last executing test programs: 18.703848829s ago: executing program 1 (id=6193): stat$auto(&(0x7f0000000140)='..\x00\x00', 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xa) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) nanosleep$auto(0x0, 0x0) mmap$auto(0xb, 0x1000, 0x3ff, 0x19, 0x4, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) newfstatat$auto(0x800, &(0x7f0000000040)='\x00', &(0x7f0000000080)={0x6, 0x75, 0x1, 0xa, 0x5, 0x1000, 0x0, 0x0, 0x80000000, 0x7, 0xfffffffffffffac0, 0x8, 0x6, 0x0, 0x10000, 0x5, 0x1, [0x6, 0x3, 0xfee1]}, 0x7) getsockopt$auto(0x4, 0x6000000000000, 0x80, 0xfffffffffffffffd, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/mnt\x00') 17.308286955s ago: executing program 1 (id=6206): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x5, 0x0) open(&(0x7f0000000000)='./file1\x00', 0x12677d, 0x37e5c9853cd1b83b) close_range$auto(0x7, 0xfffffffffffffff8, 0x200000002) fsync$auto(0x3) setsockopt$auto(0x4, 0x0, 0x20, 0xfffffffffffffffe, 0x0) r1 = socket(0x2, 0x5, 0x0) r2 = socket(0x1, 0x2, 0x0) clone$auto(0x0, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r3 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, r3, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_RECEIVE_MULTICAST={0x4}, @NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0x200}, @NL80211_ATTR_MBSSID_CONFIG={0x9, 0x132, "f576f900c6"}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000050}, 0x4004080) r4 = syz_genetlink_get_family_id$auto_NCSI(&(0x7f0000000100), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'team_slave_0\x00', 0x0}) sendmsg$auto_NCSI_CMD_SET_INTERFACE(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00022dbd7000fedb00000000020000020100", @ANYRES32=r5, @ANYBLOB="08000800910f0000"], 0x24}}, 0x20008001) madvise$auto(0x0, 0xffffffffffff0005, 0x19) semctl$auto(0x1ff, 0x2, 0x13, 0x1) io_uring_setup$auto(0x40000002c55, 0x0) mbind$auto(0xf000, 0x1, 0x1, 0x0, 0x7fff, 0x2) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$NS_GET_PARENT(r2, 0x5450, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000002d40)={0x0, 0x0, &(0x7f0000002d00)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00a402be6f0b8b8d55b318b5f1c80c909bf27663e18232177f460c3505e3a76837bd53808bc7c9d6b5885ac12a209dba9f44295c1c30c36d5ef427a74411e84a7ed0d58fe3eb00ebea2844484623dfd12a7e331812909f356b98c1a96277582e94aebbbe5f69ba9fa0f75c47da675285c75f920afad6869d8636e5f0b00b7272e39586fe0cdab9bf43f46f569b832cf992bb1e7d2a919f20f5b8d368516202b300000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x20000000) 10.36836217s ago: executing program 1 (id=6224): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000000c80)={0x58, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_MRU={0x6, 0x9, 0x9}, @OVS_PACKET_ATTR_MRU={0x6, 0x9, 0x2ee9}, @OVS_PACKET_ATTR_MRU={0x6, 0x9, 0x6}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "4f1980af25430d91ee91098bd96e"}, @OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "b5c906c091278c0feca673f297d6"}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x80000) 8.807758412s ago: executing program 1 (id=6229): mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0x3f, 0x0, 0xf2) socket$nl_generic(0x10, 0x3, 0x10) fspick$auto(0x80000001, &(0x7f0000000000)='{%^\\}$#:{\x00', 0xa) fspick$auto(0xf6, &(0x7f0000000040)='-\x00', 0x7f) socket(0x2, 0x5, 0x0) socket(0x28, 0x5, 0x0) socket(0x2, 0x5, 0x0) sendmmsg$auto(0x6, &(0x7f0000000400)={{0x0, 0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x1, &(0x7f0000000300), 0x10, 0x8000000}, 0xed7138c}, 0x6, 0x0) setsockopt$auto(0x6, 0x3ff, 0x8, &(0x7f0000000080)='*\\\x88.{/-@[#,*\x00', 0x3) mmap$auto(0xc, 0xfffffffffffff012, 0x1, 0x15, 0x4, 0xb63) 7.875539429s ago: executing program 1 (id=6234): timerfd_create$auto(0x9, 0x0) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) clock_adjtime$auto(0x0, &(0x7f0000001000)={0x98, 0x200, 0x6, 0x7fff, 0x101, 0x6, 0x1, 0x10000, 0x3, {0x8}, 0xc, 0x8, 0x3, 0xc, 0x4, 0xd, 0x1, 0x80000003, 0x101, 0x8}) 6.840054951s ago: executing program 1 (id=6240): bpf$auto(0x0, 0x0, 0xaf1) 6.084049868s ago: executing program 2 (id=6245): r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000004e00), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r0, 0x0, 0x1000) 5.917405852s ago: executing program 2 (id=6247): r0 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000c40), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000000c80)={0x58, r0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_MRU={0x6, 0x9, 0x9}, @OVS_PACKET_ATTR_MRU={0x6, 0x9, 0x2ee9}, @OVS_PACKET_ATTR_MRU={0x6, 0x9, 0x6}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "4f1980af25430d91ee91098bd96e"}, @OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "b5c906c091278c0feca673f297d6"}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x80000) 5.71573856s ago: executing program 2 (id=6249): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_MAC80211_HWSIM(&(0x7f0000000640), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000680)={0x18, r1, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x48000) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f0000000880)={0x15b4, r1, 0x800, 0x70bd2d, 0x25dfdbfc, {}, [@HWSIM_ATTR_ADDR_RECEIVER={0x1004, 0x1, "f7795be698fa21b987d8f7b4cf5db5753fb9e13776e256fee7eb9d63070960006ebde81178660a39bb5272afdb0e60c4943cee30f70df1e288c1c5e05bf593e323edc924bf6fba6505d19bda2dd0fd2c8b7c5b6c4de0c15073ab93584bd384332c26bbee788dab7e85fdf12b03c706cf1ae56d58abfb409339d7cdbec1874a46a2fb1123b1ebdabb36b26344dbf218e319d4b8c98d26247d83660ae40514d7d86790823a82d6b100d740a7ef49cbf11c5ffc6497b285578b1bbde666e6fb0dbc75a5d681d6d9b40143c253097c49cf60d62bc19692f471367f2836fc3ba21b1f072f8eb29763bef7a2bd2db2588da785bc35924f756efb36caf8630e82b8c5dc2316c90d5dcd9a9dee2f4395760c30aafee60acc9a742f3390407ac7da8d274a110ab2ef954c57916f9a9d9c7dccc9648fdd0d07a22efbd63032adad6aa47e6613ee7f2f70e4448017b9c4d36f2c18d8fd7ae60ea8fa1bdf67e5da8cb783870453d9a875f8963fd1cf77ab4d583b235b976ed9f2560014df4854bd64718baac7903ef24801516271a4b1abf1fe071e719273092e00786abab09d429704036bdd6cf8b108ca40d4828a283a2930fa716a7450a66338c7a391c9237c6dc56ecbeb7223d6de55b2e