last executing test programs: 7.614925108s ago: executing program 0 (id=2559): writev$auto(0xc8, &(0x7f00000028c0)={&(0x7f0000000040), 0xfdef}, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) nanosleep$auto(&(0x7f0000000080)={0xfffffffffffffff7, 0x5ea}, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="24051c27c100dedbdf250307cc0008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000006000700050000000a00050000000000000000000a00010000000000000000000a0001000000000000000000060006000d000000060006"], 0x6c}}, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x100) r0 = socket(0x2, 0x1, 0x0) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(r0, 0x7) accept$auto(r0, 0x0, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto_long_retry_limit_ops_(0xffffffffffffffff, &(0x7f0000000000)=""/148, 0x94) 7.048593216s ago: executing program 0 (id=2563): mkdir$auto(&(0x7f0000000180)='./file0\x00', 0xe34e) mmap$auto(0x0, 0xb, 0x72, 0x8b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/pcmC0D0p\x00', 0x200, 0x0) shutdown$auto(r0, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x8009b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/irq/0/node\x00', 0x80000, 0x0) read$auto_proc_single_file_operations_base(r1, &(0x7f0000000200)=""/111, 0x6f) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(0x8000000000000001, 0x26, 0x8) fcntl$auto(r2, 0x7, 0x4) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0x7) mmap$auto(0x0, 0x25, 0x6, 0x8012, 0x0, 0x800000000000) 5.737175185s ago: executing program 0 (id=2569): personality$auto(0x2) r0 = openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy7/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats_csv\x00', 0x400000, 0x0) close_range$auto(0x2, r0, 0x80000002) mmap$auto(0x0, 0x480008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(r1, &(0x7f0000000040)=""/117, 0x75) ioctl$auto_SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000000)="8a") keyctl$auto(0xb, 0xfffffffd, 0x5, 0x0, 0x9) r2 = socket(0x1e, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video33\x00', 0x80382, 0x0) ioctl$auto(r3, 0xc0045627, r2) 5.353349234s ago: executing program 0 (id=2573): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/crash_elfcorehdr_size\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/116, 0x74) r1 = socket(0xa, 0x3, 0x6) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.0/usb1/power/wakeup_active_count\x00', 0x0, 0x0) preadv$auto(r1, &(0x7f00000001c0)={0x0, 0xb}, 0x3, 0x2000000209, 0x8) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x6a) ioperm$auto(0x3, 0xe, 0x2000000000000149) mbind$auto(0x9, 0x84, 0x4, 0x0, 0x80000000, 0x7f) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x4, 0x7) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) socket(0x26, 0x5, 0x300) sysfs$auto(0x2, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) sendmsg$auto_NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, 0x0, 0x20048800) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) setsockopt$auto(r2, 0x400, 0x7cf, &(0x7f0000000140)='/sys/kernel/crash_elfcorehdr_size\x00', 0x7) ustat$auto(0x801, 0x0) sendmsg$auto(r3, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) 4.371338556s ago: executing program 0 (id=2580): r0 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ieee80211/phy7/queues\x00', 0x40000, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r0, 0x0, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) io_uring_setup$auto(0x6, 0x0) (async, rerun: 64) madvise$auto(0x0, 0x200007, 0x19) (rerun: 64) shmctl$auto_IPC_STAT(0x1, 0x2, &(0x7f0000000180)={{0x5, 0x0, 0xffffffffffffffff, 0x4, 0x8, 0x80, 0xb}, 0xa, 0x80000000, 0x4, 0x6, @inferred=0xffffffffffffffff, @raw, 0x8, 0x0, &(0x7f0000000040)="b057d39cbca4ac6619c8634604cc5e27a8ae7d637d90b4536e89eaa0efc1084c0ba836b58deade55915176862bbf475882b8ff1c76b4f1009348f6a3ece7aa2944a735f97142986aa4b7a5dd8b6b3146eb2fb37dc3f7a49ebc69c33f4d1ffde17193a514121a251a413a6878df020d7a8040107a9958dc49ab0c70c0eab550049393d2298d38b4c8582f3c7296ac9b1aa208fd684a1ffce1797824bacfd1c55e1588887c1d8bc3373fdf1f4cb41d7d17461441a529bdd22a73e9f42dbb6b7e7fe6c77a586634ad3aa5e93edc7a36d0f6aa2f1527aeb5906ff41b61246c80f6505729954679d1388620cfafbb32cf7998dda85a1503380b4214", &(0x7f0000000140)="d05acb81a38634dea141f57d642daeeaaa1b1cea5a1ef00bf4eafd69fef7cc096f992e85df6af889a88dee8359aa"}) (async) getegid() (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cec27\x00', 0x402e40, 0x0) (async, rerun: 32) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) (async, rerun: 32) setsockopt$auto(0xffffffffffffffff, 0x10000008, 0x8005, 0x0, 0x2) (async, rerun: 64) unshare$auto(0x40000080) (async, rerun: 64) socket(0xa, 0x2, 0x0) (async, rerun: 32) unshare$auto(0x40000080) (async, rerun: 32) mmap$auto(0x2, 0x4020009, 0x3, 0xeb1, 0x401, 0x4000008000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) socket(0x10, 0x2, 0xc) socket(0x28, 0x1, 0x0) (async, rerun: 64) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)='ns/mnt\x00') (async, rerun: 64) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) (async) shmctl$auto(0x1, 0xc0000000, &(0x7f00000002c0)={{0x0, r1, r2, 0x5, 0x7, 0x1, 0x8}, 0x9, 0x82, 0x1, 0x1, @raw=0x5, @inferred=r3, 0x0, 0x0, &(0x7f0000000000)="4ce37c", &(0x7f0000000240)="e3b65ca0e98f17506a7c4ad8ad058bd5a16dc6e2a997cd8e5d08439197c462a7df44d7d9b4bf5eb74bf9fadf399248ea1212b04e6035f8a570741fb2966f11ff27958bcd819780df8fe757b3a25fea9ea6123c4276be13e2"}) (async, rerun: 32) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) (async, rerun: 32) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) io_uring_setup$auto(0x6, 0x0) (async) mmap$auto(0x200000000000000, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) 3.986710666s ago: executing program 1 (id=2526): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) setrlimit$auto(0x1000000007, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) 3.648360119s ago: executing program 1 (id=2583): r0 = prctl$auto_PR_PAC_RESET_KEYS(0x36, 0xee, 0xffffffffffffffff, 0xd, 0x7) getsockopt$auto_SO_TIMESTAMPNS_NEW(r0, 0xa, 0x40, &(0x7f0000000000)=']\x00', &(0x7f0000000040)=0x4) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x4, 0xa553) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @dev={0xac, 0x14, 0x14, 0xd}}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x101, 0x0, 0x5, 0x9ad}, 0x5}, 0x5, 0x20000000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = semctl$auto(0x9, 0xc1b8, 0x4, 0x1) mmap$auto(0x7ffffffd, 0x400004, 0x10, 0x9b72, r1, 0x5) r3 = socket(0x29, 0x5, 0x0) dup2$auto(r3, r3) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_SET(r4, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022dbd7000fedb01000000000000000900", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=r2, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20004894}, 0x4008000) mmap$auto(0x0, 0x6, 0xdf, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0xf663, 0x15) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x7, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7d, 0x101, 0x6, 0x40000000000002}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) socket(0x2a, 0x2, 0x0) mmap$auto(0x20000, 0x20009, 0x3ff, 0xeb1, 0xffffffffffffffff, 0x7ffd) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(r3, 0x0, 0x40) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) pwrite64$auto(r5, 0x0, 0x1, 0x2) 2.64618823s ago: executing program 3 (id=2589): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) mmap$auto(0x0, 0x800000000000004, 0x4000000000df, 0x40eb2, r0, 0x300000000002) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_fops_atomic_t_ro_(0xffffffffffffff9c, &(0x7f00000003c0), 0x28000, 0x0) read$auto_fops_atomic_t_ro_(r3, 0x0, 0x0) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000640), r0) r6 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) recvmmsg$auto(r6, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x200, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}}, 0x40000) add_key$auto(&(0x7f00000001c0)='\x00', &(0x7f0000000300)='nbd\x00', &(0x7f0000000540)="25123b91ee2da0a6197f0165d5ee80f2f913dbe3b84366bbee889ac496aec89db27fbee30c97a7eca8c1674ffa0a2e173ac4f8aa64a8cc146be2bf735f1dd8ec1524f80dff01c86baf5f42714c1a32c138b7c04137a52bb233ed31fa369093e6b7ffe46174b964841c7fc6eb2b96c5c4bf7a566ff66604ed8393c00a62888d9dc8db837eb300c04800bedbf4b811728a71d38fcb7d7d9905acc234f152c8c098f3a15334bfed97eb75be812d0b8d7108c09b7b2f1ac133f73b38614b2b0cc7893608015478167746a21eb76df73e", 0x4, 0x5) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xe4}, 0x1000001, 0x0, 0x0, 0x8}, 0x7}, 0x3, 0x7) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_DEL_PMKSA(r4, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)={0x98, r7, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x10000}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x70}, @NL80211_ATTR_S1G_CAPABILITY_MASK={0x73, 0x129, "1241acead1da470f04052f99f71be1c03a69d606faa148c575c18715d3d24c20cac6012c81822daaba27bcbe8158bf2265b6c7dca53d17266cdf68e2b51d83f2b46ea76e5e0eb36f5fbd9430836622dd0c2dccd7824c19505be538a3fc60e021b7afb8985000f33133914cee480220"}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000081}, 0x4000000) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_CONNECT(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000009400)={0x30, r5, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x9}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_SOCKETS={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) 2.627251714s ago: executing program 1 (id=2590): mmap$auto(0x0, 0x1, 0x9, 0xeb1, 0x401, 0xd9) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) mmap$auto(0x1, 0xe2, 0x4000000000dd, 0x14, 0x401, 0x80008000) (async) mmap$auto(0x1, 0xe2, 0x4000000000dd, 0x14, 0x401, 0x80008000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) (async) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto(r0, 0x0, 0x7) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0xa, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x3a6, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x3a6, 0x0) io_uring_setup$auto(0x84, 0x0) (async) io_uring_setup$auto(0x84, 0x0) close_range$auto(0x2, 0xa, 0x0) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x280000, 0x100) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto_SO_PEERNAME(r1, 0x4, 0x1c, &(0x7f00000000c0)='/dev/video35\x00', &(0x7f0000000100)=0x3) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x22240, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x9) r3 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r3, &(0x7f0000000700)='!dev_vhc&\x00', 0x9) (async) write$auto(r3, &(0x7f0000000700)='!dev_vhc&\x00', 0x9) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PRIVFLAGS_GET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="01032cbd7000fcdbdf250def0000"], 0x14}, 0x1, 0xffffffa6}, 0x8000) mmap$auto(0x0, 0x1000, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000000), 0x24000, 0x0) ioctl$auto_PPPIOCGUNIT(r6, 0x80047456, &(0x7f0000000180)=0x4) close_range$auto(r1, 0xa, 0x577) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x3, 0x3a) 2.469968542s ago: executing program 2 (id=2591): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x400000040eb1, 0x602, 0x300000000000) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x110) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2080, 0x0) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) getdents64$auto(r1, 0x0, 0x400) ioctl$auto(r0, 0xc040564a, r0) 2.324166469s ago: executing program 3 (id=2592): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) setrlimit$auto(0x1000000007, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) 2.174879705s ago: executing program 2 (id=2593): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = getpgrp(0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x22, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x80044944, 0x0) prctl$auto(0x5, 0x1, r0, 0xfffffffffffffff7, 0x0) sysfs$auto(0xfffffefd, 0x8005896, 0x3ff) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 2.033210681s ago: executing program 3 (id=2594): sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="a02c0000", @ANYRES16, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYBLOB="08000100486652000a0002"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00'], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x22000000) 1.941148746s ago: executing program 2 (id=2595): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) mmap$auto(0x0, 0x800000000000004, 0x4000000000df, 0x40eb2, r0, 0x300000000002) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_fops_atomic_t_ro_(0xffffffffffffff9c, &(0x7f00000003c0), 0x28000, 0x0) read$auto_fops_atomic_t_ro_(r3, 0x0, 0x0) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) r6 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) recvmmsg$auto(r6, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x200, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_DEL_PMKSA(r4, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)={0x98, r7, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x10000}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x70}, @NL80211_ATTR_S1G_CAPABILITY_MASK={0x73, 0x129, "1241acead1da470f04052f99f71be1c03a69d606faa148c575c18715d3d24c20cac6012c81822daaba27bcbe8158bf2265b6c7dca53d17266cdf68e2b51d83f2b46ea76e5e0eb36f5fbd9430836622dd0c2dccd7824c19505be538a3fc60e021b7afb8985000f33133914cee480220"}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000081}, 0x4000000) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NBD_CMD_CONNECT(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000009400)={0x30, r5, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x9}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_SOCKETS={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) (fail_nth: 4) 1.900438054s ago: executing program 3 (id=2596): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000800), 0xffffffffffffffff) prctl$auto_PR_SCHED_CORE_GET(0x80000000, 0x0, 0x0, 0x9, 0x4) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event1\x00', 0x60982, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto_KVM_CREATE_VM(r0, 0x4138ae84, 0x0) 1.291184537s ago: executing program 3 (id=2597): mmap$auto(0x10000, 0x73, 0x81, 0x19, 0xfffffffffffffffa, 0xffffffffffff0001) msgsnd$auto(0x5, 0x0, 0x3, 0x8) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "000015ff8302000000e6ffff00"}, 0x4059) r0 = socketpair$auto(0x5, 0x5, 0x2, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(r0, &(0x7f0000000380)=@qipcrtr={0x2a, 0x0, 0x7ffe}, 0x58) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r1 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa1\x00', 0x1, 0x0) write$auto_vcs_fops_vc_screen(r1, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0xfbe8, 0x4) mlockall$auto(0x7) arch_prctl$auto(0x5005, 0x9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x15, 0x5, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0xdef, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) setsockopt$auto(0x3, 0x10000000084, 0x80, 0x0, 0x8) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a000}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x8, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1.290507316s ago: executing program 2 (id=2605): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2acdc3, 0x0) poll$auto(&(0x7f0000000080)={r0, 0x9, 0x9816}, 0x7f, 0x3) prctl$auto(0x2f, 0x9, 0x0, 0x100000001, 0x5) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000000)={0xfffffff7, "009a86ece9dc9af32d522ab66be6f34c6bb89e19e3994d9b05384ab5b861349f", @inferred=r0}) mmap$auto(0x0, 0x400008, 0xdf, 0xfffffffffffffffc, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) unshare$auto(0x8000000) bpf$auto(0x20, &(0x7f0000000080)=@bpf_attr_1={r1, 0x2, @value=0x3, 0x40000000000}, 0x40000c4c) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, 0x55) sendmsg$auto_OVS_DP_CMD_GET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x98fd3f00, 0x0, 0x50}, 0x0) 1.15560724s ago: executing program 0 (id=2598): futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/binderfs/binder1\x00', 0x80, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) personality$auto(0x2) r0 = openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy7/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats_csv\x00', 0x400000, 0x0) close_range$auto(0x2, r0, 0x80000002) mmap$auto(0x0, 0x480008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = socket(0x1e, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0xa0241, 0x0) write$auto_ftrace_set_event_pid_fops_trace_events(r2, &(0x7f0000000040)="2f5407e72503b817a2e95c30af636c319419b38516ea4c42e7da394939bc1de7e648ab30f02f438341f3b858b8c65b914d33ceb57c3680c8615cb45a17a8b61ae24f81b66884051f3d50ca49a19bd65e28e050bfeaeb3d0ec11b537bb630bee989ae48cdb5a8e23f2ddd1abebce5a1a6dd14b5aab3fe3977a9f42a39d2aa1ab884", 0x81) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video33\x00', 0x80382, 0x0) ioctl$auto(r3, 0xc0045627, r1) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x4, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8004) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000300), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) pread64$auto(r6, &(0x7f0000000040)='veth1\x00', 0x200000000006, 0x5) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', &(0x7f0000000040)={0x101201, 0x0, 0x7}, 0x18) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000000)=""/112, 0x70) r8 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r8, 0x0, 0xe) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) 