] ? __pfx_futex_wait+0x10/0x10 [ 327.028924][T10580] ? rcu_is_watching+0x12/0xc0 [ 327.028946][T10580] ? io_uring_setup+0x1762/0x2200 [ 327.028975][T10580] do_futex+0x22b/0x350 [ 327.029002][T10580] ? __pfx_do_futex+0x10/0x10 [ 327.029035][T10580] __x64_sys_futex+0x1e1/0x4c0 [ 327.029063][T10580] ? __pfx___x64_sys_futex+0x10/0x10 [ 327.029092][T10580] ? rcu_is_watching+0x12/0xc0 [ 327.029122][T10580] do_syscall_64+0xcd/0x250 [ 327.029154][T10580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.029186][T10580] RIP: 0033:0x7fa0c818d169 [ 327.029205][T10580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.029227][T10580] RSP: 002b:00007fa0c8fcc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 327.029249][T10580] RAX: ffffffffffffffda RBX: 00007fa0c83a5fa8 RCX: 00007fa0c818d169 [ 327.029265][T10580] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa0c83a5fa8 [ 327.029279][T10580] RBP: 00007fa0c83a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 327.029293][T10580] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0c83a5fac [ 327.029307][T10580] R13: 0000000000000000 R14: 00007fff4382d860 R15: 00007fff4382d948 [ 327.029336][T10580] [ 327.135182][T10590] misc userio: No port type given on /dev/userio [ 327.334470][T10350] Process accounting resumed [ 327.503633][T10593] misc userio: Invalid payload size [ 327.865606][T10603] netlink: 8 bytes leftover after parsing attributes in process `syz.2.972'. [ 328.245838][ T29] audit: type=1800 audit(4294967371.844:14): pid=10610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.973" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 330.200694][T10652] netlink: 4 bytes leftover after parsing attributes in process `syz.2.981'. [ 331.391692][T10670] Console: switching to colour frame buffer device 128x48 [ 331.838535][T10669] input: f as /devices/virtual/input/input15 [ 333.326229][T10718] netlink: 'syz.2.994': attribute type 39 has an invalid length. [ 334.651093][T10751] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1005'. [ 334.655870][T10753] nbd: socks must be embedded in a SOCK_ITEM attr [ 335.813847][T10787] device-mapper: ioctl: only supply one of name or uuid, cmd(9) [ 336.777314][T10799] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1018'. [ 336.981643][T10809] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1021'. [ 337.006193][T10809] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1021'. [ 337.052383][T10809] netlink: 134 bytes leftover after parsing attributes in process `syz.4.1021'. [ 337.271236][T10804] input: f as /devices/virtual/input/input16 [ 337.877699][T10828] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1028'. [ 340.216326][ T5845] Bluetooth: hci1: Malformed LE Event: 0x1d [ 340.365870][T10895] Invalid ELF header magic: != ELF [ 341.909353][T10920] ======================================================= [ 341.909353][T10920] WARNING: The mand mount option has been deprecated and [ 341.909353][T10920] and is ignored by this kernel. Remove the mand [ 341.909353][T10920] option from the mount to silence this warning. [ 341.909353][T10920] ======================================================= [ 342.003944][T10920] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1047'. [ 342.168337][T10929] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1049'. [ 342.180194][T10929] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1049'. [ 342.222208][T10929] netlink: 134 bytes leftover after parsing attributes in process `syz.2.1049'. [ 342.434416][T10933] FAULT_INJECTION: forcing a failure. [ 342.434416][T10933] name fail_futex, interval 1, probability 0, space 0, times 0 [ 342.486057][T10933] CPU: 1 UID: 0 PID: 10933 Comm: syz.2.1050 Not tainted 6.14.0-rc4-syzkaller #0 [ 342.486093][T10933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 342.486107][T10933] Call Trace: [ 342.486115][T10933] [ 342.486125][T10933] dump_stack_lvl+0x16c/0x1f0 [ 342.486161][T10933] should_fail_ex+0x50a/0x650 [ 342.486197][T10933] ? __pfx___futex_wait+0x10/0x10 [ 342.486232][T10933] get_futex_key+0x4a3/0x1000 [ 342.486262][T10933] ? __pfx_futex_wake_mark+0x10/0x10 [ 342.486294][T10933] ? __pfx_get_futex_key+0x10/0x10 [ 342.486324][T10933] ? hlock_class+0x4e/0x130 [ 342.486348][T10933] ? __lock_acquire+0xcc5/0x3c40 [ 342.486385][T10933] futex_wake+0xe8/0x4e0 [ 342.486420][T10933] ? __pfx_futex_wake+0x10/0x10 [ 342.486456][T10933] ? kmem_cache_free+0x2e2/0x4d0 [ 342.486498][T10933] do_futex+0x1e5/0x350 [ 342.486527][T10933] ? __pfx_do_futex+0x10/0x10 [ 342.486554][T10933] ? __pfx_lock_release+0x10/0x10 [ 342.486584][T10933] ? trace_lock_acquire+0x14e/0x1f0 [ 342.486617][T10933] __x64_sys_futex+0x1e1/0x4c0 [ 342.486650][T10933] ? __pfx___x64_sys_futex+0x10/0x10 [ 342.486692][T10933] do_syscall_64+0xcd/0x250 [ 342.486724][T10933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.486757][T10933] RIP: 0033:0x7fa0c818d169 [ 342.486776][T10933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.486798][T10933] RSP: 002b:00007fa0c8fcc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 342.486820][T10933] RAX: ffffffffffffffda RBX: 00007fa0c83a5fa8 RCX: 00007fa0c818d169 [ 