495fb564a5c0e73dd284a14c0cfb4a9cf23c5a039bf424fe3578c0a115dc0cc1865abfa7c9735c14e00f9d1bf70240d63b7aeee3e88332c6a3003eef1dd805d9977b9525a36b4c52195dc9d786f41c60193a50e8a430f402e68c48d92712640185d52868b37daea819bbfd55d5f45bfeeebfeb063b7846910a73f0175ba8fc39516605e2aee6a2e28120cfbf5081aafb977117a01df1df283105159607f08c9b4a2b75f9aa9ea6cf9c7bd34111f574e9526bc6cdbb356b83b92197f7f5158603ad032bb039872d1503f037f6fe955f334ea326a9107e692ea425f5b98c89dbbde6f8c4b787067012ff759c865fee88c91482e1e8185fdb42d9d91303f1ff1e346288ebb4e8035cc3de5d1df7b82d996461d6cc8140be459b97f245b3872ba8f6505d628e515b25b33fd2c44d39e83e4499bccb6df82ab0d99b5917c0c4147d50d3af755de88542548c92c6885a363d7e9b5349fb84031c281963ab31e4f48f6c84556f817068ddfa0059385232566987798868982c7daf60989ca4d87f4c304b690a92c62bc442cefcdddd150eb288bf9600fc36daca7300a4c29d60852d6b54ca8a7550f78ec4e9c82f75c26faf338fc45e23226753712b70ad26f24a66bafe004c15a08587f201ccb702687227f54366a03df696d3cf138632d83aedfce9a734ba4f73d0033ff6ae8bd456a40c3b89a465566d830f4ef0582d0013d5e95275d60c0da6bd9c12110c40b6a23951f06c38f7c4c20c00cdf93ce24c3287dd43b07ebcf18ba131302cb4bf32d8a38ea254915a319bfe9181d38a0f6dd4d9ede5867d4c406e00f7c1c770e0538df4409eb66d75e73c3a3f61f10baec0346db56476de40b7efcc7b40feacbabfb82d3f9171a8de58fb8595671362d0fa4e3e4f17efd22920220b88828f6035b89beab0126bb647fe8b496e8af5cf2bccfaed049c202b2b26af92171c8c5e6eaa1454a19d848f1b731981fb91ab6610f8acd4d3b0c954fcb6e6a015fb8ad77df2fcf6965599adfb424118dc290c75bcce5e016e5156b97c82dced39b6504455e238cc98f871284c5a5d75bf3b710bc411dc5730a775b52a5f010c39ceeb7c3b7e22095ad2a4e1acc9b8dc291fdb329438bbb7cf65ad6f54a80e593925c1f974d93ad7e7008263955601fa0a5fd452aa78bf527f4c995d6611b8926ea481591685cdc352b6fa095f3458cdec4a9b9093e4457d1284f14f592acf4f8703404e29a688620719d65daac208ae0216d8f0e27e36d3d635e1df0b5cba56ab58a6e6372e34366c83b1acad97284ccc621dd878067cb06810f61b3ba5d7008bb3078895b417311a8327737526bab2be3f25f009909f08d40e11d9eeace3826fe5a1f49e733af33e5b2a51bd84e3544f7694277c56723926e1cea430b17e056b9b25da42d1dd109a2df757b5a35da7604a5b22d1b6776637fdc30b9d9d51ec3a98f3a07186818b9ab07bd3e84cb6547d554f88933db888b448e2f0f75d5f40ce2aec82350caad3bd02dc4dad5b4ed2284cac04d1bfc737c18e453ca31936153a010e5037011cbb8e08e0feb3c394b7e16f0cbe693a6ba715d89d060705f1f4dffd46dc57361da77d7ebde9042b36d00d8030228a6c2e55a5c798834f266339de3ecb9823bb11c5863ac74c00975b4be88ed2a6440bf8222bf3010dfd0ba8200e83e2fe3bf60acd4f2e7e6c0277e016727cceb658ca11dc959161683b54e325f3acebe0afb1cdde9a55a6f032ea3288f9735882eeeca17a0b2e3d5381df907bd6cee6d9d01831325b92a81692bbfadc90516a41974dbed1acba59127e554574c3fc98c9cce60b28f3bc7cee7ea72f5d7dd5ff14991e5b553c6405688acefcdc40082cbd8b80245eee5df6de4348762b79daa0a950930e192503cc48d08a488898788101f70a7c603042a69197008ee540bb0cc27203684d6303ce0b5db4dfce86ccdb383c8b33b679baca39cfcfd21b04ab2feb1502fddd1d1ade129112746ff5cf79b50bc5440566283b3de951207d99a2917610e31d81022f882d5dc939c9f069d7e93c01cf5ad915fc503255c9846aaa2476e281731d42406dd796d1b76719b2cae85cd12c28f66bff0c3a33f2f54cdc9dce5ee695a4047c24a25ced40ddd190698fb123131dfdcccadaeaaa2c5cddf4a76ed05cd8a94341bdd3cc79