last executing test programs: 23m42.422555791s ago: executing program 3 (id=1244): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3ff, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) process_mrelease$auto(r1, 0x6) mmap$auto(0x5, 0x0, 0x31638121, 0xeb1, r1, 0x60) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) writev$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x710d}, 0x8000000000000001) epoll_ctl$auto(0xffffffffffffffff, 0xb5, 0xffffffffffffffff, &(0x7f0000000100)={0x8, 0x2}) unshare$auto(0x40000080) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) close_range$auto(0x2, 0x8000, 0x0) open(&(0x7f0000002a00)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x303440, 0xc744bb10621eef98) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/wireless\x00', 0x400, 0x0) pread64$auto(r2, 0x0, 0x1ff, 0x8800000000) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/block/loop2/hctx0/cpu0/default_rq_list\x00', 0x29000, 0x0) pread64$auto(r3, 0x0, 0x1000f42d, 0x100) r4 = timerfd_create$auto(0x8, 0x800) read$auto_ppp_device_fops_ppp_generic(r4, &(0x7f0000000100)=""/51, 0x33) getsockopt$auto_SO_INCOMING_NAPI_ID(r0, 0x3, 0x38, &(0x7f0000000000)='---)\x00', &(0x7f0000000040)=0x1caf) pkey_mprotect$auto(0x80000000, 0x0, 0x7, 0x4) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f00000029c0)='/sys/kernel/debug/tracing/buffer_size_kb\x00', 0x0, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/snd/controlC0\x00', 0x80, 0x0) shmctl$auto_SHM_LOCK(0x2, 0xb, &(0x7f0000000140)={{0xffff, 0x0, 0x0, 0xe, 0x7, 0x8}, 0x45, 0xaa, 0x9, 0x0, @inferred, @raw, 0x3a, 0x0, &(0x7f0000000080), &(0x7f0000000200)="aa92e40e07213c066e0e08cd16ab0921d95a735341f248904d920867000d1c14753d8dac9a0254db4934aae0bfcbdcf5326ba3e97b190e603b531da2c4bd48fe7b2fcaffb3a5294e1d91411bfa2fb73615eea67292df8a297d29fcdd23948be628cefcae629266386ab2568aeb9b36d7b0c4b323d70e61b4a92e054f39d76fe86419b9b6f6c160bb"}) setpriority$auto(0x0, r5, 0x3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r6, 0x0, 0x9) 23m38.58150902s ago: executing program 3 (id=1252): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f00000044c0)='/proc/thread-self/oom_score_adj\x00', 0x240000, 0x0) openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000008c80)='/proc/thread-self/oom_score_adj\x00', 0x8c0, 0x0) r0 = socket(0xa, 0x2, 0x73) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_NAPI_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40880}, 0x814) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x48080) madvise$auto(0x0, 0xffffffffffff0005, 0x19) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_STATUS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x4}]}, 0x1c}, 0x1, 0xf0ffff, 0x0, 0x40}, 0x40) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r3, 0x0, 0x120) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/video59\x00', 0x0, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2, 0x0) write$auto(0x3, 0x0, 0xfdef) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/partitions\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0xfffffeff, 0x1) r6 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(r4, &(0x7f000000ca40)={0x0, 0x0, &(0x7f000000ca00)={&(0x7f0000000080)=ANY=[@ANYBLOB="140057b47b1000", @ANYRES16=r6, @ANYBLOB="e3db28bd7000fcdbdf2510000000"], 0x14}, 0x1, 0x0, 0x0, 0x841}, 0x4) shmget$auto(0x400, 0x10563, 0x568c12f2) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x20000, 0x0) 23m36.740114755s ago: executing program 3 (id=1258): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x60c403, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xa}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) write$auto(0x3, 0x0, 0x7fffffff) close_range$auto(r0, r0, 0x7) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) write$auto(0x3, 0x0, 0xfdef) 23m36.127119412s ago: executing program 3 (id=1260): syz_genetlink_get_family_id$auto_gtp(0x0, 0xffffffffffffffff) socket(0xa, 0x2, 0x73) setsockopt$auto(0x4, 0x29, 0x2a, 0x0, 0x200577) socket$nl_generic(0x10, 0x3, 0x10) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) r0 = getpid() r1 = gettid() r2 = getpid() rt_tgsigqueueinfo$auto(r2, r1, 0x21, &(0x7f0000000400)={@_si_pad}) rt_tgsigqueueinfo$auto(r0, r1, 0x21, &(0x7f0000000040)={@_si_pad}) rt_sigprocmask$auto_SIG_SETMASK(0x2, &(0x7f00000000c0)={0x8000000000000000}, 0x0, 0x8) ioctl$auto_TCFLSH2(0xffffffffffffffff, 0x540b, 0xfffffffffffffffd) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) shutdown$auto(0x200000003, 0x0) socket(0xf, 0x3, 0x2) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r4 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r4, 0xc0603d06, 0x0) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xfff, 0x1, 0x948b, 0x3, 0x95f4da2a, 0xffffffffffffffff, 0x3, 0x62, 0x7, 0x7, 0x6d3f, 0x9, 0x4, 0x5]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x6, 0x1, 0xfffffffffffffff7, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000021, 0x400000007, 0x6d3e, 0x7fff, 0x2, 0x6]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) 23m34.842532036s ago: executing program 3 (id=1265): mmap$auto(0x0, 0x2020009, 0x9, 0xeb3, 0xfffefffffffffffa, 0x8000) fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) r0 = prctl$auto_PR_SET_VMA_ANON_NAME(0x4, 0x0, 0x0, 0x7a, 0x7) poll$auto(&(0x7f0000000180)={r0, 0x72d7, 0x7}, 0xffffffff, 0x80) writev$auto(r0, &(0x7f0000000140)={&(0x7f00000000c0)="bbc69f44294e96f44775c8ae2f799d5b6cd3299545567a43016b6aec10e08a4fb9dbbca984cc42f44cdd549991cd2ad59a53569f780f1c9034ccad3581883cc6b1a76687a38c9eeb864081f5aa5c16157d43f44f0da3d1f57668fd3b292a2de512328f6200"/116, 0x3}, 0x8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) iopl$auto(0x3) futex_requeue$auto(&(0x7f0000000080)={0x0, 0x39c3c00000000, 0xdd54}, 0x80800001, 0x1007fc, 0x8001) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/swaps\x00', 0x0, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x149400, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x104, 0x80000001, 0x7, 0x1, 0x3, 0x15f4da0a, 0x6, 0x3, 0x62, 0x1, 0x7, 0x6d3f, 0x2, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) ioctl$auto_XFS_IOC_GET_RESBLKS(r1, 0x80105873, &(0x7f0000000040)={0x7, 0x1}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket(0x10, 0x2, 0x63f) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027617c36720add70ab"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) init_module$auto(0x0, 0xffff9, 0x0) pidfd_open$auto(0x1, 0x0) 23m31.91246598s ago: executing program 3 (id=1271): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x7ffb) write$auto(0x3, 0x0, 0xfffffdef) write$auto_snd_pcm_oss_f_reg_pcm_oss(r1, &(0x7f0000000240)="ca2aa92f10", 0x5) nanosleep$auto(0x0, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc) openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mbind$auto(0xf000, 0x7e8, 0x1, 0x0, 0x7fff, 0x2) mbind$auto(0xffffffffffff7fff, 0x1, 0x800, 0x0, 0x5, 0x8) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/tty/ttyc2/power/runtime_active_time\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x8, 0x1, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x109000, 0x0) openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/saved_cmdlines_size\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0x7) writev$auto(r0, &(0x7f0000000100)={0x0, 0x4000000710d}, 0x81) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004080}, 0x0) r2 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x40140, 0x0) read$auto_ptdump_fops_(r2, &(0x7f0000000040)=""/19, 0x13) 23m16.640089932s ago: executing program 32 (id=1271): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x7ffb) write$auto(0x3, 0x0, 0xfffffdef) write$auto_snd_pcm_oss_f_reg_pcm_oss(r1, &(0x7f0000000240)="ca2aa92f10", 0x5) nanosleep$auto(0x0, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0xfffffffffffffffc) openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mbind$auto(0xf000, 0x7e8, 0x1, 0x0, 0x7fff, 0x2) mbind$auto(0xffffffffffff7fff, 0x1, 0x800, 0x0, 0x5, 0x8) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/tty/ttyc2/power/runtime_active_time\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x8, 0x1, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x109000, 0x0) openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/saved_cmdlines_size\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0x7) writev$auto(r0, &(0x7f0000000100)={0x0, 0x4000000710d}, 0x81) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004080}, 0x0) r2 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x40140, 0x0) read$auto_ptdump_fops_(r2, &(0x7f0000000040)=""/19, 0x13) 8.655021151s ago: executing program 2 (id=5072): r0 = socket(0x2, 0x80002, 0x73) bind$auto(0x3, 0x0, 0x8001) connect$auto(r0, 0x0, 0x54) sysfs$auto(0x2, 0x0, 0x0) r1 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_l2cap_debugfs_fops_(r1, &(0x7f0000000240)=""/177, 0xb1) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x410000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x5, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x20006, 0x4, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a2b, 0x3000, 0x2, 0x3, 0x10000) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto_PR_SET_ENDIAN(0x14, 0xfffffffffffffff5, 0x0, 0x5, 0x6) prctl$auto_PR_SET_MDWE(0x41, 0x5, 0x0, 0x4, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_proc_environ_operations_base(0xffffffffffffffff, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x1) mq_open$auto(0x0, 0x5, 0x3, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000005}, 0x8000800) sendmmsg$auto(r2, 0x0, 0xc11c, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 8.651777719s ago: executing program 1 (id=5073): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xfff, 0x8000000008012, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) ioctl$auto(0x3, 0x8905, 0xfffffffffffff4e0) setfsuid$auto(0x0) socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) getsockopt$auto_SO_MEMINFO(0xffffffffffffffff, 0x6, 0x37, &(0x7f0000000100)='\x00\x00\x00\x00', &(0x7f0000000080)=0x81) socket(0xa, 0x1, 0x84) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x8000000000000000, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) getrandom$auto(&(0x7f0000000580)='\'}\'{@\x00', 0xf, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) inotify_init1$auto(0x3000000000000) io_uring_setup$auto(0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 7.234352015s ago: executing program 2 (id=5078): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_LINK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000007", @ANYRES16=r1, @ANYBLOB="15009ce4bf21857929207e"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8000) 7.01707325s ago: executing program 2 (id=5080): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x21, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x6b) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto_SO_SNDTIMEO_OLD(0xffffffffffffffff, 0x3ff, 0x15, 0x0, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x101000, 0x0) socket(0xa, 0x801, 0x106) r1 = socket(0x2b, 0x1, 0x1) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe\x00', 0x2000, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="2f212abd"], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) prctl$auto(0x35, 0x100008000, 0x8, 0xaff5, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dmmidi2\x00', 0x51e8c3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0xd5b, 0xc, 0x37, 0x948d, 0x8002, 0x15f4da0a, 0x1, 0x3, 0x300000000000604, 0x0, 0x7, 0x6d3c, 0xc, 0x800c8c, 0xffffffffffffffff]}, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000380)={0xf7, 0xd, 0x3000, 0x0, 0x7, 0x400a, 0xffffffffffffffff, [0x9, 0x6], {0x6, 0x6, 0x8448, 0x29b, 0x3, 0x7f, 0x2, 0x4, 0xf}, {0xa38, 0x1, 0x52, 0x4085, 0x2, 0x1a7b870a, 0x76c4, 0x8, 0x40}}) process_madvise$auto(0x3, 0x0, 0xb, 0xc15, 0x8000000000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/ib_srp/parameters/fast_io_fail_tmo\x00', 0x22000, 0x0) close_range$auto(0x2, 0x8, 0x0) keyctl$auto_KEYCTL_SET_TIMEOUT(0xf, 0xee01, 0xee01, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80002, 0x0) sendfile$auto(r3, 0xffffffffffffffff, 0x0, 0x400000000003) prctl$auto(0x9, 0x200, 0x0, 0xfba3, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x6, 0xdf, 0x9b72, 0x2, 0x8004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/extra\x00', 0xa142, 0x0) 6.208241791s ago: executing program 2 (id=5083): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)) prctl$auto_PR_GET_SPECULATION_CTRL(0x34, 0x10, 0xffffffffffffffff, 0x8000, 0x8acb) write$auto(0xffffffffffffffff, 0x0, 0x7) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRES16=0x0, @ANYBLOB="2f212abd7800fddb"], 0x14}}, 0x4000000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r3 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f00000005c0)="7a70afdeff30974df118d467a96f8686f5c7c275fa19e3cc80f10eca03c1372f3bf4a764f4117bf0982559306380a8d8aabb93d08acc30fa25f3ed51631c6ecc30e47ff45960f15f49a05aa4e82d078663d70d8d75e64f90eadb02d49f620cd09e39ab7a9c244a7da03a067fec3137537196871b132ed6d241491e601dcba432682ba51d1e5c0869f8833a07184999516d1bd545948e6927", 0x40, &(0x7f0000000100)={&(0x7f0000000040)="405740f7a3ecf10b93ec0de8c7b16c99cfeb44e1ae3752ad774de9124f9e7ec4b62dfa3fffc087747805f02272e8bb9c1c2eaeebccbe2a9fcb3599d6c92522e3172acc5bed96b3c057f0496f82b29046ba048ef28e38d12f052cdb40"}, 0x6, &(0x7f0000000680)="c16b3614f47fa795505cc31b094a86a6b2156e4bcd996847f3d8065855301188d037f8d6bfd1104cc8218c458bf0bd5e6fa7b94b2b62bab93f14e44eb529964c804d8a247b9b0a7102b3a7246220d30d000ef47caba13c3e059995404f20795cfa74313f1cba555a92886a44f4e40936b6b2976573a799602733a7ad025393a4aa87ec6ccb0daaeee70486789dc31b01abb240e0e8e154ddfbb286352e5b3e4fcd08b4256b936c276920cc06f8765abf243326a4552b8ee0e2c39cdde86ea89f9fa0792e43fd9d6bad84e92f4cb569bef80f2b32eb", 0x1, 0x1}, 0x6}, 0x7, 0x3) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x3]}, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4810}, 0x800) close_range$auto(r3, 0x8, 0x1107) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7ff, 0x89, 0x26, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffa, 0x8, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84}, 0x9, 0xd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setns$auto(0x0, 0xb) r4 = pidfd_open$auto(0x1, 0x0) setns(r4, 0x60020000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200e282a0e211c65430d168cf478d09316eb995aeac80fe27ecf8228cb94fe8ba4c978a0f36de2031e7104d8dd7666781bb8b2b819e148e1532d5e151a24341f45a7cc7b005b48a2535acae2b37f9eec010f378940caaf8a6b8a697c18aac2ef2164aafabf8ad66ca907c2a7bc20e4b1f4b7e3567b1b0aceb6a064ad640c4ffb86cf000ebf22a9334a5fe0bca44e30c5234365e34708af560c4704c618bef7def9b54fe2bab21d0d302b42c45903999bca11545302d6445c67f4a854e2b", @ANYRES32=0x0, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) 4.553767565s ago: executing program 0 (id=5086): r0 = bpf$auto(0x3, &(0x7f0000000000)=@bpf_attr_1={0xffffffffffffffff, 0x2, @value=0x5711, 0x2}, 0x8) r1 = socket(0x10, 0x2, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8947, &(0x7f0000000000)={'bond0\x00'}) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x7) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) epoll_create$auto(0x4) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) read$auto(0x3, 0x0, 0x80) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYRES64=r1, @ANYRESDEC=r2, @ANYRESHEX=r3], 0x14}}, 0x0) r4 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(r2, r0, 0x7) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) fanotify_init$auto(0x65, 0x2) r5 = pipe$auto(0x0) dup2$auto(0x5, 0x4) write$auto(0x6, 0x0, 0x100000001) splice$auto(0x4, 0x0, r5, 0x0, 0x80000001, 0x9) r6 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) read$auto_proc_iter_file_ops_compat_inode(r6, &(0x7f0000000180)=""/138, 0x8a) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x10948b, 0x3, 0x15f4da0a, 0x3, 0x80000000, 0x5f, 0x80000001, 0x7, 0x6d3f, 0x7, 0x2, 0xfffffffffffffffe]}, 0x0) landlock_restrict_self$auto(r4, 0x5) 4.440664279s ago: executing program 4 (id=5087): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x28b42, 0x0) sendfile$auto(r0, r0, 0x0, 0x4f64a1d2) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) socket(0x2a, 0x2, 0x0) r1 = socket(0x2a, 0x2, 0x1) connect$auto(r1, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0x4001}, 0x55) bind$auto(0x3, 0x0, 0x6b) r2 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0p\x00', 0x80, 0x0) mmap$auto_snd_pcm_f_ops_pcm(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000e, 0x40010, r2, 0x8) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x20000, 0x0) ioctl$auto_BLKRRPART(r3, 0x125f, 0xfffff000) 4.369437429s ago: executing program 1 (id=5088): ioperm$auto(0x5, 0x9, 0x1) (async) mkdir$auto(&(0x7f0000000000)='./file0\x00', 0x2) (async) r0 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000001500)='/proc/kpagecgroup\x00', 0x101000, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) (async) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) ioctl$auto_TIOCVHANGUP(r1, 0x5437, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0004, 0x19) (async) madvise$auto(0x0, 0x200007, 0x8) (async) mmap$auto(0x0, 0x10001, 0xff, 0x9b72, 0x2, 0x8000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) (async) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) (async) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x20, 0xf1, 0xb0, @raw=0xfffff038}}) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x1, 0x0) (async) io_uring_register$auto(0x2, 0x8, 0x0, 0x7) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) (async) sendmsg$auto_NL80211_CMD_GET_MPP(0xffffffffffffffff, 0x0, 0x880) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000200), 0xffffffffffffffff) fallocate$auto(0x8000000000000003, 0x0, 0x8, 0x7fffffffffffffff) (async) sendmsg$auto_TIPC_NL_BEARER_SET(r3, &(0x7f0000002040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="257a816da15f4bfa740144785998"], 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x40044) sendmsg$auto_NFC_CMD_STOP_POLL(r0, 0x0, 0x20064084) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.15/usb39/power/control\x00', 0x210000, 0x0) statfs$auto(&(0x7f0000001a40)='./file0\x00', &(0x7f0000001a80)={0x2, 0x7fffffff, 0x9, 0x1, 0x8, 0xffffffffffffff05, 0x3, {[0x8, 0x6]}, 0xfffffffffffff000, 0x7, 0x9, [0x4, 0x80, 0xffffffffffff0001, 0x3]}) 4.093941207s ago: executing program 1 (id=5089): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, r1, 0xf25, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054) 4.01916375s ago: executing program 4 (id=5090): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x100000000004, 0x7ff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8400) r1 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto_FS_IOC_RESVSP(r1, 0x40305828, 0x1) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x1ff, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0x0) 3.651256824s ago: executing program 0 (id=5091): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/speed\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000340)=""/160, 0xa0) r1 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r1, 0x7, 0x6}, 0x4, 0x100000) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r1) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r2, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000003940)={0x14, r3, 0x301, 0x70bd2e, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0xc4) (fail_nth: 2) 3.635537667s ago: executing program 1 (id=5092): r0 = socket(0x22, 0x1, 0x80000000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) unshare$auto(0x40000080) sendmmsg$auto(r0, 0x0, 0x3b87, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x40, r2, 0x1b, 0x70bd26, 