342.486837][T10933] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa0c83a5fac [ 342.486852][T10933] RBP: 00007fa0c83a5fa0 R08: 00007fa0c8fcd000 R09: 0000000000000000 [ 342.486867][T10933] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fa0c83a5fac [ 342.486883][T10933] R13: 0000000000000000 R14: 00007fff4382d860 R15: 00007fff4382d948 [ 342.486915][T10933] [ 344.440228][T10968] mkiss: ax0: crc mode is auto. [ 345.532554][T10992] FAULT_INJECTION: forcing a failure. [ 345.532554][T10992] name failslab, interval 1, probability 0, space 0, times 0 [ 345.629940][T10992] CPU: 0 UID: 0 PID: 10992 Comm: syz.3.1065 Not tainted 6.14.0-rc4-syzkaller #0 [ 345.629971][T10992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 345.629983][T10992] Call Trace: [ 345.629989][T10992] [ 345.629998][T10992] dump_stack_lvl+0x16c/0x1f0 [ 345.630028][T10992] should_fail_ex+0x50a/0x650 [ 345.630060][T10992] ? fs_reclaim_acquire+0xae/0x150 [ 345.630089][T10992] ? tomoyo_encode2+0x100/0x3e0 [ 345.630117][T10992] should_failslab+0xc2/0x120 [ 345.630139][T10992] __kmalloc_noprof+0xcb/0x510 [ 345.630171][T10992] ? d_absolute_path+0x137/0x1b0 [ 345.630194][T10992] ? rcu_is_watching+0x12/0xc0 [ 345.630221][T10992] tomoyo_encode2+0x100/0x3e0 [ 345.630251][T10992] tomoyo_encode+0x29/0x50 [ 345.630276][T10992] tomoyo_realpath_from_path+0x19d/0x720 [ 345.630312][T10992] tomoyo_path_number_perm+0x248/0x590 [ 345.630335][T10992] ? tomoyo_path_number_perm+0x235/0x590 [ 345.630361][T10992] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 345.630412][T10992] ? __pfx_lock_release+0x10/0x10 [ 345.630440][T10992] ? trace_lock_acquire+0x14e/0x1f0 [ 345.630469][T10992] ? lock_acquire+0x2f/0xb0 [ 345.630495][T10992] ? __fget_files+0x40/0x3a0 [ 345.630527][T10992] ? __fget_files+0x206/0x3a0 [ 345.630559][T10992] security_file_ioctl+0x9b/0x240 [ 345.630586][T10992] __x64_sys_ioctl+0xb7/0x200 [ 345.630613][T10992] do_syscall_64+0xcd/0x250 [ 345.630641][T10992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.630669][T10992] RIP: 0033:0x7f0374f8d169 [ 345.630688][T10992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.630708][T10992] RSP: 002b:00007f0375ddd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 345.630729][T10992] RAX: ffffffffffffffda RBX: 00007f03751a5fa0 RCX: 00007f0374f8d169 [ 345.630743][T10992] RDX: 0000000000000038 RSI: 00000000c0585605 RDI: 0000000000000003 [ 345.630754][T10992] RBP: 00007f0375ddd090 R08: 0000000000000000 R09: 0000000000000000 [ 345.630767][T10992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.630778][T10992] R13: 0000000000000000 R14: 00007f03751a5fa0 R15: 00007fff2d85ee78 [ 345.630806][T10992] [ 345.806382][T10992] ERROR: Out of memory at tomoyo_realpath_from_path. [ 345.861678][T10996] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1066'. [ 346.173565][T10998] random: crng reseeded on system resumption [ 346.515168][T11012] FAULT_INJECTION: forcing a failure. [ 346.515168][T11012] name fail_futex, interval 1, probability 0, space 0, times 0 [ 346.538201][T11012] CPU: 0 UID: 7 PID: 11012 Comm: syz.2.1072 Not tainted 6.14.0-rc4-syzkaller #0 [ 346.538236][T11012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 346.538250][T11012] Call Trace: [ 346.538257][T11012] [ 346.538266][T11012] dump_stack_lvl+0x16c/0x1f0 [ 346.538303][T11012] should_fail_ex+0x50a/0x650 [ 346.538338][T11012] ? hlock_class+0x4e/0x130 [ 346.538367][T11012] get_futex_key+0x4a3/0x1000 [ 346.538399][T11012] ? __pfx_get_futex_key+0x10/0x10 [ 346.538426][T11012] ? __pfx___lock_acquire+0x10/0x10 [ 346.538464][T11012] futex_wake+0xe8/0x4e0 [ 346.538495][T11012] ? find_held_lock+0x2d/0x110 [ 346.538520][T11012] ? __pfx_futex_wake+0x10/0x10 [ 346.538556][T11012] ? __pfx_lock_release+0x10/0x10 [ 346.538586][T11012] ? do_raw_spin_lock+0x12d/0x2c0 [ 346.538616][T11012] do_futex+0x1e5/0x350 [ 346.538646][T11012] ? __pfx_do_futex+0x10/0x10 [ 346.538675][T11012] ? dec_rlimit_ucounts+0x114/0x170 [ 346.538706][T11012] __x64_sys_futex+0x1e1/0x4c0 [ 346.538739][T11012] ? __pfx___x64_sys_futex+0x10/0x10 [ 346.538779][T11012] do_syscall_64+0xcd/0x250 [ 346.538810][T11012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.538853][T11012] RIP: 0033:0x7fa0c818d169 [ 346.538873][T11012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.538896][T11012] RSP: 002b:00007fa0c8fcc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 346.538919][T11012] RAX: ffffffffffffffda RBX: 00007fa0c83a5fa8 RCX: 00007fa0c818d169 [ 346.538936][T11012] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa0c83a5fac [ 346.538951][T11012] RBP: 00007fa0c83a5fa0 R08: 00007fa0c8fcd000 R09: 0000000000000000 [ 346.538965][T11012] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0c83a5fac [ 346.538980][T11012] R13: 0000000000000000 R14: 00007fff4382d860 R15: 00007fff4382d948 [ 346.539010][T11012] [ 347.827410][T11034] netlink: 194 bytes leftover after parsing attributes in process `syz.0.1075'. [ 349.098378][T11081] FAULT_INJECTION: forcing a failure. [ 349.098378][T11081] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.202166][T11081] CPU: 0 UID: 0 PID: 11081 Comm: syz.3.1078 Not tainted 6.14.0-rc4-syzkaller #0 [ 349.202199][T11081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 