cc768f97e9f005be7ed964d43dce49291803b3e9ec925a5beeef2715866b8b62399f432fca9d87d40199b056b5b2fd7e233c52e42fa903fdc95b40bcf2278fb15de1c69fa4f37b2da3a8371c5b71fc3e21a8c2f39b62b86e60a45df34e343ef8fcb97e445b7e48f38ef30dded7a65814095d23d6556e75e513f80f5cabc1972f00a045f13d64e7bfd6aaefe9588b6ddff49cbc91d44b64d30d0583bb64de471f765a7e9802c8872dae9b99f32e4bf0e2811b28fd18312397b8d533661c0356244aa971b1768bacf028e08c002971f2cda1b4f759e555447b36d1e08eff4e32ad7dd1240874c18960ac1bdedbc82549a839296cb446ad8bb9453f00fecac7d692ca3ae0b0e2d354db1a17c7c1bdb04bac803ef34e4e32ba278b047ac63c69233c5f1bb09fda8c54282a8934de15c955bdeb23129ba2b98a294e1cb7edba37929dea09fb39be0fb1453024ede8c394e38a8dee4320e14c313a0f5062903ed9d741a2e5955bbd6848c3876460dad1bceb5e566a8f7d68f49ca458cb670347527544e059655083e0feaa43f255f63aff0a1d4a7a7af69a8df7f5d90bbeac323905a6588d054da3cb55e1333d483a4d0beec5f4c7057b6a74dbef7b01af580e7bf0d0b107e8043544cc675e229ffdafebc3384f5f54a1ac9b8eaadd35fb6a12ca84673d9784611ef11a8880ad0a1bbcd89f531b1773c58e85a4a6f1be3b66f915fe73722983449d72bf5b142e550d5efd1da01724e50527d564c7e86c6825995481f313a9e1be26ab13e640817079d276ad26219bf85e6e2962e9cc2f05598062a6969bccb37c1b53dcad474bd982b8a4e1ceeab7fea2989e5c99fe7366abbc900eaff11d862d10e6faa0036424906e8802ef4556df81fe17b437a2be89f7465d1f14fd999a5a1ae0c89e3e09122cc644c09881333d94f997eec7f584bf482dcaa067ff010a2fea05bbab9e10281a2e2e67375f1b70a0a05c39b6858120866e7c04db7f731b50f9a3785ae288d076fe568ffa3dd4ee4d62bb39d06f5d8f4bcf370ac3d895408206945b6555cd2f53e5809a78f3ea3958bc73c4178e04587ef9f3e815ad99af768e05b343328ba159a2f9f87f9e9b26ab85c11a683047847100b511585988e65b90d4c59db8747c91a78c2223b80b03d7037b164ac821007fb815141af755a47d1ff78a1f05aafacd8eca1adfb00870fa19a70d21ec484a944a9f37ac09cb68e185fd7976b1c645245c083c8edef45bd46fdb0e85b48e3a610981b4520af5f6aa1e423feeb0e78c9fb09c1b0a4800253d13a51a06baf5e6dc6468d2ba928c7cfb94badd1eecd37d82ed01453e564231eb6c1b3fbafc00a066e3f5601a1cf4773e08f92fc12ae66bf24359da5b460ef074458657d126498c17d973ab70539325622e61558dd2b553ca3ad954554e538bdb1ffe8a24610479518cfb26e3060927dd1402550754d63e957ae8b9ecdcb31519fb69e53e54e1d3afd5a3dab987769f6bf04228689ac045246cc3fd60a7ae3a92f71f7fa2c3a3de8f5c2bf35fcb3c7c12c82e0396f7c24cbd4857683f227b2b22f2c49e8bdd3101f3d37d4d8d09434d1e7cd8f211403145a981584f4ed0eed090b6eac551d319fbde78edfb5038c0a2827f73c14f0724f80cd7a6a7e5fdf35454c3812c0c1db6411d026732b6d6fb7c4090e04251528478af714627bd62912f0599e144cb92538f3a12ebb1464bec7f52d256cb432f20910eeee6e4b570fc766555cd20c27fa4dda25f626ec7e4d0690b550e2485da3866525caa0c3cb391382efa0d394b12820d7184eb314366587365e0db9a2834991e978ff422860e86b9c8394dc8ea98756cad117fb4395fe8040ecd73c4c7b72558d20655ae189e65c402173a2287c62a1c046b7797d5f5f83031274284d57ff2f7b40fe694e749f49528969c3591ab403136a1306d15c8d1f1a938b617d1077e9ab4fddbfcdc282ffec2df87313268c4b2466ea2b098d7c74a61658c787dc64fab936aab11b35b3c97a60d95ce897007a4b011fbc1af3b9260745c5d9021a70873dfd71d36f2bf47f595e7ae122ea99d18b33eb8e22188db72a4f30367f691d777db325f7a903aa7c0df3dd0dc7fc16981aa909348efbb679684a795bbe1ba0c349e4e7a7ca6c81a1d7cb07f14df7bc114cabb3f54aeb9209