0x25dfdbfe, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0x15, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @fd=r1}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590822ad9"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = socket(0xa, 0x2, 0x88) r4 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000240)="4c0c5800000000000004", 0x49}, 0x4, &(0x7f0000000080), 0x5, 0x11}, 0x5}, 0x80000002, 0x100) setsockopt$auto(r3, 0x29, 0x10, 0x0, 0x1) syz_clone(0x40011, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x380b83, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000100)=@nl=@unspec, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0xfffffdef) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0xa0202, 0x0) 2.30200731s ago: executing program 0 (id=5093): r0 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000040), 0x8300, 0x0) readv$auto(r0, &(0x7f00000004c0)={0x0, 0x2004}, 0x5) 2.130739508s ago: executing program 2 (id=5094): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/shm_rmid_forced\x00', 0x42a81, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000000), r0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) sendmmsg$auto(r0, &(0x7f0000000280)={{&(0x7f00000000c0)="3dd9009be72986989c9aa8ab7a867a4e5ccde3c1854d53314e677f660aca8dc52084e5d607cd92d141035f88ff22a60c95cb6ed7a9ba6b901150a2ce85025c1a4423fa7ac5c0ac01fdc97b1ea74e8e3d2d0a17f001213f92ea1d680ddbcfc9fc9fdd6b2458438ef3455519ed19db534c329d6777190fbf0a887e299af7ba0ca3927a92d172cf9c9b90b3261ee7df6df5a6991f2256cb010eb396f4cad2f7e7b1c848655630849f55621d590bd40a34d215b2f43e8f0d2861e014b926e4add3e87e712256b00efa55356500301985d7", 0x4, &(0x7f0000000200)={&(0x7f00000001c0)="3a505e3b625a7dab54222542b0d6bcaef125ccd8b817194ae33242fcea74", 0x1}, 0x27, &(0x7f0000000240)="9334ba974ca101076c249b55dfded0f73d10", 0x500e, 0xffff}, 0x40}, 0xf, 0x80000001) sendfile$auto(r0, r1, 0x0, 0x1020202) 1.977511538s ago: executing program 4 (id=5095): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001640), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000a6", @ANYRES16=r1, @ANYBLOB="13032bbd7000eedbdf2505004d"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4) 1.793475143s ago: executing program 4 (id=5096): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x2dc08f24db163610, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368a, 0x2, {0x100000000, 0x10000}, 0x5, 0x8, 0xfffffffffffffffd, 0x1008000, 0x0, 0x9, 0x81, 0xdfffffffffff628e, 0x6, 0xdeb1, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r1, 0x5453, r1) getrandom$auto(0x0, 0x6000000, 0x3) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x43102, 0x0) futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4) read$auto_proc_iter_file_ops_compat_inode(r2, &(0x7f00000007c0)=""/153, 0x99) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0xa, 0x2, 0x0) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) setsockopt$auto(r3, 0x29, 0x30, 0x0, 0x56b) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) mmap$auto(0x600000000000000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x2003f0, 0x18) mlock$auto(0x5, 0xffff) 1.768687031s ago: executing program 2 (id=5097): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) socket(0xa, 0x1, 0x84) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) shmdt$auto(0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket(0x2, 0x1, 0x106) r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x183440, 0x0) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0) ioctl$auto_USB_RAW_IOCTL_CONFIGURE(r1, 0x5509, 0x0) unshare$auto(0x40000080) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r2, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="230027bd7000fcdbdf2508ffe9000c0003"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x44044) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) socket(0x8, 0x3, 0x1000001c) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x7fffffff, 0x7, 0x0, 0x9, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) listen$auto(0x3, 0x81) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0xe, 0x4, 0x4, 0x9, 0x8, 0xc, r0, 0x4, 0x7ff}, 0xee) r5 = open_by_handle_at$auto(r4, &(0x7f00000003c0)={0xff, 0x6, "771a7d95b092c771e571e99fd2528892790f6252e8613d959d213d244fd83b753e8055b6938695ced8bf3b0de18a3f57de52bfbaebe13dd9915371a33e9d2543d7f301622a3fbe6b835b539a0a02ad2f22b41e6ffe35c4870ff3bd22d838288edd1a6f161558027eb164ed42e6ceec59cff31ec3337c5366cdb450ec38d103172f2bc83f26c51e40bb80ecfa16583b3e7fa5f89492650f57a1f23cd210bd2b8e6879a714a3b4792777ef0eef4662e35eea217631878afcf2f94e6abfee1873c52af8bc188173a9e5c5e486c31661dc4467d7df45a2c3e6d15d4b99528b19e395ae73fd93ed36e5e5dc6ea140812d1a130f70c91608e4db94d53d2145c96e80"}, 0xeba) read$auto_proc_mountinfo_operations_mnt_namespace(r5, &(0x7f0000000080)=""/114, 0x72) mmap$auto(0x0, 0x2020009, 0x3, 0x73, 0xffffffffffffffff, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) sched_rr_get_interval$auto(0x0, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x28140, 0x0) 1.237263404s ago: executing program 0 (id=5098): r0 = socket(0x2, 0x80002, 0x73) bind$auto(0x3, 0x0, 0x8001) connect$auto(r0, 0x0, 0x54) sysfs$auto(0x2, 0x0, 0x0) r1 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_l2cap_debugfs_fops_(r1, &(0x7f0000000240)=""/177, 0xb1) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x410000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x5, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x20006, 0x4, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a2b, 0x3000, 0x2, 0x3, 0x10000) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto_PR_SET_ENDIAN(0x14, 0xfffffffffffffff5, 0x0, 0x5, 0x6) prctl$auto_PR_SET_MDWE(0x41, 0x5, 0x0, 0x4, 0x1) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_proc_environ_operations_base(0xffffffffffffffff, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x1) mq_open$auto(0x0, 0x5, 0x3, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000005}, 0x8000800) sendmmsg$auto(r2, 0x0, 0xc11c, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) 1.065673286s ago: executing program 4 (id=5099): close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f00000001c0)='./file0\x00', 0x121142, 0x13d) mmap$auto(0x0, 0x400008, 0x2, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) socket(0xa, 0x6, 0x82) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/ip_vs\x00', 0x121000, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x2b, 0x1, 0x1) write$auto(0x3, 0x0, 0xfffffdef) r0 = socket(0xf, 0x3, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim6/psample/enable\x00', 0x54000, 0x0) close_range$auto(0x2, r1, 0xfffffffc) getsockopt$auto_SO_KEEPALIVE(r0, 0x3, 0x9, &(0x7f0000000040)='\x00', &(0x7f0000000080)=0x80000001) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd0/queue/fua\x00', 0x8000, 0x0) read$auto(r2, 0x0, 0x10000000000e8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) connect$auto(r1, &(0x7f0000000140)=@ax25={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4}, 0x1) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 623.444992ms ago: executing program 0 (id=5100): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, r1, 0xf25, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054) 337.030282ms ago: executing program 1 (id=5101): socket$nl_generic(0x10, 0x3, 0x10) mprotect$auto(0x1ffff000, 0x8000000000000002, 0x5) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x9eff, &(0x7f00000000c0)={&(0x7f0000000280)={0x2c, r1, 0x936355e497c8b7e5, 0x70bd26, 0x25dddbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}]}]}, 0x2c}}, 0x40488a6) 92.210075ms ago: executing program 1 (id=5102): mmap$auto(0x0, 0x20009, 0xdf, 0xebf, 0x401, 0x8000) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x10000, 0x1, 0x2, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x83, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x2003f0, 0x15) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x0, 0x0) socket(0x10, 0x3, 0x6) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x2, 0x9, 0x2, 0x6]}, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) r2 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vbi1\x00', 0x0, 0x0) ioctl$auto(r3, 0xc0845655, r3) 73.932829ms ago: executing program 0 (id=5103): mmap$auto(0x0, 0x20009, 0x804000000000df, 0xeb1, 0x404, 0x1000000008000) read$auto(0xffffffffffffffff, 0x0, 0x8000) r0 = socket(0x10, 0x2, 0x4) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r1, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x20000001) socket(0x2, 0x2, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) ioperm$auto(0x4000000000080, 0xfffffffffffffffb, 0x5) r3 = prctl$auto_PR_SCHED_CORE_GET(0x8, 0x0, 0xffffffffffffffff, 0x9, 0x5) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000840), 0x2000000, 0x0) sendmsg$auto_L2TP_CMD_SESSION_MODIFY(r3, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4c040) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) mbind$auto(0x0, 0x800605, 0x8003, 0x0, 0x3, 0x3) 0s ago: executing program 4 (id=5104): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/capabilities/ff\x00', 0x300, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/225, 0xe1) statmount$auto(0x0, &(0x7f0000000180)={0x20000a, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7ff, 0x89, 0x26, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffd, 0x8, 0x0, 0x30, 0x0, 0xa64, 0xe, 0x4fb, 0x9, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0xab96, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x8000000000, 0x5]}, 0xfffffffffffffffe, 0x200d) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r1, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84") ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffff7effffd05, &(0x7f00000001c0)) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0x15, 0x5, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r4 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(r0, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x4, 0x2) r5 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r5, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(r6, &(0x7f000000ca40)={0x0, 0x0, &(0x7f000000ca00)={&(0x7f000000c1c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="e3db28029be189dbdf2510000000"], 0x14}, 0x1, 0x0, 0x0, 0x841}, 0x4) write$auto_fuse_dev_operations_fuse_i(r4, &(0x7f0000000440)="110000001265843a000000000000000000", 0x11) r8 = socket(0x1a, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x200488c0}, 0x20040040) kernel console output (not intermixed with test programs): ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1707.879229][T27452] RSP: 002b:00007f54e55850e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1707.879252][T27452] RAX: ffffffffffffffda RBX: 00007f54e49b5fa8 RCX: 00007f54e478e169 [ 1707.879267][T27452] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f54e49b5fac [ 1707.879282][T27452] RBP: 00007f54e49b5fa0 R08: 00007f54e5586000 R09: 0000000000000000 [ 1707.879296][T27452] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f54e49b5fac [ 1707.879310][T27452] R13: 0000000000000000 R14: 00007ffc16065e60 R15: 00007ffc16065f48 [ 1707.879337][T27452] [ 1708.099120][T27456] FAULT_INJECTION: forcing a failure. [ 1708.099120][T27456] name failslab, interval 1, probability 0, space 0, times 0 [ 1708.113021][T27456] CPU: 0 UID: 0 PID: 27456 Comm: syz.0.4566 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1708.113058][T27456] Tainted: [U]=USER [ 1708.113066][T27456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1708.113080][T27456] Call Trace: [ 1708.113088][T27456] [ 1708.113097][T27456] dump_stack_lvl+0x16c/0x1f0 [ 1708.113135][T27456] should_fail_ex+0x512/0x640 [ 1708.113162][T27456] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1708.113193][T27456] should_failslab+0xc2/0x120 [ 1708.113224][T27456] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1708.113252][T27456] ? getname_flags.part.0+0x4c/0x550 [ 1708.113289][T27456] getname_flags.part.0+0x4c/0x550 [ 1708.113323][T27456] getname_flags+0x93/0xf0 [ 1708.113345][T27456] do_sys_openat2+0xb8/0x1d0 [ 1708.113377][T27456] ? __pfx_do_sys_openat2+0x10/0x10 [ 1708.113412][T27456] ? __fget_files+0x20e/0x3c0 [ 1708.113439][T27456] __x64_sys_openat+0x174/0x210 [ 1708.113472][T27456] ? __pfx___x64_sys_openat+0x10/0x10 [ 1708.113504][T27456] ? ksys_write+0x1b9/0x240 [ 1708.113545][T27456] do_syscall_64+0xcd/0x230 [ 1708.113581][T27456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1708.113604][T27456] RIP: 0033:0x7f54e478e169 [ 1708.113622][T27456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1708.113644][T27456] RSP: 002b:00007f54e5564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1708.113665][T27456] RAX: ffffffffffffffda RBX: 00007f54e49b6080 RCX: 00007f54e478e169 [ 1708.113681][T27456] RDX: 0000000000000000 RSI: 0000200000000840 RDI: ffffffffffffff9c [ 1708.113695][T27456] RBP: 00007f54e5564090 R08: 0000000000000000 R09: 0000000000000000 [ 1708.113709][T27456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1708.113723][T27456] R13: 0000000000000001 R14: 00007f54e49b6080 R15: 00007ffc16065f48 [ 1708.113750][T27456] [ 1709.182819][T27460] FAULT_INJECTION: forcing a failure. [ 1709.182819][T27460] name failslab, interval 1, probability 0, space 0, times 0 [ 1709.291197][T27460] CPU: 0 UID: 0 PID: 27460 Comm: syz.0.4568 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1709.291241][T27460] Tainted: [U]=USER [ 1709.291249][T27460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1709.291265][T27460] Call Trace: [ 1709.291273][T27460] [ 1709.291282][T27460] dump_stack_lvl+0x16c/0x1f0 [ 1709.291324][T27460] should_fail_ex+0x512/0x640 [ 1709.291354][T27460] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1709.291391][T27460] should_failslab+0xc2/0x120 [ 1709.291424][T27460] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1709.291469][T27460] ? __pfx__raw_spin_unlock_bh+0x1/0x10 [ 1709.291507][T27460] ? ip6_route_net_init+0x219/0x8b0 [ 1709.291538][T27460] kmemdup_noprof+0x29/0x60 [ 1709.291571][T27460] ip6_route_net_init+0x219/0x8b0 [ 1709.291600][T27460] ? __pfx_ip6_route_net_init+0x10/0x10 [ 1709.291626][T27460] ops_init+0x1df/0x5f0 [ 1709.291663][T27460] setup_net+0x21e/0x850 [ 1709.291699][T27460] ? __pfx_setup_net+0x10/0x10 [ 1709.291730][T27460] ? lockdep_init_map_type+0x5c/0x280 [ 1709.291766][T27460] ? __pfx_down_read_killable+0x10/0x10 [ 1709.291791][T27460] ? debug_mutex_init+0x37/0x70 [ 1709.291818][T27460] copy_net_ns+0x2a6/0x5f0 [ 1709.291857][T27460] create_new_namespaces+0x3ea/0xad0 [ 1709.291892][T27460] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1709.291924][T27460] ksys_unshare+0x45b/0xa40 [ 1709.291959][T27460] ? __pfx_ksys_unshare+0x10/0x10 [ 1709.291991][T27460] ? xfd_validate_state+0x5d/0x180 [ 1709.292017][T27460] ? syscall_user_dispatch+0x78/0x140 [ 1709.292060][T27460] __x64_sys_unshare+0x31/0x40 [ 1709.292093][T27460] do_syscall_64+0xcd/0x230 [ 1709.292129][T27460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1709.292153][T27460] RIP: 0033:0x7f54e478e169 [ 1709.292171][T27460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1709.292195][T27460] RSP: 002b:00007f54e5585038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1709.292217][T27460] RAX: ffffffffffffffda RBX: 00007f54e49b5fa0 RCX: 00007f54e478e169 [ 1709.292232][T27460] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1709.292247][T27460] RBP: 00007f54e4810a68 R08: 0000000000000000 R09: 0000000000000000 [ 1709.292261][T27460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1709.292274][T27460] R13: 0000000000000000 R14: 00007f54e49b5fa0 R15: 00007ffc16065f48 [ 1709.292322][T27460] [ 1710.013542][T22261] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1710.073615][T22261] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1710.120658][T22261] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1710.174600][T22261] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1710.197780][T22261] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1711.201089][T27126] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.443891][T27126] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1711.992102][T27126] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1712.315502][T22261] Bluetooth: hci1: command tx timeout [ 1712.339449][T27126] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1712.359648][T27491] FAULT_INJECTION: forcing a failure. [ 1712.359648][T27491] name failslab, interval 1, probability 0, space 0, times 0 [ 1712.474759][T27491] CPU: 0 UID: 0 PID: 27491 Comm: syz.2.4574 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1712.474800][T27491] Tainted: [U]=USER [ 1712.474807][T27491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1712.474821][T27491] Call Trace: [ 1712.474828][T27491] [ 1712.474837][T27491] dump_stack_lvl+0x16c/0x1f0 [ 1712.474876][T27491] should_fail_ex+0x512/0x640 [ 1712.474903][T27491] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1712.474931][T27491] should_failslab+0xc2/0x120 [ 1712.474962][T27491] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1712.474985][T27491] ? alloc_pipe_info+0x10e/0x590 [ 1712.475015][T27491] alloc_pipe_info+0x10e/0x590 [ 1712.475043][T27491] splice_direct_to_actor+0x77d/0xa30 [ 1712.475083][T27491] ? __pfx_direct_splice_actor+0x10/0x10 [ 1712.475121][T27491] ? __pfx_aa_file_perm+0x10/0x10 [ 1712.475163][T27491] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1712.475197][T27491] ? get_pid_task+0xfc/0x250 [ 1712.475237][T27491] do_splice_direct+0x174/0x240 [ 1712.475277][T27491] ? __pfx_do_splice_direct+0x10/0x10 [ 1712.475313][T27491] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1712.475351][T27491] ? rw_verify_area+0xcf/0x680 [ 1712.475390][T27491] do_sendfile+0xafd/0xe50 [ 1712.475416][T27491] ? __pfx_do_sendfile+0x10/0x10 [ 1712.475438][T27491] ? __fget_files+0x20e/0x3c0 [ 1712.475467][T27491] __x64_sys_sendfile64+0x1d8/0x220 [ 1712.475495][T27491] ? ksys_write+0x1b9/0x240 [ 1712.475517][T27491] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1712.475545][T27491] ? rcu_is_watching+0x12/0xc0 [ 1712.475576][T27491] do_syscall_64+0xcd/0x230 [ 1712.475610][T27491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1712.475634][T27491] RIP: 0033:0x7fe985f8e169 [ 1712.475651][T27491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1712.475674][T27491] RSP: 002b:00007fe986d10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1712.475696][T27491] RAX: ffffffffffffffda RBX: 00007fe9861b5fa0 RCX: 00007fe985f8e169 [ 1712.475712][T27491] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 1712.475725][T27491] RBP: 00007fe986d10090 R08: 0000000000000000 R09: 0000000000000000 [ 1712.475738][T27491] R10: 000000004f64a1d2 R11: 0000000000000246 R12: 0000000000000001 [ 1712.475752][T27491] R13: 0000000000000000 R14: 00007fe9861b5fa0 R15: 00007ffd76793c18 [ 1712.475780][T27491] [ 1713.000768][T27465] chnl_net:caif_netlink_parms(): no params data found [ 1713.771710][T27465] bridge0: port 1(bridge_slave_0) entered blocking state [ 1713.795830][T27465] bridge0: port 1(bridge_slave_0) entered disabled state [ 1713.823645][T27465] bridge_slave_0: entered allmulticast mode [ 1713.855805][T27465] bridge_slave_0: entered promiscuous mode [ 1713.941595][T27465] bridge0: port 2(bridge_slave_1) entered blocking state [ 1714.006107][T27465] bridge0: port 2(bridge_slave_1) entered disabled state [ 1714.046916][T27465] bridge_slave_1: entered allmulticast mode [ 1714.074746][T27465] bridge_slave_1: entered promiscuous mode [ 1714.378442][T27465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1714.396487][T22261] Bluetooth: hci1: command tx timeout [ 1714.470845][T27465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1714.657158][T27126] bridge_slave_1: left allmulticast mode [ 1714.669343][T27515] random: crng reseeded on system resumption [ 1714.690450][T27126] bridge_slave_1: left promiscuous mode [ 1714.732490][T27126] bridge0: port 2(bridge_slave_1) entered disabled