979.107083ms ago: executing program 2 (id=2599): pwrite64$auto(0xc8, &(0x7f0000000600)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\r\xaa\x1c\x03\x00\xe0\x00c\x14M>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\xdd\xac\xff\x84\x00\x00\x00\x00\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x15\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\xff\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x8bc) 775.079708ms ago: executing program 2 (id=2600): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/crash_elfcorehdr_size\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/116, 0x74) r1 = socket(0xa, 0x3, 0x6) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.0/usb1/power/wakeup_active_count\x00', 0x0, 0x0) preadv$auto(r1, &(0x7f00000001c0)={0x0, 0xb}, 0x3, 0x2000000209, 0x8) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @local}, 0x6a) ioperm$auto(0x3, 0xe, 0x2000000000000149) mbind$auto(0x9, 0x84, 0x4, 0x0, 0x80000000, 0x7f) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x4, 0x7) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) socket(0x26, 0x5, 0x300) sysfs$auto(0x2, 0x2, 0x0) shutdown$auto(0x200000003, 0x2) sendmsg$auto_NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, 0x0, 0x20048800) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) setsockopt$auto(r2, 0x400, 0x7cf, &(0x7f0000000140)='/sys/kernel/crash_elfcorehdr_size\x00', 0x7) ustat$auto(0x801, 0x0) sendmsg$auto(r3, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) 706.258989ms ago: executing program 1 (id=2601): r0 = socket(0xa, 0x801, 0x106) ioctl$auto(0xc8, 0x800454dd, 0x5) setsockopt$auto(r0, 0xd2, 0x1, &(0x7f0000000000)='\x98\x00', 0xb559) listen$auto(0x3, 0x81) 335.542859ms ago: executing program 1 (id=2602): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) socket(0x10, 0x2, 0x0) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/tracing_on\x00', 0x40001, 0x0) socket(0xa, 0x801, 0x100) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/cad_pid\x00', 0x8001, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/snd_hda_intel/parameters/beep_mode\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/virtual/net/teql0/statistics/rx_compressed\x00', 0xc2700, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) connect$auto(0x3, &(0x7f00000000c0), 0x55) write$auto(0x3, 0x0, 0x5b4) 283.716535ms ago: executing program 3 (id=2603): mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, 0x0, 0x0) fcntl$auto(0x2, 0x40c, 0x7f) (fail_nth: 3) 0s ago: executing program 1 (id=2604): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) pselect6$auto(0x401, 0x0, 0x0, 0x0, 0x0, &(0x7f00000067c0)="36369dc69f2e") sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf2503000000080003000402000006000700008000000800", @ANYRES32=0x0, @ANYBLOB="0a000500dd000000000000000a000100987874e64b8500000a0001007572c85c318e0000060007"], 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090) r0 = socket(0x2, 0x3, 0x100) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000280), r0) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x40}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x8}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0x4}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x5}]}, 0x34}}, 0x200408c1) io_getevents$auto(0x3, 0x0, 0x4, &(0x7f0000000000)={0x0, 0x6, 0xc, 0xf}, &(0x7f0000000040)={0x100000000, 0x7d}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x4) kernel console output (not intermixed with test programs): 34] __anon_inode_getfile+0x1ec/0x370 [ 528.436002][T12734] io_uring_setup+0x15a3/0x2200 [ 528.436030][T12734] ? __pfx_io_uring_setup+0x10/0x10 [ 528.436063][T12734] ? __pfx___might_resched+0x10/0x10 [ 528.436111][T12734] ? rcu_is_watching+0x12/0xc0 [ 528.436143][T12734] __x64_sys_io_uring_setup+0x98/0x140 [ 528.436170][T12734] do_syscall_64+0xcd/0x250 [ 528.436201][T12734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.436234][T12734] RIP: 0033:0x7f51a658d169 [ 528.436252][T12734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.436276][T12734] RSP: 002b:00007f51a74aa038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 528.436298][T12734] RAX: ffffffffffffffda RBX: 00007f51a67a5fa0 RCX: 00007f51a658d169 [ 528.436315][T12734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000007fff [ 528.436329][T12734] RBP: 00007f51a660e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 528.436344][T12734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 528.436358][T12734] R13: 0000000000000000 R14: 00007f51a67a5fa0 R15: 00007fff3f0bc478 [ 528.436389][T12734] [ 528.780148][T12736] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1891'. [ 528.789412][T12738] udc dummy_udc.0: soft-connect without a gadget driver [ 529.059639][T12748] nbd: must specify a size in bytes for the device [ 529.228033][T12754] nbd: must specify a size in bytes for the device [ 530.775320][T12768] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 530.792176][T12768] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 530.814078][T12768] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 530.834858][T12768] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 530.854196][T12768] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 531.738400][T12801] [U]  [ 531.741259][T12801] [U] [ 531.743990][T12801] [U] [ 531.746711][T12801] [U] [ 531.763408][T12801] [U] [ 531.766158][T12801] [U] [ 531.768888][T12801] [U] [ 531.771613][T12801] [U] [ 531.820332][T12801] [U] [ 531.823104][T12801] [U] [ 531.825825][T12801] [U] [ 531.828546][T12801] [U] [ 531.834648][T12801] [U] [ 531.837392][T12801] [U] [ 531.840111][T12801] [U] [ 531.842810][T12801] [U] [ 531.927570][T12803] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1911'. [ 531.946131][T12799] sg_read: process 1431 (syz.2.1909) changed security contexts after opening file descriptor, this is not allowed. [ 531.971136][T12805] [U] [ 532.281318][ T5834] Bluetooth: hci0: command 0x0419 tx timeout [ 532.619858][T12819] netlink: 'syz.1.1918': attribute type 2 has an invalid length. [ 532.627668][T12819] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1918'. [ 532.830582][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 532.909614][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 532.915742][ T5147] Bluetooth: hci2: command 0x0c1a tx timeout [ 533.487237][T12835] FAULT_INJECTION: forcing a failure. [ 533.487237][T12835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 533.570048][T12835] CPU: 0 UID: 0 PID: 12835 Comm: syz.0.1922 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 533.570079][T12835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 533.570092][T12835] Call Trace: [ 533.570099][T12835] [ 533.570107][T12835] dump_stack_lvl+0x16c/0x1f0 [ 533.570140][T12835] should_fail_ex+0x50a/0x650 [ 533.570179][T12835] _copy_to_user+0x32/0xd0 [ 533.570205][T12835] simple_read_from_buffer+0xd0/0x160 [ 533.570237][T12835] proc_fail_nth_read+0x198/0x270 [ 533.570261][T12835] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 533.570289][T12835] ? rw_verify_area+0xcf/0x680 [ 533.570314][T12835] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 533.570341][T12835] vfs_read+0x1df/0xbf0 [ 533.570371][T12835] ? __fget_files+0x1fc/0x3a0 [ 533.570402][T12835] ? __pfx___mutex_lock+0x10/0x10 [ 533.570430][T12835] ? __pfx_vfs_read+0x10/0x10 [ 533.570468][T12835] ? __fget_files+0x206/0x3a0 [ 533.570509][T12835] ksys_read+0x12b/0x250 [ 533.570537][T12835] ? __pfx_ksys_read+0x10/0x10 [ 533.570577][T12835] do_syscall_64+0xcd/0x250 [ 533.570608][T12835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.570639][T12835] RIP: 0033:0x7f664d18bb7c [ 533.570657][T12835] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 533.570680][T12835] RSP: 002b:00007f664dfe5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 533.570702][T12835] RAX: ffffffffffffffda RBX: 00007f664d3a5fa0 RCX: 00007f664d18bb7c [ 533.570718][T12835] RDX: 000000000000000f RSI: 00007f664dfe50a0 RDI: 0000000000000004 [ 533.570732][T12835] RBP: 00007f664dfe5090 R08: 0000000000000000 R09: 0000000000000000 [ 533.570746][T12835] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 533.570759][T12835] R13: 0000000000000000 R14: 00007f664d3a5fa0 R15: 00007fff697766a8 [ 533.570791][T12835] [ 534.063481][T12840] Process accounting resumed [ 534.351800][ T5834] Bluetooth: hci0: command 0x0419 tx timeout [ 535.491023][T12872] Process accounting resumed [ 537.307342][T12879] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1936'. [ 538.866483][T12902] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1943'. [ 539.261132][T12912] [U]  [ 539.263991][T12912] [U] [ 539.266708][T12912] [U] [ 539.269415][T12912] [U] [ 539.272678][T12912] [U] [ 539.275405][T12912] [U] [ 539.278119][T12912] [U] [ 539.280837][T12912] [U] [ 539.289918][T12912] [U] [ 539.292659][T12912] [U] [ 539.295380][T12912] [U] [ 539.298085][T12912] [U] [ 539.300968][T12912] [U] [ 539.303691][T12912] [U] [ 539.306404][T12912] [U] [ 539.309117][T12912] [U] [ 539.481842][T12913] [U] [ 543.330975][T12954] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1956'. [ 544.900038][T12981] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 544.917526][T12981] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 544.925581][T12981] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 544.931672][T12981] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 544.948486][T12981] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 545.165844][T12989] FAULT_INJECTION: forcing a failure. [ 545.165844][T12989] name failslab, interval 1, probability 0, space 0, times 0 [ 545.198227][T12989] CPU: 0 UID: 0 PID: 12989 Comm: syz.2.1968 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 545.198258][T12989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 545.198270][T12989] Call Trace: [ 545.198277][T12989] [ 545.198286][T12989] dump_stack_lvl+0x16c/0x1f0 [ 545.198319][T12989] should_fail_ex+0x50a/0x650 [ 545.198351][T12989] ? fs_reclaim_acquire+0xae/0x150 [ 545.198380][T12989] ? tomoyo_encode2+0x100/0x3e0 [ 545.198405][T12989] should_failslab+0xc2/0x120 [ 545.198426][T12989] __kmalloc_noprof+0xcb/0x510 [ 545.198456][T12989] ? d_absolute_path+0x137/0x1b0 [ 545.198479][T12989] ? rcu_is_watching+0x12/0xc0 [ 545.198505][T12989] tomoyo_encode2+0x100/0x3e0 [ 545.198537][T12989] tomoyo_encode+0x29/0x50 [ 545.198562][T12989] tomoyo_realpath_from_path+0x19d/0x720 [ 545.198597][T12989] tomoyo_path_number_perm+0x248/0x590 [ 545.198619][T12989] ? tomoyo_path_number_perm+0x235/0x590 [ 545.198644][T12989] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 545.198723][T12989] ? __pfx_lock_release+0x10/0x10 [ 545.198752][T12989] ? trace_lock_acquire+0x14e/0x1f0 [ 545.198781][T12989] ? lock_acquire+0x2f/0xb0 [ 545.198806][T12989] ? __fget_files+0x40/0x3a0 [ 545.198837][T12989] ? __fget_files+0x206/0x3a0 [ 545.198871][T12989] security_file_ioctl+0x9b/0x240 [ 545.198900][T12989] __x64_sys_ioctl+0xb7/0x200 [ 545.198929][T12989] do_syscall_64+0xcd/0x250 [ 545.198961][T12989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.198991][T12989] RIP: 0033:0x7f51a658d169 [ 545.199017][T12989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.199038][T12989] RSP: 002b:00007f51a74aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 545.199060][T12989] RAX: ffffffffffffffda RBX: 00007f51a67a5fa0 RCX: 00007f51a658d169 [ 545.199075][T12989] RDX: 0000000000000000 RSI: 000000004008af03 RDI: 0000000000000002 [ 545.199090][T12989] RBP: 00007f51a74aa090 R08: 0000000000000000 R09: 0000000000000000 [ 545.199103][T12989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 545.199117][T12989] R13: 0000000000000000 R14: 00007f51a67a5fa0 R15: 00007fff3f0bc478 [ 545.199146][T12989] [ 545.199164][T12989] ERROR: Out of memory at tomoyo_realpath_from_path. [ 546.437206][ T5834] Bluetooth: hci0: command 0x0419 tx timeout [ 546.815156][T13020] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1977'. [ 546.998000][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 547.004198][ T5147] Bluetooth: hci2: command 0x0c1a tx timeout [ 547.004214][T11639] Bluetooth: hci1: command 0x0c1a tx timeout [ 548.107559][T13032] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 548.116240][T13032] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 548.187376][T13032] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 548.206207][T13032] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 548.218125][T13042] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1983'. [ 548.261668][T13032] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 548.732130][T13058] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1990'. [ 549.080745][T13057] Process accounting resumed [ 549.728727][T11639] Bluetooth: hci0: command 0x0419 tx timeout [ 550.279815][T11639] Bluetooth: hci3: command 0x0c1a tx timeout [ 550.285880][T11639] Bluetooth: hci2: command 0x0c1a tx timeout [ 550.288283][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 550.766134][T13091] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2000'. [ 551.065075][T13099] vivid-010: ================= START STATUS ================= [ 551.114173][T13099] vivid-010: Generate PTS: true [ 551.129838][T13099] vivid-010: Generate SCR: true [ 551.156685][T13099] tpg source WxH: 640x360 (Y'CbCr) [ 551.214888][T13099] tpg field: 1 [ 551.238793][T13099] tpg crop: 640x360@0x0 [ 551.261490][T13099] tpg compose: 640x360@0x0 [ 551.298855][T13099] tpg colorspace: 8 [ 551.319274][T13099] tpg transfer function: 0/0 [ 551.348474][T13099] tpg Y'CbCr encoding: 0/0 [ 551.376232][T13099] tpg quantization: 0/0 [ 551.395579][T13099] tpg RGB range: 0/2 [ 551.431827][T13099] vivid-010: ================== END STATUS ================== [ 551.729486][T13114] openvswitch: netlink: Message has 4 unknown bytes. [ 551.799236][ T5147] Bluetooth: hci0: command 0x0419 tx timeout [ 552.751753][T13145] FAULT_INJECTION: forcing a failure. [ 552.751753][T13145] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 552.769165][T13145] CPU: 1 UID: 0 PID: 13145 Comm: syz.1.2023 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 552.769196][T13145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 552.769210][T13145] Call Trace: [ 552.769216][T13145] [ 552.769226][T13145] dump_stack_lvl+0x16c/0x1f0 [ 552.769259][T13145] should_fail_ex+0x50a/0x650 [ 552.769296][T13145] _copy_to_user+0x32/0xd0 [ 552.769323][T13145] inotify_read+0x5ad/0x8c0 [ 552.769367][T13145] ? __pfx_inotify_read+0x10/0x10 [ 552.769398][T13145] ? __pfx_woken_wake_function+0x10/0x10 [ 552.769423][T13145] ? apparmor_file_permission+0x251/0x400 [ 552.769450][T13145] ? security_file_permission+0x71/0x210 [ 552.769478][T13145] ? rw_verify_area+0xcf/0x680 [ 552.769505][T13145] ? __pfx_inotify_read+0x10/0x10 [ 552.769535][T13145] vfs_readv+0x6c2/0x8a0 [ 552.769558][T13145] ? __pfx_lock_release+0x10/0x10 [ 552.769609][T13145] ? proc_fail_nth_write+0xa0/0x250 [ 552.769641][T13145] ? __pfx_vfs_readv+0x10/0x10 [ 552.769667][T13145] ? vfs_write+0x306/0x1150 [ 552.769719][T13145] ? do_readv+0x133/0x340 [ 552.769742][T13145] do_readv+0x133/0x340 [ 552.769767][T13145] ? __pfx_do_readv+0x10/0x10 [ 552.769801][T13145] do_syscall_64+0xcd/0x250 [ 552.769831][T13145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.769862][T13145] RIP: 0033:0x7f7f7c38d169 [ 552.769880][T13145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.769901][T13145] RSP: 002b:00007f7f7d13a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 552.769923][T13145] RAX: ffffffffffffffda RBX: 00007f7f7c5a5fa0 RCX: 00007f7f7c38d169 [ 552.769946][T13145] RDX: 0000000000000008 RSI: 0000400000000100 RDI: 0000000000000004 [ 552.769960][T13145] RBP: 00007f7f7d13a090 R08: 0000000000000000 R09: 0000000000000000 [ 552.769974][T13145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.769988][T13145] R13: 0000000000000000 R14: 00007f7f7c5a5fa0 R15: 00007ffe6e6be0d8 [ 552.770018][T13145] [ 553.391123][T13160] FAULT_INJECTION: forcing a failure. [ 553.391123][T13160] name failslab, interval 1, probability 0, space 0, times 0 [ 553.443409][T13160] CPU: 0 UID: 0 PID: 13160 Comm: syz.0.2019 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 553.443450][T13160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 553.443466][T13160] Call Trace: [ 553.443474][T13160] [ 553.443485][T13160] dump_stack_lvl+0x16c/0x1f0 [ 553.443523][T13160] should_fail_ex+0x50a/0x650 [ 553.443562][T13160] ? fs_reclaim_acquire+0xae/0x150 [ 553.443600][T13160] should_failslab+0xc2/0x120 [ 553.443627][T13160] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 553.443671][T13160] ? kstrdup_const+0x63/0x80 [ 553.443709][T13160] kstrdup+0x53/0x100 [ 553.443741][T13160] kstrdup_const+0x63/0x80 [ 553.443773][T13160] __kernfs_new_node+0x9c/0x890 [ 553.443813][T13160] ? __pfx___kernfs_new_node+0x10/0x10 [ 553.443848][T13160] ? __pfx_lock_release+0x10/0x10 [ 553.443895][T13160] ? kernfs_add_one+0x39d/0x520 [ 553.443940][T13160] ? lock_acquire.part.0+0x11b/0x380 [ 553.443977][T13160] ? find_held_lock+0x2d/0x110 [ 553.444017][T13160] kernfs_new_node+0x186/0x240 [ 553.444061][T13160] kernfs_create_link+0xcc/0x240 [ 553.444093][T13160] sysfs_do_create_link_sd+0x90/0x140 [ 553.444128][T13160] sysfs_create_link+0x61/0xc0 [ 553.444162][T13160] device_add+0x62e/0x1a70 [ 553.444198][T13160] ? alloc_workqueue+0x199/0x200 [ 553.444227][T13160] ? __pfx_device_add+0x10/0x10 [ 553.444266][T13160] ? lockdep_init_map_type+0x16d/0x7d0 [ 553.444311][T13160] nfc_register_device+0x41/0x3c0 [ 553.444346][T13160] nci_register_device+0x7f4/0xb80 [ 553.444397][T13160] ? __pfx_nci_register_device+0x10/0x10 [ 553.444449][T13160] virtual_ncidev_open+0x141/0x220 [ 553.444484][T13160] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 553.444522][T13160] misc_open+0x35a/0x420 [ 553.444549][T13160] ? __pfx_misc_open+0x10/0x10 [ 553.444574][T13160] chrdev_open+0x237/0x6a0 [ 553.444612][T13160] ? __pfx_apparmor_file_open+0x10/0x10 [ 553.444645][T13160] ? __pfx_chrdev_open+0x10/0x10 [ 553.444686][T13160] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 553.444728][T13160] do_dentry_open+0x735/0x1c40 [ 553.444764][T13160] ? __pfx_chrdev_open+0x10/0x10 [ 553.444804][T13160] ? inode_permission+0xdd/0x5f0 [ 553.444836][T13160] vfs_open+0x82/0x3f0 [ 553.444862][T13160] ? may_open+0x1f2/0x400 [ 553.444903][T13160] path_openat+0x1e88/0x2d80 [ 553.444958][T13160] ? __pfx_path_openat+0x10/0x10 [ 553.444996][T13160] ? __pfx___lock_acquire+0x10/0x10 [ 553.445029][T13160] ? lock_acquire.part.0+0x11b/0x380 [ 553.445064][T13160] ? find_held_lock+0x2d/0x110 [ 553.445097][T13160] do_filp_open+0x20c/0x470 [ 553.445134][T13160] ? __pfx_do_filp_open+0x10/0x10 [ 553.445168][T13160] ? find_held_lock+0x2d/0x110 [ 553.445223][T13160] ? alloc_fd+0x41f/0x760 [ 553.445270][T13160] do_sys_openat2+0x17a/0x1e0 [ 553.445298][T13160] ? __pfx_do_sys_openat2+0x10/0x10 [ 553.445329][T13160] ? __pfx___might_resched+0x10/0x10 [ 553.445378][T13160] __x64_sys_openat+0x175/0x210 [ 553.445407][T13160] ? __pfx___x64_sys_openat+0x10/0x10 [ 553.445451][T13160] do_syscall_64+0xcd/0x250 [ 553.445488][T13160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.445523][T13160] RIP: 0033:0x7f664d18d169 [ 553.445544][T13160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 553.445569][T13160] RSP: 002b:00007f664dfc4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 553.445592][T13160] RAX: ffffffffffffffda RBX: 00007f664d3a6080 RCX: 00007f664d18d169 [ 553.445610][T13160] RDX: 0000000000000002 RSI: 0000400000000180 RDI: ffffffffffffff9c [ 553.445626][T13160] RBP: 00007f664d20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 553.445642][T13160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 553.445658][T13160] R13: 0000000000000000 R14: 00007f664d3a6080 R15: 00007fff697766a8 [ 553.445693][T13160] [ 554.110356][T13149] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2015'. [ 554.947229][T13181] netlink: 'syz.1.2026': attribute type 2 has an invalid length. [ 554.977284][T13181] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2026'. [ 555.258012][T13183] netlink: 'syz.2.2027': attribute type 11 has an invalid length. [ 555.268576][T13192] FAULT_INJECTION: forcing a failure. [ 555.268576][T13192] name failslab, interval 1, probability 0, space 0, times 0 [ 555.283002][T13192] CPU: 1 UID: 0 PID: 13192 Comm: syz.1.2028 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 555.283032][T13192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 555.283046][T13192] Call Trace: [ 555.283053][T13192] [ 555.283062][T13192] dump_stack_lvl+0x16c/0x1f0 [ 555.283095][T13192] should_fail_ex+0x50a/0x650 [ 555.283128][T13192] ? fs_reclaim_acquire+0xae/0x150 [ 555.283160][T13192] should_failslab+0xc2/0x120 [ 555.283183][T13192] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 555.283217][T13192] ? alloc_empty_file+0x73/0x1e0 [ 555.283247][T13192] alloc_empty_file+0x73/0x1e0 [ 555.283272][T13192] path_openat+0xe1/0x2d80 [ 555.283301][T13192] ? hlock_class+0x4e/0x130 [ 555.283324][T13192] ? __lock_acquire+0x15a9/0x3c40 [ 555.283365][T13192] ? __pfx_path_openat+0x10/0x10 [ 555.283396][T13192] ? __pfx___lock_acquire+0x10/0x10 [ 555.283425][T13192] ? lock_acquire.part.0+0x11b/0x380 [ 555.283455][T13192] ? find_held_lock+0x2d/0x110 [ 555.283483][T13192] do_filp_open+0x20c/0x470 [ 555.283514][T13192] ? __pfx_do_filp_open+0x10/0x10 [ 555.283544][T13192] ? find_held_lock+0x2d/0x110 [ 555.283590][T13192] ? alloc_fd+0x41f/0x760 [ 555.283629][T13192] do_sys_openat2+0x17a/0x1e0 [ 555.283653][T13192] ? __pfx_do_sys_openat2+0x10/0x10 [ 555.283680][T13192] ? __fget_files+0x206/0x3a0 [ 555.283716][T13192] __x64_sys_openat+0x175/0x210 [ 555.283741][T13192] ? __pfx___x64_sys_openat+0x10/0x10 [ 555.283765][T13192] ? ksys_write+0x1ba/0x250 [ 555.283805][T13192] do_syscall_64+0xcd/0x250 [ 555.283835][T13192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.283866][T13192] RIP: 0033:0x7f7f7c38d169 [ 555.283884][T13192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 555.283905][T13192] RSP: 002b:00007f7f7d119038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 555.283931][T13192] RAX: ffffffffffffffda RBX: 00007f7f7c5a6080 RCX: 00007f7f7c38d169 [ 555.283946][T13192] RDX: 0000000000000002 RSI: 0000400000000180 RDI: ffffffffffffff9c [ 555.283959][T13192] RBP: 00007f7f7d119090 R08: 0000000000000000 R09: 0000000000000000 [ 555.283971][T13192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 555.283983][T13192] R13: 0000000000000000 R14: 00007f7f7c5a6080 R15: 00007ffe6e6be0d8 [ 555.284012][T13192] [ 555.621026][T13195] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2029'. [ 556.385512][T13215] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2035'. [ 556.705991][T13224] openvswitch: netlink: Message has 4 unknown bytes. [ 557.797052][T13251] syz_tun: entered allmulticast mode [ 557.839031][T13254] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input18 [ 559.238821][T13283] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2057'. [ 560.756803][T13299] netlink: 'syz.1.2062': attribute type 11 has an invalid length. [ 561.986210][T13322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2068'. [ 561.995703][T13321] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2068'. [ 562.014276][T13321] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2068'. [ 562.137534][T13321] Process accounting paused [ 562.958538][T13330] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2072'. [ 563.329646][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.384827][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.547236][T13339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2073'. [ 564.246889][T13343] .SR: entered promiscuous mode [ 565.907580][T13360] Process accounting paused [ 566.898256][T13403] netlink: 392 bytes leftover after parsing attributes in process `syz.2.2092'. [ 567.232201][T13411] IPVS: length: 150994944 != 25171704 [ 567.460790][T13418] netlink: zone id is out of range [ 567.465971][T13418] netlink: zone id is out of range [ 567.518357][T13418] netlink: zone id is out of range [ 567.523541][T13418] netlink: zone id is out of range [ 567.550231][T13418] netlink: zone id is out of range [ 567.555401][T13418] netlink: zone id is out of range [ 567.579396][T13418] netlink: zone id is out of range [ 567.594783][T13418] netlink: zone id is out of range [ 567.614712][T13418] netlink: zone id is out of range [ 567.619992][T13418] netlink: zone id is out of range [ 567.949851][T13427] vcan0: tx drop: invalid da for name 0x00000000fffffe00 [ 569.086257][T13448] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2101'. [ 569.099281][T13447] FAULT_INJECTION: forcing a failure. [ 569.099281][T13447] name failslab, interval 1, probability 0, space 0, times 0 [ 569.132481][T13447] CPU: 0 UID: 0 PID: 13447 Comm: syz.3.2102 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 569.132526][T13447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 569.132541][T13447] Call Trace: [ 569.132549][T13447] [ 569.132558][T13447] dump_stack_lvl+0x16c/0x1f0 [ 569.132594][T13447] should_fail_ex+0x50a/0x650 [ 569.132630][T13447] ? fs_reclaim_acquire+0xae/0x150 [ 569.132665][T13447] should_failslab+0xc2/0x120 [ 569.132689][T13447] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 569.132726][T13447] ? security_file_alloc+0x34/0x2b0 [ 569.132762][T13447] security_file_alloc+0x34/0x2b0 [ 569.132792][T13447] init_file+0x93/0x4c0 [ 569.132817][T13447] alloc_empty_file+0x91/0x1e0 [ 569.132844][T13447] path_openat+0xe1/0x2d80 [ 569.132874][T13447] ? hlock_class+0x4e/0x130 [ 569.132899][T13447] ? __lock_acquire+0x15a9/0x3c40 [ 569.132945][T13447] ? __pfx_path_openat+0x10/0x10 [ 569.132978][T13447] ? __pfx___lock_acquire+0x10/0x10 [ 569.133008][T13447] ? lock_acquire.part.0+0x11b/0x380 [ 569.133039][T13447] ? find_held_lock+0x2d/0x110 [ 569.133069][T13447] do_filp_open+0x20c/0x470 [ 569.133102][T13447] ? __pfx_do_filp_open+0x10/0x10 [ 569.133133][T13447] ? find_held_lock+0x2d/0x110 [ 569.133179][T13447] ? alloc_fd+0x41f/0x760 [ 569.133220][T13447] do_sys_openat2+0x17a/0x1e0 [ 569.133245][T13447] ? __pfx_do_sys_openat2+0x10/0x10 [ 569.133282][T13447] __x64_sys_openat+0x175/0x210 [ 569.133308][T13447] ? __pfx___x64_sys_openat+0x10/0x10 [ 569.133347][T13447] do_syscall_64+0xcd/0x250 [ 569.133380][T13447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.133413][T13447] RIP: 0033:0x7fcbac18d169 [ 569.133432][T13447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.133455][T13447] RSP: 002b:00007fcbacf93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 569.133478][T13447] RAX: ffffffffffffffda RBX: 00007fcbac3a5fa0 RCX: 00007fcbac18d169 [ 569.133502][T13447] RDX: 00000000001c1041 RSI: 0000400000000400 RDI: ffffffffffffff9c [ 569.133518][T13447] RBP: 00007fcbac20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 569.133538][T13447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 569.133552][T13447] R13: 0000000000000000 R14: 00007fcbac3a5fa0 R15: 00007ffd3dbebbe8 [ 569.133583][T13447] [ 570.074519][T13452] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2105'. [ 572.340395][T13510] FAULT_INJECTION: forcing a failure. [ 572.340395][T13510] name failslab, interval 1, probability 0, space 0, times 0 [ 572.369297][T13510] CPU: 0 UID: 0 PID: 13510 Comm: syz.3.2122 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 572.369328][T13510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 572.369341][T13510] Call Trace: [ 572.369347][T13510] [ 572.369356][T13510] dump_stack_lvl+0x16c/0x1f0 [ 572.369386][T13510] should_fail_ex+0x50a/0x650 [ 572.369419][T13510] ? fs_reclaim_acquire+0xae/0x150 [ 572.369448][T13510] should_failslab+0xc2/0x120 [ 572.369470][T13510] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 572.369504][T13510] ? __d_alloc+0x31/0xaa0 [ 572.369525][T13510] ? trace_inode_set_ctime_to_ts+0x17f/0x1f0 [ 572.369550][T13510] __d_alloc+0x31/0xaa0 [ 572.369572][T13510] d_alloc_pseudo+0x1c/0xc0 [ 572.369595][T13510] alloc_file_pseudo+0xd0/0x230 [ 572.369619][T13510] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 572.369650][T13510] __anon_inode_getfile+0xf8/0x370 [ 572.369684][T13510] io_uring_setup+0x15a3/0x2200 [ 572.369711][T13510] ? __pfx_io_uring_setup+0x10/0x10 [ 572.369741][T13510] ? __fget_files+0x206/0x3a0 [ 572.369777][T13510] ? ksys_write+0x1ba/0x250 [ 572.369804][T13510] ? __pfx_ksys_write+0x10/0x10 [ 572.369838][T13510] __x64_sys_io_uring_setup+0x98/0x140 [ 572.369863][T13510] do_syscall_64+0xcd/0x250 [ 572.369893][T13510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.369933][T13510] RIP: 0033:0x7fcbac18d169 [ 572.369950][T13510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 572.369970][T13510] RSP: 002b:00007fcbacf93038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 572.369990][T13510] RAX: ffffffffffffffda RBX: 00007fcbac3a5fa0 RCX: 00007fcbac18d169 [ 572.370005][T13510] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 572.370018][T13510] RBP: 00007fcbacf93090 R08: 0000000000000000 R09: 0000000000000000 [ 572.370030][T13510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 572.370044][T13510] R13: 0000000000000000 R14: 00007fcbac3a5fa0 R15: 00007ffd3dbebbe8 [ 572.370071][T13510] [ 573.283212][T13523] netlink: 'syz.1.2126': attribute type 4 has an invalid length. [ 573.291991][T13517] cougar: G6 mapped to space [ 573.341846][T13523] netlink: 314 bytes leftover after parsing attributes in process `syz.1.2126'. [ 573.957776][T13529] cougar: G6 mapped to space [ 577.137232][T13566] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2139'. [ 577.266558][T13568] FAULT_INJECTION: forcing a failure. [ 577.266558][T13568] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 577.291786][T13568] CPU: 1 UID: 0 PID: 13568 Comm: syz.3.2140 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 577.291818][T13568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 577.291831][T13568] Call Trace: [ 577.291837][T13568] [ 577.291846][T13568] dump_stack_lvl+0x16c/0x1f0 [ 577.291879][T13568] should_fail_ex+0x50a/0x650 [ 577.291918][T13568] _copy_to_iter+0x465/0x1560 [ 577.291949][T13568] ? __pfx__copy_to_iter+0x10/0x10 [ 577.291972][T13568] ? __virt_addr_valid+0x1a4/0x590 [ 577.292002][T13568] ? __virt_addr_valid+0x5e/0x590 [ 577.292025][T13568] ? __phys_addr_symbol+0x30/0x80 [ 577.292047][T13568] ? __check_object_size+0x488/0x710 [ 577.292075][T13568] seq_read_iter+0xd00/0x12b0 [ 577.292117][T13568] seq_read+0x39f/0x4e0 [ 577.292145][T13568] ? __pfx_seq_read+0x10/0x10 [ 577.292191][T13568] ? rw_verify_area+0xcf/0x680 [ 577.292217][T13568] ? __pfx_seq_read+0x10/0x10 [ 577.292244][T13568] vfs_read+0x1df/0xbf0 [ 577.292273][T13568] ? __fget_files+0x1fc/0x3a0 [ 577.292303][T13568] ? __pfx___mutex_lock+0x10/0x10 [ 577.292331][T13568] ? __pfx_vfs_read+0x10/0x10 [ 577.292369][T13568] ? __fget_files+0x206/0x3a0 [ 577.292415][T13568] ksys_read+0x12b/0x250 [ 577.292443][T13568] ? __pfx_ksys_read+0x10/0x10 [ 577.292482][T13568] do_syscall_64+0xcd/0x250 [ 577.292512][T13568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.292542][T13568] RIP: 0033:0x7fcbac18d169 [ 577.292560][T13568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 577.292582][T13568] RSP: 002b:00007fcbacf93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 577.292604][T13568] RAX: ffffffffffffffda RBX: 00007fcbac3a5fa0 RCX: 00007fcbac18d169 [ 577.292620][T13568] RDX: 000000000000006f RSI: 0000400000000200 RDI: 0000000000000003 [ 577.292633][T13568] RBP: 00007fcbacf93090 R08: 0000000000000000 R09: 0000000000000000 [ 577.292647][T13568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 577.292660][T13568] R13: 0000000000000000 R14: 00007fcbac3a5fa0 R15: 00007ffd3dbebbe8 [ 577.292691][T13568] [ 579.001306][T13604] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2147'. [ 579.113686][T13596] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 579.119736][T13596] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 579.180892][T13596] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 579.212941][T13596] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 579.219047][T13596] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 579.547977][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 579.555311][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 579.717290][T13614] FAULT_INJECTION: forcing a failure. [ 579.717290][T13614] name failslab, interval 1, probability 0, space 0, times 0 [ 579.784986][T13614] CPU: 0 UID: 0 PID: 13614 Comm: syz.0.2149 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 579.785020][T13614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 579.785033][T13614] Call Trace: [ 579.785039][T13614] [ 579.785048][T13614] dump_stack_lvl+0x16c/0x1f0 [ 579.785081][T13614] should_fail_ex+0x50a/0x650 [ 579.785122][T13614] ? fs_reclaim_acquire+0xae/0x150 [ 579.785150][T13614] ? tomoyo_encode2+0x100/0x3e0 [ 579.785176][T13614] should_failslab+0xc2/0x120 [ 579.785198][T13614] __kmalloc_noprof+0xcb/0x510 [ 579.785229][T13614] ? rcu_is_watching+0x12/0xc0 [ 579.785256][T13614] tomoyo_encode2+0x100/0x3e0 [ 579.785286][T13614] tomoyo_encode+0x29/0x50 [ 579.785311][T13614] tomoyo_realpath_from_path+0x19d/0x720 [ 579.785342][T13614] ? tomoyo_path_number_perm+0x235/0x590 [ 579.785370][T13614] tomoyo_path_number_perm+0x248/0x590 [ 579.785392][T13614] ? tomoyo_path_number_perm+0x235/0x590 [ 579.785420][T13614] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 579.785447][T13614] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 579.785522][T13614] security_file_ioctl+0x9b/0x240 [ 579.785551][T13614] __x64_sys_ioctl+0xb7/0x200 [ 579.785581][T13614] do_syscall_64+0xcd/0x250 [ 579.785611][T13614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.785639][T13614] RIP: 0033:0x7f664d18d169 [ 579.785657][T13614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 579.785677][T13614] RSP: 002b:00007f664dfe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 579.785698][T13614] RAX: ffffffffffffffda RBX: 00007f664d3a5fa0 RCX: 00007f664d18d169 [ 579.785713][T13614] RDX: 0000000000000000 RSI: 000000004080aebf RDI: 0000000000000004 [ 579.785726][T13614] RBP: 00007f664dfe5090 R08: 0000000000000000 R09: 0000000000000000 [ 579.785739][T13614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 579.785752][T13614] R13: 0000000000000000 R14: 00007f664d3a5fa0 R15: 00007fff697766a8 [ 579.785780][T13614] [ 579.785799][T13614] ERROR: Out of memory at tomoyo_realpath_from_path. [ 579.876724][T13605] Process accounting paused [ 579.935801][ C1] vkms_vblank_simulate: vblank timer overrun [ 580.430971][T13627] FAULT_INJECTION: forcing a failure. [ 580.430971][T13627] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 580.611153][T13627] CPU: 1 UID: 0 PID: 13627 Comm: syz.0.2152 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 580.611185][T13627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 580.611198][T13627] Call Trace: [ 580.611204][T13627] [ 580.611212][T13627] dump_stack_lvl+0x16c/0x1f0 [ 580.611252][T13627] should_fail_ex+0x50a/0x650 [ 580.611283][T13627] ? __pfx___might_resched+0x10/0x10 [ 580.611317][T13627] should_fail_alloc_page+0xe7/0x130 [ 580.611342][T13627] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 