349.202212][T11081] Call Trace: [ 349.202219][T11081] [ 349.202227][T11081] dump_stack_lvl+0x16c/0x1f0 [ 349.202259][T11081] should_fail_ex+0x50a/0x650 [ 349.202298][T11081] _copy_from_user+0x2e/0xd0 [ 349.202323][T11081] video_usercopy+0xedb/0x1620 [ 349.202351][T11081] ? __pfx_subdev_do_ioctl_lock+0x10/0x10 [ 349.202376][T11081] ? __pfx_video_usercopy+0x10/0x10 [ 349.202422][T11081] v4l2_ioctl+0x1ba/0x250 [ 349.202444][T11081] ? __pfx_v4l2_ioctl+0x10/0x10 [ 349.202469][T11081] __x64_sys_ioctl+0x190/0x200 [ 349.202499][T11081] do_syscall_64+0xcd/0x250 [ 349.202528][T11081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.202558][T11081] RIP: 0033:0x7f0374f8d169 [ 349.202576][T11081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.202596][T11081] RSP: 002b:00007f0375dbc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 349.202623][T11081] RAX: ffffffffffffffda RBX: 00007f03751a6080 RCX: 00007f0374f8d169 [ 349.202638][T11081] RDX: 0000000000000038 RSI: 00000000c0585605 RDI: 0000000000000003 [ 349.202651][T11081] RBP: 00007f0375dbc090 R08: 0000000000000000 R09: 0000000000000000 [ 349.202665][T11081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.202678][T11081] R13: 0000000000000000 R14: 00007f03751a6080 R15: 00007fff2d85ee78 [ 349.202706][T11081] [ 350.168891][T11103] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1081'. [ 350.209142][T11103] FAULT_INJECTION: forcing a failure. [ 350.209142][T11103] name failslab, interval 1, probability 0, space 0, times 0 [ 350.231543][T11103] CPU: 1 UID: 0 PID: 11103 Comm: syz.2.1081 Not tainted 6.14.0-rc4-syzkaller #0 [ 350.231575][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 350.231586][T11103] Call Trace: [ 350.231592][T11103] [ 350.231600][T11103] dump_stack_lvl+0x16c/0x1f0 [ 350.231632][T11103] should_fail_ex+0x50a/0x650 [ 350.231667][T11103] ? fs_reclaim_acquire+0xae/0x150 [ 350.231697][T11103] should_failslab+0xc2/0x120 [ 350.231719][T11103] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 350.231748][T11103] ? __xlate_proc_name+0x173/0x210 [ 350.231779][T11103] ? __proc_create+0x2c0/0x8b0 [ 350.231812][T11103] __proc_create+0x2c0/0x8b0 [ 350.231846][T11103] ? __pfx___proc_create+0x10/0x10 [ 350.231881][T11103] ? insert_header+0xf71/0x1430 [ 350.231923][T11103] proc_create_reg+0x7d/0x180 [ 350.231947][T11103] proc_create_net_data+0x8f/0x1b0 [ 350.231982][T11103] ? __pfx_proc_create_net_data+0x10/0x10 [ 350.232017][T11103] ? __pfx___register_sysctl_table+0x10/0x10 [ 350.232049][T11103] ? is_module_address+0x2a/0x50 [ 350.232080][T11103] ? register_net_sysctl_sz+0x228/0x3e0 [ 350.232110][T11103] ? __pfx_nf_log_net_init+0x10/0x10 [ 350.232136][T11103] nf_log_net_init+0x69/0x450 [ 350.232164][T11103] ? __pfx_nf_log_net_init+0x10/0x10 [ 350.232190][T11103] ops_init+0x1df/0x5f0 [ 350.232226][T11103] setup_net+0x21f/0x860 [ 350.232260][T11103] ? __pfx_setup_net+0x10/0x10 [ 350.232289][T11103] ? down_read_killable+0xcc/0x380 [ 350.232320][T11103] ? __pfx_down_read_killable+0x10/0x10 [ 350.232349][T11103] ? __raw_spin_lock_init+0x3a/0x110 [ 350.232387][T11103] ? debug_mutex_init+0x37/0x70 [ 350.232417][T11103] copy_net_ns+0x2a6/0x5f0 [ 350.232444][T11103] create_new_namespaces+0x3ea/0xad0 [ 350.232494][T11103] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 350.232541][T11103] ksys_unshare+0x45d/0xa40 [ 350.232567][T11103] ? __pfx_ksys_unshare+0x10/0x10 [ 350.232589][T11103] ? xfd_validate_state+0x5d/0x180 [ 350.232631][T11103] __x64_sys_unshare+0x31/0x40 [ 350.232654][T11103] do_syscall_64+0xcd/0x250 [ 350.232684][T11103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.232714][T11103] RIP: 0033:0x7fa0c818d169 [ 350.232733][T11103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.232755][T11103] RSP: 002b:00007fa0c8fcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 350.232777][T11103] RAX: ffffffffffffffda RBX: 00007fa0c83a5fa0 RCX: 00007fa0c818d169 [ 350.232793][T11103] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 350.232807][T11103] RBP: 00007fa0c820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 350.232822][T11103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.232835][T11103] R13: 0000000000000000 R14: 00007fa0c83a5fa0 R15: 00007fff4382d948 [ 350.232865][T11103] [ 350.516345][ C1] vkms_vblank_simulate: vblank timer overrun [ 350.826336][T11114] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1085'. [ 351.782447][T11129] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 352.017598][T11133] FAULT_INJECTION: forcing a failure. [ 352.017598][T11133] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 352.067224][T11133] CPU: 0 UID: 0 PID: 11133 Comm: syz.3.1090 Not tainted 6.14.0-rc4-syzkaller #0 [ 352.067257][T11133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 352.067271][T11133] Call Trace: [ 352.067279][T11133] [ 352.067289][T11133] dump_stack_lvl+0x16c/0x1f0 [ 352.067325][T11133] should_fail_ex+0x50a/0x650 [ 352.067361][T11133] ? __pfx___might_resched+0x10/0x10 [ 352.067403][T11133] should_fail_alloc_page+0xe7/0x130 [ 352.067430][T11133] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 352.067462][T11133] ? hlock_class+0x4e/0x130 [ 