state [ 1714.809827][T27126] bridge_slave_0: left allmulticast mode [ 1714.850068][T27126] bridge_slave_0: left promiscuous mode [ 1714.871752][T27126] bridge0: port 1(bridge_slave_0) entered disabled state [ 1716.475595][T22261] Bluetooth: hci1: command tx timeout [ 1716.490785][T27126] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1716.518467][T27126] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1716.552286][T27126] bond0 (unregistering): Released all slaves [ 1716.675080][T27465] team0: Port device team_slave_0 added [ 1716.940619][T27465] team0: Port device team_slave_1 added [ 1717.010918][T27541] FAULT_INJECTION: forcing a failure. [ 1717.010918][T27541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1717.155009][T27541] CPU: 0 UID: 0 PID: 27541 Comm: syz.0.4581 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1717.155082][T27541] Tainted: [U]=USER [ 1717.155091][T27541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1717.155108][T27541] Call Trace: [ 1717.155116][T27541] [ 1717.155125][T27541] dump_stack_lvl+0x16c/0x1f0 [ 1717.155166][T27541] should_fail_ex+0x512/0x640 [ 1717.155198][T27541] _copy_from_user+0x2e/0xd0 [ 1717.155230][T27541] core_sys_select+0x35a/0xbe0 [ 1717.155264][T27541] ? __pfx_core_sys_select+0x10/0x10 [ 1717.155291][T27541] ? proc_fail_nth_write+0x9f/0x250 [ 1717.155350][T27541] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1717.155393][T27541] kern_select+0x15d/0x1e0 [ 1717.155415][T27541] ? __pfx_kern_select+0x10/0x10 [ 1717.155440][T27541] ? __pfx_ksys_write+0x10/0x10 [ 1717.155470][T27541] __x64_sys_select+0xbd/0x160 [ 1717.155490][T27541] ? do_syscall_64+0x91/0x230 [ 1717.155523][T27541] ? lockdep_hardirqs_on+0x7c/0x110 [ 1717.155555][T27541] do_syscall_64+0xcd/0x230 [ 1717.155590][T27541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1717.155615][T27541] RIP: 0033:0x7f54e478e169 [ 1717.155634][T27541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1717.155657][T27541] RSP: 002b:00007f54e5543038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1717.155683][T27541] RAX: ffffffffffffffda RBX: 00007f54e49b6160 RCX: 00007f54e478e169 [ 1717.155699][T27541] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 1717.155713][T27541] RBP: 00007f54e5543090 R08: 0000000000000000 R09: 0000000000000000 [ 1717.155727][T27541] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 1717.155741][T27541] R13: 0000000000000001 R14: 00007f54e49b6160 R15: 00007ffc16065f48 [ 1717.155775][T27541] [ 1717.779373][T27465] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1717.797830][T27465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1717.869989][T27465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1717.940216][T27465] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1717.972371][T27465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1718.009542][T27465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1718.373432][T27465] hsr_slave_0: entered promiscuous mode [ 1718.392676][T27465] hsr_slave_1: entered promiscuous mode [ 1718.411127][T27465] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1718.433343][T27465] Cannot create hsr debugfs directory [ 1718.556936][T22261] Bluetooth: hci1: command tx timeout [ 1719.425644][T27562] FAULT_INJECTION: forcing a failure. [ 1719.425644][T27562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1719.508869][T27562] CPU: 0 UID: 0 PID: 27562 Comm: syz.2.4583 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1719.508912][T27562] Tainted: [U]=USER [ 1719.508920][T27562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1719.508935][T27562] Call Trace: [ 1719.508944][T27562] [ 1719.508953][T27562] dump_stack_lvl+0x16c/0x1f0 [ 1719.508992][T27562] should_fail_ex+0x512/0x640 [ 1719.509028][T27562] _copy_from_user+0x2e/0xd0 [ 1719.509060][T27562] core_sys_select+0x2c7/0xbe0 [ 1719.509090][T27562] ? __pfx_core_sys_select+0x10/0x10 [ 1719.509118][T27562] ? proc_fail_nth_write+0x9f/0x250 [ 1719.509177][T27562] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1719.509219][T27562] kern_select+0x15d/0x1e0 [ 1719.509241][T27562] ? __pfx_kern_select+0x10/0x10 [ 1719.509267][T27562] ? __pfx_ksys_write+0x10/0x10 [ 1719.509304][T27562] ? rcu_is_watching+0x12/0xc0 [ 1719.509332][T27562] __x64_sys_select+0xbd/0x160 [ 1719.509352][T27562] ? do_syscall_64+0x91/0x230 [ 1719.509384][T27562] ? lockdep_hardirqs_on+0x7c/0x110 [ 1719.509415][T27562] do_syscall_64+0xcd/0x230 [ 1719.509449][T27562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1719.509473][T27562] RIP: 0033:0x7fe985f8e169 [ 1719.509490][T27562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1719.509513][T27562] RSP: 002b:00007fe986d10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1719.509534][T27562] RAX: ffffffffffffffda RBX: 00007fe9861b5fa0 RCX: 00007fe985f8e169 [ 1719.509549][T27562] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000006 [ 1719.509563][T27562] RBP: 00007fe986d10090 R08: 0000000000000000 R09: 0000000000000000 [ 1719.509577][T27562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1719.509590][T27562] R13: 0000000000000000 R14: 00007fe9861b5fa0 R15: 00007ffd76793c18 [ 1719.509618][T27562] [ 1720.431164][T27126] hsr_slave_0: left promiscuous mode [ 1720.463979][T27126] hsr_slave_1: left promiscuous mode [ 1720.492681][T27126] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1720.542579][T27126] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1720.599292][T27583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4587'. [ 1720.620836][T27126] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1720.649520][T27126] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1720.729854][T27126] veth1_macvtap: left promiscuous mode [ 1720.761425][T27126] veth0_macvtap: left promiscuous mode [ 1720.787352][T27126] veth1_vlan: left promiscuous mode [ 1720.851380][T27126] veth0_vlan: left promiscuous mode [ 1721.759977][T27126] team0 (unregistering): Port device team_slave_1 removed [ 1721.823517][T27126] team0 (unregistering): Port device team_slave_0 removed [ 1723.945701][T27465] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1724.017025][T27465] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1724.084861][T27465] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1724.182567][T27465] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1724.669658][T27465] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1724.837931][T27465] 8021q: adding VLAN 0 to HW filter on device team0 [ 1725.058744][T27126] bridge0: port 1(bridge_slave_0) entered blocking state [ 1725.065942][T27126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1725.169383][T27126] bridge0: port 2(bridge_slave_1) entered blocking state [ 1725.176649][T27126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1725.991595][T27634] FAULT_INJECTION: forcing a failure. [ 1725.991595][T27634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1726.089534][T27634] CPU: 0 UID: 0 PID: 27634 Comm: syz.0.4593 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1726.089577][T27634] Tainted: [U]=USER [ 1726.089585][T27634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1726.089598][T27634] Call Trace: [ 1726.089606][T27634] [ 1726.089616][T27634] dump_stack_lvl+0x16c/0x1f0 [ 1726.089657][T27634] should_fail_ex+0x512/0x640 [ 1726.089690][T27634] _copy_from_iter+0x2a4/0x15b0 [ 1726.089728][T27634] ? __pfx___mutex_lock+0x10/0x10 [ 1726.089762][T27634] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 1726.089793][T27634] ? __pfx__copy_from_iter+0x10/0x10 [ 1726.089825][T27634] ? __pfx___might_resched+0x10/0x10 [ 1726.089864][T27634] file_tty_write.constprop.0+0x486/0x9b0 [ 1726.089896][T27634] vfs_write+0x5ba/0x1180 [ 1726.089922][T27634] ? __pfx_tty_write+0x10/0x10 [ 1726.089945][T27634] ? __pfx_vfs_write+0x10/0x10 [ 1726.089967][T27634] ? find_held_lock+0x2b/0x80 [ 1726.090017][T27634] ksys_write+0x12a/0x240 [ 1726.090041][T27634] ? __pfx_ksys_write+0x10/0x10 [ 1726.090074][T27634] do_syscall_64+0xcd/0x230 [ 1726.090111][T27634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1726.090135][T27634] RIP: 0033:0x7f54e478e169 [ 1726.090154][T27634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1726.090178][T27634] RSP: 002b:00007f54e5564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1726.090200][T27634] RAX: ffffffffffffffda RBX: 00007f54e49b6080 RCX: 00007f54e478e169 [ 1726.090216][T27634] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 1726.090230][T27634] RBP: 00007f54e5564090 R08: 0000000000000000 R09: 0000000000000000 [ 1726.090244][T27634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1726.090259][T27634] R13: 0000000000000001 R14: 00007f54e49b6080 R15: 00007ffc16065f48 [ 1726.090288][T27634] [ 1726.402428][T27640] netlink: 'syz.2.4595': attribute type 11 has an invalid length. [ 1726.411470][T27640] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4595'. [ 1726.422793][T27640] netlink: 'syz.2.4595': attribute type 11 has an invalid length. [ 1726.430688][T27640] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4595'. [ 1726.849080][T27465] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1727.359207][T27465] veth0_vlan: entered promiscuous mode [ 1727.463585][T27465] veth1_vlan: entered promiscuous mode [ 1727.680845][T27465] veth0_macvtap: entered promiscuous mode [ 1727.785798][T27465] veth1_macvtap: entered promiscuous mode [ 1728.417818][T27465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1728.535563][T27465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.620522][T27465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1728.671366][T27465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.733258][T27465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1728.770501][T27465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.808044][T27465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1728.848351][T27465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1728.894403][T27465] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1728.990755][T27465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1729.043529][T27465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1729.087182][T27465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1729.118414][T27465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1729.158294][T27465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1729.203253][T27465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1729.245511][T27465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1729.278764][T27465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1729.321541][T27465] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1729.592965][T27465] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1729.640408][T27465] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1729.669549][T27465] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1729.709382][T27465] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1730.295074][T15469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1730.357920][T15469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1730.519495][T15485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1730.563281][T15485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1732.629671][T27739] random: crng reseeded on system resumption [ 1734.242383][T27763] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4609'. [ 1735.380878][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1735.388184][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1735.410189][T27782] syz.4.4614 (27782): /proc/27782/oom_adj is deprecated, please use /proc/27782/oom_score_adj instead. [ 1735.782762][T27789] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4615'. [ 1738.244618][T27818] random: crng reseeded on system resumption [ 1738.287198][T27817] FAULT_INJECTION: forcing a failure. [ 1738.287198][T27817] name failslab, interval 1, probability 0, space 0, times 0 [ 1738.428317][T27817] CPU: 0 UID: 0 PID: 27817 Comm: syz.0.4622 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1738.428362][T27817] Tainted: [U]=USER [ 1738.428370][T27817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1738.428384][T27817] Call Trace: [ 1738.428392][T27817] [ 1738.428402][T27817] dump_stack_lvl+0x16c/0x1f0 [ 1738.428442][T27817] should_fail_ex+0x512/0x640 [ 1738.428470][T27817] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1738.428503][T27817] should_failslab+0xc2/0x120 [ 1738.428535][T27817] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1738.428564][T27817] ? security_file_alloc+0x34/0x2b0 [ 1738.428601][T27817] security_file_alloc+0x34/0x2b0 [ 1738.428633][T27817] init_file+0x93/0x4c0 [ 1738.428664][T27817] alloc_empty_file+0x73/0x1e0 [ 1738.428696][T27817] path_openat+0xe0/0x2d40 [ 1738.428719][T27817] ? __x64_sys_openat+0x174/0x210 [ 1738.428751][T27817] ? do_syscall_64+0xcd/0x230 [ 1738.428783][T27817] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1738.428817][T27817] ? __pfx_path_openat+0x10/0x10 [ 1738.428849][T27817] do_filp_open+0x20b/0x470 [ 1738.428873][T27817] ? __pfx_do_filp_open+0x10/0x10 [ 1738.428926][T27817] ? alloc_fd+0x471/0x7d0 [ 1738.428956][T27817] do_sys_openat2+0x11b/0x1d0 [ 1738.428990][T27817] ? __pfx_do_sys_openat2+0x10/0x10 [ 1738.429034][T27817] __x64_sys_openat+0x174/0x210 [ 1738.429068][T27817] ? __pfx___x64_sys_openat+0x10/0x10 [ 1738.429105][T27817] ? rcu_is_watching+0x12/0xc0 [ 1738.429137][T27817] do_syscall_64+0xcd/0x230 [ 1738.429173][T27817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1738.429196][T27817] RIP: 0033:0x7f54e478e169 [ 1738.429215][T27817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1738.429239][T27817] RSP: 002b:00007f54e5564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1738.429261][T27817] RAX: ffffffffffffffda RBX: 00007f54e49b6080 RCX: 00007f54e478e169 [ 1738.429277][T27817] RDX: 0000000000000800 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 1738.429292][T27817] RBP: 00007f54e4810a68 R08: 0000000000000000 R09: 0000000000000000 [ 1738.429306][T27817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1738.429320][T27817] R13: 0000000000000000 R14: 00007f54e49b6080 R15: 00007ffc16065f48 [ 1738.429348][T27817] [ 1738.753701][T27809] Line length is too long: Should be less than 4094 [ 1740.700232][T27852] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4630'. [ 1740.946190][T27859] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1740.974507][T27859] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1741.005085][T27859] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1741.042976][T27859] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1741.082150][T27859] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1741.196607][T27859] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1741.859433][T27881] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 1742.322857][T27884] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 1742.911850][T27893] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1742.961918][T22261] Bluetooth: hci3: command 0x0406 tx timeout [ 1742.986348][T27895] random: crng reseeded on system resumption [ 1743.040010][T22261] Bluetooth: hci2: command 0x0406 tx timeout [ 1743.049006][T27155] Bluetooth: hci0: command 0x0406 tx timeout [ 1743.116911][T22261] Bluetooth: hci1: command 0x0c1a tx timeout [ 1743.272683][T27897] FAULT_INJECTION: forcing a failure. [ 1743.272683][T27897] name failslab, interval 1, probability 0, space 0, times 0 [ 1743.423100][T27897] CPU: 0 UID: 0 PID: 27897 Comm: syz.0.4642 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1743.423144][T27897] Tainted: [U]=USER [ 1743.423152][T27897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1743.423167][T27897] Call Trace: [ 1743.423175][T27897] [ 1743.423185][T27897] dump_stack_lvl+0x16c/0x1f0 [ 1743.423226][T27897] should_fail_ex+0x512/0x640 [ 1743.423255][T27897] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1743.423283][T27897] should_failslab+0xc2/0x120 [ 1743.423316][T27897] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1743.423339][T27897] ? get_device_parent+0x274/0x4e0 [ 1743.423362][T27897] ? get_device_parent+0x2b1/0x4e0 [ 1743.423387][T27897] get_device_parent+0x2b1/0x4e0 [ 1743.423413][T27897] device_add+0x1ad/0x1a70 [ 1743.423443][T27897] ? __pfx_device_add+0x10/0x10 [ 1743.423468][T27897] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1743.423505][T27897] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 1743.423547][T27897] wiphy_register+0x1c9c/0x2850 [ 1743.423572][T27897] ? netdev_run_todo+0x864/0x1320 [ 1743.423606][T27897] ? __dev_printk+0x1d0/0x270 [ 1743.423645][T27897] ? __pfx_wiphy_register+0x10/0x10 [ 1743.423686][T27897] ieee80211_register_hw+0x2432/0x4020 [ 1743.423722][T27897] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1743.423760][T27897] ? find_held_lock+0x2b/0x80 [ 1743.423787][T27897] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1743.423821][T27897] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1743.423859][T27897] ? __hrtimer_setup+0x176/0x280 [ 1743.423899][T27897] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1743.423949][T27897] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1743.423988][T27897] hwsim_new_radio_nl+0xb51/0x12c0 [ 1743.424020][T27897] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1743.424059][T27897] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1743.424100][T27897] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1743.424149][T27897] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1743.424191][T27897] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1743.424230][T27897] ? trace_cap_capable+0x18d/0x200 [ 1743.424262][T27897] ? bpf_lsm_capable+0x9/0x10 [ 1743.424288][T27897] ? security_capable+0x7e/0x260 [ 1743.424312][T27897] ? ns_capable+0xd7/0x110 [ 1743.424342][T27897] genl_rcv_msg+0x55c/0x800 [ 1743.424369][T27897] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1743.424392][T27897] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1743.424423][T27897] ? __lock_acquire+0xaa4/0x1ba0 [ 1743.424461][T27897] netlink_rcv_skb+0x16a/0x440 [ 1743.424495][T27897] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1743.424518][T27897] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1743.424567][T27897] ? __pfx_down_read+0x10/0x10 [ 1743.424589][T27897] ? netlink_deliver_tap+0x1ae/0xd30 [ 1743.424626][T27897] genl_rcv+0x28/0x40 [ 1743.424659][T27897] netlink_unicast+0x53a/0x7f0 [ 1743.424697][T27897] ? __pfx_netlink_unicast+0x10/0x10 [ 1743.424728][T27897] ? __lock_acquire+0xaa4/0x1ba0 [ 1743.424772][T27897] netlink_sendmsg+0x8d1/0xdd0 [ 1743.424811][T27897] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1743.424856][T27897] ____sys_sendmsg+0xa95/0xc70 [ 1743.424881][T27897] ? copy_msghdr_from_user+0x10a/0x160 [ 1743.424912][T27897] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1743.424949][T27897] ___sys_sendmsg+0x134/0x1d0 [ 1743.424982][T27897] ? __pfx____sys_sendmsg+0x10/0x10 [ 1743.425051][T27897] __sys_sendmsg+0x16d/0x220 [ 1743.425083][T27897] ? __pfx___sys_sendmsg+0x10/0x10 [ 1743.425113][T27897] ? __x64_sys_futex+0x1e0/0x4c0 [ 1743.425149][T27897] ? rcu_is_watching+0x12/0xc0 [ 1743.425181][T27897] do_syscall_64+0xcd/0x230 [ 1743.425217][T27897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1743.425241][T27897] RIP: 0033:0x7f54e478e169 [ 1743.425261][T27897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1743.425284][T27897] RSP: 002b:00007f54e5585038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1743.425306][T27897] RAX: ffffffffffffffda RBX: 00007f54e49b5fa0 RCX: 00007f54e478e169 [ 1743.425322][T27897] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1743.425338][T27897] RBP: 00007f54e4810a68 R08: 0000000000000000 R09: 0000000000000000 [ 1743.425352][T27897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1743.425367][T27897] R13: 