580.611378][T13627] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 580.611414][T13627] ? hlock_class+0x4e/0x130 [ 580.611438][T13627] ? mark_lock+0xb5/0xc60 [ 580.611470][T13627] ? __pfx_mark_lock+0x10/0x10 [ 580.611503][T13627] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 580.611539][T13627] ? hlock_class+0x4e/0x130 [ 580.611562][T13627] ? mark_lock+0xb5/0xc60 [ 580.611591][T13627] ? hlock_class+0x4e/0x130 [ 580.611622][T13627] ? hlock_class+0x4e/0x130 [ 580.611644][T13627] ? __lock_acquire+0xcc5/0x3c40 [ 580.611675][T13627] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 580.611711][T13627] ? policy_nodemask+0xea/0x4e0 [ 580.611748][T13627] alloc_pages_mpol+0x1fc/0x540 [ 580.611772][T13627] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 580.611795][T13627] ? __lock_acquire+0x15a9/0x3c40 [ 580.611831][T13627] folio_alloc_mpol_noprof+0x36/0x2f0 [ 580.611860][T13627] vma_alloc_folio_noprof+0xee/0x1b0 [ 580.611886][T13627] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 580.611912][T13627] ? find_held_lock+0x2d/0x110 [ 580.611943][T13627] do_pte_missing+0x202f/0x3e10 [ 580.611988][T13627] __handle_mm_fault+0x1166/0x2c60 [ 580.612029][T13627] ? __pfx___handle_mm_fault+0x10/0x10 [ 580.612059][T13627] ? follow_page_pte+0x3ac/0x1490 [ 580.612089][T13627] ? __pfx_lock_release+0x10/0x10 [ 580.612144][T13627] handle_mm_fault+0x3fa/0xaa0 [ 580.612183][T13627] __get_user_pages+0x773/0x36f0 [ 580.612222][T13627] ? __pfx_mt_find+0x10/0x10 [ 580.612256][T13627] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 580.612285][T13627] ? __pfx___get_user_pages+0x10/0x10 [ 580.612317][T13627] ? __mm_populate+0x21d/0x380 [ 580.612354][T13627] populate_vma_page_range+0x27f/0x3a0 [ 580.612388][T13627] ? __pfx_populate_vma_page_range+0x10/0x10 [ 580.612420][T13627] ? __pfx_find_vma_intersection+0x10/0x10 [ 580.612450][T13627] ? vm_mmap_pgoff+0x29b/0x3a0 [ 580.612487][T13627] __mm_populate+0x1d6/0x380 [ 580.612520][T13627] ? __pfx___mm_populate+0x10/0x10 [ 580.612554][T13627] ? up_write+0x1b2/0x520 [ 580.612590][T13627] vm_mmap_pgoff+0x2d3/0x3a0 [ 580.612625][T13627] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 580.612660][T13627] ? __x64_sys_futex+0x1e1/0x4c0 [ 580.612686][T13627] ? __x64_sys_futex+0x1ea/0x4c0 [ 580.612717][T13627] ksys_mmap_pgoff+0x7d/0x5c0 [ 580.612745][T13627] ? rcu_is_watching+0x12/0xc0 [ 580.612772][T13627] __x64_sys_mmap+0x125/0x190 [ 580.612807][T13627] do_syscall_64+0xcd/0x250 [ 580.612838][T13627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.612867][T13627] RIP: 0033:0x7f664d18d169 [ 580.612886][T13627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 580.612907][T13627] RSP: 002b:00007f664dfc4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 580.612929][T13627] RAX: ffffffffffffffda RBX: 00007f664d3a6080 RCX: 00007f664d18d169 [ 580.612944][T13627] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 580.612959][T13627] RBP: 00007f664d20e2a0 R08: 0000000000000002 R09: 0000000000008000 [ 580.612973][T13627] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 580.612987][T13627] R13: 0000000000000000 R14: 00007f664d3a6080 R15: 00007fff697766a8 [ 580.613019][T13627] [ 580.972444][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.203665][ T5147] Bluetooth: hci0: command 0x0419 tx timeout [ 581.296213][ T5147] Bluetooth: hci3: command 0x0c1a tx timeout [ 581.302325][ T5147] Bluetooth: hci2: command 0x0c1a tx timeout [ 581.311342][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 582.359772][T13661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2163'. [ 582.375193][T13642] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 582.391896][T13642] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 582.405763][T13642] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 582.411932][T13642] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 582.418475][T13642] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 583.027474][T13673] FAULT_INJECTION: forcing a failure. [ 583.027474][T13673] name failslab, interval 1, probability 0, space 0, times 0 [ 583.082355][T13673] CPU: 0 UID: 0 PID: 13673 Comm: syz.3.2167 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 583.082389][T13673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 583.082402][T13673] Call Trace: [ 583.082408][T13673] [ 583.082417][T13673] dump_stack_lvl+0x16c/0x1f0 [ 583.082451][T13673] should_fail_ex+0x50a/0x650 [ 583.082483][T13673] ? fs_reclaim_acquire+0xae/0x150 [ 583.082514][T13673] ? iovec_from_user.part.0+0xf3/0x130 [ 583.082537][T13673] should_failslab+0xc2/0x120 [ 583.082560][T13673] __kmalloc_noprof+0xcb/0x510 [ 583.082591][T13673] ? find_held_lock+0x2d/0x110 [ 583.082621][T13673] iovec_from_user.part.0+0xf3/0x130 [ 583.082648][T13673] __import_iovec+0xd6/0x6a0 [ 583.082680][T13673] import_iovec+0x108/0x140 [ 583.082709][T13673] copy_msghdr_from_user+0xfa/0x160 [ 583.082741][T13673] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 583.082771][T13673] ? lockdep_hardirqs_on+0x7c/0x110 [ 583.082801][T13673] ? hlock_class+0x4e/0x130 [ 583.082831][T13673] ? __lock_acquire+0x15a9/0x3c40 [ 583.082866][T13673] ___sys_sendmsg+0xff/0x1e0 [ 583.082897][T13673] ? __pfx____sys_sendmsg+0x10/0x10 [ 583.082924][T13673] ? __pfx___lock_acquire+0x10/0x10 [ 583.082979][T13673] ? __pfx___might_resched+0x10/0x10 [ 583.083012][T13673] ? __might_fault+0xe3/0x190 [ 583.083040][T13673] __sys_sendmmsg+0x201/0x420 [ 583.083075][T13673] ? __pfx___sys_sendmmsg+0x10/0x10 [ 583.083116][T13673] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 583.083157][T13673] ? fput+0x67/0x440 [ 583.083179][T13673] ? ksys_write+0x1ba/0x250 [ 583.083208][T13673] ? __pfx_ksys_write+0x10/0x10 [ 583.083243][T13673] __x64_sys_sendmmsg+0x9c/0x100 [ 583.083273][T13673] ? lockdep_hardirqs_on+0x7c/0x110 [ 583.083298][T13673] do_syscall_64+0xcd/0x250 [ 583.083331][T13673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.083362][T13673] RIP: 0033:0x7fcbac18d169 [ 583.083380][T13673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.083401][T13673] RSP: 002b:00007fcbacf93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 583.083423][T13673] RAX: ffffffffffffffda RBX: 00007fcbac3a5fa0 RCX: 00007fcbac18d169 [ 583.083438][T13673] RDX: 000000000000000b RSI: 0000400000000080 RDI: 0000000000000003 [ 583.083452][T13673] RBP: 00007fcbacf93090 R08: 0000000000000000 R09: 0000000000000000 [ 583.083466][T13673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 583.083480][T13673] R13: 0000000000000000 R14: 00007fcbac3a5fa0 R15: 00007ffd3dbebbe8 [ 583.083510][T13673] [ 583.662766][T13679] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2171'. [ 583.698370][T13681] netlink: 'syz.1.2170': attribute type 4 has an invalid length. [ 583.745152][T11639] Bluetooth: hci0: command 0x0419 tx timeout [ 583.762927][T13681] netlink: 314 bytes leftover after parsing attributes in process `syz.1.2170'. [ 583.770685][T13683] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2172'. [ 584.030305][T13690] FAULT_INJECTION: forcing a failure. [ 584.030305][T13690] name failslab, interval 1, probability 0, space 0, times 0 [ 584.093938][T13690] CPU: 1 UID: 0 PID: 13690 Comm: syz.1.2175 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 584.093975][T13690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 584.093991][T13690] Call Trace: [ 584.093998][T13690] [ 584.094008][T13690] dump_stack_lvl+0x16c/0x1f0 [ 584.094045][T13690] should_fail_ex+0x50a/0x650 [ 584.094082][T13690] ? fs_reclaim_acquire+0xae/0x150 [ 584.094114][T13690] ? io_uring_alloc_task_context+0x9e/0x690 [ 584.094146][T13690] should_failslab+0xc2/0x120 [ 584.094170][T13690] __kmalloc_cache_noprof+0x68/0x410 [ 584.094202][T13690] ? lockdep_init_map_type+0x16d/0x7d0 [ 584.094242][T13690] io_uring_alloc_task_context+0x9e/0x690 [ 584.094274][T13690] ? file_init_path+0x501/0x770 [ 584.094300][T13690] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 584.094334][T13690] ? alloc_file_pseudo+0x1b4/0x230 [ 584.094362][T13690] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 584.094392][T13690] __io_uring_add_tctx_node+0x2e0/0x500 [ 584.094424][T13690] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 584.094457][T13690] ? __anon_inode_getfile+0x18c/0x370 [ 584.094495][T13690] io_uring_setup+0x15cf/0x2200 [ 584.094525][T13690] ? __pfx_io_uring_setup+0x10/0x10 [ 584.094574][T13690] ? rcu_is_watching+0x12/0xc0 [ 584.094606][T13690] __x64_sys_io_uring_setup+0x98/0x140 [ 584.094654][T13690] do_syscall_64+0xcd/0x250 [ 584.094695][T13690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.094730][T13690] RIP: 0033:0x7f7f7c38d169 [ 584.094750][T13690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.094773][T13690] RSP: 002b:00007f7f7d13a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 584.094796][T13690] RAX: ffffffffffffffda RBX: 00007f7f7c5a5fa0 RCX: 00007f7f7c38d169 [ 584.094813][T13690] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 584.094828][T13690] RBP: 00007f7f7c40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 584.094844][T13690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.094859][T13690] R13: 0000000000000000 R14: 00007f7f7c5a5fa0 R15: 00007ffe6e6be0d8 [ 584.094891][T13690] [ 584.308153][ C1] vkms_vblank_simulate: vblank timer overrun [ 584.455081][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 584.461384][ T5147] Bluetooth: hci1: command 0x0c1a tx timeout [ 584.471676][T11639] Bluetooth: hci3: command 0x0c1a tx timeout [ 584.643984][T13696] FAULT_INJECTION: forcing a failure. [ 584.643984][T13696] name failslab, interval 1, probability 0, space 0, times 0 [ 584.660318][T13696] CPU: 1 UID: 0 PID: 13696 Comm: syz.3.2177 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 584.660352][T13696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 584.660367][T13696] Call Trace: [ 584.660374][T13696] [ 584.660385][T13696] dump_stack_lvl+0x16c/0x1f0 [ 584.660423][T13696] should_fail_ex+0x50a/0x650 [ 584.660460][T13696] ? fs_reclaim_acquire+0xae/0x150 [ 584.660495][T13696] ? io_uring_alloc_task_context+0x4a9/0x690 [ 584.660528][T13696] should_failslab+0xc2/0x120 [ 584.660552][T13696] __kmalloc_cache_noprof+0x68/0x410 [ 584.660584][T13696] ? __percpu_counter_init_many+0x2c6/0x3b0 [ 584.660624][T13696] io_uring_alloc_task_context+0x4a9/0x690 [ 584.660660][T13696] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 584.660695][T13696] ? alloc_file_pseudo+0x1b4/0x230 [ 584.660724][T13696] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 584.660755][T13696] __io_uring_add_tctx_node+0x2e0/0x500 [ 584.660789][T13696] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 584.660820][T13696] ? __anon_inode_getfile+0x18c/0x370 [ 584.660855][T13696] io_uring_setup+0x15cf/0x2200 [ 584.660889][T13696] ? __pfx_io_uring_setup+0x10/0x10 [ 584.660925][T13696] ? __pfx___might_resched+0x10/0x10 [ 584.660979][T13696] ? rcu_is_watching+0x12/0xc0 [ 584.661013][T13696] __x64_sys_io_uring_setup+0x98/0x140 [ 584.661040][T13696] do_syscall_64+0xcd/0x250 [ 584.661074][T13696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.661108][T13696] RIP: 0033:0x7fcbac18d169 [ 584.661129][T13696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.661152][T13696] RSP: 002b:00007fcbacf93038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 584.661175][T13696] RAX: ffffffffffffffda RBX: 00007fcbac3a5fa0 RCX: 00007fcbac18d169 [ 584.661192][T13696] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000007fff [ 584.661206][T13696] RBP: 00007fcbac20e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 584.661222][T13696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.661237][T13696] R13: 0000000000000000 R14: 00007fcbac3a5fa0 R15: 00007ffd3dbebbe8 [ 584.661270][T13696] [ 584.878875][ C1] vkms_vblank_simulate: vblank timer overrun [ 585.178795][T13701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2178'. [ 585.197909][T13699] vivid-003: ================= START STATUS ================= [ 585.224303][T13699] vivid-003: Radio HW Seek Mode: Bounded [ 585.476293][T13699] vivid-003: Radio Programmable HW Seek: false [ 585.493926][T13707] udc dummy_udc.0: soft-connect without a gadget driver [ 585.510876][T13699] vivid-003: RDS Rx I/O Mode: Block I/O [ 585.748163][T13699] vivid-003: Generate RBDS Instead of RDS: false [ 585.815117][T11639] Bluetooth: hci0: command 0x0419 tx timeout [ 585.988067][T13699] vivid-003: RDS Reception: true [ 586.115147][T13699] vivid-003: RDS Program Type: 0 inactive [ 586.120971][T13699] vivid-003: RDS PS Name: inactive [ 586.126341][T13699] vivid-003: RDS Radio Text: inactive [ 586.131859][T13699] vivid-003: RDS Traffic Announcement: false inactive [ 586.139083][T13699] vivid-003: RDS Traffic Program: false inactive [ 586.145532][T13699] vivid-003: RDS Music: false inactive [ 586.151412][T13699] vivid-003: ================== END STATUS ================== [ 586.468019][T13719] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2183'. [ 586.933955][T13727] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2184'. [ 587.075869][T13731] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2185'. [ 587.311337][T13733] nbd: must specify a size in bytes for the device [ 587.748041][T13737] netlink: 'syz.3.2189': attribute type 4 has an invalid length. [ 587.767238][T13737] netlink: 314 bytes leftover after parsing attributes in process `syz.3.2189'. [ 588.380376][ T5834] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 588.392534][ T5834] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 588.401355][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 588.416694][ T5834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 588.427747][ T5834] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 588.441333][ T5834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 588.779848][ T5832] syz_tun (unregistering): left allmulticast mode [ 589.486875][T13762] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2193'. [ 589.540863][T13746] chnl_net:caif_netlink_parms(): no params data found [ 589.975694][T13746] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.996167][T13746] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.006906][T13746] bridge_slave_0: entered allmulticast mode [ 590.032114][T13746] bridge_slave_0: entered promiscuous mode [ 590.536905][T11639] Bluetooth: hci4: command tx timeout [ 590.939169][ T7276] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.158078][T13746] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.166082][T13746] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.216978][T13746] bridge_slave_1: entered allmulticast mode [ 591.224117][T13746] bridge_slave_1: entered promiscuous mode [ 591.474724][ T7276] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.570399][T13746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 591.595264][T13746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 591.777317][ T7276] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.941284][T13746] team0: Port device team_slave_0 added [ 591.978804][T13746] team0: Port device team_slave_1 added [ 592.147349][T13746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 592.154375][T13746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.247243][T13746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 592.288879][T13746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 592.295878][T13746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.321807][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.379344][T13746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 592.480792][ T7276] bridge_slave_1: left allmulticast mode [ 592.487086][ T7276] bridge_slave_1: left promiscuous mode [ 592.511420][ T7276] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.573828][T13789] FAULT_INJECTION: forcing a failure. [ 592.573828][T13789] name failslab, interval 1, probability 0, space 0, times 0 [ 592.596887][T13789] CPU: 0 UID: 0 PID: 13789 Comm: syz.1.2207 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 592.596919][T13789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 592.596932][T13789] Call Trace: [ 592.596939][T13789] [ 592.596948][T13789] dump_stack_lvl+0x16c/0x1f0 [ 592.596981][T13789] should_fail_ex+0x50a/0x650 [ 592.597013][T13789] ? fs_reclaim_acquire+0xae/0x150 [ 592.597045][T13789] should_failslab+0xc2/0x120 [ 592.597068][T13789] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 592.597100][T13789] ? __alloc_skb+0x2b1/0x380 [ 592.597135][T13789] __alloc_skb+0x2b1/0x380 [ 592.597163][T13789] ? __pfx___alloc_skb+0x10/0x10 [ 592.597191][T13789] ? hlock_class+0x4e/0x130 [ 592.597215][T13789] ? __lock_acquire+0x14f0/0x3c40 [ 592.597254][T13789] alloc_skb_with_frags+0xe4/0x850 [ 592.597287][T13789] ? mark_lock+0xb5/0xc60 [ 592.597321][T13789] sock_alloc_send_pskb+0x7f1/0x980 [ 592.597364][T13789] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 592.597391][T13789] ? __pfx_lock_release+0x10/0x10 [ 592.597420][T13789] ? mark_held_locks+0x9f/0xe0 [ 592.597448][T13789] ? __local_bh_enable_ip+0xa4/0x120 [ 592.597482][T13789] j1939_sk_sendmsg+0x6b7/0x1350 [ 592.597516][T13789] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 592.597546][T13789] ____sys_sendmsg+0xaaf/0xc90 [ 592.597569][T13789] ? copy_msghdr_from_user+0x10b/0x160 [ 592.597597][T13789] ? __pfx_____sys_sendmsg+0x10/0x10 [ 592.597616][T13789] ? __lock_acquire+0xcc5/0x3c40 [ 592.597655][T13789] ___sys_sendmsg+0x135/0x1e0 [ 592.597685][T13789] ? __pfx____sys_sendmsg+0x10/0x10 [ 592.597731][T13789] ? trace_lock_acquire+0x14e/0x1f0 [ 592.597779][T13789] __sys_sendmmsg+0x201/0x420 [ 592.597815][T13789] ? __pfx___sys_sendmmsg+0x10/0x10 [ 