352.067491][T11133] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 352.067531][T11133] ? hlock_class+0x4e/0x130 [ 352.067555][T11133] ? mark_lock+0xb5/0xc60 [ 352.067590][T11133] ? __pfx_mark_lock+0x10/0x10 [ 352.067621][T11133] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 352.067656][T11133] ? hlock_class+0x4e/0x130 [ 352.067677][T11133] ? mark_lock+0xb5/0xc60 [ 352.067707][T11133] ? hlock_class+0x4e/0x130 [ 352.067737][T11133] ? hlock_class+0x4e/0x130 [ 352.067760][T11133] ? __lock_acquire+0xcc5/0x3c40 [ 352.067792][T11133] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 352.067830][T11133] ? policy_nodemask+0xea/0x4e0 [ 352.067869][T11133] alloc_pages_mpol+0x1fc/0x540 [ 352.067893][T11133] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 352.067917][T11133] ? __lock_acquire+0x15a9/0x3c40 [ 352.067954][T11133] folio_alloc_mpol_noprof+0x36/0x2f0 [ 352.067984][T11133] vma_alloc_folio_noprof+0xee/0x1b0 [ 352.068011][T11133] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 352.068039][T11133] ? find_held_lock+0x2d/0x110 [ 352.068072][T11133] do_pte_missing+0x202f/0x3e10 [ 352.068128][T11133] __handle_mm_fault+0x1166/0x2c60 [ 352.068173][T11133] ? __pfx___handle_mm_fault+0x10/0x10 [ 352.068208][T11133] ? follow_page_pte+0x3ac/0x1490 [ 352.068243][T11133] ? __pfx_lock_release+0x10/0x10 [ 352.068301][T11133] handle_mm_fault+0x3fa/0xaa0 [ 352.068342][T11133] __get_user_pages+0x773/0x36f0 [ 352.068383][T11133] ? __pfx_mt_find+0x10/0x10 [ 352.068413][T11133] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 352.068446][T11133] ? __pfx___get_user_pages+0x10/0x10 [ 352.068481][T11133] ? __mm_populate+0x21d/0x380 [ 352.068517][T11133] populate_vma_page_range+0x27f/0x3a0 [ 352.068549][T11133] ? __pfx_populate_vma_page_range+0x10/0x10 [ 352.068578][T11133] ? __pfx_find_vma_intersection+0x10/0x10 [ 352.068608][T11133] ? vm_mmap_pgoff+0x29b/0x3a0 [ 352.068643][T11133] __mm_populate+0x1d6/0x380 [ 352.068676][T11133] ? __pfx___mm_populate+0x10/0x10 [ 352.068710][T11133] ? up_write+0x1b2/0x520 [ 352.068745][T11133] vm_mmap_pgoff+0x2d3/0x3a0 [ 352.068778][T11133] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 352.068813][T11133] ? __x64_sys_futex+0x1e1/0x4c0 [ 352.068838][T11133] ? __x64_sys_futex+0x1ea/0x4c0 [ 352.068870][T11133] ksys_mmap_pgoff+0x7d/0x5c0 [ 352.068898][T11133] ? rcu_is_watching+0x12/0xc0 [ 352.068930][T11133] __x64_sys_mmap+0x125/0x190 [ 352.068968][T11133] do_syscall_64+0xcd/0x250 [ 352.069001][T11133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.069032][T11133] RIP: 0033:0x7f0374f8d169 [ 352.069051][T11133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.069074][T11133] RSP: 002b:00007f0375ddd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 352.069105][T11133] RAX: ffffffffffffffda RBX: 00007f03751a5fa0 RCX: 00007f0374f8d169 [ 352.069122][T11133] RDX: 00000000000000df RSI: 0000000000040009 RDI: 000000000000f000 [ 352.069138][T11133] RBP: 00007f037500e2a0 R08: 0000000000000007 R09: 0000000000028000 [ 352.069154][T11133] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 352.069169][T11133] R13: 0000000000000000 R14: 00007f03751a5fa0 R15: 00007fff2d85ee78 [ 352.069204][T11133] [ 353.690670][T11149] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1095'. [ 353.715457][T11161] warning: `syz.4.1098' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 354.123531][T11170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1100'. [ 355.357971][T11193] vivid-003: ================= START STATUS ================= [ 355.436397][T11193] vivid-003: Radio HW Seek Mode: Bounded [ 355.443632][T11193] vivid-003: Radio Programmable HW Seek: false [ 355.450344][T11193] vivid-003: RDS Rx I/O Mode: Block I/O [ 355.458902][T11193] vivid-003: Generate RBDS Instead of RDS: false [ 355.465791][T11193] vivid-003: RDS Reception: true [ 355.471031][T11193] vivid-003: RDS Program Type: 0 inactive [ 355.476863][T11193] vivid-003: RDS PS Name: inactive [ 355.482298][T11193] vivid-003: RDS Radio Text: inactive [ 355.487816][T11193] vivid-003: RDS Traffic Announcement: false inactive [ 355.494855][T11193] vivid-003: RDS Traffic Program: false inactive [ 355.501240][T11193] vivid-003: RDS Music: false inactive [ 355.506971][T11193] vivid-003: ================== END STATUS ================== [ 357.453394][T11230] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1112'. [ 357.593139][ T29] audit: type=1800 audit(4294967400.197:15): pid=11246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1117" name="dbroot" dev="configfs" ino=33432 res=0 errno=0 [ 357.634319][T11226] FAULT_INJECTION: forcing a failure. [ 357.634319][T11226] name failslab, interval 1, probability 0, space 0, times 0 [ 357.647163][T11226] CPU: 1 UID: 0 PID: 11226 Comm: syz.0.1112 Not tainted 6.14.0-rc4-syzkaller #0 [ 357.647193][T11226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 357.647208][T11226] Call Trace: [ 357.647214][T11226] [ 357.647224][T11226] dump_stack_lvl+0x16c/0x1f0 [ 357.647260][T11226] should_fail_ex+0x50a/0x650 [ 357.647297][T11226] ? fs_reclaim_acquire+0xae/0x150 [ 357.647331][T11226] should_failslab+0xc2/0x120 [ 357.647356][T11226] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 