0000000000000000 R14: 00007f54e49b5fa0 R15: 00007ffc16065f48 [ 1743.425398][T27897] [ 1745.195511][T22261] Bluetooth: hci1: command 0x0c1a tx timeout [ 1746.011313][T27917] FAULT_INJECTION: forcing a failure. [ 1746.011313][T27917] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1746.087386][T27917] CPU: 0 UID: 0 PID: 27917 Comm: syz.4.4649 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1746.087427][T27917] Tainted: [U]=USER [ 1746.087435][T27917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1746.087449][T27917] Call Trace: [ 1746.087457][T27917] [ 1746.087466][T27917] dump_stack_lvl+0x16c/0x1f0 [ 1746.087503][T27917] should_fail_ex+0x512/0x640 [ 1746.087534][T27917] _copy_to_user+0x32/0xd0 [ 1746.087566][T27917] simple_read_from_buffer+0xcb/0x170 [ 1746.087605][T27917] proc_fail_nth_read+0x197/0x270 [ 1746.087641][T27917] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1746.087677][T27917] ? rw_verify_area+0xcf/0x680 [ 1746.087711][T27917] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1746.087746][T27917] vfs_read+0x1de/0xc70 [ 1746.087772][T27917] ? __pfx___mutex_lock+0x10/0x10 [ 1746.087806][T27917] ? __pfx_vfs_read+0x10/0x10 [ 1746.087836][T27917] ? __fget_files+0x20e/0x3c0 [ 1746.087866][T27917] ksys_read+0x12a/0x240 [ 1746.087888][T27917] ? __pfx_ksys_read+0x10/0x10 [ 1746.087910][T27917] ? rcu_is_watching+0x12/0xc0 [ 1746.087942][T27917] do_syscall_64+0xcd/0x230 [ 1746.087978][T27917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1746.088002][T27917] RIP: 0033:0x7f401d98cb7c [ 1746.088020][T27917] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1746.088042][T27917] RSP: 002b:00007f401e86e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1746.088063][T27917] RAX: ffffffffffffffda RBX: 00007f401dbb5fa0 RCX: 00007f401d98cb7c [ 1746.088079][T27917] RDX: 000000000000000f RSI: 00007f401e86e0a0 RDI: 0000000000000004 [ 1746.088093][T27917] RBP: 00007f401e86e090 R08: 0000000000000000 R09: 0000000000000000 [ 1746.088108][T27917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1746.088121][T27917] R13: 0000000000000000 R14: 00007f401dbb5fa0 R15: 00007fffd7106d68 [ 1746.088150][T27917] [ 1746.360395][T27921] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4650'. [ 1746.370012][T27921] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4650'. [ 1746.380873][T27921] netlink: 170 bytes leftover after parsing attributes in process `syz.1.4650'. [ 1747.276047][T22261] Bluetooth: hci1: command 0x0c1a tx timeout [ 1750.342792][T27977] FAULT_INJECTION: forcing a failure. [ 1750.342792][T27977] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1750.428067][T27977] CPU: 0 UID: 0 PID: 27977 Comm: syz.4.4661 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1750.428110][T27977] Tainted: [U]=USER [ 1750.428118][T27977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1750.428133][T27977] Call Trace: [ 1750.428141][T27977] [ 1750.428152][T27977] dump_stack_lvl+0x16c/0x1f0 [ 1750.428193][T27977] should_fail_ex+0x512/0x640 [ 1750.428227][T27977] should_fail_alloc_page+0xe7/0x130 [ 1750.428263][T27977] prepare_alloc_pages+0x3c2/0x610 [ 1750.428302][T27977] ? rcu_is_watching+0x12/0xc0 [ 1750.428332][T27977] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1750.428363][T27977] ? kasan_save_stack+0x33/0x60 [ 1750.428393][T27977] ? cgroup_rstat_updated+0x2a/0xb20 [ 1750.428425][T27977] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1750.428462][T27977] ? lru_gen_add_folio+0x1a4/0xef0 [ 1750.428498][T27977] ? __lock_acquire+0x5ca/0x1ba0 [ 1750.428534][T27977] ? __lock_acquire+0x5ca/0x1ba0 [ 1750.428567][T27977] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1750.428604][T27977] ? policy_nodemask+0xea/0x4e0 [ 1750.428637][T27977] alloc_pages_mpol+0x1fb/0x550 [ 1750.428670][T27977] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1750.428702][T27977] ? __lock_acquire+0x5ca/0x1ba0 [ 1750.428752][T27977] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1750.428789][T27977] vma_alloc_folio_noprof+0xed/0x1e0 [ 1750.428823][T27977] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1750.428867][T27977] do_pte_missing+0x223d/0x3fb0 [ 1750.428908][T27977] __handle_mm_fault+0x103d/0x2a40 [ 1750.428942][T27977] ? __pfx___handle_mm_fault+0x10/0x10 [ 1750.428966][T27977] ? __pte_offset_map_lock+0x155/0x2f0 [ 1750.429007][T27977] ? find_held_lock+0x2b/0x80 [ 1750.429030][T27977] ? find_held_lock+0x2b/0x80 [ 1750.429072][T27977] handle_mm_fault+0x3fe/0xad0 [ 1750.429104][T27977] __get_user_pages+0x771/0x36f0 [ 1750.429135][T27977] ? __pfx_mt_find+0x10/0x10 [ 1750.429172][T27977] ? __pfx___get_user_pages+0x10/0x10 [ 1750.429205][T27977] populate_vma_page_range+0x278/0x3a0 [ 1750.429232][T27977] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1750.429257][T27977] ? __pfx_find_vma_intersection+0x10/0x10 [ 1750.429295][T27977] ? do_mmap+0x69c/0x11b0 [ 1750.429334][T27977] __mm_populate+0x1d8/0x380 [ 1750.429360][T27977] ? __pfx___mm_populate+0x10/0x10 [ 1750.429403][T27977] ? up_write+0x1b2/0x520 [ 1750.429442][T27977] vm_mmap_pgoff+0x362/0x450 [ 1750.429482][T27977] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1750.429525][T27977] ? __x64_sys_futex+0x1e0/0x4c0 [ 1750.429552][T27977] ? __x64_sys_futex+0x1e9/0x4c0 [ 1750.429583][T27977] ksys_mmap_pgoff+0x7d/0x5c0 [ 1750.429620][T27977] ? rcu_is_watching+0x12/0xc0 [ 1750.429647][T27977] __x64_sys_mmap+0x125/0x190 [ 1750.429677][T27977] do_syscall_64+0xcd/0x230 [ 1750.429720][T27977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1750.429745][T27977] RIP: 0033:0x7f401d98e169 [ 1750.429764][T27977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1750.429790][T27977] RSP: 002b:00007f401e84d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1750.429812][T27977] RAX: ffffffffffffffda RBX: 00007f401dbb6080 RCX: 00007f401d98e169 [ 1750.429829][T27977] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 1750.429844][T27977] RBP: 00007f401da10a68 R08: 0000000000000002 R09: 0000000000008000 [ 1750.429858][T27977] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1750.429874][T27977] R13: 0000000000000000 R14: 00007f401dbb6080 R15: 00007fffd7106d68 [ 1750.429903][T27977] [ 1752.548556][T28003] FAULT_INJECTION: forcing a failure. [ 1752.548556][T28003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1752.648587][T28003] CPU: 0 UID: 0 PID: 28003 Comm: syz.2.4667 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1752.648631][T28003] Tainted: [U]=USER [ 1752.648639][T28003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1752.648654][T28003] Call Trace: [ 1752.648663][T28003] [ 1752.648673][T28003] dump_stack_lvl+0x16c/0x1f0 [ 1752.648713][T28003] should_fail_ex+0x512/0x640 [ 1752.648746][T28003] _copy_from_user+0x2e/0xd0 [ 1752.648785][T28003] kstrtouint_from_user+0xd6/0x1d0 [ 1752.648808][T28003] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1752.648829][T28003] ? __lock_acquire+0xaa4/0x1ba0 [ 1752.648876][T28003] proc_fail_nth_write+0x83/0x250 [ 1752.648914][T28003] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1752.648958][T28003] vfs_write+0x25c/0x1180 [ 1752.648982][T28003] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1752.649021][T28003] ? __pfx___mutex_lock+0x10/0x10 [ 1752.649055][T28003] ? __pfx_vfs_write+0x10/0x10 [ 1752.649088][T28003] ? __fget_files+0x20e/0x3c0 [ 1752.649119][T28003] ksys_write+0x12a/0x240 [ 1752.649143][T28003] ? __pfx_ksys_write+0x10/0x10 [ 1752.649165][T28003] ? rcu_is_watching+0x12/0xc0 [ 1752.649209][T28003] do_syscall_64+0xcd/0x230 [ 1752.649244][T28003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1752.649268][T28003] RIP: 0033:0x7fe985f8cc1f [ 1752.649285][T28003] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1752.649308][T28003] RSP: 002b:00007fe986d10030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1752.649329][T28003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe985f8cc1f [ 1752.649344][T28003] RDX: 0000000000000001 RSI: 00007fe986d100a0 RDI: 0000000000000004 [ 1752.649358][T28003] RBP: 00007fe986d10090 R08: 0000000000000000 R09: 0000000000000000 [ 1752.649372][T28003] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1752.649386][T28003] R13: 0000000000000000 R14: 00007fe9861b5fa0 R15: 00007ffd76793c18 [ 1752.649414][T28003] [ 1755.482742][T28026] FAULT_INJECTION: forcing a failure. [ 1755.482742][T28026] name failslab, interval 1, probability 0, space 0, times 0 [ 1755.538820][T28026] CPU: 0 UID: 0 PID: 28026 Comm: syz.1.4673 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1755.538863][T28026] Tainted: [U]=USER [ 1755.538870][T28026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1755.538884][T28026] Call Trace: [ 1755.538892][T28026] [ 1755.538902][T28026] dump_stack_lvl+0x16c/0x1f0 [ 1755.538941][T28026] should_fail_ex+0x512/0x640 [ 1755.538974][T28026] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1755.539006][T28026] should_failslab+0xc2/0x120 [ 1755.539038][T28026] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1755.539066][T28026] ? vma_merge_new_range+0x3f8/0xc10 [ 1755.539094][T28026] ? vm_area_alloc+0x1f/0x160 [ 1755.539128][T28026] vm_area_alloc+0x1f/0x160 [ 1755.539156][T28026] __mmap_region+0xfd0/0x27c0 [ 1755.539188][T28026] ? __pfx___mmap_region+0x10/0x10 [ 1755.539214][T28026] ? bpf_ksym_find+0x124/0x1c0 [ 1755.539244][T28026] ? __kernel_text_address+0xd/0x40 [ 1755.539267][T28026] ? unwind_get_return_address+0x59/0xa0 [ 1755.539341][T28026] ? trace_cap_capable+0x18d/0x200 [ 1755.539367][T28026] ? cap_capable+0xb3/0x250 [ 1755.539395][T28026] mmap_region+0x1ab/0x3f0 [ 1755.539429][T28026] do_mmap+0xd8e/0x11b0 [ 1755.539477][T28026] ? __pfx_do_mmap+0x10/0x10 [ 1755.539514][T28026] ? __pfx_down_write_killable+0x10/0x10 [ 1755.539558][T28026] vm_mmap_pgoff+0x281/0x450 [ 1755.539601][T28026] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1755.539639][T28026] ? __fget_files+0x20e/0x3c0 [ 1755.539670][T28026] ksys_mmap_pgoff+0x7d/0x5c0 [ 1755.539706][T28026] ? __pfx_ksys_write+0x10/0x10 [ 1755.539732][T28026] ? rcu_is_watching+0x12/0xc0 [ 1755.539759][T28026] __x64_sys_mmap+0x125/0x190 [ 1755.539788][T28026] do_syscall_64+0xcd/0x230 [ 1755.539826][T28026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1755.539850][T28026] RIP: 0033:0x7f9f1278e169 [ 1755.539868][T28026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1755.539892][T28026] RSP: 002b:00007f9f135da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1755.539914][T28026] RAX: ffffffffffffffda RBX: 00007f9f129b5fa0 RCX: 00007f9f1278e169 [ 1755.539929][T28026] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1755.539944][T28026] RBP: 00007f9f135da090 R08: fffffffffffffffa R09: 0000000000008000 [ 1755.539959][T28026] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000001 [ 1755.539973][T28026] R13: 0000000000000000 R14: 00007f9f129b5fa0 R15: 00007ffe543a7ab8 [ 1755.540002][T28026] [ 1756.322488][T28031] syz_tun: tun_chr_ioctl cmd 2147767511 [ 1757.658825][T28050] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4680'. [ 1757.746805][T28050] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4680'. [ 1762.501223][ T30] audit: type=1800 audit(4294967320.630:61): pid=28113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4695" name="lu_gp_id" dev="configfs" ino=113224 res=0 errno=0 [ 1763.074197][T28121] FAULT_INJECTION: forcing a failure. [ 1763.074197][T28121] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1763.338315][T28121] CPU: 0 UID: 0 PID: 28121 Comm: syz.0.4697 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1763.338357][T28121] Tainted: [U]=USER [ 1763.338365][T28121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1763.338379][T28121] Call Trace: [ 1763.338387][T28121] [ 1763.338397][T28121] dump_stack_lvl+0x16c/0x1f0 [ 1763.338436][T28121] should_fail_ex+0x512/0x640 [ 1763.338470][T28121] _copy_from_user+0x2e/0xd0 [ 1763.338503][T28121] kstrtouint_from_user+0xd6/0x1d0 [ 1763.338526][T28121] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1763.338547][T28121] ? __lock_acquire+0xaa4/0x1ba0 [ 1763.338594][T28121] proc_fail_nth_write+0x83/0x250 [ 1763.338631][T28121] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1763.338675][T28121] vfs_write+0x25c/0x1180 [ 1763.338698][T28121] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1763.338738][T28121] ? __pfx___mutex_lock+0x10/0x10 [ 1763.338773][T28121] ? __pfx_vfs_write+0x10/0x10 [ 1763.338805][T28121] ? __fget_files+0x20e/0x3c0 [ 1763.338845][T28121] ksys_write+0x12a/0x240 [ 1763.338869][T28121] ? __pfx_ksys_write+0x10/0x10 [ 1763.338892][T28121] ? rcu_is_watching+0x12/0xc0 [ 1763.338924][T28121] do_syscall_64+0xcd/0x230 [ 1763.338961][T28121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1763.338985][T28121] RIP: 0033:0x7f54e478cc1f [ 1763.339003][T28121] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1763.339026][T28121] RSP: 002b:00007f54e5585030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1763.339048][T28121] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f54e478cc1f [ 1763.339064][T28121] RDX: 0000000000000001 RSI: 00007f54e55850a0 RDI: 0000000000000004 [ 1763.339078][T28121] RBP: 00007f54e5585090 R08: 0000000000000000 R09: 0000000000000000 [ 1763.339093][T28121] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1763.339107][T28121] R13: 0000000000000000 R14: 00007f54e49b5fa0 R15: 00007ffc16065f48 [ 1763.339136][T28121] [ 1763.880055][T28131] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4700'. [ 1764.012779][T28136] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4700'. [ 1764.207617][T28117] Invalid ELF header magic: != ELF [ 1764.652318][T28130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1766.447686][T28181] random: crng reseeded on system resumption [ 1770.053933][T28233] random: crng reseeded on system resumption [ 1770.848497][T28240] vivid-003: ================= START STATUS ================= [ 1770.907696][T28240] vivid-003: Radio HW Seek Mode: Bounded [ 1770.963891][T28240] vivid-003: Radio Programmable HW Seek: false [ 1771.015551][T28240] vivid-003: RDS Rx I/O Mode: Block I/O [ 1771.041235][T28240] vivid-003: Generate RBDS Instead of RDS: false [ 1771.089163][T28240] vivid-003: RDS Reception: true [ 1771.099289][T28240] vivid-003: RDS Program Type: 0 inactive [ 1771.131804][T28240] vivid-003: RDS PS Name: inactive [ 1771.184245][T28240] vivid-003: RDS Radio Text: inactive [ 1771.215945][T28240] vivid-003: RDS Traffic Announcement: false inactive [ 1771.255811][T28240] vivid-003: RDS Traffic Program: false inactive [ 1771.322017][T28240] vivid-003: RDS Music: false inactive [ 1771.353942][T28240] vivid-003: ================== END STATUS ================== [ 1772.587736][T28266] FAULT_INJECTION: forcing a failure. [ 1772.587736][T28266] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1772.693704][T28266] CPU: 0 UID: 0 PID: 28266 Comm: syz.1.4731 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1772.693747][T28266] Tainted: [U]=USER [ 1772.693755][T28266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1772.693770][T28266] Call Trace: [ 1772.693778][T28266] [ 1772.693788][T28266] dump_stack_lvl+0x16c/0x1f0 [ 1772.693827][T28266] should_fail_ex+0x512/0x640 [ 1772.693861][T28266] should_fail_alloc_page+0xe7/0x130 [ 1772.693895][T28266] prepare_alloc_pages+0x3c2/0x610 [ 1772.693938][T28266] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1772.693973][T28266] ? copy_splice_read+0x1a8/0xba0 [ 1772.694008][T28266] ? stack_trace_save+0x8e/0xc0 [ 1772.694034][T28266] ? __pfx_stack_trace_save+0x10/0x10 [ 1772.694067][T28266] ? stack_depot_save_flags+0x28/0xa50 [ 1772.694101][T28266] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1772.694129][T28266] ? kasan_save_stack+0x42/0x60 [ 1772.694155][T28266] ? kasan_save_track+0x14/0x30 [ 1772.694181][T28266] ? __kmalloc_noprof+0x223/0x510 [ 1772.694207][T28266] ? copy_splice_read+0x1a8/0xba0 [ 1772.694240][T28266] ? do_splice_read+0x282/0x370 [ 1772.694273][T28266] ? splice_file_to_pipe+0x109/0x120 [ 1772.694294][T28266] ? do_sendfile+0x400/0xe50 [ 1772.694314][T28266] ? __x64_sys_sendfile64+0x1d8/0x220 [ 1772.694342][T28266] ? do_syscall_64+0xcd/0x230 [ 1772.694397][T28266] alloc_pages_bulk_noprof+0x703/0x13b0 [ 1772.694436][T28266] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1772.694473][T28266] ? trace_kmalloc+0x2b/0xd0 [ 1772.694504][T28266] ? __kmalloc_noprof+0x242/0x510 [ 1772.694538][T28266] copy_splice_read+0x1e1/0xba0 [ 1772.694574][T28266] ? trace_contention_end+0xdd/0x130 [ 1772.694609][T28266] ? __mutex_lock+0x1ca/0xb90 [ 1772.694644][T28266] ? __pfx_copy_splice_read+0x10/0x10 [ 1772.694683][T28266] ? __pfx___mutex_lock+0x10/0x10 [ 1772.694729][T28266] ? __fget_files+0x204/0x3c0 [ 1772.694753][T28266] ? __pfx_copy_splice_read+0x10/0x10 [ 1772.694789][T28266] do_splice_read+0x282/0x370 [ 1772.694827][T28266] splice_file_to_pipe+0x109/0x120 [ 1772.694852][T28266] do_sendfile+0x400/0xe50 [ 1772.694880][T28266] ? __pfx_do_sendfile+0x10/0x10 [ 1772.694903][T28266] ? __fget_files+0x20e/0x3c0 [ 1772.694933][T28266] __x64_sys_sendfile64+0x1d8/0x220 [ 1772.694961][T28266] ? ksys_write+0x1b9/0x240 [ 1772.694984][T28266] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1772.695013][T28266] ? rcu_is_watching+0x12/0xc0 [ 1772.695050][T28266] do_syscall_64+0xcd/0x230 [ 1772.695087][T28266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1772.695111][T28266] RIP: 0033:0x7f9f1278e169 [ 1772.695130][T28266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1772.695153][T28266] RSP: 002b:00007f9f135da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1772.695175][T28266] RAX: ffffffffffffffda RBX: 00007f9f129b5fa0 RCX: 00007f9f1278e169 [ 1772.695191][T28266] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000006 [ 1772.695205][T28266] RBP: 00007f9f135da090 R08: 0000000000000000 R09: 0000000000000000 [ 1772.695219][T28266] R10: 000000000000fdef R11: 0000000000000246 R12: 0000000000000001 [ 1772.695234][T28266] R13: 0000000000000000 R14: 00007f9f129b5fa0 R15: 00007ffe543a7ab8 [ 1772.695263][T28266] [ 1773.024890][T28263] netlink: 'syz.2.4730': attribute type 11 has an invalid length. [ 1774.191530][T28273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4733'. [ 1774.677071][T28282] FAULT_INJECTION: forcing a failure. [ 1774.677071][T28282] name failslab, interval 1, probability 0, space 0, times 0 [ 1774.787939][T28285] FAULT_INJECTION: forcing a failure. [ 1774.787939][T28285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1774.831073][T28282] CPU: 0 UID: 0 PID: 28282 Comm: syz.0.4736 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1774.831114][T28282] Tainted: [U]=USER [ 1774.831122][T28282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1774.831135][T28282] Call Trace: [ 1774.831143][T28282] [ 1774.831152][T28282] dump_stack_lvl+0x16c/0x1f0 [ 1774.831191][T28282] should_fail_ex+0x512/0x640 [ 1774.831219][T28282] ? fs_reclaim_acquire+0xae/0x150 [ 1774.831258][T28282] ? tomoyo_encode2+0x100/0x3e0 [ 1774.831289][T28282] should_failslab+0xc2/0x120 [ 1774.831320][T28282] __kmalloc_noprof+0xd2/0x510 [ 1774.831347][T28282] ? d_absolute_path+0x136/0x1a0 [ 1774.831382][T28282] tomoyo_encode2+0x100/0x3e0 [ 1774.831418][T28282] tomoyo_encode+0x29/0x50 [ 1774.831448][T28282] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1774.831489][T28282] tomoyo_path_number_perm+0x245/0x580 [ 1774.831516][T28282] ? tomoyo_path_number_perm+0x237/0x580 [ 1774.831546][T28282] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1774.831575][T28282] ? find_held_lock+0x2b/0x80 [ 1774.831624][T28282] ? find_held_lock+0x2b/0x80 [ 1774.831647][T28282] ? hook_file_ioctl_common+0x145/0x410 [ 1774.831679][T28282] ? __fget_files+0x20e/0x3c0 [ 1774.831705][T28282] security_file_ioctl+0x9b/0x240 [ 1774.831736][T28282] __x64_sys_ioctl+0xb7/0x200 [ 1774.831772][T28282] do_syscall_64+0xcd/0x230 [ 