592.597864][T13789] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 592.597905][T13789] ? fput+0x67/0x440 [ 592.597929][T13789] ? ksys_write+0x1ba/0x250 [ 592.597957][T13789] ? __pfx_ksys_write+0x10/0x10 [ 592.597993][T13789] __x64_sys_sendmmsg+0x9c/0x100 [ 592.598023][T13789] ? lockdep_hardirqs_on+0x7c/0x110 [ 592.598049][T13789] do_syscall_64+0xcd/0x250 [ 592.598079][T13789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.598108][T13789] RIP: 0033:0x7f7f7c38d169 [ 592.598127][T13789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.598148][T13789] RSP: 002b:00007f7f7d13a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 592.598170][T13789] RAX: ffffffffffffffda RBX: 00007f7f7c5a5fa0 RCX: 00007f7f7c38d169 [ 592.598185][T13789] RDX: 0000000000000003 RSI: 0000400000000080 RDI: 0000000000000003 [ 592.598199][T13789] RBP: 00007f7f7d13a090 R08: 0000000000000000 R09: 0000000000000000 [ 592.598212][T13789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 592.598225][T13789] R13: 0000000000000000 R14: 00007f7f7c5a5fa0 R15: 00007ffe6e6be0d8 [ 592.598256][T13789] [ 592.617545][T11639] Bluetooth: hci4: command tx timeout [ 592.666686][T13787] Process accounting resumed [ 592.893570][ T7276] bridge_slave_0: left allmulticast mode [ 592.917680][ T7276] bridge_slave_0: left promiscuous mode [ 592.927163][ T7276] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.054025][T13791] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2202'. [ 593.702844][T13802] Invalid ELF header magic: != ELF [ 594.698664][T11639] Bluetooth: hci4: command tx timeout [ 596.204506][ T7276] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 596.245332][ T7276] bond0 (unregistering): Released all slaves [ 596.336465][T13746] hsr_slave_0: entered promiscuous mode [ 596.371971][T13746] hsr_slave_1: entered promiscuous mode [ 596.378113][T13746] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 596.410330][T13746] Cannot create hsr debugfs directory [ 596.440017][ T7276] HfR: left promiscuous mode [ 596.585806][T13818] Process accounting resumed [ 596.779587][T11639] Bluetooth: hci4: command tx timeout [ 597.762820][T13832] FAULT_INJECTION: forcing a failure. [ 597.762820][T13832] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 597.790096][T13832] CPU: 1 UID: 0 PID: 13832 Comm: syz.3.2208 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 597.790129][T13832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 597.790141][T13832] Call Trace: [ 597.790147][T13832] [ 597.790155][T13832] dump_stack_lvl+0x16c/0x1f0 [ 597.790189][T13832] should_fail_ex+0x50a/0x650 [ 597.790225][T13832] _copy_from_user+0x2e/0xd0 [ 597.790250][T13832] vhost_dev_ioctl+0x1ab/0xdb0 [ 597.790280][T13832] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 597.790317][T13832] vhost_net_ioctl+0x7bf/0x16e0 [ 597.790353][T13832] ? __pfx_lock_release+0x10/0x10 [ 597.790384][T13832] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 597.790428][T13832] ? __fget_files+0x206/0x3a0 [ 597.790470][T13832] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 597.790505][T13832] __x64_sys_ioctl+0x190/0x200 [ 597.790535][T13832] do_syscall_64+0xcd/0x250 [ 597.790566][T13832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.790596][T13832] RIP: 0033:0x7fcbac18d169 [ 597.790613][T13832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 597.790635][T13832] RSP: 002b:00007fcbacf93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 597.790657][T13832] RAX: ffffffffffffffda RBX: 00007fcbac3a5fa0 RCX: 00007fcbac18d169 [ 597.790673][T13832] RDX: 0000000000000000 RSI: 000000004008af03 RDI: 0000000000000002 [ 597.790687][T13832] RBP: 00007fcbacf93090 R08: 0000000000000000 R09: 0000000000000000 [ 597.790701][T13832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 597.790715][T13832] R13: 0000000000000000 R14: 00007fcbac3a5fa0 R15: 00007ffd3dbebbe8 [ 597.790745][T13832] [ 597.966500][ C1] vkms_vblank_simulate: vblank timer overrun [ 598.460646][T13836] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2212'. [ 599.060105][T13746] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 599.196924][T13746] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 599.318734][T13746] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 599.576040][T13852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2216'. [ 599.642925][T13746] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 599.984868][ T7276] hsr_slave_0: left promiscuous mode [ 600.011151][ T7276] hsr_slave_1: left promiscuous mode [ 600.017271][ T7276] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 600.039744][ T7276] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 600.067081][ T7276] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 600.085280][ T7276] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 600.124159][ T7276] veth1_vlan: left promiscuous mode [ 600.130281][ T7276] veth0_vlan: left promiscuous mode [ 600.265463][T13864] kfence: disabled [ 602.423630][ T7276] team0 (unregistering): Port device team_slave_0 removed [ 603.572316][T13881] FAULT_INJECTION: forcing a failure. [ 603.572316][T13881] name failslab, interval 1, probability 0, space 0, times 0 [ 603.588399][T13881] CPU: 0 UID: 0 PID: 13881 Comm: syz.2.2223 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 603.588427][T13881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 603.588441][T13881] Call Trace: [ 603.588448][T13881] [ 603.588456][T13881] dump_stack_lvl+0x16c/0x1f0 [ 603.588489][T13881] should_fail_ex+0x50a/0x650 [ 603.588521][T13881] ? fs_reclaim_acquire+0xae/0x150 [ 603.588552][T13881] should_failslab+0xc2/0x120 [ 603.588575][T13881] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 603.588607][T13881] ? __alloc_skb+0x2b1/0x380 [ 603.588648][T13881] __alloc_skb+0x2b1/0x380 [ 603.588675][T13881] ? __pfx___alloc_skb+0x10/0x10 [ 603.588715][T13881] netlink_alloc_large_skb+0x69/0x130 [ 603.588747][T13881] netlink_sendmsg+0x689/0xd70 [ 603.588780][T13881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 603.588820][T13881] ____sys_sendmsg+0xaaf/0xc90 [ 603.588845][T13881] ? copy_msghdr_from_user+0x10b/0x160 [ 603.588875][T13881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 603.588913][T13881] ___sys_sendmsg+0x135/0x1e0 [ 603.588945][T13881] ? __pfx____sys_sendmsg+0x10/0x10 [ 603.588989][T13881] ? __pfx_lock_release+0x10/0x10 [ 603.589017][T13881] ? trace_lock_acquire+0x14e/0x1f0 [ 603.589053][T13881] ? __fget_files+0x206/0x3a0 [ 603.589091][T13881] __sys_sendmsg+0x16e/0x220 [ 603.589122][T13881] ? __pfx___sys_sendmsg+0x10/0x10 [ 603.589187][T13881] do_syscall_64+0xcd/0x250 [ 603.589218][T13881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.589248][T13881] RIP: 0033:0x7f51a658d169 [ 603.589266][T13881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 603.589287][T13881] RSP: 002b:00007f51a74aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 603.589308][T13881] RAX: ffffffffffffffda RBX: 00007f51a67a5fa0 RCX: 00007f51a658d169 [ 603.589324][T13881] RDX: 0000000020040000 RSI: 0000400000000500 RDI: 0000000000000003 [ 603.589338][T13881] RBP: 00007f51a74aa090 R08: 0000000000000000 R09: 0000000000000000 [ 603.589352][T13881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 603.589366][T13881] R13: 0000000000000000 R14: 00007f51a67a5fa0 R15: 00007fff3f0bc478 [ 603.589395][T13881] [ 604.327204][T13886] FAULT_INJECTION: forcing a failure. [ 604.327204][T13886] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 604.348051][T13746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 604.383183][T13746] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.410276][T13886] CPU: 0 UID: 0 PID: 13886 Comm: syz.2.2225 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 604.410310][T13886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 604.410323][T13886] Call Trace: [ 604.410329][T13886] [ 604.410337][T13886] dump_stack_lvl+0x16c/0x1f0 [ 604.410367][T13886] should_fail_ex+0x50a/0x650 [ 604.410402][T13886] _copy_to_user+0x32/0xd0 [ 604.410428][T13886] simple_read_from_buffer+0xd0/0x160 [ 604.410459][T13886] proc_fail_nth_read+0x198/0x270 [ 604.410486][T13886] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 604.410515][T13886] ? rw_verify_area+0xcf/0x680 [ 604.410551][T13886] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 604.410578][T13886] vfs_read+0x1df/0xbf0 [ 604.410612][T13886] ? __pfx_vfs_read+0x10/0x10 [ 604.410661][T13886] ksys_read+0x12b/0x250 [ 604.410689][T13886] ? __pfx_ksys_read+0x10/0x10 [ 604.410727][T13886] do_syscall_64+0xcd/0x250 [ 604.410757][T13886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.410786][T13886] RIP: 0033:0x7f51a658bb7c [ 604.410804][T13886] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 604.410825][T13886] RSP: 002b:00007f51a74aa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 604.410847][T13886] RAX: ffffffffffffffda RBX: 00007f51a67a5fa0 RCX: 00007f51a658bb7c [ 604.410862][T13886] RDX: 000000000000000f RSI: 00007f51a74aa0a0 RDI: 0000000000000005 [ 604.410876][T13886] RBP: 00007f51a74aa090 R08: 0000000000000000 R09: 0000000000000000 [ 604.410890][T13886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 604.410904][T13886] R13: 0000000000000000 R14: 00007f51a67a5fa0 R15: 00007fff3f0bc478 [ 604.410934][T13886] [ 604.612112][T13746] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 604.622588][T13746] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 604.636182][ T6817] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.643287][ T6817] bridge0: port 1(bridge_slave_0) entered forwarding state [ 604.682528][ T6817] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.689719][ T6817] bridge0: port 2(bridge_slave_1) entered forwarding state [ 605.131936][T13894] FAULT_INJECTION: forcing a failure. [ 605.131936][T13894] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 605.202669][T13746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 605.254122][T13894] CPU: 1 UID: 0 PID: 13894 Comm: syz.1.2226 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 605.254161][T13894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 605.254177][T13894] Call Trace: [ 605.254185][T13894] [ 605.254194][T13894] dump_stack_lvl+0x16c/0x1f0 [ 605.254231][T13894] should_fail_ex+0x50a/0x650 [ 605.254273][T13894] _copy_to_user+0x32/0xd0 [ 605.254301][T13894] io_uring_setup+0x1520/0x2200 [ 605.254332][T13894] ? __pfx_io_uring_setup+0x10/0x10 [ 605.254365][T13894] ? __pfx___might_resched+0x10/0x10 [ 605.254414][T13894] ? rcu_is_watching+0x12/0xc0 [ 605.254447][T13894] __x64_sys_io_uring_setup+0x98/0x140 [ 605.254484][T13894] do_syscall_64+0xcd/0x250 [ 605.254518][T13894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.254552][T13894] RIP: 0033:0x7f7f7c38d169 [ 605.254572][T13894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.254596][T13894] RSP: 002b:00007f7f7d13a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 605.254621][T13894] RAX: ffffffffffffffda RBX: 00007f7f7c5a5fa0 RCX: 00007f7f7c38d169 [ 605.254637][T13894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000007fff [ 605.254652][T13894] RBP: 00007f7f7c40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 605.254667][T13894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 605.254682][T13894] R13: 0000000000000000 R14: 00007f7f7c5a5fa0 R15: 00007ffe6e6be0d8 [ 605.254712][T13894] [ 605.327106][T13746] veth0_vlan: entered promiscuous mode [ 605.766931][T13746] veth1_vlan: entered promiscuous mode [ 605.871269][T13898] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2228'. [ 605.909421][T13746] veth0_macvtap: entered promiscuous mode [ 605.969360][T13746] veth1_macvtap: entered promiscuous mode [ 606.070211][T13746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 606.124164][T13746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.152800][T13746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 606.207215][T13746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 606.236475][T13746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 606.265328][T13746] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 606.301145][T13746] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.336582][T13746] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.354719][T13746] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.364620][T13746] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.564994][ T7276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.572873][ T7276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.623430][ T6817] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.633238][ T6817] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.817460][T13927] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2238'. [ 607.422710][T13934] netlink: 'syz.2.2240': attribute type 1 has an invalid length. [ 608.235534][T13971] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2250'. [ 609.256377][T13951] lo: entered allmulticast mode [ 609.541851][T13945] lo: left allmulticast mode [ 610.164687][T13998] Process accounting resumed [ 615.114227][T14098] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2283'. [ 615.274825][T14098] can: request_module (can-proto-0) failed. [ 616.149928][T14124] Line length is too long: Should be less than 4094 [ 617.701084][T14152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 618.216786][T14170] vcan0: tx drop: invalid da for name 0x00000000fffffff5 [ 621.527953][T14242] FAULT_INJECTION: forcing a failure. [ 621.527953][T14242] name failslab, interval 1, probability 0, space 0, times 0 [ 621.699092][T14242] CPU: 0 UID: 0 PID: 14242 Comm: syz.1.2327 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 621.699125][T14242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 621.699138][T14242] Call Trace: [ 621.699145][T14242] [ 621.699154][T14242] dump_stack_lvl+0x16c/0x1f0 [ 621.699188][T14242] should_fail_ex+0x50a/0x650 [ 621.699221][T14242] ? fs_reclaim_acquire+0xae/0x150 [ 621.699252][T14242] ? io_uring_alloc_task_context+0x9e/0x690 [ 621.699281][T14242] should_failslab+0xc2/0x120 [ 621.699303][T14242] __kmalloc_cache_noprof+0x68/0x410 [ 621.699334][T14242] ? lockdep_init_map_type+0x16d/0x7d0 [ 621.699371][T14242] io_uring_alloc_task_context+0x9e/0x690 [ 621.699401][T14242] ? file_init_path+0x501/0x770 [ 621.699425][T14242] ? __pfx_io_uring_alloc_task_context+0x10/0x10 [ 621.699458][T14242] ? alloc_file_pseudo+0x1b4/0x230 [ 621.699484][T14242] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 621.699513][T14242] __io_uring_add_tctx_node+0x2e0/0x500 [ 621.699543][T14242] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 621.699573][T14242] ? __anon_inode_getfile+0x18c/0x370 [ 621.699608][T14242] io_uring_setup+0x15cf/0x2200 [ 621.699637][T14242] ? __pfx_io_uring_setup+0x10/0x10 [ 621.699670][T14242] ? __fget_files+0x206/0x3a0 [ 621.699710][T14242] ? ksys_write+0x1ba/0x250 [ 621.699746][T14242] ? __pfx_ksys_write+0x10/0x10 [ 621.699781][T14242] __x64_sys_io_uring_setup+0x98/0x140 [ 621.699807][T14242] do_syscall_64+0xcd/0x250 [ 621.699838][T14242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.699868][T14242] RIP: 0033:0x7f7f7c38d169 [ 621.699885][T14242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.699908][T14242] RSP: 002b:00007f7f7d13a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 621.699930][T14242] RAX: ffffffffffffffda RBX: 00007f7f7c5a5fa0 RCX: 00007f7f7c38d169 [ 621.699945][T14242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 621.699959][T14242] RBP: 00007f7f7d13a090 R08: 0000000000000000 R09: 0000000000000000 [ 621.699973][T14242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 621.699986][T14242] R13: 0000000000000000 R14: 00007f7f7c5a5fa0 R15: 00007ffe6e6be0d8 [ 621.700015][T14242] [ 621.823480][T14246] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 623.571164][T14268] Process accounting paused [ 623.916231][T14277] FAULT_INJECTION: forcing a failure. [ 623.916231][T14277] name failslab, interval 1, probability 0, space 0, times 0 [ 623.983881][T14277] CPU: 1 UID: 0 PID: 14277 Comm: syz.3.2337 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 623.983914][T14277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 623.983928][T14277] Call Trace: [ 623.983934][T14277] [ 623.983943][T14277] dump_stack_lvl+0x16c/0x1f0 [ 623.983976][T14277] should_fail_ex+0x50a/0x650 [ 623.984009][T14277] ? fs_reclaim_acquire+0xae/0x150 [ 623.984040][T14277] ? tomoyo_encode2+0x100/0x3e0 [ 623.984068][T14277] should_failslab+0xc2/0x120 [ 623.984090][T14277] __kmalloc_noprof+0xcb/0x510 [ 623.984124][T14277] ? rcu_is_watching+0x12/0xc0 [ 623.984161][T14277] tomoyo_encode2+0x100/0x3e0 [ 623.984195][T14277] tomoyo_encode+0x29/0x50 [ 623.984222][T14277] tomoyo_realpath_from_path+0x19d/0x720 [ 623.984255][T14277] ? tomoyo_path_number_perm+0x235/0x590 [ 623.984285][T14277] tomoyo_path_number_perm+0x248/0x590 [ 623.984310][T14277] ? tomoyo_path_number_perm+0x235/0x590 [ 623.984339][T14277] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 623.984366][T14277] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 623.984423][T14277] ? fd_install+0x242/0x750 [ 623.984471][T14277] security_file_ioctl+0x9b/0x240 [ 623.984500][T14277] __x64_sys_ioctl+0xb7/0x200 [ 623.984530][T14277] do_syscall_64+0xcd/0x250 [ 623.984560][T14277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.984595][T14277] RIP: 0033:0x7fcbac18d169 [ 623.984614][T14277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.984654][T14277] RSP: 002b:00007fcbacf93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 623.984677][T14277] RAX: ffffffffffffffda RBX: 00007fcbac3a5fa0 RCX: 00007fcbac18d169 [ 623.984694][T14277] RDX: 