357.647391][T11226] ? __xlate_proc_name+0x173/0x210 [ 357.647427][T11226] ? __proc_create+0x2c0/0x8b0 [ 357.647465][T11226] __proc_create+0x2c0/0x8b0 [ 357.647502][T11226] ? __pfx___proc_create+0x10/0x10 [ 357.647538][T11226] ? insert_header+0xf71/0x1430 [ 357.647582][T11226] proc_create_reg+0x7d/0x180 [ 357.647607][T11226] proc_create_net_data+0x8f/0x1b0 [ 357.647645][T11226] ? __pfx_proc_create_net_data+0x10/0x10 [ 357.647684][T11226] ? __pfx___register_sysctl_table+0x10/0x10 [ 357.647719][T11226] ? is_module_address+0x2a/0x50 [ 357.647751][T11226] ? register_net_sysctl_sz+0x228/0x3e0 [ 357.647783][T11226] ? __pfx_nf_log_net_init+0x10/0x10 [ 357.647811][T11226] nf_log_net_init+0x69/0x450 [ 357.647840][T11226] ? __pfx_nf_log_net_init+0x10/0x10 [ 357.647879][T11226] ops_init+0x1df/0x5f0 [ 357.647919][T11226] setup_net+0x21f/0x860 [ 357.647955][T11226] ? __pfx_setup_net+0x10/0x10 [ 357.647988][T11226] ? down_read_killable+0xcc/0x380 [ 357.648020][T11226] ? __pfx_down_read_killable+0x10/0x10 [ 357.648051][T11226] ? __raw_spin_lock_init+0x3a/0x110 [ 357.648090][T11226] ? debug_mutex_init+0x37/0x70 [ 357.648120][T11226] copy_net_ns+0x2a6/0x5f0 [ 357.648148][T11226] create_new_namespaces+0x3ea/0xad0 [ 357.648193][T11226] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 357.648233][T11226] ksys_unshare+0x45d/0xa40 [ 357.648259][T11226] ? __pfx_ksys_unshare+0x10/0x10 [ 357.648279][T11226] ? xfd_validate_state+0x5d/0x180 [ 357.648322][T11226] __x64_sys_unshare+0x31/0x40 [ 357.648344][T11226] do_syscall_64+0xcd/0x250 [ 357.648373][T11226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.648403][T11226] RIP: 0033:0x7fd0c898d169 [ 357.648421][T11226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.648441][T11226] RSP: 002b:00007fd0c9804038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 357.648464][T11226] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898d169 [ 357.648480][T11226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 357.648495][T11226] RBP: 00007fd0c8a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 357.648510][T11226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 357.648524][T11226] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 357.648557][T11226] [ 357.926381][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.974088][T11249] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1116'. [ 358.003352][T11249] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1116'. [ 358.869463][T11273] input: f0?\7vՐJL'$d)KLo1oNcj@qwR=X as /devices/virtual/input/input17 [ 359.252943][T11279] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1125'. [ 360.149789][T11294] Ignoring unsupported numa_zonelist_order value: [ 360.149789][T11294] syzkaller syzkaller login: [ 361.017818][T11312] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1135'. [ 361.238023][T11316] Setting dangerous option i915.mitigations - tainting kernel [ 362.506365][T11364] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1146'. [ 364.175900][T11400] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 364.314937][T11407] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1155'. [ 365.288408][T11414] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 365.325851][T11414] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 366.872834][T11448] FAULT_INJECTION: forcing a failure. [ 366.872834][T11448] name failslab, interval 1, probability 0, space 0, times 0 [ 366.943809][T11451] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1165'. [ 366.959423][T11448] CPU: 0 UID: 0 PID: 11448 Comm: syz.0.1165 Tainted: G U 6.14.0-rc4-syzkaller #0 [ 366.959459][T11448] Tainted: [U]=USER [ 366.959465][T11448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 366.959477][T11448] Call Trace: [ 366.959484][T11448] [ 366.959494][T11448] dump_stack_lvl+0x16c/0x1f0 [ 366.959532][T11448] should_fail_ex+0x50a/0x650 [ 366.959568][T11448] ? fs_reclaim_acquire+0xae/0x150 [ 366.959601][T11448] should_failslab+0xc2/0x120 [ 366.959623][T11448] __kmalloc_cache_node_noprof+0x6e/0x420 [ 366.959656][T11448] ? __raw_spin_lock_init+0x3a/0x110 [ 366.959693][T11448] ? __alloc_workqueue+0x506/0x1810 [ 366.959719][T11448] __alloc_workqueue+0x506/0x1810 [ 366.959745][T11448] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 366.959788][T11448] alloc_workqueue+0xd3/0x200 [ 366.959812][T11448] ? __pfx_alloc_workqueue+0x10/0x10 [ 366.959841][T11448] ? __pfx___debug_object_init+0x10/0x10 [ 366.959877][T11448] nci_register_device+0x221/0xb80 [ 366.959917][T11448] ? __pfx_nci_register_device+0x10/0x10 [ 366.959970][T11448] virtual_ncidev_open+0x141/0x220 [ 366.960008][T11448] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 366.960042][T11448] misc_open+0x35a/0x420 [ 366.960064][T11448] ? __pfx_misc_open+0x10/0x10 [ 366.960087][T11448] chrdev_open+0x237/0x6a0 [ 366.960131][T11448] ? __pfx_apparmor_file_open+0x10/0x10 [ 366.960165][T11448] ? __pfx_chrdev_open+0x10/0x10 [ 366.960205][T11448] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 366.960239][T11448] do_dentry_open+0x735/0x1c40 [ 366.960278][T11448] ? __pfx_chrdev_open+0x10/0x10 [ 366.960315][T11448] ? inode_permission+0xdd/0x5f0 [ 366.960343][T11448] vfs_open+0x82/0x3f0 [ 366.960364][T11448] ? may_open+0x1f2/0x400 [ 366.960391][T11448] path_openat+0x1e88/0x2d80 [ 366.960431][T11448] ? __pfx_path_openat+0x10/0x10 [ 366.960463][T11448] ? __pfx___lock_acquire+0x10/0x10 [ 366.960490][T11448] ? lock_acquire.part.0+0x11b/0x380 [ 366.960522][T11448] ? find_held_lock+0x2d/0x110 [ 366.960548][T11448] do_filp_open+0x20c/0x470 [ 366.960578][T11448] ? __pfx_do_filp_open+0x10/0x10 [ 366.960606][T11448] ? find_held_lock+0x2d/0x110 [ 366.960651][T11448] ? alloc_fd+0x41f/0x760 [ 366.960689][T11448] do_sys_openat2+0x17a/0x1e0 [ 366.960713][T11448] ? __pfx_do_sys_openat2+0x10/0x10 [ 366.960747][T11448] __x64_sys_openat+0x175/0x210 [ 366.960781][T11448] ? __pfx___x64_sys_openat+0x10/0x10 [ 366.960820][T11448] do_syscall_64+0xcd/0x250 [ 366.960852][T11448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.960883][T11448] RIP: 0033:0x7fd0c898d169 [ 366.960900][T11448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.960922][T11448] RSP: 002b:00007fd0c9804038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 366.960944][T11448] RAX: ffffffffffffffda RBX: 00007fd0c8ba5fa0 RCX: 00007fd0c898d169 [ 366.960958][T11448] RDX: 0000000000000002 RSI: 0000400000000400 RDI: ffffffffffffff9c [ 366.960970][T11448] RBP: 00007fd0c8a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 366.960983][T11448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.960997][T11448] R13: 0000000000000000 R14: 00007fd0c8ba5fa0 R15: 00007ffd7bec73d8 [ 366.961027][T11448] [ 367.532139][T11461] tipc: Started in network mode [ 367.537043][T11461] tipc: Node identity ee00, cluster identity 4711 [ 367.597260][T11461] tipc: Node number set to 60928 [ 370.179625][T11512] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1177'. [ 371.036357][T11537] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1186'. [ 371.046131][T11541] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1186'. [ 371.079572][T11537] netlink: 170 bytes leftover after parsing attributes in process `syz.0.1186'. [ 371.263524][T11529] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1182'. [ 371.317204][T11539] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 371.353695][T11539] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 371.416188][T11539] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 371.492117][T11550] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1188'. [ 371.571707][T11539] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 371.877327][T11560] netlink: 'syz.0.1190': attribute type 1 has an invalid length. [ 371.936695][T11560] netlink: 'syz.0.1190': attribute type 1 has an invalid length. [ 372.005886][T11560] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1190'. [ 372.065175][T11556] netlink: 'syz.0.1190': attribute type 1 has an invalid length. [ 372.107120][T11556] netlink: 'syz.0.1190': attribute type 1 has an invalid length. [ 372.135888][T11556] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1190'. [ 372.288988][T11563] synth uevent: /bus/hid/drivers/holtek_mouse: unknown uevent action string [ 372.920992][T11581] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1198'. [ 372.944914][T11582] pty pty90: ldisc open failed (-12), clearing slot 90 [ 373.113523][T11578] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1197'. [ 373.182573][T11592] Unable to find swap-space signature [ 373.210225][T11586] cifs: Unknown parameter '' [ 373.343788][ T5845] Bluetooth: hci1: command 0x0c1a tx timeout [ 373.404225][T11596] FAULT_INJECTION: forcing a failure. [ 373.404225][T11596] name failslab, interval 1, probability 0, space 0, times 0 [ 373.421500][ T5845] Bluetooth: hci2: command 0x0c1a tx timeout [ 373.502527][ T5845] Bluetooth: hci3: command 0x0c1a tx timeout [ 373.512463][ T5845] Bluetooth: hci2: unexpected subevent 0x04 length: 122 > 11 [ 373.540771][T11596] CPU: 0 UID: 0 PID: 11596 Comm: syz.3.1202 Tainted: G U 6.14.0-rc4-syzkaller #0 [ 373.540812][T11596] Tainted: [U]=USER [ 373.540820][T11596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 373.540835][T11596] Call Trace: [ 373.540843][T11596] [ 373.540852][T11596] dump_stack_lvl+0x16c/0x1f0 [ 373.540889][T11596] should_fail_ex+0x50a/0x650 [ 373.540925][T11596] ? fs_reclaim_acquire+0xae/0x150 [ 373.540959][T11596] should_failslab+0xc2/0x120 [ 373.540982][T11596] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 373.541018][T11596] ? security_file_alloc+0x34/0x2b0 [ 373.541053][T11596] security_file_alloc+0x34/0x2b0 [ 373.541084][T11596] init_file+0x93/0x4c0 [ 373.541110][T11596] alloc_empty_file+0x91/0x1e0 [ 373.541136][T11596] alloc_file_pseudo+0x13b/0x230 [ 373.541162][T11596] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 373.541195][T11596] dma_buf_export+0x3a9/0xb30 [ 373.541232][T11596] ? sg_alloc_table+0x4c/0x1c0 [ 373.541263][T11596] system_heap_allocate+0xab5/0xf80 [ 373.541304][T11596] ? __pfx_system_heap_allocate+0x10/0x10 [ 373.541350][T11596] ? rep_movs_alternative+0x4a/0x70 [ 373.541390][T11596] dma_heap_ioctl+0x33b/0x6a0 [ 373.541424][T11596] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 373.541484][T11596] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 