1774.831808][T28282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1774.831839][T28282] RIP: 0033:0x7f54e478e169 [ 1774.831858][T28282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1774.831899][T28282] RSP: 002b:00007f54e5585038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1774.831921][T28282] RAX: ffffffffffffffda RBX: 00007f54e49b5fa0 RCX: 00007f54e478e169 [ 1774.831937][T28282] RDX: 0000000000000003 RSI: 00000000c0845657 RDI: 0000000000000003 [ 1774.831951][T28282] RBP: 00007f54e5585090 R08: 0000000000000000 R09: 0000000000000000 [ 1774.831965][T28282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1774.831979][T28282] R13: 0000000000000000 R14: 00007f54e49b5fa0 R15: 00007ffc16065f48 [ 1774.832020][T28282] [ 1774.832038][T28282] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1775.083070][T28285] CPU: 0 UID: 0 PID: 28285 Comm: syz.1.4737 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1775.083113][T28285] Tainted: [U]=USER [ 1775.083121][T28285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1775.083135][T28285] Call Trace: [ 1775.083143][T28285] [ 1775.083153][T28285] dump_stack_lvl+0x16c/0x1f0 [ 1775.083193][T28285] should_fail_ex+0x512/0x640 [ 1775.083237][T28285] strncpy_from_user+0x3b/0x2e0 [ 1775.083265][T28285] getname_flags.part.0+0x8f/0x550 [ 1775.083301][T28285] getname_flags+0x93/0xf0 [ 1775.083323][T28285] user_path_at+0x24/0x60 [ 1775.083346][T28285] do_faccessat+0x139/0xba0 [ 1775.083373][T28285] ? __pfx_do_faccessat+0x10/0x10 [ 1775.083398][T28285] ? syscall_user_dispatch+0x78/0x140 [ 1775.083441][T28285] __x64_sys_access+0x5b/0x80 [ 1775.083468][T28285] do_syscall_64+0xcd/0x230 [ 1775.083503][T28285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1775.083527][T28285] RIP: 0033:0x7f9f1278e169 [ 1775.083545][T28285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1775.083568][T28285] RSP: 002b:00007f9f135da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 1775.083589][T28285] RAX: ffffffffffffffda RBX: 00007f9f129b5fa0 RCX: 00007f9f1278e169 [ 1775.083604][T28285] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000200000000080 [ 1775.083618][T28285] RBP: 00007f9f135da090 R08: 0000000000000000 R09: 0000000000000000 [ 1775.083632][T28285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1775.083645][T28285] R13: 0000000000000000 R14: 00007f9f129b5fa0 R15: 00007ffe543a7ab8 [ 1775.083673][T28285] [ 1776.448734][T28295] FAULT_INJECTION: forcing a failure. [ 1776.448734][T28295] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1776.549988][T28295] CPU: 0 UID: 0 PID: 28295 Comm: syz.1.4739 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1776.550033][T28295] Tainted: [U]=USER [ 1776.550041][T28295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1776.550056][T28295] Call Trace: [ 1776.550065][T28295] [ 1776.550074][T28295] dump_stack_lvl+0x16c/0x1f0 [ 1776.550114][T28295] should_fail_ex+0x512/0x640 [ 1776.550149][T28295] get_futex_key+0x49e/0x1000 [ 1776.550180][T28295] ? __pfx_get_futex_key+0x10/0x10 [ 1776.550216][T28295] futex_wake+0xe7/0x4e0 [ 1776.550251][T28295] ? __pfx_futex_wake+0x10/0x10 [ 1776.550284][T28295] ? trace_kmalloc+0x2b/0xd0 [ 1776.550318][T28295] ? __kmalloc_noprof+0x242/0x510 [ 1776.550350][T28295] ? commit_creds+0x6e3/0x1040 [ 1776.550390][T28295] do_futex+0x1e3/0x350 [ 1776.550419][T28295] ? __pfx_do_futex+0x10/0x10 [ 1776.550448][T28295] ? cap_task_prctl+0x2af/0xa80 [ 1776.550478][T28295] __x64_sys_futex+0x1e0/0x4c0 [ 1776.550507][T28295] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 1776.550537][T28295] ? __pfx___x64_sys_futex+0x10/0x10 [ 1776.550566][T28295] ? __pfx___do_sys_prctl+0x10/0x10 [ 1776.550588][T28295] ? rcu_is_watching+0x12/0xc0 [ 1776.550621][T28295] do_syscall_64+0xcd/0x230 [ 1776.550659][T28295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1776.550683][T28295] RIP: 0033:0x7f9f1278e169 [ 1776.550703][T28295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1776.550727][T28295] RSP: 002b:00007f9f135da0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1776.550750][T28295] RAX: ffffffffffffffda RBX: 00007f9f129b5fa8 RCX: 00007f9f1278e169 [ 1776.550766][T28295] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9f129b5fac [ 1776.550781][T28295] RBP: 00007f9f129b5fa0 R08: 00007f9f135db000 R09: 0000000000000000 [ 1776.550797][T28295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9f129b5fac [ 1776.550812][T28295] R13: 0000000000000000 R14: 00007ffe543a79d0 R15: 00007ffe543a7ab8 [ 1776.550841][T28295] [ 1778.341353][T28308] can: request_module (can-proto-0) failed. [ 1780.399258][T22261] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1783.501998][T28383] KVM: debugfs: duplicate directory 28383-4 [ 1787.322687][T28429] device-mapper: ioctl: device name cannot contain '/' [ 1791.787201][T28480] sg_write: data in/out 16777182/64972 bytes for SCSI command 0x0-- guessing data in; [ 1791.787201][T28480] program syz.4.4778 not setting count and/or reply_len properly [ 1792.251617][T28480] size and base must be multiples of 4 kiB [ 1792.290560][T28480] CPU: 0 UID: 0 PID: 28480 Comm: syz.4.4778 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1792.290604][T28480] Tainted: [U]=USER [ 1792.290613][T28480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1792.290629][T28480] Call Trace: [ 1792.290637][T28480] [ 1792.290646][T28480] dump_stack_lvl+0x16c/0x1f0 [ 1792.290688][T28480] mtrr_add+0xdf/0x110 [ 1792.290728][T28480] mtrr_ioctl+0x7ef/0xcf0 [ 1792.290751][T28480] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1792.290779][T28480] ? find_held_lock+0x2b/0x80 [ 1792.290813][T28480] ? __fget_files+0x20e/0x3c0 [ 1792.290838][T28480] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1792.290859][T28480] proc_reg_unlocked_ioctl+0x226/0x320 [ 1792.290887][T28480] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1792.290917][T28480] __x64_sys_ioctl+0x190/0x200 [ 1792.290955][T28480] do_syscall_64+0xcd/0x230 [ 1792.290993][T28480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1792.291017][T28480] RIP: 0033:0x7f401d98e169 [ 1792.291036][T28480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1792.291061][T28480] RSP: 002b:00007f401e84d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1792.291084][T28480] RAX: ffffffffffffffda RBX: 00007f401dbb6080 RCX: 00007f401d98e169 [ 1792.291101][T28480] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 1792.291116][T28480] RBP: 00007f401da10a68 R08: 0000000000000000 R09: 0000000000000000 [ 1792.291131][T28480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1792.291145][T28480] R13: 0000000000000000 R14: 00007f401dbb6080 R15: 00007fffd7106d68 [ 1792.291192][T28480] [ 1792.873355][T28485] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4779'. [ 1793.949960][T28499] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 1794.886937][T28513] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4788'. [ 1796.348882][T28542] zswap: compressor not available [ 1796.591762][T28554] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4797'. [ 1796.802784][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1796.809390][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1796.846256][T28561] netlink: 54 bytes leftover after parsing attributes in process `syz.4.4798'. [ 1800.034813][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1800.045898][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1801.178675][T28646] cgroup: fork rejected by pids controller in /syz4 [ 1801.806851][T28685] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1802.117600][T28770] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1802.167170][T28770] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1802.632390][T28801] FAULT_INJECTION: forcing a failure. [ 1802.632390][T28801] name failslab, interval 1, probability 0, space 0, times 0 [ 1802.689019][T28801] CPU: 0 UID: 0 PID: 28801 Comm: syz.4.4823 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1802.689063][T28801] Tainted: [U]=USER [ 1802.689072][T28801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1802.689087][T28801] Call Trace: [ 1802.689096][T28801] [ 1802.689106][T28801] dump_stack_lvl+0x16c/0x1f0 [ 1802.689150][T28801] should_fail_ex+0x512/0x640 [ 1802.689185][T28801] should_failslab+0xc2/0x120 [ 1802.689219][T28801] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1802.689247][T28801] ? minstrel_ht_alloc+0x4f/0x980 [ 1802.689289][T28801] minstrel_ht_alloc+0x4f/0x980 [ 1802.689332][T28801] ieee80211_init_rate_ctrl_alg+0x209/0x6b0 [ 1802.689376][T28801] ieee80211_register_hw+0x20aa/0x4020 [ 1802.689405][T28801] ? __pfx__raw_spin_unlock_bh+0x1/0x10 [ 1802.689446][T28801] ? __debug_object_init+0x1f1/0x3d0 [ 1802.689487][T28801] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1802.689516][T28801] ? find_held_lock+0x2b/0x80 [ 1802.689543][T28801] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1802.689580][T28801] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1802.689619][T28801] ? __hrtimer_setup+0x176/0x280 [ 1802.689660][T28801] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1802.689710][T28801] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1802.689753][T28801] hwsim_new_radio_nl+0xb51/0x12c0 [ 1802.689786][T28801] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1802.689826][T28801] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1802.689868][T28801] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1802.689916][T28801] genl_family_rcv_msg_doit+0x206/0x2f0 [ 1802.689958][T28801] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1802.689998][T28801] ? trace_cap_capable+0x18d/0x200 [ 1802.690030][T28801] ? bpf_lsm_capable+0x9/0x10 [ 1802.690058][T28801] ? security_capable+0x7e/0x260 [ 1802.690083][T28801] ? ns_capable+0xd7/0x110 [ 1802.690113][T28801] genl_rcv_msg+0x55c/0x800 [ 1802.690140][T28801] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1802.690161][T28801] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1802.690189][T28801] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1802.690221][T28801] ? __lock_acquire+0xaa4/0x1ba0 [ 1802.690260][T28801] netlink_rcv_skb+0x16a/0x440 [ 1802.690313][T28801] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1802.690338][T28801] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1802.690389][T28801] ? __pfx_down_read+0x10/0x10 [ 1802.690413][T28801] ? netlink_deliver_tap+0x1ae/0xd30 [ 1802.690455][T28801] genl_rcv+0x28/0x40 [ 1802.690491][T28801] netlink_unicast+0x53a/0x7f0 [ 1802.690530][T28801] ? __pfx_netlink_unicast+0x10/0x10 [ 1802.690564][T28801] ? __lock_acquire+0xaa4/0x1ba0 [ 1802.690605][T28801] netlink_sendmsg+0x8d1/0xdd0 [ 1802.690646][T28801] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1802.690693][T28801] ____sys_sendmsg+0xa95/0xc70 [ 1802.690718][T28801] ? copy_msghdr_from_user+0x10a/0x160 [ 1802.690749][T28801] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1802.690776][T28801] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1802.690816][T28801] ___sys_sendmsg+0x134/0x1d0 [ 1802.690849][T28801] ? __pfx____sys_sendmsg+0x10/0x10 [ 1802.690919][T28801] __sys_sendmsg+0x16d/0x220 [ 1802.690951][T28801] ? __pfx___sys_sendmsg+0x10/0x10 [ 1802.690982][T28801] ? __x64_sys_futex+0x1e0/0x4c0 [ 1802.691020][T28801] ? rcu_is_watching+0x12/0xc0 [ 1802.691053][T28801] do_syscall_64+0xcd/0x230 [ 1802.691090][T28801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1802.691115][T28801] RIP: 0033:0x7f401d98e169 [ 1802.691136][T28801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1802.691161][T28801] RSP: 002b:00007f401e86e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1802.691185][T28801] RAX: ffffffffffffffda RBX: 00007f401dbb5fa0 RCX: 00007f401d98e169 [ 1802.691202][T28801] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1802.691218][T28801] RBP: 00007f401da10a68 R08: 0000000000000000 R09: 0000000000000000 [ 1802.691233][T28801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1802.691248][T28801] R13: 0000000000000000 R14: 00007f401dbb5fa0 R15: 00007fffd7106d68 [ 1802.691279][T28801] [ 1803.176038][T28801] ieee80211 phy66: Failed to select rate control algorithm [ 1805.154868][T22261] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1805.167833][T22261] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1805.176669][T22261] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1805.187654][T22261] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1805.195402][T22261] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1805.715700][T15469] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1805.833863][ T30] audit: type=1800 audit(4294967363.960:62): pid=28836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4831" name="discovery_nqn" dev="configfs" ino=116300 res=0 errno=0 [ 1805.923823][T15469] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1806.101331][T15469] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1806.375176][T15469] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1807.115130][T15469] bridge_slave_0: left allmulticast mode [ 1807.159214][T15469] bridge_slave_0: left promiscuous mode [ 1807.165032][T15469] bridge0: port 1(bridge_slave_0) entered disabled state [ 1807.278332][T22261] Bluetooth: hci4: command tx timeout [ 1808.124383][T15469] erspan0 (unregistering): left allmulticast mode [ 1809.128640][T15469] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1809.153477][T15469] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1809.184541][T15469] bond0 (unregistering): Released all slaves [ 1809.358247][T22261] Bluetooth: hci4: command tx timeout [ 1809.623501][T28827] chnl_net:caif_netlink_parms(): no params data found [ 1809.994951][T28884] random: crng reseeded on system resumption [ 1810.592039][T15469] hsr_slave_0: left promiscuous mode [ 1810.689874][T15469] hsr_slave_1: left promiscuous mode [ 1810.710711][T15469] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1810.774072][T15469] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1811.166496][T15469] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1811.174087][T15469] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1811.352240][T15469] veth1_macvtap: left promiscuous mode [ 1811.424464][T15469] veth0_macvtap: left promiscuous mode [ 1811.438367][T22261] Bluetooth: hci4: command tx timeout [ 1813.515536][T27155] Bluetooth: hci4: command tx timeout [ 1814.108060][T15469] team0 (unregistering): Port device team_slave_1 removed [ 1814.269311][T15469] team0 (unregistering): Port device team_slave_0 removed [ 1815.260850][T28945] UHID_CREATE from different security context by process 2387 (syz.2.4845), this is not allowed. [ 1815.640530][T28827] bridge0: port 1(bridge_slave_0) entered blocking state [ 1815.678925][T28827] bridge0: port 1(bridge_slave_0) entered disabled state [ 1815.692459][T28827] bridge_slave_0: entered allmulticast mode [ 1815.714080][T28827] bridge_slave_0: entered promiscuous mode [ 1815.722703][T28827] bridge0: port 2(bridge_slave_1) entered blocking state [ 1815.733668][T28827] bridge0: port 2(bridge_slave_1) entered disabled state [ 1815.741488][T28827] bridge_slave_1: entered allmulticast mode [ 1815.752951][T28827] bridge_slave_1: entered promiscuous mode [ 1815.915170][T28827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1815.943445][T28827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1816.101403][T28827] team0: Port device team_slave_0 added [ 1816.214403][T28827] team0: Port device team_slave_1 added [ 1816.368720][T28827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1816.387158][T28827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1816.451265][T28827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1816.501573][T28827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1816.527040][T28827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1816.594182][T28827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1816.815111][T28827] hsr_slave_0: entered promiscuous mode [ 1816.846306][T28827] hsr_slave_1: entered promiscuous mode [ 1816.852597][T28827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1816.928056][T28827] Cannot create hsr debugfs directory [ 1820.538326][T28827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1820.610216][T28827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1820.706839][T28827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1820.808349][T28827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1821.339687][T28827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1821.460241][T28827] 8021q: adding VLAN 0 to HW filter on device team0 [ 1821.560517][T15468] bridge0: port 1(bridge_slave_0) entered blocking state [ 1821.567732][T15468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1821.673045][T15468] bridge0: port 2(bridge_slave_1) entered blocking state [ 1821.680256][T15468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1821.921760][T28827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1822.136318][T29044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4857'. [ 1822.714092][T28827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1823.023376][T28827] veth0_vlan: entered promiscuous mode [ 1823.099086][T28827] veth1_vlan: entered promiscuous mode [ 1823.243270][T28827] veth0_macvtap: entered promiscuous mode [ 1823.318705][T28827] veth1_macvtap: entered promiscuous mode [ 1823.396391][T28827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1823.439062][T28827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1823.491069][T28827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1823.535349][T28827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1823.576302][T28827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1823.615034][T28827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1823.652469][T28827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1823.700158][T28827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1823.766752][T28827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1823.844930][T28827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1823.953434][T28827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1824.018482][T28827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1824.084331][T28827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1824.148501][T28827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1824.219267][T28827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1824.287117][T28827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1824.358955][T28827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1824.434153][T28827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1824.519202][T28827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1824.645502][T28827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1824.704871][T28827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1824.764180][T28827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1825.367007][T27135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1825.374875][T27135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1825.584027][T15468] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1825.653533][T15468] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1828.231744][T22261] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1828.257147][T22261] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1828.275532][T22261] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1828.292905][T22261] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1828.301277][T22261] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1830.399162][T22261] Bluetooth: hci3: command tx timeout [ 1830.459566][T15482] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1830.701373][T29150] chnl_net:caif_netlink_parms(): no params data found [ 