0000000000000004 RSI: 0000000000008941 RDI: 0000000000000000 [ 623.984707][T14277] RBP: 00007fcbacf93090 R08: 0000000000000000 R09: 0000000000000000 [ 623.984722][T14277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.984736][T14277] R13: 0000000000000000 R14: 00007fcbac3a5fa0 R15: 00007ffd3dbebbe8 [ 623.984767][T14277] [ 623.985585][T14277] ERROR: Out of memory at tomoyo_realpath_from_path. [ 624.808881][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.815590][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.244664][T14298] nbd: socks must be embedded in a SOCK_ITEM attr [ 625.254935][T14298] block nbd0: shutting down sockets [ 625.562831][T14309] FAULT_INJECTION: forcing a failure. [ 625.562831][T14309] name failslab, interval 1, probability 0, space 0, times 0 [ 625.601530][T14309] CPU: 0 UID: 0 PID: 14309 Comm: syz.2.2348 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 625.601563][T14309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 625.601576][T14309] Call Trace: [ 625.601583][T14309] [ 625.601591][T14309] dump_stack_lvl+0x16c/0x1f0 [ 625.601625][T14309] should_fail_ex+0x50a/0x650 [ 625.601657][T14309] ? fs_reclaim_acquire+0xae/0x150 [ 625.601687][T14309] should_failslab+0xc2/0x120 [ 625.601709][T14309] __kmalloc_node_noprof+0xd1/0x510 [ 625.601741][T14309] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 625.601776][T14309] __kvmalloc_node_noprof+0xad/0x1a0 [ 625.601807][T14309] io_alloc_cache_init+0x33/0x170 [ 625.601838][T14309] io_uring_setup+0x615/0x2200 [ 625.601867][T14309] ? __pfx_io_uring_setup+0x10/0x10 [ 625.601895][T14309] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 625.601928][T14309] ? __fget_files+0x206/0x3a0 [ 625.601968][T14309] ? ksys_write+0x1ba/0x250 [ 625.601997][T14309] ? __pfx_ksys_write+0x10/0x10 [ 625.602032][T14309] __x64_sys_io_uring_setup+0x98/0x140 [ 625.602057][T14309] do_syscall_64+0xcd/0x250 [ 625.602087][T14309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.602118][T14309] RIP: 0033:0x7f51a658d169 [ 625.602136][T14309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.602157][T14309] RSP: 002b:00007f51a74aa038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 625.602180][T14309] RAX: ffffffffffffffda RBX: 00007f51a67a5fa0 RCX: 00007f51a658d169 [ 625.602195][T14309] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 000000000000d364 [ 625.602210][T14309] RBP: 00007f51a74aa090 R08: 0000000000000000 R09: 0000000000000000 [ 625.602224][T14309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 625.602237][T14309] R13: 0000000000000000 R14: 00007f51a67a5fa0 R15: 00007fff3f0bc478 [ 625.602267][T14309] [ 626.503794][T14326] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2354'. [ 626.763380][T14282] Process accounting paused [ 627.446675][T14347] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2361'. [ 627.658011][T14351] FAULT_INJECTION: forcing a failure. [ 627.658011][T14351] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 627.685578][T14353] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2364'. [ 627.694071][T14351] CPU: 1 UID: 0 PID: 14351 Comm: syz.2.2363 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 627.694104][T14351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 627.694117][T14351] Call Trace: [ 627.694124][T14351] [ 627.694133][T14351] dump_stack_lvl+0x16c/0x1f0 [ 627.694165][T14351] should_fail_ex+0x50a/0x650 [ 627.694204][T14351] _copy_from_user+0x2e/0xd0 [ 627.694228][T14351] kvm_arch_vcpu_ioctl+0x2101/0x5050 [ 627.694257][T14351] ? hlock_class+0x4e/0x130 [ 627.694279][T14351] ? __lock_acquire+0x15a9/0x3c40 [ 627.694309][T14351] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 627.694338][T14351] ? kasan_save_track+0x14/0x30 [ 627.694374][T14351] ? __kasan_slab_free+0x51/0x70 [ 627.694404][T14351] ? __pfx___lock_acquire+0x10/0x10 [ 627.694431][T14351] ? __x64_sys_ioctl+0xb7/0x200 [ 627.694455][T14351] ? do_syscall_64+0xcd/0x250 [ 627.694481][T14351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.694513][T14351] ? hlock_class+0x4e/0x130 [ 627.694539][T14351] ? lock_acquire.part.0+0x11b/0x380 [ 627.694573][T14351] ? __mutex_trylock_common+0xea/0x250 [ 627.694604][T14351] ? __pfx___mutex_trylock_common+0x10/0x10 [ 627.694634][T14351] ? kvm_vcpu_ioctl+0x27f/0x16b0 [ 627.694662][T14351] ? rcu_is_watching+0x12/0xc0 [ 627.694684][T14351] ? trace_contention_end+0xee/0x140 [ 627.694715][T14351] ? __mutex_lock+0x1cc/0xb10 [ 627.694744][T14351] ? kvm_vcpu_ioctl+0x27f/0x16b0 [ 627.694768][T14351] ? tomoyo_path_number_perm+0x298/0x590 [ 627.694809][T14351] ? tomoyo_path_number_perm+0x190/0x590 [ 627.694839][T14351] ? kvm_vcpu_ioctl+0x1258/0x16b0 [ 627.694861][T14351] kvm_vcpu_ioctl+0x1258/0x16b0 [ 627.694891][T14351] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 627.694959][T14351] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 627.694985][T14351] __x64_sys_ioctl+0x190/0x200 [ 627.695013][T14351] do_syscall_64+0xcd/0x250 [ 627.695042][T14351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.695071][T14351] RIP: 0033:0x7f51a658d169 [ 627.695089][T14351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 627.695109][T14351] RSP: 002b:00007f51a74aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 627.695131][T14351] RAX: ffffffffffffffda RBX: 00007f51a67a5fa0 RCX: 00007f51a658d169 [ 627.695146][T14351] RDX: 0000000000000000 RSI: 000000004080aebf RDI: 0000000000000004 [ 627.695160][T14351] RBP: 00007f51a74aa090 R08: 0000000000000000 R09: 0000000000000000 [ 627.695173][T14351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 627.695186][T14351] R13: 0000000000000000 R14: 00007f51a67a5fa0 R15: 00007fff3f0bc478 [ 627.695215][T14351] [ 628.617403][T14372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2368'. [ 629.751685][T14387] nbd: socks must be embedded in a SOCK_ITEM attr [ 629.761679][T14387] block nbd0: shutting down sockets [ 629.776905][T14391] netlink: 146 bytes leftover after parsing attributes in process `syz.3.2374'. [ 629.882220][T14394] FAULT_INJECTION: forcing a failure. [ 629.882220][T14394] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 630.052034][T14394] CPU: 1 UID: 0 PID: 14394 Comm: syz.1.2370 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 630.052072][T14394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 630.052086][T14394] Call Trace: [ 630.052097][T14394] [ 630.052108][T14394] dump_stack_lvl+0x16c/0x1f0 [ 630.052153][T14394] should_fail_ex+0x50a/0x650 [ 630.052197][T14394] _copy_to_user+0x32/0xd0 [ 630.052227][T14394] io_uring_setup+0x1520/0x2200 [ 630.052258][T14394] ? __pfx_io_uring_setup+0x10/0x10 [ 630.052291][T14394] ? __pfx___might_resched+0x10/0x10 [ 630.052338][T14394] ? rcu_is_watching+0x12/0xc0 [ 630.052371][T14394] __x64_sys_io_uring_setup+0x98/0x140 [ 630.052398][T14394] do_syscall_64+0xcd/0x250 [ 630.052429][T14394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.052462][T14394] RIP: 0033:0x7f7f7c38d169 [ 630.052481][T14394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 630.052505][T14394] RSP: 002b:00007f7f7d13a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 630.052529][T14394] RAX: ffffffffffffffda RBX: 00007f7f7c5a5fa0 RCX: 00007f7f7c38d169 [ 630.052546][T14394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000007fff [ 630.052560][T14394] RBP: 00007f7f7c40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 630.052576][T14394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 630.052592][T14394] R13: 0000000000000000 R14: 00007f7f7c5a5fa0 R15: 00007ffe6e6be0d8 [ 630.052622][T14394] [ 631.095486][T14420] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2384'. [ 632.575172][T14454] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2395'. [ 632.630869][T14456] nbd: must specify a size in bytes for the device [ 632.790477][T14452] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2393'. [ 633.442046][T14475] netlink: 138 bytes leftover after parsing attributes in process `syz.3.2403'. [ 634.278291][T14473] lo: entered allmulticast mode [ 634.501367][T14470] lo: left allmulticast mode [ 634.723971][T14485] FAULT_INJECTION: forcing a failure. [ 634.723971][T14485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 634.750420][T14485] CPU: 1 UID: 0 PID: 14485 Comm: syz.3.2405 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 634.750454][T14485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 634.750467][T14485] Call Trace: [ 634.750474][T14485] [ 634.750483][T14485] dump_stack_lvl+0x16c/0x1f0 [ 634.750516][T14485] should_fail_ex+0x50a/0x650 [ 634.750554][T14485] _copy_from_iter+0x2a1/0x1560 [ 634.750580][T14485] ? trace_lock_acquire+0x14e/0x1f0 [ 634.750606][T14485] ? __alloc_skb+0x1fe/0x380 [ 634.750643][T14485] ? __pfx__copy_from_iter+0x10/0x10 [ 634.750665][T14485] ? __virt_addr_valid+0x1a4/0x590 [ 634.750694][T14485] ? __virt_addr_valid+0x5e/0x590 [ 634.750717][T14485] ? __phys_addr_symbol+0x30/0x80 [ 634.750740][T14485] ? __check_object_size+0x488/0x710 [ 634.750768][T14485] netlink_sendmsg+0x813/0xd70 [ 634.750802][T14485] ? __pfx_netlink_sendmsg+0x10/0x10 [ 634.750843][T14485] ____sys_sendmsg+0xaaf/0xc90 [ 634.750868][T14485] ? copy_msghdr_from_user+0x10b/0x160 [ 634.750899][T14485] ? __pfx_____sys_sendmsg+0x10/0x10 [ 634.750938][T14485] ___sys_sendmsg+0x135/0x1e0 [ 634.750970][T14485] ? __pfx____sys_sendmsg+0x10/0x10 [ 634.751012][T14485] ? __pfx_lock_release+0x10/0x10 [ 634.751041][T14485] ? trace_lock_acquire+0x14e/0x1f0 [ 634.751076][T14485] ? __fget_files+0x206/0x3a0 [ 634.751115][T14485] __sys_sendmsg+0x16e/0x220 [ 634.751147][T14485] ? __pfx___sys_sendmsg+0x10/0x10 [ 634.751197][T14485] do_syscall_64+0xcd/0x250 [ 634.751228][T14485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.751258][T14485] RIP: 0033:0x7fcbac18d169 [ 634.751277][T14485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 634.751299][T14485] RSP: 002b:00007fcbacf93038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 634.751322][T14485] RAX: ffffffffffffffda RBX: 00007fcbac3a5fa0 RCX: 00007fcbac18d169 [ 634.751338][T14485] RDX: 0000000020040000 RSI: 0000400000000500 RDI: 0000000000000007 [ 634.751352][T14485] RBP: 00007fcbacf93090 R08: 0000000000000000 R09: 0000000000000000 [ 634.751366][T14485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 634.751379][T14485] R13: 0000000000000000 R14: 00007fcbac3a5fa0 R15: 00007ffd3dbebbe8 [ 634.751407][T14485] [ 634.751731][T14485] nbd: must specify a size in bytes for the device [ 637.284093][T14503] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 637.349909][T14503] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 637.389544][T14503] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 637.395667][T14503] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 637.519910][T14503] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 637.555460][T14503] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 637.607844][T14519] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2415'. [ 637.624191][T14519] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 637.844696][T14503] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 638.068042][T14469] Invalid ELF header magic: != ELF [ 638.081111][T14526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2418'. [ 638.592406][T14540] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2422'. [ 638.720174][T11639] Bluetooth: hci0: command 0x0419 tx timeout [ 639.217001][T14538] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input19 [ 639.363096][T11639] Bluetooth: hci1: command 0x0c1a tx timeout [ 639.440520][T11639] Bluetooth: hci2: command 0x0c1a tx timeout [ 639.609501][T11639] Bluetooth: hci4: command 0x0c1a tx timeout [ 640.801940][T11639] Bluetooth: hci0: command 0x0419 tx timeout [ 641.694040][T11639] Bluetooth: hci4: command 0x0c1a tx timeout [ 642.114196][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 642.130134][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 642.138611][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 642.150829][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 642.159617][ T5834] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 642.169210][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 642.707441][T14497] Process accounting paused [ 643.011602][ T7276] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.392097][ T7276] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.699501][ T7276] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.763282][T11639] Bluetooth: hci4: command 0x0c1a tx timeout [ 643.825690][T14581] chnl_net:caif_netlink_parms(): no params data found [ 644.239485][ T7276] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.266338][T11639] Bluetooth: hci3: command tx timeout [ 644.459745][T14581] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.503079][T14581] bridge0: port 1(bridge_slave_0) entered disabled state [ 644.510331][T14581] bridge_slave_0: entered allmulticast mode [ 644.534822][T14581] bridge_slave_0: entered promiscuous mode [ 644.575563][T14581] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.583135][T14581] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.593935][T14581] bridge_slave_1: entered allmulticast mode [ 644.600946][T14581] bridge_slave_1: entered promiscuous mode [ 644.740591][T14581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 644.798775][T14581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 645.082353][T14581] team0: Port device team_slave_0 added [ 645.110096][T14581] team0: Port device team_slave_1 added [ 645.700316][T14581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 645.727659][T14581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 645.789536][T14581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 645.822620][ T7276] bridge_slave_1: left allmulticast mode [ 645.833667][ T7276] bridge_slave_1: left promiscuous mode [ 645.839410][ T7276] bridge0: port 2(bridge_slave_1) entered disabled state [ 645.967932][ T7276] bridge_slave_0: left allmulticast mode [ 645.988559][ T7276] bridge_slave_0: left promiscuous mode [ 646.035252][ T7276] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.331825][T11639] Bluetooth: hci3: command tx timeout [ 646.639149][ T7276] erspan0 (unregistering): left allmulticast mode [ 647.335229][T14637] FAULT_INJECTION: forcing a failure. [ 647.335229][T14637] name failslab, interval 1, probability 0, space 0, times 0 [ 647.350800][ T7276] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 647.363234][T14637] CPU: 0 UID: 0 PID: 14637 Comm: syz.2.2450 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 647.363268][T14637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 647.363282][T14637] Call Trace: [ 647.363289][T14637] [ 647.363299][T14637] dump_stack_lvl+0x16c/0x1f0 [ 647.363334][T14637] should_fail_ex+0x50a/0x650 [ 647.363370][T14637] ? fs_reclaim_acquire+0xae/0x150 [ 647.363403][T14637] should_failslab+0xc2/0x120 [ 647.363428][T14637] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 647.363463][T14637] ? __kernfs_new_node+0xd3/0x890 [ 647.363500][T14637] __kernfs_new_node+0xd3/0x890 [ 647.363535][T14637] ? __pfx___kernfs_new_node+0x10/0x10 [ 647.363566][T14637] ? __pfx_lock_release+0x10/0x10 [ 647.363598][T14637] ? kernfs_add_one+0x39d/0x520 [ 647.363643][T14637] ? up_write+0x1b2/0x520 [ 647.363682][T14637] kernfs_new_node+0x186/0x240 [ 647.363722][T14637] __kernfs_create_file+0x53/0x350 [ 647.363752][T14637] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 647.363790][T14637] sysfs_merge_group+0x1b1/0x340 [ 647.363823][T14637] ? __pfx_sysfs_merge_group+0x10/0x10 [ 647.363860][T14637] ? __pfx_dev_add_physical_location+0x10/0x10 [ 647.363890][T14637] ? bus_to_subsys+0x12d/0x160 [ 647.363928][T14637] dpm_sysfs_add+0x237/0x280 [ 647.363959][T14637] device_add+0x9a8/0x1a70 [ 647.363993][T14637] ? __pfx_device_add+0x10/0x10 [ 647.364028][T14637] ? lockdep_init_map_type+0x16d/0x7d0 [ 647.364078][T14637] nfc_register_device+0x41/0x3c0 [ 647.364110][T14637] nci_register_device+0x7f4/0xb80 [ 647.364148][T14637] ? __pfx_nci_register_device+0x10/0x10 [ 647.364197][T14637] virtual_ncidev_open+0x141/0x220 [ 647.364231][T14637] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 647.364268][T14637] misc_open+0x35a/0x420 [ 647.364292][T14637] ? __pfx_misc_open+0x10/0x10 [ 647.364314][T14637] chrdev_open+0x237/0x6a0 [ 647.364347][T14637] ? __pfx_apparmor_file_open+0x10/0x10 [ 647.364378][T14637] ? __pfx_chrdev_open+0x10/0x10 [ 647.364414][T14637] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 647.364450][T14637] do_dentry_open+0x735/0x1c40 [ 647.364481][T14637] ? __pfx_chrdev_open+0x10/0x10 [ 647.364514][T14637] ? inode_permission+0xdd/0x5f0 [ 647.364544][T14637] vfs_open+0x82/0x3f0 [ 647.364566][T14637] ? may_open+0x1f2/0x400 [ 647.364595][T14637] path_openat+0x1e88/0x2d80 [ 647.364642][T14637] ? __pfx_path_openat+0x10/0x10 [ 647.364675][T14637] ? __pfx___lock_acquire+0x10/0x10 [ 647.364705][T14637] ? lock_acquire.part.0+0x11b/0x380 [ 647.364735][T14637] ? find_held_lock+0x2d/0x110 [ 647.364765][T14637] do_filp_open+0x20c/0x470 [ 647.364799][T14637] ? __pfx_do_filp_open+0x10/0x10 [ 647.364830][T14637] ? find_held_lock+0x2d/0x110 [ 647.364880][T14637] ? alloc_fd+0x41f/0x760 [ 647.364922][T14637] do_sys_openat2+0x17a/0x1e0 [ 647.364947][T14637] ? __pfx_do_sys_openat2+0x10/0x10 [ 647.364976][T14637] ? __pfx___might_resched+0x10/0x10 [ 647.365020][T14637] __x64_sys_openat+0x175/0x210 [ 647.365054][T14637] ? __pfx___x64_sys_openat+0x10/0x10 [ 647.365096][T14637] do_syscall_64+0xcd/0x250 [ 647.365129][T14637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.365162][T14637] RIP: 0033:0x7f51a658d169 [ 