373.541520][T11596] __x64_sys_ioctl+0x190/0x200 [ 373.541553][T11596] do_syscall_64+0xcd/0x250 [ 373.541584][T11596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.541617][T11596] RIP: 0033:0x7f0374f8d169 [ 373.541636][T11596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.541659][T11596] RSP: 002b:00007f0375ddd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 373.541682][T11596] RAX: ffffffffffffffda RBX: 00007f03751a5fa0 RCX: 00007f0374f8d169 [ 373.541698][T11596] RDX: 0000400000000140 RSI: ffffffffffdffe00 RDI: 0000000000000006 [ 373.541713][T11596] RBP: 00007f037500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 373.541728][T11596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 373.541742][T11596] R13: 0000000000000000 R14: 00007f03751a5fa0 R15: 00007fff2d85ee78 [ 373.541772][T11596] [ 373.581467][ T5845] Bluetooth: hci4: command 0x040f tx timeout [ 374.444034][T11601] ================================================================== [ 374.452150][T11601] BUG: KASAN: slab-use-after-free in msft_opcode_get+0x6d/0x80 [ 374.459734][T11601] Read of size 2 at addr ffff888027092a32 by task syz.2.1203/11601 [ 374.467639][T11601] [ 374.469975][T11601] CPU: 1 UID: 0 PID: 11601 Comm: syz.2.1203 Tainted: G U 6.14.0-rc4-syzkaller #0 [ 374.470007][T11601] Tainted: [U]=USER [ 374.470015][T11601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 374.470028][T11601] Call Trace: [ 374.470035][T11601] [ 374.470044][T11601] dump_stack_lvl+0x116/0x1f0 [ 374.470075][T11601] print_report+0xc3/0x670 [ 374.470115][T11601] ? __virt_addr_valid+0x5e/0x590 [ 374.470138][T11601] ? __phys_addr+0xc6/0x150 [ 374.470161][T11601] kasan_report+0xd9/0x110 [ 374.470182][T11601] ? msft_opcode_get+0x6d/0x80 [ 374.470208][T11601] ? msft_opcode_get+0x6d/0x80 [ 374.470235][T11601] msft_opcode_get+0x6d/0x80 [ 374.470260][T11601] ? __pfx_msft_opcode_get+0x10/0x10 [ 374.470284][T11601] simple_attr_read+0x169/0x370 [ 374.470311][T11601] ? __debugfs_file_get+0x1ff/0x850 [ 374.470339][T11601] ? __pfx_simple_attr_read+0x10/0x10 [ 374.470366][T11601] ? __debugfs_file_get+0x1ff/0x850 [ 374.470392][T11601] ? __pfx___debugfs_file_get+0x10/0x10 [ 374.470422][T11601] debugfs_attr_read+0x76/0xa0 [ 374.470450][T11601] full_proxy_read+0x13c/0x200 [ 374.470478][T11601] ? __pfx_full_proxy_read+0x10/0x10 [ 374.470506][T11601] vfs_read+0x1df/0xbf0 [ 374.470534][T11601] ? __fget_files+0x1fc/0x3a0 [ 374.470564][T11601] ? __pfx___mutex_lock+0x10/0x10 [ 374.470591][T11601] ? __pfx_vfs_read+0x10/0x10 [ 374.470623][T11601] ? __fget_files+0x206/0x3a0 [ 374.470656][T11601] ksys_read+0x12b/0x250 [ 374.470684][T11601] ? __pfx_ksys_read+0x10/0x10 [ 374.470716][T11601] do_syscall_64+0xcd/0x250 [ 374.470744][T11601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.470775][T11601] RIP: 0033:0x7fa0c818d169 [ 374.470793][T11601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.470815][T11601] RSP: 002b:00007fa0c8fab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 374.470837][T11601] RAX: ffffffffffffffda RBX: 00007fa0c83a6080 RCX: 00007fa0c818d169 [ 374.470853][T11601] RDX: 000000000000ffff RSI: 0000400000006740 RDI: 0000000000000006 [ 374.470868][T11601] RBP: 00007fa0c820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 374.470882][T11601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 374.470896][T11601] R13: 0000000000000000 R14: 00007fa0c83a6080 R15: 00007fff4382d948 [ 374.470918][T11601] [ 374.470926][T11601] [ 374.704815][T11601] Allocated by task 11046: [ 374.709239][T11601] kasan_save_stack+0x33/0x60 [ 374.713991][T11601] kasan_save_track+0x14/0x30 [ 374.718698][T11601] __kasan_kmalloc+0xaa/0xb0 [ 374.723312][T11601] __kmalloc_noprof+0x21c/0x510 [ 374.728187][T11601] ieee802_11_parse_elems_full+0xf2/0x18c0 [ 374.734025][T11601] ieee80211_ibss_rx_queued_mgmt+0xc4f/0x2f50 [ 374.740126][T11601] ieee80211_iface_work+0xc15/0xf50 [ 374.745353][T11601] cfg80211_wiphy_work+0x3ed/0x570 [ 374.750486][T11601] process_one_work+0x9c5/0x1ba0 [ 374.755446][T11601] worker_thread+0x6c8/0xf00 [ 374.760059][T11601] kthread+0x3af/0x750 [ 374.764155][T11601] ret_from_fork+0x45/0x80 [ 374.768627][T11601] ret_from_fork_asm+0x1a/0x30 [ 374.773413][T11601] [ 374.775762][T11601] Freed by task 11046: [ 374.779834][T11601] kasan_save_stack+0x33/0x60 [ 374.784537][T11601] kasan_save_track+0x14/0x30 [ 374.789235][T11601] kasan_save_free_info+0x3b/0x60 [ 374.794284][T11601] __kasan_slab_free+0x51/0x70 [ 374.799073][T11601] kfree+0x2c4/0x4d0 [ 374.802991][T11601] ieee80211_ibss_rx_queued_mgmt+0x1a29/0x2f50 [ 374.809178][T11601] ieee80211_iface_work+0xc15/0xf50 [ 374.814405][T11601] cfg80211_wiphy_work+0x3ed/0x570 [ 374.819541][T11601] process_one_work+0x9c5/0x1ba0 [ 374.824501][T11601] worker_thread+0x6c8/0xf00 [ 374.829116][T11601] kthread+0x3af/0x750 [ 374.833207][T11601] ret_from_fork+0x45/0x80 [ 374.837647][T11601] ret_from_fork_asm+0x1a/0x30 [ 374.842429][T11601] [ 374.844761][T11601] The buggy address belongs to the object at ffff888027092800 [ 374.844761][T11601] which belongs to the cache kmalloc-1k of size 1024 [ 374.858836][T11601] The buggy address is located 562 bytes inside of [ 374.858836][T11601] freed 1024-byte region [ffff888027092800, ffff888027092c00) [ 