1831.033964][T15482] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1831.263629][T15482] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1831.475169][T15482] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1831.881428][T29206] random: crng reseeded on system resumption [ 1831.941696][T29150] bridge0: port 1(bridge_slave_0) entered blocking state [ 1831.980995][T29150] bridge0: port 1(bridge_slave_0) entered disabled state [ 1832.040222][T29150] bridge_slave_0: entered allmulticast mode [ 1832.070710][T29150] bridge_slave_0: entered promiscuous mode [ 1832.151239][T29150] bridge0: port 2(bridge_slave_1) entered blocking state [ 1832.207001][T29150] bridge0: port 2(bridge_slave_1) entered disabled state [ 1832.249327][T29150] bridge_slave_1: entered allmulticast mode [ 1832.283600][T29150] bridge_slave_1: entered promiscuous mode [ 1832.476395][T22261] Bluetooth: hci3: command tx timeout [ 1832.680270][T29150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1832.891488][T29150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1833.170323][T29150] team0: Port device team_slave_0 added [ 1833.239030][T29150] team0: Port device team_slave_1 added [ 1833.350693][T15482] bridge_slave_0: left allmulticast mode [ 1833.365439][T15482] bridge_slave_0: left promiscuous mode [ 1833.391602][T15482] bridge0: port 1(bridge_slave_0) entered disabled state [ 1834.148599][T15482] erspan0 (unregistering): left allmulticast mode [ 1834.557652][T22261] Bluetooth: hci3: command tx timeout [ 1835.122586][T15482] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1835.154878][T15482] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1835.180175][T15482] bond0 (unregistering): Released all slaves [ 1835.287062][T29150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1835.314495][T29150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1835.397287][T29150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1835.618089][T29150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1835.636555][T29150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1835.713673][T29150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1836.136775][T29150] hsr_slave_0: entered promiscuous mode [ 1836.160261][T29150] hsr_slave_1: entered promiscuous mode [ 1836.184355][T29150] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1836.236986][T29150] Cannot create hsr debugfs directory [ 1836.635615][T22261] Bluetooth: hci3: command tx timeout [ 1838.479985][T15482] hsr_slave_0: left promiscuous mode [ 1838.523155][T15482] hsr_slave_1: left promiscuous mode [ 1838.559467][T15482] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1838.607090][T15482] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1838.685976][T15482] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1838.693442][T15482] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1839.090927][T15482] veth1_macvtap: left promiscuous mode [ 1839.097889][T29297] FAULT_INJECTION: forcing a failure. [ 1839.097889][T29297] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1839.150365][T15482] veth0_macvtap: left promiscuous mode [ 1839.261573][T29297] CPU: 0 UID: 0 PID: 29297 Comm: syz.4.4886 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1839.261613][T29297] Tainted: [U]=USER [ 1839.261621][T29297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1839.261635][T29297] Call Trace: [ 1839.261643][T29297] [ 1839.261652][T29297] dump_stack_lvl+0x16c/0x1f0 [ 1839.261691][T29297] should_fail_ex+0x512/0x640 [ 1839.261723][T29297] _copy_from_user+0x2e/0xd0 [ 1839.261754][T29297] copy_msghdr_from_user+0x98/0x160 [ 1839.261787][T29297] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1839.261831][T29297] ___sys_sendmsg+0xfe/0x1d0 [ 1839.261862][T29297] ? __pfx____sys_sendmsg+0x10/0x10 [ 1839.261925][T29297] __sys_sendmsg+0x16d/0x220 [ 1839.261956][T29297] ? __pfx___sys_sendmsg+0x10/0x10 [ 1839.261994][T29297] ? rcu_is_watching+0x12/0xc0 [ 1839.262025][T29297] do_syscall_64+0xcd/0x230 [ 1839.262060][T29297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1839.262084][T29297] RIP: 0033:0x7f401d98e169 [ 1839.262102][T29297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1839.262125][T29297] RSP: 002b:00007f401e84d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1839.262146][T29297] RAX: ffffffffffffffda RBX: 00007f401dbb6080 RCX: 00007f401d98e169 [ 1839.262162][T29297] RDX: 00000000000000c4 RSI: 00002000000039c0 RDI: 0000000000000004 [ 1839.262176][T29297] RBP: 00007f401e84d090 R08: 0000000000000000 R09: 0000000000000000 [ 1839.262190][T29297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1839.262203][T29297] R13: 0000000000000000 R14: 00007f401dbb6080 R15: 00007fffd7106d68 [ 1839.262231][T29297] [ 1840.124452][T29306] random: crng reseeded on system resumption [ 1842.453082][T15482] team0 (unregistering): Port device team_slave_1 removed [ 1842.688793][T15482] team0 (unregistering): Port device team_slave_0 removed [ 1844.815285][T29325] netlink: 11 bytes leftover after parsing attributes in process `syz.1.4894'. [ 1844.932238][T29150] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1845.081978][T29150] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1845.107042][T29334] vivid-003: ================= START STATUS ================= [ 1845.209496][T29334] vivid-003: Radio HW Seek Mode: Bounded [ 1845.294499][T29334] vivid-003: Radio Programmable HW Seek: false [ 1845.345456][T29334] vivid-003: RDS Rx I/O Mode: Block I/O [ 1845.411447][T29334] vivid-003: Generate RBDS Instead of RDS: false [ 1845.516425][T29334] vivid-003: RDS Reception: true [ 1845.557769][T29334] vivid-003: RDS Program Type: 0 inactive [ 1845.602505][T29334] vivid-003: RDS PS Name: inactive [ 1845.657405][T29334] vivid-003: RDS Radio Text: inactive [ 1845.734336][T29334] vivid-003: RDS Traffic Announcement: false inactive [ 1845.828579][T29334] vivid-003: RDS Traffic Program: false inactive [ 1845.834983][T29334] vivid-003: RDS Music: false inactive [ 1845.858174][T29150] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1845.950473][T29150] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1845.986608][T29334] vivid-003: ================== END STATUS ================== [ 1846.595664][T29349] erspan0: entered allmulticast mode [ 1847.042336][T29150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1847.322078][T29150] 8021q: adding VLAN 0 to HW filter on device team0 [ 1847.460343][T15469] bridge0: port 1(bridge_slave_0) entered blocking state [ 1847.467535][T15469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1847.576463][T15469] bridge0: port 2(bridge_slave_1) entered blocking state [ 1847.583571][T15469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1848.260052][T29150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1848.970243][T29150] veth0_vlan: entered promiscuous mode [ 1849.046342][T29150] veth1_vlan: entered promiscuous mode [ 1849.292151][T29150] veth0_macvtap: entered promiscuous mode [ 1849.346152][T29150] veth1_macvtap: entered promiscuous mode [ 1849.406924][T29150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1849.464196][T29150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1849.518437][T29150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1849.566745][T29150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1849.617700][T29150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1849.660074][T29150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1849.705324][T29150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1849.756333][T29150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1849.818416][T29150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1849.932935][T29150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1849.976653][T29150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1850.023674][T29150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1850.062456][T29150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1850.105798][T29150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1850.147567][T29150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1850.195790][T29150] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1850.229698][T29150] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1850.286486][T29150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1850.419892][T29150] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1850.467847][T29150] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1850.496336][T29150] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1850.545368][T29150] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1851.032375][T15469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1851.085503][T15469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1851.206387][T15468] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1851.252726][T15468] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1853.098458][T29438] FAULT_INJECTION: forcing a failure. [ 1853.098458][T29438] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1853.187099][T29438] CPU: 0 UID: 0 PID: 29438 Comm: syz.2.4911 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1853.187149][T29438] Tainted: [U]=USER [ 1853.187156][T29438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1853.187182][T29438] Call Trace: [ 1853.187189][T29438] [ 1853.187196][T29438] dump_stack_lvl+0x16c/0x1f0 [ 1853.187230][T29438] should_fail_ex+0x512/0x640 [ 1853.187258][T29438] _copy_from_iter+0x2a4/0x15b0 [ 1853.187290][T29438] ? __pfx__copy_from_iter+0x10/0x10 [ 1853.187319][T29438] ? __pfx___might_resched+0x10/0x10 [ 1853.187349][T29438] file_tty_write.constprop.0+0x486/0x9b0 [ 1853.187376][T29438] redirected_tty_write+0xd4/0x150 [ 1853.187396][T29438] vfs_write+0x5ba/0x1180 [ 1853.187417][T29438] ? __pfx_redirected_tty_write+0x10/0x10 [ 1853.187442][T29438] ? __pfx_vfs_write+0x10/0x10 [ 1853.187461][T29438] ? find_held_lock+0x2b/0x80 [ 1853.187498][T29438] ksys_write+0x12a/0x240 [ 1853.187518][T29438] ? __pfx_ksys_write+0x10/0x10 [ 1853.187537][T29438] ? rcu_is_watching+0x12/0xc0 [ 1853.187565][T29438] do_syscall_64+0xcd/0x230 [ 1853.187595][T29438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1853.187616][T29438] RIP: 0033:0x7fe88d98e169 [ 1853.187631][T29438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1853.187651][T29438] RSP: 002b:00007fe88e7ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1853.187670][T29438] RAX: ffffffffffffffda RBX: 00007fe88dbb5fa0 RCX: 00007fe88d98e169 [ 1853.187684][T29438] RDX: 00000004fffffdf2 RSI: 0000000000000000 RDI: 0000000000000003 [ 1853.187696][T29438] RBP: 00007fe88e7ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1853.187709][T29438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1853.187720][T29438] R13: 0000000000000000 R14: 00007fe88dbb5fa0 R15: 00007fffbf9cdb68 [ 1853.187745][T29438] [ 1855.722353][T29463] Process accounting resumed [ 1858.116624][T29532] FAULT_INJECTION: forcing a failure. [ 1858.116624][T29532] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1858.220399][T29532] CPU: 0 UID: 0 PID: 29532 Comm: syz.2.4928 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1858.220437][T29532] Tainted: [U]=USER [ 1858.220444][T29532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1858.220457][T29532] Call Trace: [ 1858.220465][T29532] [ 1858.220474][T29532] dump_stack_lvl+0x16c/0x1f0 [ 1858.220510][T29532] should_fail_ex+0x512/0x640 [ 1858.220542][T29532] _copy_to_user+0x32/0xd0 [ 1858.220573][T29532] simple_read_from_buffer+0xcb/0x170 [ 1858.220612][T29532] proc_fail_nth_read+0x197/0x270 [ 1858.220647][T29532] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1858.220689][T29532] ? rw_verify_area+0xcf/0x680 [ 1858.220723][T29532] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1858.220757][T29532] vfs_read+0x1de/0xc70 [ 1858.220783][T29532] ? __pfx___mutex_lock+0x10/0x10 [ 1858.220816][T29532] ? __pfx_vfs_read+0x10/0x10 [ 1858.220846][T29532] ? __fget_files+0x20e/0x3c0 [ 1858.220876][T29532] ksys_read+0x12a/0x240 [ 1858.220898][T29532] ? __pfx_ksys_read+0x10/0x10 [ 1858.220919][T29532] ? rcu_is_watching+0x12/0xc0 [ 1858.220963][T29532] do_syscall_64+0xcd/0x230 [ 1858.220995][T29532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1858.221017][T29532] RIP: 0033:0x7fe88d98cb7c [ 1858.221034][T29532] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1858.221055][T29532] RSP: 002b:00007fe88e7ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1858.221075][T29532] RAX: ffffffffffffffda RBX: 00007fe88dbb5fa0 RCX: 00007fe88d98cb7c [ 1858.221089][T29532] RDX: 000000000000000f RSI: 00007fe88e7ff0a0 RDI: 0000000000000007 [ 1858.221102][T29532] RBP: 00007fe88e7ff090 R08: 0000000000000000 R09: 0000000000000009 [ 1858.221116][T29532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1858.221129][T29532] R13: 0000000000000000 R14: 00007fe88dbb5fa0 R15: 00007fffbf9cdb68 [ 1858.221155][T29532] [ 1858.512383][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1858.519301][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1858.581761][T29538] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4929'. [ 1860.187417][T29578] FAULT_INJECTION: forcing a failure. [ 1860.187417][T29578] name failslab, interval 1, probability 0, space 0, times 0 [ 1860.256419][T29578] CPU: 0 UID: 0 PID: 29578 Comm: syz.0.4936 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1860.256455][T29578] Tainted: [U]=USER [ 1860.256462][T29578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1860.256475][T29578] Call Trace: [ 1860.256482][T29578] [ 1860.256490][T29578] dump_stack_lvl+0x16c/0x1f0 [ 1860.256534][T29578] should_fail_ex+0x512/0x640 [ 1860.256559][T29578] ? fs_reclaim_acquire+0xae/0x150 [ 1860.256594][T29578] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1860.256625][T29578] should_failslab+0xc2/0x120 [ 1860.256657][T29578] __kmalloc_noprof+0xd2/0x510 [ 1860.256689][T29578] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1860.256727][T29578] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1860.256753][T29578] ? init_file+0x93/0x4c0 [ 1860.256780][T29578] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1860.256806][T29578] ? do_sys_openat2+0x11b/0x1d0 [ 1860.256836][T29578] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1860.256881][T29578] ? do_raw_spin_lock+0x12c/0x2b0 [ 1860.256907][T29578] tomoyo_file_open+0x6b/0x90 [ 1860.256928][T29578] security_file_open+0x84/0x1e0 [ 1860.256957][T29578] do_dentry_open+0x596/0x1c10 [ 1860.256988][T29578] vfs_open+0x82/0x3f0 [ 1860.257032][T29578] path_openat+0x1e5e/0x2d40 [ 1860.257062][T29578] ? __pfx_path_openat+0x10/0x10 [ 1860.257084][T29578] ? __lock_acquire+0xaa4/0x1ba0 [ 1860.257115][T29578] do_filp_open+0x20b/0x470 [ 1860.257136][T29578] ? __pfx_do_filp_open+0x10/0x10 [ 1860.257174][T29578] ? _raw_spin_unlock+0x28/0x50 [ 1860.257217][T29578] ? alloc_fd+0x471/0x7d0 [ 1860.257256][T29578] do_sys_openat2+0x11b/0x1d0 [ 1860.257284][T29578] ? __pfx_do_sys_openat2+0x10/0x10 [ 1860.257313][T29578] ? __fget_files+0x20e/0x3c0 [ 1860.257338][T29578] __x64_sys_creat+0xcc/0x120 [ 1860.257367][T29578] ? __pfx___x64_sys_creat+0x10/0x10 [ 1860.257394][T29578] ? __pfx_ksys_write+0x10/0x10 [ 1860.257418][T29578] ? rcu_is_watching+0x12/0xc0 [ 1860.257438][T29578] ? do_syscall_64+0x91/0x230 [ 1860.257467][T29578] do_syscall_64+0xcd/0x230 [ 1860.257497][T29578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1860.257524][T29578] RIP: 0033:0x7f2975b8e169 [ 1860.257540][T29578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1860.257560][T29578] RSP: 002b:00007f29769ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1860.257579][T29578] RAX: ffffffffffffffda RBX: 00007f2975db5fa0 RCX: 00007f2975b8e169 [ 1860.257592][T29578] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000000000 [ 1860.257605][T29578] RBP: 00007f29769ef090 R08: 0000000000000000 R09: 0000000000000000 [ 1860.257617][T29578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1860.257629][T29578] R13: 0000000000000000 R14: 00007f2975db5fa0 R15: 00007ffe13e975b8 [ 1860.257654][T29578] [ 1860.257686][T29578] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1861.143246][T29587] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 1861.713561][T29602] random: crng reseeded on system resumption [ 1861.728093][T22261] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1862.524947][T29614] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4951'. [ 1863.306150][T29624] FAULT_INJECTION: forcing a failure. [ 1863.306150][T29624] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1863.368713][T29624] CPU: 0 UID: 0 PID: 29624 Comm: syz.4.4944 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1863.368747][T29624] Tainted: [U]=USER [ 1863.368754][T29624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1863.368766][T29624] Call Trace: [ 1863.368773][T29624] [ 1863.368781][T29624] dump_stack_lvl+0x16c/0x1f0 [ 1863.368813][T29624] should_fail_ex+0x512/0x640 [ 1863.368841][T29624] get_futex_key+0x49e/0x1000 [ 1863.368867][T29624] ? __pfx_get_futex_key+0x10/0x10 [ 1863.368898][T29624] futex_wake+0xe7/0x4e0 [ 1863.368928][T29624] ? __pfx_futex_wake+0x10/0x10 [ 1863.368955][T29624] ? trace_kmalloc+0x2b/0xd0 [ 1863.368984][T29624] ? __kmalloc_noprof+0x242/0x510 [ 1863.369012][T29624] ? commit_creds+0x6e3/0x1040 [ 1863.369046][T29624] do_futex+0x1e3/0x350 [ 1863.369069][T29624] ? __pfx_do_futex+0x10/0x10 [ 1863.369094][T29624] ? cap_task_prctl+0x2af/0xa80 [ 1863.369119][T29624] __x64_sys_futex+0x1e0/0x4c0 [ 1863.369144][T29624] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 1863.369168][T29624] ? __pfx___x64_sys_futex+0x10/0x10 [ 1863.369193][T29624] ? __pfx___do_sys_prctl+0x10/0x10 [ 1863.369212][T29624] ? rcu_is_watching+0x12/0xc0 [ 1863.369248][T29624] do_syscall_64+0xcd/0x230 [ 1863.369280][T29624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1863.369301][T29624] RIP: 0033:0x7f401d98e169 [ 1863.369317][T29624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1863.369337][T29624] RSP: 002b:00007f401e86e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1863.369356][T29624] RAX: ffffffffffffffda RBX: 00007f401dbb5fa8 RCX: 00007f401d98e169 [ 1863.369371][T29624] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f401dbb5fac [ 1863.369384][T29624] RBP: 00007f401dbb5fa0 R08: 00007f401e86f000 R09: 0000000000000000 [ 1863.369397][T29624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f401dbb5fac [ 1863.369410][T29624] R13: 0000000000000000 R14: 00007fffd7106c80 R15: 00007fffd7106d68 [ 1863.369435][T29624] [ 1864.733764][T29632] ima: policy update failed [ 1864.829322][ T30] audit: type=1802 audit(4294967422.960:63): pid=29632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4946" res=0 errno=0 [ 1864.879869][T29639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4948'. [ 1864.928592][T29637] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4948'. [ 1864.942500][T29641] block2mtd: parameter too long [ 1864.982022][T29634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 1865.001470][T29634] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1865.101721][T29634] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1865.190740][T29634] page_type: f5(slab) [ 1865.272655][T29634] raw: 00fff00000000040 ffff8881404088c0 dead000000000122 0000000000000000 [ 1865.344021][T29649] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4947'. [ 1865.399316][T29640] could not allocate digest TFM handle [ 1865.450912][T29634] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 1865.545365][T29634] head: 00fff00000000040 ffff8881404088c0 dead000000000122 0000000000000000 [ 1865.673459][T29634] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 1865.785297][T29634] head: 00fff00000000002 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 1865.834113][T29634] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1865.870271][T29634] page dumped because: unmovable page [ 1865.893024][T29654] FAULT_INJECTION: forcing a failure. [ 1865.893024][T29654] name