647.365182][T14637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.365204][T14637] RSP: 002b:00007f51a74aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 647.365227][T14637] RAX: ffffffffffffffda RBX: 00007f51a67a5fa0 RCX: 00007f51a658d169 [ 647.365244][T14637] RDX: 0000000000000002 RSI: 0000400000000180 RDI: ffffffffffffff9c [ 647.365260][T14637] RBP: 00007f51a660e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 647.365274][T14637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 647.365288][T14637] R13: 0000000000000000 R14: 00007f51a67a5fa0 R15: 00007fff3f0bc478 [ 647.365321][T14637] [ 647.742303][ T7276] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 647.753673][ T7276] bond0 (unregistering): Released all slaves [ 648.125827][T14581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 648.132811][T14581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 648.204829][T14581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 648.404987][T11639] Bluetooth: hci3: command tx timeout [ 649.004261][ T7276] .SR: left promiscuous mode [ 649.170033][T14581] hsr_slave_0: entered promiscuous mode [ 649.206296][T14581] hsr_slave_1: entered promiscuous mode [ 649.385493][ T7276] tipc: Left network mode [ 650.485996][T11639] Bluetooth: hci3: command tx timeout [ 651.878545][T14581] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 652.018543][ T7276] hsr_slave_0: left promiscuous mode [ 652.046917][ T7276] hsr_slave_1: left promiscuous mode [ 652.145515][ T7276] veth1_vlan: left promiscuous mode [ 652.180375][ T7276] veth0_vlan: left promiscuous mode [ 653.424250][ T7276] team0 (unregistering): Port device team_slave_0 removed [ 654.542711][T14581] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 654.565818][T14581] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 654.623861][T14581] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 654.871601][T14581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 654.957080][T14581] 8021q: adding VLAN 0 to HW filter on device team0 [ 655.007355][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.014554][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 655.019915][ T117] Process accounting resumed [ 655.056656][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 655.063824][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 655.117725][T14713] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2472'. [ 655.605274][T14581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 655.711986][T14581] veth0_vlan: entered promiscuous mode [ 655.747226][T14581] veth1_vlan: entered promiscuous mode [ 655.848193][T14581] veth0_macvtap: entered promiscuous mode [ 655.890007][T14581] veth1_macvtap: entered promiscuous mode [ 656.011291][T14581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 656.061590][T14581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.194726][T14581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 656.215964][T14581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.238236][T14581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 656.284095][T14581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 656.298486][T14581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.424436][T14581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 656.450519][T14581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 656.481319][T14581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 656.510967][T14581] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 656.540345][T14581] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 656.578965][T14581] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 656.605576][T14581] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 657.145949][T14748] sctp: [Deprecated]: syz.2.2481 (pid 14748) Use of struct sctp_assoc_value in delayed_ack socket option. [ 657.145949][T14748] Use struct sctp_sack_info instead [ 657.272299][ T6817] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 657.289422][ T6817] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 657.331660][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 657.379177][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.500240][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 659.512157][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 659.520247][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 659.528354][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 659.541945][ T5834] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 659.551201][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 659.825063][T14741] Process accounting resumed [ 660.049339][T11639] Bluetooth: hci3: unexpected subevent 0x01 length: 125 > 18 [ 660.058195][T11639] Bluetooth: hci3: Invalid handle: 0x1e1a > 0x0eff [ 660.327473][T14774] chnl_net:caif_netlink_parms(): no params data found [ 660.751705][T14774] bridge0: port 1(bridge_slave_0) entered blocking state [ 660.758848][T14774] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.799844][T14774] bridge_slave_0: entered allmulticast mode [ 660.819630][T14774] bridge_slave_0: entered promiscuous mode [ 660.859378][T14774] bridge0: port 2(bridge_slave_1) entered blocking state [ 660.890124][T14774] bridge0: port 2(bridge_slave_1) entered disabled state [ 660.897597][T14774] bridge_slave_1: entered allmulticast mode [ 660.930752][T14774] bridge_slave_1: entered promiscuous mode [ 661.164669][T14803] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2495'. [ 661.184215][T14803] IPv6: NLM_F_CREATE should be specified when creating new route [ 661.211876][T14803] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 661.219208][T14803] IPv6: NLM_F_CREATE should be set when creating new route [ 661.226520][T14803] IPv6: NLM_F_CREATE should be set when creating new route [ 661.323613][T14774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 661.353324][T14804] vcan0: tx drop: invalid da for name 0x00000000fffffffd [ 661.608088][ T6817] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.619371][ T5834] Bluetooth: hci1: command tx timeout [ 661.724534][T14774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 661.969156][ T6817] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.013931][T14774] team0: Port device team_slave_0 added [ 662.078133][T14774] team0: Port device team_slave_1 added [ 662.178057][ T6817] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.341996][T14774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 662.348998][T14774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 662.430365][T14774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 662.563365][ T6817] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.596508][T14774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 662.630537][T14774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 662.682808][T14774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 662.827968][T14774] hsr_slave_0: entered promiscuous mode [ 662.839467][T14774] hsr_slave_1: entered promiscuous mode [ 662.846780][T14774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 662.855922][T14774] Cannot create hsr debugfs directory [ 663.088527][ T6817] team0: left allmulticast mode [ 663.100877][ T6817] team0: left promiscuous mode [ 663.105891][ T6817] team_slave_0: left promiscuous mode [ 663.131154][ T6817] bridge0: port 3(team0) entered disabled state [ 663.157266][ T6817] bridge_slave_1: left allmulticast mode [ 663.180813][ T6817] bridge_slave_1: left promiscuous mode [ 663.186597][ T6817] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.231800][ T6817] bridge_slave_0: left allmulticast mode [ 663.237514][ T6817] bridge_slave_0: left promiscuous mode [ 663.250925][ T6817] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.701508][ T5834] Bluetooth: hci1: command tx timeout [ 664.342382][ T6817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 664.364938][ T6817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 664.423166][ T6817] bond0 (unregistering): Released all slaves [ 664.587930][ T6817] HfR: left promiscuous mode [ 664.800069][T14823] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2506'. [ 665.779622][ T5834] Bluetooth: hci1: command tx timeout [ 665.795725][T14774] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 665.908839][T14774] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 665.990000][T14774] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 666.027744][T14774] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 666.066601][T14844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2505'. [ 666.556536][T14774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 666.697485][T14774] 8021q: adding VLAN 0 to HW filter on device team0 [ 666.825472][ T6817] hsr_slave_0: left promiscuous mode [ 666.832268][ T6817] hsr_slave_1: left promiscuous mode [ 666.928378][ T6817] veth1_macvtap: left promiscuous mode [ 666.949227][ T6817] veth0_macvtap: left promiscuous mode [ 666.963305][ T6817] veth1_vlan: left promiscuous mode [ 666.991317][ T6817] veth0_vlan: left promiscuous mode [ 667.863099][ T5834] Bluetooth: hci1: command tx timeout [ 668.514351][ T6817] team0 (unregistering): Port device team_slave_0 removed [ 669.880237][T14874] FAULT_INJECTION: forcing a failure. [ 669.880237][T14874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 669.911620][T14874] CPU: 1 UID: 0 PID: 14874 Comm: syz.3.2515 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 669.911656][T14874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 669.911698][T14874] Call Trace: [ 669.911705][T14874] [ 669.911715][T14874] dump_stack_lvl+0x16c/0x1f0 [ 669.911748][T14874] should_fail_ex+0x50a/0x650 [ 669.911787][T14874] _copy_from_user+0x2e/0xd0 [ 669.911814][T14874] br_dev_read_uargs+0x149/0x3b0 [ 669.911840][T14874] ? __pfx_br_dev_read_uargs+0x10/0x10 [ 669.911863][T14874] ? trace_contention_end+0xee/0x140 [ 669.911902][T14874] br_ioctl_stub+0x112/0x8b0 [ 669.911927][T14874] ? __pfx_br_ioctl_stub+0x10/0x10 [ 669.911952][T14874] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 669.911992][T14874] ? __pfx_br_ioctl_stub+0x10/0x10 [ 669.912013][T14874] br_ioctl_call+0x62/0xb0 [ 669.912042][T14874] sock_ioctl+0x36a/0x6c0 [ 669.912067][T14874] ? __pfx_sock_ioctl+0x10/0x10 [ 669.912108][T14874] ? __pfx_sock_ioctl+0x10/0x10 [ 669.912134][T14874] __x64_sys_ioctl+0x190/0x200 [ 669.912164][T14874] do_syscall_64+0xcd/0x250 [ 669.912194][T14874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.912224][T14874] RIP: 0033:0x7f4676d8d169 [ 669.912243][T14874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.912264][T14874] RSP: 002b:00007f4677c23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 669.912286][T14874] RAX: ffffffffffffffda RBX: 00007f4676fa5fa0 RCX: 00007f4676d8d169 [ 669.912300][T14874] RDX: 0000000000000004 RSI: 0000000000008941 RDI: 0000000000000000 [ 669.912314][T14874] RBP: 00007f4677c23090 R08: 0000000000000000 R09: 0000000000000000 [ 669.912328][T14874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 669.912341][T14874] R13: 0000000000000000 R14: 00007f4676fa5fa0 R15: 00007ffc77598c48 [ 669.912372][T14874] [ 670.151814][ T7273] bridge0: port 1(bridge_slave_0) entered blocking state [ 670.159007][ T7273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 670.171536][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.178711][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 670.226063][T14774] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 670.237483][T14774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 670.593377][T14774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 670.696273][T14774] veth0_vlan: entered promiscuous mode [ 670.843449][T14882] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2517'. [ 670.956762][T14774] veth1_vlan: entered promiscuous mode [ 670.965570][T14886] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2516'. [ 670.981469][ T5834] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 671.126244][T14774] veth0_macvtap: entered promiscuous mode [ 671.164204][T14774] veth1_macvtap: entered promiscuous mode [ 671.222510][T14774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 671.278780][T14774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 671.311482][T14774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 671.350025][T14774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 671.374633][T14774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 671.390800][T14343] syz.1.2358 (14343) used greatest stack depth: 16688 bytes left [ 671.394377][T14774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 671.449206][T14774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 671.562394][T14774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 671.573884][T14774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 671.589957][T14774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 671.620903][T14774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 671.639914][T14774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 671.650856][T14774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 671.672555][T14774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 671.683378][T14774] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.698727][T14774] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.711346][T14774] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.732529][T14774] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.886806][T14901] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2522'. [ 672.028367][ T6817] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 672.075546][ T6817] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 672.128827][ T6817] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 672.153656][ T6817] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 672.500683][T14908] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2524'. [ 673.688063][T10652] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 673.857981][T11639] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 673.867679][T11639] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 673.877156][T11639] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 673.885027][T11639] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 673.904868][T11639] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 673.912610][T11639] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 674.231179][ T52] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.423761][ T52] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.683353][ T52] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.726910][T14943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2534'. [ 675.159933][ T52] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.218177][T14929] chnl_net:caif_netlink_parms(): no params data found [ 675.571293][T14929] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.592018][T14929] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.617225][T14929] bridge_slave_0: entered allmulticast mode [ 675.633214][T14929] bridge_slave_0: entered promiscuous mode [ 675.654119][T14929] bridge0: port 2(bridge_slave_1) entered blocking state [ 675.672068][T14929] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.687995][T14929] bridge_slave_1: entered allmulticast mode [ 675.714730][T14929] bridge_slave_1: entered promiscuous mode [ 675.751759][T14969] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2541'. [ 675.840376][T14929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 675.876033][T14929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 675.992764][ T52] team0: left allmulticast mode [ 675.997927][ T52] team_slave_0: left allmulticast mode [ 676.003461][ T52] team0: left promiscuous mode [ 676.020776][T11639] Bluetooth: hci2: command tx timeout [ 676.032558][ T52] team_slave_0: left promiscuous mode [ 676.046892][ T52] bridge0: port 3(team0) entered disabled state [ 676.060934][ T52] bridge_slave_1: left allmulticast mode [ 676.069871][ T52] bridge_slave_1: left promiscuous mode [ 676.077805][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.136932][ T52] bridge_slave_0: left allmulticast mode [ 676.147365][ T52] bridge_slave_0: left promiscuous mode [ 676.153120][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.873557][T14986] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 676.947793][T14986] CIFS mount error: No usable UNC path provided in device string! [ 676.947793][T14986] [ 677.013120][T14986] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 677.687999][T14989] random: crng reseeded on system resumption [ 677.768692][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 677.864781][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 677.886185][ T52] bond0 (unregistering): Released all slaves [ 677.929990][T14929] team0: Port device team_slave_0 added [ 677.954722][T14929] team0: Port device team_slave_1 added [ 678.029089][ T52] tipc: Left network mode [ 678.118184][T11639] Bluetooth: hci2: command tx timeout [ 678.139953][T14929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.174778][T14929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.278285][T14929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.449505][T14929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.456502][T14929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.558505][T14929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.800763][T15009] net_ratelimit: 1 callbacks suppressed [ 678.800783][T15009] netlink: Conntrack attr has 16 unknown bytes [ 678.844616][T14929] hsr_slave_0: entered promiscuous mode [ 678.863999][T14929] hsr_slave_1: entered promiscuous mode [ 678.877411][T14929] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 678.897221][T14929] Cannot create hsr debugfs directory [ 679.255526][T15012] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2561'. [ 679.322465][T15012] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2561'. [ 679.448242][T15012] bond0: (slave bond_slave_0): Releasing backup interface [ 679.775552][ T52] hsr_slave_0: left promiscuous mode [ 679.784989][T15020] openvswitch: netlink: IP tunnel dst address not specified [ 679.796980][ T52] hsr_slave_1: left promiscuous mode [ 679.831963][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 679.859100][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 679.900782][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 679.908237][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 679.962679][T15026] CIFS mount error: No usable UNC path provided in device string! [ 679.962679][T15026] [ 679.992741][ T52] veth1_macvtap: left promiscuous mode [ 679.998317][ T52] veth0_macvtap: left promiscuous mode [ 680.009221][T15026] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 680.032463][ T52] veth1_vlan: left promiscuous mode [ 680.037761][ T52] veth0_vlan: left promiscuous mode [ 680.179253][T11639] Bluetooth: hci2: command tx timeout [ 681.569535][ T52] team0 (unregistering): Port device team_slave_0 removed [ 682.274665][T11639] Bluetooth: hci2: command tx timeout [ 684.100803][T14929] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 684.114972][T15037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2560'. [ 684.398925][T14929] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 684.440707][T15034] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2562'. [ 684.444026][T14929] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 684.534321][T14929] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 684.833155][T14929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 684.870923][T14929] 8021q: adding VLAN 0 to HW filter on device team0 [ 684.913246][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.920438][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 684.987621][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.994795][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.101418][T14929] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 685.477404][T15058] FAULT_INJECTION: forcing a failure. [ 685.477404][T15058] name failslab, interval 1, probability 0, space 0, times 0 [ 685.544551][T15058] CPU: 0 UID: 0 PID: 15058 Comm: syz.2.2568 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 685.544584][T15058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 685.544597][T15058] Call Trace: [ 685.544603][T15058] [ 685.544612][T15058] dump_stack_lvl+0x16c/0x1f0 [ 685.544643][T15058] should_fail_ex+0x50a/0x650 [ 685.544676][T15058] ? fs_reclaim_acquire+0xae/0x150 [ 685.544707][T15058] ? j1939_session_new+0x7a/0x550 [ 685.544732][T15058] should_failslab+0xc2/0x120 [ 685.544754][T15058] __kmalloc_cache_noprof+0x68/0x410 [ 685.544792][T15058] j1939_session_new+0x7a/0x550 [ 685.544821][T15058] j1939_tp_send+0x1fd/0x860 [ 685.544851][T15058] j1939_sk_sendmsg+0xb00/0x1350 [ 685.544889][T15058] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 685.544923][T15058] ____sys_sendmsg+0xaaf/0xc90 [ 685.544949][T15058] ? copy_msghdr_from_user+0x10b/0x160 [ 685.544980][T15058] ? __pfx_____sys_sendmsg+0x10/0x10 [ 685.545003][T15058] ? __lock_acquire+0xcc5/0x3c40 [ 685.545049][T15058] ___sys_sendmsg+0x135/0x1e0 [ 685.545082][T15058] ? __pfx____sys_sendmsg+0x10/0x10 [ 685.545134][T15058] ? trace_lock_acquire+0x14e/0x1f0 [ 685.545182][T15058] __sys_sendmmsg+0x201/0x420 [ 685.545218][T15058] ? __pfx___sys_sendmmsg+0x10/0x10 [ 685.545260][T15058] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 685.545302][T15058] ? fput+0x67/0x440 [ 685.545325][T15058] ? ksys_write+0x1ba/0x250 [ 685.545354][T15058] ? __pfx_ksys_write+0x10/0x10 [ 685.545390][T15058] __x64_sys_sendmmsg+0x9c/0x100 [ 685.545421][T15058] ? lockdep_hardirqs_on+0x7c/0x110 [ 685.545447][T15058] do_syscall_64+0xcd/0x250 [ 685.545478][T15058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.545509][T15058] RIP: 0033:0x7f0e1cf8d169 [ 685.545528][T15058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.545550][T15058] RSP: 002b:00007f0e1dd55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 685.545572][T15058] RAX: ffffffffffffffda RBX: 00007f0e1d1a5fa0 RCX: 00007f0e1cf8d169 [ 685.545592][T15058] RDX: 0000000000000003 RSI: 0000400000000080 RDI: 0000000000000003 [ 685.545606][T15058] RBP: 00007f0e1dd55090 R08: 0000000000000000 R09: 0000000000000000 [ 685.545620][T15058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 685.545633][T15058] R13: 0000000000000000 R14: 00007f0e1d1a5fa0 R15: 00007ffc5836d2d8 [ 685.545664][T15058] [ 685.949996][T14929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 686.113793][T14929] veth0_vlan: entered promiscuous mode [ 686.155146][T14929] veth1_vlan: entered promiscuous mode [ 686.244386][T14929] veth0_macvtap: entered promiscuous mode [ 686.265847][T14929] veth1_macvtap: entered promiscuous mode [ 686.269078][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.278245][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.292106][T14929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 686.322331][T14929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.351112][T14929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 686.382207][T14929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.402896][T14929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 686.429882][T14929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.464163][T14929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 686.534857][T14929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.566756][T14929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.600950][T14929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.634812][T14929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.664840][T14929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 686.685535][T14929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 686.716424][T14929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 686.746420][T14929] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.756605][T14929] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.770907][T14929] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.781133][T14929] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 687.242899][ T7275] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 687.259676][ T7275] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 687.349800][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 687.388917][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 687.474107][T15094] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2579'. [ 687.794204][T15113] batman_adv: Routing algorithm '0x00060000' is not supported [ 689.780716][T15175] FAULT_INJECTION: forcing a failure. [ 689.780716][T15175] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 689.828751][T15175] CPU: 0 UID: 0 PID: 15175 Comm: syz.2.2595 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 689.828783][T15175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 689.828797][T15175] Call Trace: [ 689.828804][T15175] [ 689.828812][T15175] dump_stack_lvl+0x16c/0x1f0 [ 689.828852][T15175] should_fail_ex+0x50a/0x650 [ 689.828890][T15175] _copy_from_iter+0x2a1/0x1560 [ 689.828915][T15175] ? trace_lock_acquire+0x14e/0x1f0 [ 689.828941][T15175] ? __alloc_skb+0x1fe/0x380 [ 689.828971][T15175] ? __pfx__copy_from_iter+0x10/0x10 [ 689.828992][T15175] ? __virt_addr_valid+0x1a4/0x590 [ 689.829021][T15175] ? __virt_addr_valid+0x5e/0x590 [ 689.829044][T15175] ? __phys_addr_symbol+0x30/0x80 [ 689.829067][T15175] ? __check_object_size+0x488/0x710 [ 689.829095][T15175] netlink_sendmsg+0x813/0xd70 [ 689.829130][T15175] ? __pfx_netlink_sendmsg+0x10/0x10 [ 689.829172][T15175] ____sys_sendmsg+0xaaf/0xc90 [ 689.829197][T15175] ? copy_msghdr_from_user+0x10b/0x160 [ 689.829228][T15175] ? __pfx_____sys_sendmsg+0x10/0x10 [ 689.829268][T15175] ___sys_sendmsg+0x135/0x1e0 [ 689.829301][T15175] ? __pfx____sys_sendmsg+0x10/0x10 [ 689.829345][T15175] ? __pfx_lock_release+0x10/0x10 [ 689.829374][T15175] ? trace_lock_acquire+0x14e/0x1f0 [ 689.829410][T15175] ? __fget_files+0x206/0x3a0 [ 689.829449][T15175] __sys_sendmsg+0x16e/0x220 [ 689.829480][T15175] ? __pfx___sys_sendmsg+0x10/0x10 [ 689.829532][T15175] do_syscall_64+0xcd/0x250 [ 689.829562][T15175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 689.829593][T15175] RIP: 0033:0x7f0e1cf8d169 [ 689.829612][T15175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 689.829634][T15175] RSP: 002b:00007f0e1dd55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 689.829657][T15175] RAX: ffffffffffffffda RBX: 00007f0e1d1a5fa0 RCX: 00007f0e1cf8d169 [ 689.829673][T15175] RDX: 0000000020040000 RSI: 0000400000000500 RDI: 0000000000000003 [ 689.829687][T15175] RBP: 00007f0e1dd55090 R08: 0000000000000000 R09: 0000000000000000 [ 689.829701][T15175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 689.829714][T15175] R13: 0000000000000000 R14: 00007f0e1d1a5fa0 R15: 00007ffc5836d2d8 [ 689.829744][T15175] [ 691.434328][T15207] FAULT_INJECTION: forcing a failure. [ 691.434328][T15207] name failslab, interval 1, probability 0, space 0, times 0 [ 691.469579][T15207] CPU: 0 UID: 0 PID: 15207 Comm: syz.3.2603 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 691.469612][T15207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 691.469625][T15207] Call Trace: [ 691.469631][T15207] [ 691.469640][T15207] dump_stack_lvl+0x16c/0x1f0 [ 691.469673][T15207] should_fail_ex+0x50a/0x650 [ 691.469704][T15207] ? fs_reclaim_acquire+0xae/0x150 [ 691.469734][T15207] should_failslab+0xc2/0x120 [ 691.469756][T15207] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 691.469787][T15207] ? __pmd_alloc+0xc3/0x870 [ 691.469822][T15207] __pmd_alloc+0xc3/0x870 [ 691.469851][T15207] __handle_mm_fault+0x9fb/0x2c60 [ 691.469890][T15207] ? __pfx___handle_mm_fault+0x10/0x10 [ 691.469918][T15207] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 691.469966][T15207] ? find_vma+0xc0/0x140 [ 691.469990][T15207] ? __pfx_find_vma+0x10/0x10 [ 691.470020][T15207] handle_mm_fault+0x3fa/0xaa0 [ 691.470056][T15207] do_user_addr_fault+0x7a3/0x13f0 [ 691.470092][T15207] exc_page_fault+0x5c/0xc0 [ 691.470118][T15207] asm_exc_page_fault+0x26/0x30 [ 691.470146][T15207] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 691.470179][T15207] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 691.470200][T15207] RSP: 0018:ffffc900045bfdd0 EFLAGS: 00050246 [ 691.470219][T15207] RAX: 0000000000000001 RBX: 000000000000007f RCX: 0000000000000008 [ 691.470232][T15207] RDX: fffff520008b7fc7 RSI: 000000000000007f RDI: ffffc900045bfe30 [ 691.470247][T15207] RBP: 0000000000000008 R08: 0000000000000001 R09: fffff520008b7fc6 [ 691.470260][T15207] R10: ffffc900045bfe37 R11: 0000000000000000 R12: 0000000000000000 [ 691.470274][T15207] R13: ffffc900045bfe30 R14: ffff88807b2b4a10 R15: dffffc0000000000 [ 691.470304][T15207] _copy_from_user+0x98/0xd0 [ 691.470329][T15207] do_fcntl+0x2fa/0x15b0 [ 691.470353][T15207] ? __pfx_do_fcntl+0x10/0x10 [ 691.470388][T15207] ? tomoyo_file_fcntl+0x6c/0xc0 [ 691.470425][T15207] __x64_sys_fcntl+0x170/0x200 [ 691.470458][T15207] do_syscall_64+0xcd/0x250 [ 691.470486][T15207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.470514][T15207] RIP: 0033:0x7f4676d8d169 [ 691.470530][T15207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 691.470550][T15207] RSP: 002b:00007f4677c23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 691.470570][T15207] RAX: ffffffffffffffda RBX: 00007f4676fa5fa0 RCX: 00007f4676d8d169 [ 691.470584][T15207] RDX: 000000000000007f RSI: 000000000000040c RDI: 0000000000000002 [ 691.470598][T15207] RBP: 00007f4677c23090 R08: 0000000000000000 R09: 0000000000000000 [ 691.470611][T15207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 691.470624][T15207] R13: 0000000000000000 R14: 00007f4676fa5fa0 R15: 00007ffc77598c48 [ 691.470653][T15207] [ 691.841516][T15183] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000016: 0000 [#1] PREEMPT SMP KASAN PTI [ 691.854150][T15183] KASAN: null-ptr-deref in range [0x00000000000000b0-0x00000000000000b7] [ 691.862578][T15183] CPU: 1 UID: 0 PID: 15183 Comm: syz.0.2598 Not tainted 6.14.0-rc3-syzkaller-00293-g5cf80612d3f7 #0 [ 691.873354][T15183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 691.883423][T15183] RIP: 0010:__mutex_lock+0x151/0xb10 [ 691.888736][T15183] Code: d0 7c 08 84 d2 0f 85 71 07 00 00 8b 35 68 24 35 0f 85 f6 75 29 48 8d 7b 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 59 07 00 00 48 3b 5b 60 0f 85 e7 01 00 00 bf 01 [ 691.908362][T15183] RSP: 0018:ffffc9000457fa80 EFLAGS: 00010202 [ 691.914451][T15183] RAX: dffffc0000000000 RBX: 0000000000000050 RCX: 1ffffffff3517314 [ 691.922433][T15183] RDX: 0000000000000016 RSI: 0000000000000000 RDI: 00000000000000b0 [ 691.930417][T15183] RBP: ffffc9000457fbc0 R08: ffffffff8a5f4a67 R09: ffffed100fc2a6e8 [ 691.938439][T15183] R10: ffffc9000457fbd8 R11: 0000000000000000 R12: dffffc0000000000 [ 691.946427][T15183] R13: 0000000000000002 R14: 0000000000000000 R15: ffffc9000457fb00 [ 691.954409][T15183] FS: 00007f076f7796c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 691.963367][T15183] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 691.969968][T15183] CR2: 0000000000000000 CR3: 000000007efa4000 CR4: 00000000003526f0 [ 691.977949][T15183] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 691.985929][T15183] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 691.993907][T15183] Call Trace: [ 691.997191][T15183] [ 692.000130][T15183] ? die_addr+0x3b/0xa0 [ 692.004316][T15183] ? exc_general_protection+0x155/0x230 [ 692.009904][T15183] ? asm_exc_general_protection+0x26/0x30 [ 692.015651][T15183] ? hci_devcd_register+0x47/0x170 [ 692.020783][T15183] ? __mutex_lock+0x151/0xb10 [ 692.025481][T15183] ? trace_kmem_cache_alloc+0x2d/0xd0 [ 692.030874][T15183] ? kmem_cache_alloc_node_noprof+0x272/0x3c0 [ 692.036966][T15183] ? hci_devcd_register+0x47/0x170 [ 692.042098][T15183] ? __pfx___mutex_lock+0x10/0x10 [ 692.047142][T15183] ? __asan_memset+0x23/0x50 [ 692.051756][T15183] ? __build_skb_around+0x278/0x3b0 [ 692.056978][T15183] ? __pfx___alloc_skb+0x10/0x10 [ 692.061939][T15183] ? __pfx_vhci_coredump+0x10/0x10 [ 692.067069][T15183] ? __pfx_vhci_coredump_hdr+0x10/0x10 [ 692.072540][T15183] ? hci_devcd_register+0x47/0x170 [ 692.077650][T15183] hci_devcd_register+0x47/0x170 [ 692.082584][T15183] force_devcd_write+0x173/0x330 [ 692.087519][T15183] ? __pfx_force_devcd_write+0x10/0x10 [ 692.092974][T15183] ? rcu_is_watching+0x12/0xc0 [ 692.097735][T15183] ? trace_lock_acquire+0x14e/0x1f0 [ 692.102940][T15183] full_proxy_write+0x13c/0x200 [ 692.107787][T15183] ? __pfx_full_proxy_write+0x10/0x10 [ 692.113156][T15183] vfs_write+0x24c/0x1150 [ 692.117488][T15183] ? __fget_files+0x1fc/0x3a0 [ 692.122163][T15183] ? __pfx___mutex_lock+0x10/0x10 [ 692.127185][T15183] ? __pfx_vfs_write+0x10/0x10 [ 692.131953][T15183] ? __fget_files+0x206/0x3a0 [ 692.136632][T15183] ksys_write+0x12b/0x250 [ 692.140961][T15183] ? __pfx_ksys_write+0x10/0x10 [ 692.145812][T15183] do_syscall_64+0xcd/0x250 [ 692.150315][T15183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 692.156209][T15183] RIP: 0033:0x7f076e98d169 [ 692.160614][T15183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 692.180219][T15183] RSP: 002b:00007f076f779038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 692.188627][T15183] RAX: ffffffffffffffda RBX: 00007f076eba5fa0 RCX: 00007f076e98d169 [ 692.196590][T15183] RDX: 000000000000000e RSI: 0000000000000000 RDI: 000000000000000f [ 692.204550][T15183] RBP: 00007f076ea0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 692.212511][T15183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 692.220474][T15183] R13: 0000000000000000 R14: 00007f076eba5fa0 R15: 00007ffe2f93e2b8 [ 692.228440][T15183] [ 692.231446][T15183] Modules linked in: [ 692.236447][T15183] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 692.294503][T15183] RIP: 0010:__mutex_lock+0x151/0xb10 [ 692.379333][T15183] Code: d0 7c 08 84 d2 0f 85 71 07 00 00 8b 35 68 24 35 0f 85 f6 75 29 48 8d 7b 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 59 07 00 00 48 3b 5b 60 0f 85 e7 01 00 00 bf 01 [ 692.498930][T15183] RSP: 0018:ffffc9000457fa80 EFLAGS: 00010202 [ 692.505058][T15183] RAX: dffffc0000000000 RBX: 0000000000000050 RCX: 1ffffffff3517314 [ 692.590325][T15183] RDX: 0000000000000016 RSI: 0000000000000000 RDI: 00000000000000b0 [ 692.599894][T15183] RBP: ffffc9000457fbc0 R08: ffffffff8a5f4a67 R09: ffffed100fc2a6e8 [ 692.659181][T15183] R10: ffffc9000457fbd8 R11: 0000000000000000 R12: dffffc0000000000 [ 692.695524][T15183] R13: 0000000000000002 R14: 0000000000000000 R15: ffffc9000457fb00 [ 692.703538][T15183] FS: 00007f076f7796c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 692.801130][T15183] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 692.846819][T15183] CR2: 00007f0e1dcd7d60 CR3: 000000007efa4000 CR4: 00000000003526f0 [ 692.854842][T15183] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 692.905597][T15183] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 692.913621][T15183] Kernel panic - not syncing: Fatal exception [ 692.919922][T15183] Kernel Offset: disabled [ 692.924242][T15183] Rebooting in 86400 seconds..