374.872736][T11601] [ 374.875055][T11601] The buggy address belongs to the physical page: [ 374.881469][T11601] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27090 [ 374.890228][T11601] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 374.898731][T11601] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 374.906285][T11601] page_type: f5(slab) [ 374.910260][T11601] raw: 00fff00000000040 ffff88801b041dc0 ffffea0001820200 dead000000000002 [ 374.918838][T11601] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 374.927415][T11601] head: 00fff00000000040 ffff88801b041dc0 ffffea0001820200 dead000000000002 [ 374.936079][T11601] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 374.944750][T11601] head: 00fff00000000003 ffffea00009c2401 ffffffffffffffff 0000000000000000 [ 374.953418][T11601] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 374.962077][T11601] page dumped because: kasan: bad access detected [ 374.968500][T11601] page_owner tracks the page as allocated [ 374.974201][T11601] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8953494914, free_ts 0 [ 374.993827][T11601] post_alloc_hook+0x181/0x1b0 [ 374.998601][T11601] get_page_from_freelist+0xfce/0x2f80 [ 375.004063][T11601] __alloc_frozen_pages_noprof+0x221/0x2470 [ 375.009967][T11601] alloc_pages_mpol+0x1fc/0x540 [ 375.014812][T11601] new_slab+0x23d/0x330 [ 375.018969][T11601] ___slab_alloc+0xc5d/0x1720 [ 375.023647][T11601] __slab_alloc.constprop.0+0x56/0xb0 [ 375.029020][T11601] __kmalloc_cache_noprof+0xfa/0x410 [ 375.034307][T11601] class_register+0xb5/0x460 [ 375.038897][T11601] init_mtd+0x17/0x230 [ 375.043049][T11601] do_one_initcall+0x128/0x700 [ 375.047811][T11601] kernel_init_freeable+0x5c7/0x900 [ 375.053014][T11601] kernel_init+0x1c/0x2b0 [ 375.057348][T11601] ret_from_fork+0x45/0x80 [ 375.061764][T11601] ret_from_fork_asm+0x1a/0x30 [ 375.066525][T11601] page_owner free stack trace missing [ 375.071883][T11601] [ 375.074197][T11601] Memory state around the buggy address: [ 375.079815][T11601] ffff888027092900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.087870][T11601] ffff888027092980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.095925][T11601] >ffff888027092a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.103978][T11601] ^ [ 375.109598][T11601] ffff888027092a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.117653][T11601] ffff888027092b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.125704][T11601] ================================================================== [ 375.231995][T11601] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 375.239245][T11601] CPU: 1 UID: 0 PID: 11601 Comm: syz.2.1203 Tainted: G U 6.14.0-rc4-syzkaller #0 [ 375.249770][T11601] Tainted: [U]=USER [ 375.253585][T11601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 375.263654][T11601] Call Trace: [ 375.266944][T11601] [ 375.269886][T11601] dump_stack_lvl+0x3d/0x1f0 [ 375.274506][T11601] panic+0x71d/0x800 [ 375.278424][T11601] ? __pfx_panic+0x10/0x10 [ 375.282866][T11601] ? preempt_schedule_thunk+0x1a/0x30 [ 375.288263][T11601] ? preempt_schedule_common+0x44/0xc0 [ 375.293749][T11601] ? check_panic_on_warn+0x1f/0xb0 [ 375.298893][T11601] check_panic_on_warn+0xab/0xb0 [ 375.303854][T11601] end_report+0x117/0x180 [ 375.308218][T11601] kasan_report+0xe9/0x110 [ 375.312659][T11601] ? msft_opcode_get+0x6d/0x80 [ 375.317447][T11601] ? msft_opcode_get+0x6d/0x80 [ 375.322232][T11601] msft_opcode_get+0x6d/0x80 [ 375.326848][T11601] ? __pfx_msft_opcode_get+0x10/0x10 [ 375.332155][T11601] simple_attr_read+0x169/0x370 [ 375.337036][T11601] ? __debugfs_file_get+0x1ff/0x850 [ 375.342265][T11601] ? __pfx_simple_attr_read+0x10/0x10 [ 375.347663][T11601] ? __debugfs_file_get+0x1ff/0x850 [ 375.352885][T11601] ? __pfx___debugfs_file_get+0x10/0x10 [ 375.358460][T11601] debugfs_attr_read+0x76/0xa0 [ 375.363259][T11601] full_proxy_read+0x13c/0x200 [ 375.368049][T11601] ? __pfx_full_proxy_read+0x10/0x10 [ 375.373360][T11601] vfs_read+0x1df/0xbf0 [ 375.377547][T11601] ? __fget_files+0x1fc/0x3a0 [ 375.382259][T11601] ? __pfx___mutex_lock+0x10/0x10 [ 375.387310][T11601] ? __pfx_vfs_read+0x10/0x10 [ 375.392021][T11601] ? __fget_files+0x206/0x3a0 [ 375.396732][T11601] ksys_read+0x12b/0x250 [ 375.401002][T11601] ? __pfx_ksys_read+0x10/0x10 [ 375.405800][T11601] do_syscall_64+0xcd/0x250 [ 375.410333][T11601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.416264][T11601] RIP: 0033:0x7fa0c818d169 [ 375.420694][T11601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.440327][T11601] RSP: 002b:00007fa0c8fab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 375.448769][T11601] RAX: ffffffffffffffda RBX: 00007fa0c83a6080 RCX: 00007fa0c818d169 [ 375.456762][T11601] RDX: 000000000000ffff RSI: 0000400000006740 RDI: 0000000000000006 [ 375.464755][T11601] RBP: 00007fa0c820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 375.472748][T11601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 375.480739][T11601] R13: 0000000000000000 R14: 00007fa0c83a6080 R15: 00007fff4382d948 [ 375.488736][T11601] [ 375.492002][T11601] Kernel Offset: disabled [ 375.496325][T11601] Rebooting in 86400 seconds..