failslab, interval 1, probability 0, space 0, times 0 [ 1865.920139][T29634] page_owner tracks the page as allocated [ 1865.937977][T29634] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5227, tgid 5227 (udevadm), ts 40968054332, free_ts 34737655766 [ 1865.975585][T29654] CPU: 0 UID: 0 PID: 29654 Comm: syz.1.4952 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1865.975619][T29654] Tainted: [U]=USER [ 1865.975627][T29654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1865.975640][T29654] Call Trace: [ 1865.975646][T29654] [ 1865.975654][T29654] dump_stack_lvl+0x16c/0x1f0 [ 1865.975687][T29654] should_fail_ex+0x512/0x640 [ 1865.975712][T29654] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1865.975740][T29654] should_failslab+0xc2/0x120 [ 1865.975768][T29654] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1865.975793][T29654] ? sk_prot_alloc+0x60/0x2a0 [ 1865.975829][T29654] sk_prot_alloc+0x60/0x2a0 [ 1865.975863][T29654] sk_alloc+0x36/0xc20 [ 1865.975888][T29654] inet6_create+0x381/0x1300 [ 1865.975916][T29654] ? inet6_create+0x7f/0x1300 [ 1865.975943][T29654] __sock_create+0x335/0x8d0 [ 1865.975968][T29654] inet_ctl_sock_create+0x94/0x230 [ 1865.976012][T29654] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 1865.976047][T29654] ? ndisc_net_init+0x1bc/0x250 [ 1865.976077][T29654] ? __pfx_ndisc_net_init+0x10/0x10 [ 1865.976109][T29654] ? __pfx_igmp6_net_init+0x10/0x10 [ 1865.976140][T29654] igmp6_net_init+0x35/0x470 [ 1865.976170][T29654] ? __pfx_igmp6_net_init+0x10/0x10 [ 1865.976199][T29654] ops_init+0x1df/0x5f0 [ 1865.976230][T29654] setup_net+0x21e/0x850 [ 1865.976261][T29654] ? __pfx_setup_net+0x10/0x10 [ 1865.976288][T29654] ? lockdep_init_map_type+0x5c/0x280 [ 1865.976318][T29654] ? __pfx_down_read_killable+0x10/0x10 [ 1865.976340][T29654] ? debug_mutex_init+0x37/0x70 [ 1865.976364][T29654] copy_net_ns+0x2a6/0x5f0 [ 1865.976398][T29654] create_new_namespaces+0x3ea/0xad0 [ 1865.976429][T29654] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1865.976456][T29654] ksys_unshare+0x45b/0xa40 [ 1865.976486][T29654] ? __pfx_ksys_unshare+0x10/0x10 [ 1865.976515][T29654] ? xfd_validate_state+0x5d/0x180 [ 1865.976537][T29654] ? syscall_user_dispatch+0x78/0x140 [ 1865.976576][T29654] __x64_sys_unshare+0x31/0x40 [ 1865.976609][T29654] do_syscall_64+0xcd/0x230 [ 1865.976640][T29654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1865.976661][T29654] RIP: 0033:0x7f9f1278e169 [ 1865.976677][T29654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1865.976698][T29654] RSP: 002b:00007f9f135da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1865.976717][T29654] RAX: ffffffffffffffda RBX: 00007f9f129b5fa0 RCX: 00007f9f1278e169 [ 1865.976731][T29654] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1865.976743][T29654] RBP: 00007f9f12810a68 R08: 0000000000000000 R09: 0000000000000000 [ 1865.976756][T29654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1865.976768][T29654] R13: 0000000000000000 R14: 00007f9f129b5fa0 R15: 00007ffe543a7ab8 [ 1865.976793][T29654] [ 1866.271968][T29654] Failed to initialize the IGMP6 control socket (err -105) [ 1866.289294][T29634] post_alloc_hook+0x181/0x1b0 [ 1866.294082][T29634] get_page_from_freelist+0x135c/0x3920 [ 1866.299740][T29634] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 1866.305683][T29634] alloc_pages_mpol+0x1fb/0x550 [ 1866.310584][T29634] new_slab+0x244/0x340 [ 1866.314740][T29634] ___slab_alloc+0xd9c/0x1940 [ 1866.319522][T29634] __slab_alloc.constprop.0+0x56/0xb0 [ 1866.324941][T29634] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 1866.330700][T29634] alloc_inode+0xc3/0x240 [ 1866.335082][T29634] iget_locked+0x2e4/0x830 [ 1866.339549][T29634] kernfs_get_inode+0x48/0x460 [ 1866.344312][T29634] kernfs_iop_lookup+0x1a7/0x2d0 [ 1866.349305][T29634] __lookup_slow+0x24e/0x460 [ 1866.353905][T29634] walk_component+0x353/0x5b0 [ 1866.358626][T29634] path_lookupat+0x17e/0x780 [ 1866.363257][T29634] filename_lookup+0x224/0x5f0 [ 1866.368165][T29634] page last free pid 1 tgid 1 stack trace: [ 1866.374011][T29634] __free_frozen_pages+0x69d/0xff0 [ 1866.379996][T29634] free_contig_range+0x135/0x3f0 [ 1866.385004][T29634] destroy_args+0x66f/0x830 [ 1866.390261][T29634] debug_vm_pgtable+0x130e/0x2d50 [ 1866.395392][T29634] do_one_initcall+0x120/0x6e0 [ 1866.400170][T29634] kernel_init_freeable+0x5c2/0x900 [ 1866.405409][T29634] kernel_init+0x1c/0x2b0 [ 1866.409787][T29634] ret_from_fork+0x45/0x80 [ 1866.414239][T29634] ret_from_fork_asm+0x1a/0x30 [ 1868.091989][T29694] netlink: 'syz.0.4959': attribute type 11 has an invalid length. [ 1868.123854][T29694] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4959'. [ 1868.183573][T29696] netlink: 'syz.0.4959': attribute type 11 has an invalid length. [ 1868.229952][T29696] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4959'. [ 1868.888546][T29698] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1868.936116][T29698] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1869.029851][T29698] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1869.047985][T29698] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1869.083866][T29698] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1869.125437][T29698] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1869.168032][T29698] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1869.206671][T29698] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1869.278265][T29698] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1870.957952][T27155] Bluetooth: hci2: command 0x0406 tx timeout [ 1871.037641][T27155] Bluetooth: hci1: command 0x0c1a tx timeout [ 1871.117616][T27155] Bluetooth: hci4: command 0x0c1a tx timeout [ 1871.195281][T27155] Bluetooth: hci3: command 0x0c1a tx timeout [ 1871.511797][T29738] FAULT_INJECTION: forcing a failure. [ 1871.511797][T29738] name failslab, interval 1, probability 0, space 0, times 0 [ 1871.764428][T29744] random: crng reseeded on system resumption [ 1871.957566][T29738] CPU: 0 UID: 0 PID: 29738 Comm: syz.1.4975 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1871.957601][T29738] Tainted: [U]=USER [ 1871.957608][T29738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1871.957621][T29738] Call Trace: [ 1871.957628][T29738] [ 1871.957635][T29738] dump_stack_lvl+0x16c/0x1f0 [ 1871.957670][T29738] should_fail_ex+0x512/0x640 [ 1871.957694][T29738] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1871.957722][T29738] should_failslab+0xc2/0x120 [ 1871.957749][T29738] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1871.957774][T29738] ? alloc_empty_file+0x55/0x1e0 [ 1871.957805][T29738] alloc_empty_file+0x55/0x1e0 [ 1871.957833][T29738] path_openat+0xe0/0x2d40 [ 1871.957852][T29738] ? __x64_sys_openat+0x174/0x210 [ 1871.957880][T29738] ? do_syscall_64+0xcd/0x230 [ 1871.957908][T29738] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1871.957938][T29738] ? __pfx_path_openat+0x10/0x10 [ 1871.957965][T29738] do_filp_open+0x20b/0x470 [ 1871.957986][T29738] ? __pfx_do_filp_open+0x10/0x10 [ 1871.958025][T29738] ? alloc_fd+0x471/0x7d0 [ 1871.958050][T29738] do_sys_openat2+0x11b/0x1d0 [ 1871.958078][T29738] ? __pfx_do_sys_openat2+0x10/0x10 [ 1871.958109][T29738] ? __sys_sendmsg+0x199/0x220 [ 1871.958142][T29738] __x64_sys_openat+0x174/0x210 [ 1871.958172][T29738] ? __pfx___x64_sys_openat+0x10/0x10 [ 1871.958203][T29738] ? rcu_is_watching+0x12/0xc0 [ 1871.958230][T29738] do_syscall_64+0xcd/0x230 [ 1871.958261][T29738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1871.958281][T29738] RIP: 0033:0x7f9f1278e169 [ 1871.958298][T29738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1871.958318][T29738] RSP: 002b:00007f9f135da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1871.958337][T29738] RAX: ffffffffffffffda RBX: 00007f9f129b5fa0 RCX: 00007f9f1278e169 [ 1871.958351][T29738] RDX: 0000000000000880 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 1871.958364][T29738] RBP: 00007f9f12810a68 R08: 0000000000000000 R09: 0000000000000000 [ 1871.958377][T29738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1871.958389][T29738] R13: 0000000000000000 R14: 00007f9f129b5fa0 R15: 00007ffe543a7ab8 [ 1871.958414][T29738] [ 1873.036189][T27155] Bluetooth: hci2: command 0x0406 tx timeout [ 1873.195911][T27155] Bluetooth: hci4: command 0x0c1a tx timeout [ 1873.277276][T27155] Bluetooth: hci3: command 0x0c1a tx timeout [ 1874.026412][T29762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4970'. [ 1875.275292][T27155] Bluetooth: hci4: command 0x0c1a tx timeout [ 1875.362363][T27155] Bluetooth: hci3: command 0x0c1a tx timeout [ 1877.982688][T29771] Invalid ELF header magic: != ELF [ 1879.357082][T27155] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1879.409094][T29806] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4977'. [ 1879.568554][T29811] FAULT_INJECTION: forcing a failure. [ 1879.568554][T29811] name failslab, interval 1, probability 0, space 0, times 0 [ 1879.644433][T29811] CPU: 0 UID: 0 PID: 29811 Comm: syz.4.4980 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1879.644470][T29811] Tainted: [U]=USER [ 1879.644477][T29811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1879.644490][T29811] Call Trace: [ 1879.644496][T29811] [ 1879.644504][T29811] dump_stack_lvl+0x16c/0x1f0 [ 1879.644538][T29811] should_fail_ex+0x512/0x640 [ 1879.644563][T29811] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1879.644593][T29811] should_failslab+0xc2/0x120 [ 1879.644620][T29811] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1879.644645][T29811] ? __d_alloc+0x31/0xaa0 [ 1879.644668][T29811] ? stack_trace_save+0x8e/0xc0 [ 1879.644693][T29811] __d_alloc+0x31/0xaa0 [ 1879.644718][T29811] d_alloc+0x4a/0x1e0 [ 1879.644742][T29811] d_alloc_parallel+0xe3/0x12e0 [ 1879.644778][T29811] ? find_held_lock+0x2b/0x80 [ 1879.644809][T29811] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1879.644841][T29811] ? __d_lookup+0x266/0x4a0 [ 1879.644883][T29811] lookup_open.isra.0+0x665/0x1580 [ 1879.644921][T29811] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1879.644988][T29811] ? lookup_fast+0x156/0x610 [ 1879.645025][T29811] path_openat+0x905/0x2d40 [ 1879.645077][T29811] ? __pfx_path_openat+0x10/0x10 [ 1879.645109][T29811] do_filp_open+0x20b/0x470 [ 1879.645133][T29811] ? __pfx_do_filp_open+0x10/0x10 [ 1879.645177][T29811] ? alloc_fd+0x471/0x7d0 [ 1879.645208][T29811] do_sys_openat2+0x11b/0x1d0 [ 1879.645243][T29811] ? __pfx_do_sys_openat2+0x10/0x10 [ 1879.645287][T29811] __x64_sys_openat+0x174/0x210 [ 1879.645320][T29811] ? __pfx___x64_sys_openat+0x10/0x10 [ 1879.645355][T29811] ? rcu_is_watching+0x12/0xc0 [ 1879.645386][T29811] do_syscall_64+0xcd/0x230 [ 1879.645421][T29811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1879.645445][T29811] RIP: 0033:0x7f401d98e169 [ 1879.645462][T29811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1879.645485][T29811] RSP: 002b:00007f401e84d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1879.645506][T29811] RAX: ffffffffffffffda RBX: 00007f401dbb6080 RCX: 00007f401d98e169 [ 1879.645521][T29811] RDX: 0000000000000800 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 1879.645535][T29811] RBP: 00007f401da10a68 R08: 0000000000000000 R09: 0000000000000000 [ 1879.645549][T29811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1879.645562][T29811] R13: 0000000000000000 R14: 00007f401dbb6080 R15: 00007fffd7106d68 [ 1879.645590][T29811] [ 1880.083696][T29794] ima: policy update failed [ 1880.195312][ T30] audit: type=1802 audit(4294967438.220:64): pid=29794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4976" res=0 errno=0 [ 1882.163959][ T30] audit: type=1800 audit(4294967440.290:65): pid=29841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4986" name="discovery_nqn" dev="configfs" ino=121359 res=0 errno=0 [ 1882.295809][T29844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4985'. [ 1882.501181][T29846] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4985'. [ 1883.011874][T29824] Invalid ELF header magic: != ELF [ 1883.470618][T29856] Invalid ELF header magic: != ELF [ 1884.913986][T29872] zswap: compressor not available [ 1886.149580][T29821] Process accounting paused [ 1887.350615][T29916] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1887.406578][T29916] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1887.441551][T29916] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1887.498114][T29916] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1887.611279][T29916] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1888.471778][T29940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5005'. [ 1888.531481][T29941] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5005'. [ 1889.358390][T22261] Bluetooth: hci2: command 0x0406 tx timeout [ 1889.441566][T22261] Bluetooth: hci1: command 0x0c1a tx timeout [ 1889.515853][T22261] Bluetooth: hci4: command 0x0c1a tx timeout [ 1889.676154][T22261] Bluetooth: hci3: command 0x0c1a tx timeout [ 1891.596186][T22261] Bluetooth: hci4: command 0x0c1a tx timeout [ 1895.448224][T30049] KVM: debugfs: duplicate directory 30049-4 [ 1896.734299][T30071] Unable to find swap-space signature [ 1897.524200][T30077] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5032'. [ 1898.034348][T30081] FAULT_INJECTION: forcing a failure. [ 1898.034348][T30081] name failslab, interval 1, probability 0, space 0, times 0 [ 1898.099405][T30081] CPU: 0 UID: 0 PID: 30081 Comm: syz.2.5046 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1898.099439][T30081] Tainted: [U]=USER [ 1898.099446][T30081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1898.099458][T30081] Call Trace: [ 1898.099466][T30081] [ 1898.099473][T30081] dump_stack_lvl+0x16c/0x1f0 [ 1898.099507][T30081] should_fail_ex+0x512/0x640 [ 1898.099530][T30081] ? fs_reclaim_acquire+0xae/0x150 [ 1898.099565][T30081] should_failslab+0xc2/0x120 [ 1898.099591][T30081] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1898.099616][T30081] ? security_inode_alloc+0x3b/0x2b0 [ 1898.099642][T30081] security_inode_alloc+0x3b/0x2b0 [ 1898.099666][T30081] inode_init_always_gfp+0xce4/0x1030 [ 1898.099690][T30081] alloc_inode+0x86/0x240 [ 1898.099716][T30081] new_inode+0x22/0x1c0 [ 1898.099740][T30081] ? trace_cap_capable+0x18d/0x200 [ 1898.099762][T30081] shmem_get_inode+0x19a/0xfb0 [ 1898.099786][T30081] ? __vm_enough_memory+0x184/0x3f0 [ 1898.099837][T30081] __shmem_file_setup+0x16f/0x300 [ 1898.099863][T30081] shmem_zero_setup+0x93/0x1a0 [ 1898.099893][T30081] __mmap_region+0x2036/0x27c0 [ 1898.099922][T30081] ? __pfx___mmap_region+0x10/0x10 [ 1898.099998][T30081] ? trace_cap_capable+0x18d/0x200 [ 1898.100021][T30081] ? cap_capable+0xb3/0x250 [ 1898.100046][T30081] mmap_region+0x1ab/0x3f0 [ 1898.100077][T30081] do_mmap+0xd8e/0x11b0 [ 1898.100115][T30081] ? __pfx_do_mmap+0x10/0x10 [ 1898.100149][T30081] ? __pfx_down_write_killable+0x10/0x10 [ 1898.100190][T30081] vm_mmap_pgoff+0x281/0x450 [ 1898.100227][T30081] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1898.100268][T30081] ? __fget_files+0x20e/0x3c0 [ 1898.100296][T30081] ksys_mmap_pgoff+0x7d/0x5c0 [ 1898.100327][T30081] ? __pfx_ksys_write+0x10/0x10 [ 1898.100349][T30081] ? rcu_is_watching+0x12/0xc0 [ 1898.100373][T30081] __x64_sys_mmap+0x125/0x190 [ 1898.100399][T30081] do_syscall_64+0xcd/0x230 [ 1898.100436][T30081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1898.100458][T30081] RIP: 0033:0x7fe88d98e169 [ 1898.100475][T30081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1898.100496][T30081] RSP: 002b:00007fe88e7ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1898.100516][T30081] RAX: ffffffffffffffda RBX: 00007fe88dbb5fa0 RCX: 00007fe88d98e169 [ 1898.100531][T30081] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1898.100544][T30081] RBP: 00007fe88e7ff090 R08: fffffffffffffffa R09: 0000000000008000 [ 1898.100558][T30081] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000001 [ 1898.100571][T30081] R13: 0000000000000000 R14: 00007fe88dbb5fa0 R15: 00007fffbf9cdb68 [ 1898.100598][T30081] [ 1898.395689][T30089] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 1899.372139][T30102] KVM: debugfs: duplicate directory 30102-4 [ 1902.508203][T30145] FAULT_INJECTION: forcing a failure. [ 1902.508203][T30145] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1902.598613][T30145] CPU: 0 UID: 0 PID: 30145 Comm: syz.1.5056 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1902.598647][T30145] Tainted: [U]=USER [ 1902.598654][T30145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1902.598666][T30145] Call Trace: [ 1902.598672][T30145] [ 1902.598680][T30145] dump_stack_lvl+0x16c/0x1f0 [ 1902.598712][T30145] should_fail_ex+0x512/0x640 [ 1902.598740][T30145] should_fail_alloc_page+0xe7/0x130 [ 1902.598769][T30145] prepare_alloc_pages+0x3c2/0x610 [ 1902.598806][T30145] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1902.598839][T30145] ? __lock_acquire+0x5ca/0x1ba0 [ 1902.598869][T30145] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1902.598910][T30145] ? find_held_lock+0x2b/0x80 [ 1902.598931][T30145] ? is_bpf_text_address+0x8a/0x1a0 [ 1902.598957][T30145] ? bpf_ksym_find+0x124/0x1c0 [ 1902.598976][T30145] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1902.599007][T30145] ? policy_nodemask+0xea/0x4e0 [ 1902.599035][T30145] alloc_pages_mpol+0x1fb/0x550 [ 1902.599062][T30145] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1902.599094][T30145] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1902.599126][T30145] shmem_alloc_folio+0x135/0x160 [ 1902.599148][T30145] shmem_alloc_and_add_folio+0x499/0xc20 [ 1902.599179][T30145] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1902.599207][T30145] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 1902.599237][T30145] shmem_get_folio_gfp+0x687/0x1530 [ 1902.599268][T30145] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1902.599301][T30145] shmem_fault+0x1fe/0xa30 [ 1902.599327][T30145] ? __pfx_shmem_fault+0x10/0x10 [ 1902.599350][T30145] ? rcu_is_watching+0x12/0xc0 [ 1902.599375][T30145] ? __pfx_filemap_map_pages+0x10/0x10 [ 1902.599404][T30145] ? pte_alloc_one+0x2b1/0x380 [ 1902.599430][T30145] ? __pfx_filemap_map_pages+0x10/0x10 [ 1902.599455][T30145] __do_fault+0x10a/0x490 [ 1902.599482][T30145] ? __pfx_filemap_map_pages+0x10/0x10 [ 1902.599508][T30145] do_pte_missing+0x1a6/0x3fb0 [ 1902.599530][T30145] ? do_raw_spin_unlock+0x172/0x230 [ 1902.599553][T30145] ? __pmd_alloc+0x3c2/0x870 [ 1902.599582][T30145] ? find_held_lock+0x2b/0x80 [ 1902.599604][T30145] __handle_mm_fault+0x103d/0x2a40 [ 1902.599633][T30145] ? __pfx___handle_mm_fault+0x10/0x10 [ 1902.599669][T30145] ? find_vma+0xbf/0x140 [ 1902.599697][T30145] ? __pfx_find_vma+0x10/0x10 [ 1902.599724][T30145] ? proc_reg_read+0x23d/0x330 [ 1902.599748][T30145] handle_mm_fault+0x3fe/0xad0 [ 1902.599774][T30145] do_user_addr_fault+0x7a6/0x1370 [ 1902.599802][T30145] ? rcu_is_watching+0x12/0xc0 [ 1902.599842][T30145] exc_page_fault+0x5c/0xc0 [ 1902.599872][T30145] asm_exc_page_fault+0x26/0x30 [ 1902.599897][T30145] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 1902.599922][T30145] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 1902.599943][T30145] RSP: 0018:ffffc90003fc79b8 EFLAGS: 00050202 [ 1902.599960][T30145] RAX: 7373657264644120 RBX: 000000000000001d RCX: 000000000000001d [ 1902.599973][T30145] RDX: ffffed100fb05c05 RSI: ffff88807d82e008 RDI: 0000000000000000 [ 1902.599987][T30145] RBP: 000000000000001d R08: 0000000000000000 R09: ffffed100fb05c04 [ 1902.599999][T30145] R10: ffff88807d82e024 R11: 0000000000000000 R12: ffffc90003fc7bc8 [ 1902.600013][T30145] R13: 0000000000000000 R14: ffffc90003fc7bd0 R15: ffff88807d82e008 [ 1902.600041][T30145] _copy_to_iter+0x50c/0x15a0 [ 1902.600075][T30145] ? __pfx__copy_to_iter+0x10/0x10 [ 1902.600101][T30145] ? lockdep_hardirqs_on+0x7c/0x110 [ 1902.600129][T30145] ? traverse.part.0.constprop.0+0x2bd/0x640 [ 1902.600161][T30145] ? __local_bh_enable_ip+0xa4/0x120 [ 1902.600188][T30145] ? traverse.part.0.constprop.0+0x2c5/0x640 [ 1902.600230][T30145] seq_read_iter+0x719/0x12c0 [ 1902.600263][T30145] ? aa_file_perm+0x4d6/0xfb0 [ 1902.600301][T30145] seq_read+0x39e/0x4e0 [ 1902.600332][T30145] ? __pfx_seq_read+0x10/0x10 [ 1902.600369][T30145] ? get_pid_task+0xfc/0x250 [ 1902.600409][T30145] ? __pfx_seq_read+0x10/0x10 [ 1902.600440][T30145] proc_reg_read+0x23d/0x330 [ 1902.600462][T30145] ? __pfx_proc_reg_read+0x10/0x10 [ 1902.600487][T30145] vfs_read+0x1de/0xc70 [ 1902.600514][T30145] ? __pfx_vfs_read+0x10/0x10 [ 1902.600533][T30145] ? find_held_lock+0x2b/0x80 [ 1902.600555][T30145] ? __fget_files+0x204/0x3c0 [ 1902.600579][T30145] ? __fget_files+0x20e/0x3c0 [ 1902.600596][T30145] ? __fget_files+0x1f0/0x3c0 [ 1902.600623][T30145] __x64_sys_pread64+0x1f4/0x250 [ 1902.600647][T30145] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1902.600669][T30145] ? rcu_is_watching+0x12/0xc0 [ 1902.600697][T30145] do_syscall_64+0xcd/0x230 [ 1902.600730][T30145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1902.600750][T30145] RIP: 0033:0x7f9f1278e169 [ 1902.600766][T30145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1902.600786][T30145] RSP: 002b:00007f9f135da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1902.600804][T30145] RAX: ffffffffffffffda RBX: 00007f9f129b5fa0 RCX: 00007f9f1278e169 [ 1902.600818][T30145] RDX: 00000000000000a0 RSI: 0000000000000000 RDI: 0000000000000003 [ 1902.600830][T30145] RBP: 00007f9f135da090 R08: 0000000000000000 R09: 0000000000000000 [ 1902.600843][T30145] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 1902.600856][T30145] R13: 0000000000000000 R14: 00007f9f129b5fa0 R15: 00007ffe543a7ab8 [ 1902.600887][T30145] [ 1903.124367][ C0] vkms_vblank_simulate: vblank timer overrun [ 1903.447809][T30155] netlink: 50 bytes leftover after parsing attributes in process `syz.0.5060'. [ 1903.484891][T30156] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 1903.874364][T30168] capability: warning: `syz.0.5063' uses deprecated v2 capabilities in a way that may be insecure [ 1904.412198][T30181] netlink: 290 bytes leftover after parsing attributes in process `syz.0.5067'. [ 1905.604585][T30215] FAULT_INJECTION: forcing a failure. [ 1905.604585][T30215] name failslab, interval 1, probability 0, space 0, times 0 [ 1905.757820][T30215] CPU: 0 UID: 0 PID: 30215 Comm: syz.4.5074 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1905.757860][T30215] Tainted: [U]=USER [ 1905.757868][T30215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1905.757882][T30215] Call Trace: [ 1905.757890][T30215] [ 1905.757899][T30215] dump_stack_lvl+0x16c/0x1f0 [ 1905.757935][T30215] should_fail_ex+0x512/0x640 [ 1905.757962][T30215] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1905.757990][T30215] should_failslab+0xc2/0x120 [ 1905.758020][T30215] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1905.758042][T30215] ? ksys_write+0x1b9/0x240 [ 1905.758065][T30215] ? do_eventfd+0x67/0x2c0 [ 1905.758095][T30215] do_eventfd+0x67/0x2c0 [ 1905.758119][T30215] ? rcu_is_watching+0x12/0xc0 [ 1905.758144][T30215] __x64_sys_eventfd+0x32/0x50 [ 1905.758171][T30215] do_syscall_64+0xcd/0x230 [ 1905.758206][T30215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1905.758229][T30215] RIP: 0033:0x7f401d98e169 [ 1905.758247][T30215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1905.758270][T30215] RSP: 002b:00007f401e7ea038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 1905.758291][T30215] RAX: ffffffffffffffda RBX: 00007f401dbb6320 RCX: 00007f401d98e169 [ 1905.758307][T30215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1905.758320][T30215] RBP: 00007f401e7ea090 R08: 0000000000000000 R09: 0000000000000000 [ 1905.758333][T30215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1905.758347][T30215] R13: 0000000000000000 R14: 00007f401dbb6320 R15: 00007fffd7106d68 [ 1905.758374][T30215] [ 1905.931702][ C0] vkms_vblank_simulate: vblank timer overrun [ 1906.545054][T30231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5081'. [ 1906.582517][T30231] bridge0: port 2(bridge_slave_1) entered disabled state [ 1906.716459][T30231] bridge_slave_1 (unregistering): left allmulticast mode [ 1906.752579][T30231] bridge_slave_1 (unregistering): left promiscuous mode [ 1906.774436][T30231] bridge0: port 2(bridge_slave_1) entered disabled state [ 1907.504701][T30245] vivid-003: ================= START STATUS ================= [ 1907.532802][T30245] vivid-003: ================== END STATUS ================== [ 1908.376711][T30253] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5085'. [ 1909.159427][T30260] ram7: [CUMANA/ADFS] p1 [ADFS] p1 [ 1909.215314][T30260] ram7: partition table partially beyond EOD, truncated [ 1909.245709][T30260] ram7: p1 size 1706892741 extends beyond EOD, truncated [ 1909.913554][T30278] FAULT_INJECTION: forcing a failure. [ 1909.913554][T30278] name failslab, interval 1, probability 0, space 0, times 0 [ 1909.965375][T30278] CPU: 0 UID: 0 PID: 30278 Comm: syz.0.5091 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1909.965408][T30278] Tainted: [U]=USER [ 1909.965414][T30278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1909.965426][T30278] Call Trace: [ 1909.965432][T30278] [ 1909.965440][T30278] dump_stack_lvl+0x16c/0x1f0 [ 1909.965477][T30278] should_fail_ex+0x512/0x640 [ 1909.965501][T30278] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1909.965528][T30278] should_failslab+0xc2/0x120 [ 1909.965554][T30278] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1909.965579][T30278] ? __alloc_skb+0x2b2/0x380 [ 1909.965607][T30278] __alloc_skb+0x2b2/0x380 [ 1909.965631][T30278] ? __pfx___alloc_skb+0x10/0x10 [ 1909.965659][T30278] ? __lock_acquire+0xaa4/0x1ba0 [ 1909.965690][T30278] netlink_alloc_large_skb+0x69/0x130 [ 1909.965721][T30278] netlink_sendmsg+0x6a1/0xdd0 [ 1909.965753][T30278] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1909.965790][T30278] ____sys_sendmsg+0xa95/0xc70 [ 1909.965809][T30278] ? copy_msghdr_from_user+0x10a/0x160 [ 1909.965836][T30278] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1909.965865][T30278] ___sys_sendmsg+0x134/0x1d0 [ 1909.965892][T30278] ? __pfx____sys_sendmsg+0x10/0x10 [ 1909.965946][T30278] __sys_sendmsg+0x16d/0x220 [ 1909.965973][T30278] ? __pfx___sys_sendmsg+0x10/0x10 [ 1909.966006][T30278] ? rcu_is_watching+0x12/0xc0 [ 1909.966033][T30278] do_syscall_64+0xcd/0x230 [ 1909.966063][T30278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1909.966084][T30278] RIP: 0033:0x7f2975b8e169 [ 1909.966099][T30278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1909.966119][T30278] RSP: 002b:00007f29769ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1909.966137][T30278] RAX: ffffffffffffffda RBX: 00007f2975db5fa0 RCX: 00007f2975b8e169 [ 1909.966151][T30278] RDX: 00000000000000c4 RSI: 00002000000039c0 RDI: 0000000000000004 [ 1909.966164][T30278] RBP: 00007f29769ef090 R08: 0000000000000000 R09: 0000000000000000 [ 1909.966176][T30278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1909.966188][T30278] R13: 0000000000000000 R14: 00007f2975db5fa0 R15: 00007ffe13e975b8 [ 1909.966212][T30278] [ 1910.193896][ C0] vkms_vblank_simulate: vblank timer overrun [ 1910.577202][T30280] netlink: 'syz.1.5092': attribute type 1 has an invalid length. [ 1913.497453][T30322] FAULT_INJECTION: forcing a failure. [ 1913.497453][T30322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1913.571214][T30326] ================================================================== [ 1913.579294][T30326] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 1913.587019][T30326] Read of size 8 at addr ffff888029c4d818 by task syz.0.5103/30326 [ 1913.594907][T30326] [ 1913.597232][T30326] CPU: 0 UID: 0 PID: 30326 Comm: syz.0.5103 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1913.597263][T30326] Tainted: [U]=USER [ 1913.597270][T30326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1913.597284][T30326] Call Trace: [ 1913.597292][T30326] [ 1913.597300][T30326] dump_stack_lvl+0x116/0x1f0 [ 1913.597330][T30326] print_report+0xc3/0x670 [ 1913.597356][T30326] ? __virt_addr_valid+0x5e/0x590 [ 1913.597385][T30326] ? __phys_addr+0xc6/0x150 [ 1913.597413][T30326] ? dvb_device_open+0x36a/0x3b0 [ 1913.597433][T30326] kasan_report+0xe0/0x110 [ 1913.597459][T30326] ? dvb_device_open+0x36a/0x3b0 [ 1913.597481][T30326] ? __pfx_dvb_device_open+0x10/0x10 [ 1913.597502][T30326] dvb_device_open+0x36a/0x3b0 [ 1913.597523][T30326] ? __pfx_dvb_device_open+0x10/0x10 [ 1913.597545][T30326] chrdev_open+0x231/0x6a0 [ 1913.597567][T30326] ? __pfx_apparmor_file_open+0x10/0x10 [ 1913.597594][T30326] ? __pfx_chrdev_open+0x10/0x10 [ 1913.597618][T30326] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1913.597653][T30326] do_dentry_open+0x741/0x1c10 [ 1913.597675][T30326] ? __pfx_chrdev_open+0x10/0x10 [ 1913.597700][T30326] vfs_open+0x82/0x3f0 [ 1913.597728][T30326] path_openat+0x1e5e/0x2d40 [ 1913.597753][T30326] ? __pfx_path_openat+0x10/0x10 [ 1913.597777][T30326] do_filp_open+0x20b/0x470 [ 1913.597797][T30326] ? __pfx_do_filp_open+0x10/0x10 [ 1913.597826][T30326] ? alloc_fd+0x471/0x7d0 [ 1913.597847][T30326] do_sys_openat2+0x11b/0x1d0 [ 1913.597875][T30326] ? __pfx_do_sys_openat2+0x10/0x10 [ 1913.597908][T30326] __x64_sys_openat+0x174/0x210 [ 1913.597942][T30326] ? __pfx___x64_sys_openat+0x10/0x10 [ 1913.597973][T30326] ? do_user_addr_fault+0x843/0x1370 [ 1913.597997][T30326] do_syscall_64+0xcd/0x230 [ 1913.598027][T30326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1913.598048][T30326] RIP: 0033:0x7f2975b8e169 [ 1913.598063][T30326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1913.598083][T30326] RSP: 002b:00007f29769ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1913.598102][T30326] RAX: ffffffffffffffda RBX: 00007f2975db6080 RCX: 00007f2975b8e169 [ 1913.598116][T30326] RDX: 0000000002000000 RSI: 0000200000000840 RDI: ffffffffffffff9c [ 1913.598130][T30326] RBP: 00007f2975c10a68 R08: 0000000000000000 R09: 0000000000000000 [ 1913.598143][T30326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1913.598156][T30326] R13: 0000000000000001 R14: 00007f2975db6080 R15: 00007ffe13e975b8 [ 1913.598175][T30326] [ 1913.598183][T30326] [ 1913.851474][T30326] Allocated by task 1: [ 1913.855533][T30326] kasan_save_stack+0x33/0x60 [ 1913.860228][T30326] kasan_save_track+0x14/0x30 [ 1913.864912][T30326] __kasan_kmalloc+0xaa/0xb0 [ 1913.869497][T30326] dvb_register_device+0x1e4/0x2370 [ 1913.874692][T30326] dvb_register_frontend+0x5a6/0x880 [ 1913.879974][T30326] vidtv_bridge_probe+0x459/0xa90 [ 1913.884996][T30326] platform_probe+0xff/0x1f0 [ 1913.889587][T30326] really_probe+0x23e/0xa90 [ 1913.894093][T30326] __driver_probe_device+0x1de/0x440 [ 1913.899388][T30326] driver_probe_device+0x4c/0x1b0 [ 1913.904420][T30326] __driver_attach+0x283/0x580 [ 1913.909187][T30326] bus_for_each_dev+0x13b/0x1d0 [ 1913.914055][T30326] bus_add_driver+0x2e9/0x690 [ 1913.918736][T30326] driver_register+0x15c/0x4b0 [ 1913.923498][T30326] vidtv_bridge_init+0x45/0x80 [ 1913.928273][T30326] do_one_initcall+0x120/0x6e0 [ 1913.933060][T30326] kernel_init_freeable+0x5c2/0x900 [ 1913.938258][T30326] kernel_init+0x1c/0x2b0 [ 1913.942582][T30326] ret_from_fork+0x45/0x80 [ 1913.946992][T30326] ret_from_fork_asm+0x1a/0x30 [ 1913.951764][T30326] [ 1913.954078][T30326] Freed by task 30156: [ 1913.958130][T30326] kasan_save_stack+0x33/0x60 [ 1913.962822][T30326] kasan_save_track+0x14/0x30 [ 1913.967499][T30326] kasan_save_free_info+0x3b/0x60 [ 1913.972531][T30326] __kasan_slab_free+0x51/0x70 [ 1913.977293][T30326] kfree+0x2b6/0x4d0 [ 1913.981181][T30326] dvb_device_put.part.0+0x60/0x90 [ 1913.988482][T30326] dvb_device_open+0x2a4/0x3b0 [ 1913.993239][T30326] chrdev_open+0x231/0x6a0 [ 1913.997654][T30326] do_dentry_open+0x741/0x1c10 [ 1914.002416][T30326] vfs_open+0x82/0x3f0 [ 1914.006513][T30326] path_openat+0x1e5e/0x2d40 [ 1914.011096][T30326] do_filp_open+0x20b/0x470 [ 1914.015593][T30326] do_sys_openat2+0x11b/0x1d0 [ 1914.020273][T30326] __x64_sys_openat+0x174/0x210 [ 1914.025135][T30326] do_syscall_64+0xcd/0x230 [ 1914.029639][T30326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1914.035524][T30326] [ 1914.037838][T30326] The buggy address belongs to the object at ffff888029c4d800 [ 1914.037838][T30326] which belongs to the cache kmalloc-256 of size 256 [ 1914.051902][T30326] The buggy address is located 24 bytes inside of [ 1914.051902][T30326] freed 256-byte region [ffff888029c4d800, ffff888029c4d900) [ 1914.065617][T30326] [ 1914.067929][T30326] The buggy address belongs to the physical page: [ 1914.074340][T30326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29c4c [ 1914.083089][T30326] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1914.091577][T30326] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1914.099110][T30326] page_type: f5(slab) [ 1914.103085][T30326] raw: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 1914.111660][T30326] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1914.120259][T30326] head: 00fff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 1914.128930][T30326] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1914.137598][T30326] head: 00fff00000000001 ffffea0000a71301 00000000ffffffff 00000000ffffffff [ 1914.146263][T30326] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 1914.154918][T30326] page dumped because: kasan: bad access detected [ 1914.161836][T30326] page_owner tracks the page as allocated [ 1914.167551][T30326] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 23918594067, free_ts 0 [ 1914.187253][T30326] post_alloc_hook+0x181/0x1b0 [ 1914.192012][T30326] get_page_from_freelist+0x135c/0x3920 [ 1914.197554][T30326] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 1914.203445][T30326] alloc_pages_mpol+0x1fb/0x550 [ 1914.208293][T30326] new_slab+0x244/0x340 [ 1914.212441][T30326] ___slab_alloc+0xd9c/0x1940 [ 1914.217122][T30326] __slab_alloc.constprop.0+0x56/0xb0 [ 1914.222487][T30326] __kmalloc_cache_noprof+0xfb/0x3e0 [ 1914.227768][T30326] bus_add_driver+0x92/0x690 [ 1914.232358][T30326] driver_register+0x15c/0x4b0 [ 1914.237132][T30326] usb_register_driver+0x216/0x4d0 [ 1914.242239][T30326] do_one_initcall+0x120/0x6e0 [ 1914.247006][T30326] kernel_init_freeable+0x5c2/0x900 [ 1914.252203][T30326] kernel_init+0x1c/0x2b0 [ 1914.256544][T30326] ret_from_fork+0x45/0x80 [ 1914.260959][T30326] ret_from_fork_asm+0x1a/0x30 [ 1914.265749][T30326] page_owner free stack trace missing [ 1914.271107][T30326] [ 1914.273418][T30326] Memory state around the buggy address: [ 1914.279038][T30326] ffff888029c4d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1914.287113][T30326] ffff888029c4d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1914.295165][T30326] >ffff888029c4d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1914.303211][T30326] ^ [ 1914.308064][T30326] ffff888029c4d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1914.316114][T30326] ffff888029c4d900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1914.324161][T30326] ================================================================== [ 1914.345082][T30324] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 1914.589351][T30300] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5097'. [ 1914.912240][T30322] CPU: 0 UID: 0 PID: 30322 Comm: syz.0.5103 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1914.912277][T30322] Tainted: [U]=USER [ 1914.912285][T30322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1914.912297][T30322] Call Trace: [ 1914.912304][T30322] [ 1914.912312][T30322] dump_stack_lvl+0x16c/0x1f0 [ 1914.912346][T30322] should_fail_ex+0x512/0x640 [ 1914.912375][T30322] strncpy_from_user+0x3b/0x2e0 [ 1914.912400][T30322] getname_flags.part.0+0x8f/0x550 [ 1914.912432][T30322] getname_flags+0x93/0xf0 [ 1914.912451][T30322] do_sys_openat2+0xb8/0x1d0 [ 1914.912480][T30322] ? __pfx_do_sys_openat2+0x10/0x10 [ 1914.912518][T30322] __x64_sys_openat+0x174/0x210 [ 1914.912548][T30322] ? __pfx___x64_sys_openat+0x10/0x10 [ 1914.912585][T30322] ? rcu_is_watching+0x12/0xc0 [ 1914.912612][T30322] do_syscall_64+0xcd/0x230 [ 1914.912643][T30322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1914.912663][T30322] RIP: 0033:0x7f2975b8e169 [ 1914.912680][T30322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1914.912700][T30322] RSP: 002b:00007f29769ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1914.912719][T30322] RAX: ffffffffffffffda RBX: 00007f2975db5fa0 RCX: 00007f2975b8e169 [ 1914.912732][T30322] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1914.912745][T30322] RBP: 00007f2975c10a68 R08: 0000000000000000 R09: 0000000000000000 [ 1914.912758][T30322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1914.912770][T30322] R13: 0000000000000000 R14: 00007f2975db5fa0 R15: 00007ffe13e975b8 [ 1914.912795][T30322] [ 1915.361855][T30326] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1915.369087][T30326] CPU: 0 UID: 0 PID: 30326 Comm: syz.0.5103 Tainted: G U 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 1915.382754][T30326] Tainted: [U]=USER [ 1915.386554][T30326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1915.396604][T30326] Call Trace: [ 1915.399903][T30326] [ 1915.402831][T30326] dump_stack_lvl+0x3d/0x1f0 [ 1915.407431][T30326] panic+0x71c/0x800 [ 1915.411337][T30326] ? __pfx_panic+0x10/0x10 [ 1915.415765][T30326] ? mark_held_locks+0x49/0x80 [ 1915.420541][T30326] ? preempt_schedule_thunk+0x16/0x30 [ 1915.425921][T30326] ? dvb_device_open+0x36a/0x3b0 [ 1915.430879][T30326] ? preempt_schedule_common+0x44/0xc0 [ 1915.436390][T30326] ? dvb_device_open+0x36a/0x3b0 [ 1915.441339][T30326] check_panic_on_warn+0xab/0xb0 [ 1915.446292][T30326] end_report+0x107/0x170 [ 1915.450626][T30326] kasan_report+0xee/0x110 [ 1915.455049][T30326] ? dvb_device_open+0x36a/0x3b0 [ 1915.459990][T30326] ? __pfx_dvb_device_open+0x10/0x10 [ 1915.465280][T30326] dvb_device_open+0x36a/0x3b0 [ 1915.470046][T30326] ? __pfx_dvb_device_open+0x10/0x10 [ 1915.475336][T30326] chrdev_open+0x231/0x6a0 [ 1915.479751][T30326] ? __pfx_apparmor_file_open+0x10/0x10 [ 1915.485305][T30326] ? __pfx_chrdev_open+0x10/0x10 [ 1915.490245][T30326] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1915.497037][T30326] do_dentry_open+0x741/0x1c10 [ 1915.501811][T30326] ? __pfx_chrdev_open+0x10/0x10 [ 1915.506762][T30326] vfs_open+0x82/0x3f0 [ 1915.510852][T30326] path_openat+0x1e5e/0x2d40 [ 1915.515467][T30326] ? __pfx_path_openat+0x10/0x10 [ 1915.520412][T30326] do_filp_open+0x20b/0x470 [ 1915.524923][T30326] ? __pfx_do_filp_open+0x10/0x10 [ 1915.529958][T30326] ? alloc_fd+0x471/0x7d0 [ 1915.534288][T30326] do_sys_openat2+0x11b/0x1d0 [ 1915.538971][T30326] ? __pfx_do_sys_openat2+0x10/0x10 [ 1915.544204][T30326] __x64_sys_openat+0x174/0x210 [ 1915.549076][T30326] ? __pfx___x64_sys_openat+0x10/0x10 [ 1915.554456][T30326] ? do_user_addr_fault+0x843/0x1370 [ 1915.559745][T30326] do_syscall_64+0xcd/0x230 [ 1915.564271][T30326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1915.570161][T30326] RIP: 0033:0x7f2975b8e169 [ 1915.574576][T30326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1915.594184][T30326] RSP: 002b:00007f29769ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1915.602594][T30326] RAX: ffffffffffffffda RBX: 00007f2975db6080 RCX: 00007f2975b8e169 [ 1915.610562][T30326] RDX: 0000000002000000 RSI: 0000200000000840 RDI: ffffffffffffff9c [ 1915.618531][T30326] RBP: 00007f2975c10a68 R08: 0000000000000000 R09: 0000000000000000 [ 1915.626496][T30326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1915.634461][T30326] R13: 0000000000000001 R14: 00007f2975db6080 R15: 00007ffe13e975b8 [ 1915.642434][T30326] [ 1915.645502][T30326] Kernel Offset: disabled [ 1915.649842][T30326] Rebooting in 86400 seconds..