cccd9d72c162e8014ea72da1997859843df8110869628e4f0029cf01e3f8a75b4c2c1590ee3d0f477bff6ebdb0a38505c59951544eb11434d3245b1d5f1abb3d7e2736cb7f53d19e456ddbfccd62971c3503fb166f5d9e95484af36d99af061c1a92afba39a67e9e5bc1f6b1d39c8ddebfd132df46cb2eb2e6058d8857452c78bef14f7ffdc02bdf91f1a5c135847025a3180e53f4c1194def7bf5dfadcefc74f6fc4013cb65bbcc4ed078a2af42a56c56338ead96d62b90c574d14aa4045fc66726ee9cf526fff46aa1b8df7c310696c398fb8653b008da5f0c93dafa350dd3a3052ff1fe3a4c9665951487936e30fcc6a05c391c9a7fb1936f5712143a2445aae6cf2c06753f4709600e2ecc73fd82626be2ea2be79adba27d634106573f4eb16364c53b5b6c9f3def971a58f2bf0db1a9fe22b8e88bea6c71265b3cfeaa16bb167b9ab2f237795a9dc51ee8982d3d2c1ffaca7ca873a8b79321f03233eace7a42bc9d9ab8ef870d488d1ccd821aa39faf6f3d63c0fd486f72bd3947d21dceca960d7e5bb921bcd34c606e113da16d99329377fc5f61eb26496a22209408743717415baaf3f1958eede544544d174ffd60c09a2e8068ce3762d64afe3c61c0ffe2950bbe0ec0d7e0a2349f0d26034cf3609a01c28271235a55ccc16df8a5adad1b608262b8abc1100abdae10aeff88347d621888feb4979884522e7b4d9437418c7a5f548d22bcaf0543c73d09ba7da424c7f117a047cb7af4ef3147592b28d192a16153485f188ec8740c45b1d34d428e712b"}, @HWSIM_ATTR_MLO_SUPPORT={0x4}, @HWSIM_ATTR_PMSR_RESULT={0x9, 0x1c, "04bd3d58ac"}, @HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x7f}, @HWSIM_ATTR_FRAME={0x574, 0x3, "240d930f097aa1fa0bca91bc2d65a9c250e434bb698cb727c68c4b26002907f0b0dc49701475dd67cfb5405d7b73087848de306eddccd7e2671cea5b306feef4e12f69bf89cd7a2094d0fd13cbcefea65902453885b8b13e77322eb0b948883ae0825b7ff35a6932e2ac1bfa41ac1ec3902d14aae68c1b209131c1dcd6edc1a7dd6d2b8be43a9fc23d43e097c1ed620315ff160246de1d48c6bb6e54447c069a3c06ea6b7c0d22f68575912e7d44cb03681127017121b9eb6bd0391135801ee731804fe7cb9dcf22a493c1bc181694b26c33d36b624eefeec1cd19f5125b23be2421a26f425284775271806f650fe8591d5dceb794460c32c9b4632058bd0a3f4326662e2cec034a67b0ee0e3ed1b50ce5333c5f8307fc0466edb5bca3c7404c3fb4263b13a8db688b2b5286816dc845df48f7a263d4828e10ced7f845065d75ea6e396c6c87e293f8e2b69c4d68e84892a64d5158b60ba73f8f9a7abb3f77b53a7bf2786b6f872c8034d0c869a9cf96826d9e28010efe09e251ea7fba3ef58e364e665c7d045ae6b79fb01c95f7a995f33ddb3cc886a738f4d1bbdcf723d9884c7f2236964f5254600717184835129488214a3eb8945c2057460fbfaee51202653f5b263dd2e2b9cd00dbf820f557fe8a65205c0eceeac3823e94833f893aef0738f5416407fb9d0a21507baebd1c34c8e2cfb31d41dbb9f5b589096e1aa781de6f8b4a05297e4ebe4413b8ae7a79b94487eda437e66aa86f2fa206ae869c3000d56483b9af2fce97074f080502e0cf14b4c06bece7f61df7fc5715d774f4118c036f0db2d0fddab9148c1551f1da2cc9035f022a0c08c35500ab480b50ec0d5526b657ccfab11672d04bc8df6501c8996e365b0522974db8cb5ad0f1709a8072ccdeb39ddf75cebf22ae65f3c3b63d6d66bc442855e7c202a1fae08c83ec8ac45dfd640a43a63c08f1e586aaf5ca338a92b7a8ef488dca878eb8d160d06ff317e3a13e9922c73fcd7240506bcda9a32f79e942b259f374eb8edcb2e5e29c356cb5f10496ad91280662d65671a18d4fef1d3a3b1f8150c158797594f8b458593ab24e4cc04038612e86e3074d391d0f920570fc6cbf14e91ef8564938cc62ab3a946eb94207090e3b30ebba1c43380963d441c6d1a99ef19bb0fd616428c105f1b72302be705f498f786bbc24c0ce116e5abb0354be03c78f1c35e4d25b311e5230328cee2e567074440eea1ac05cd24191853a5fc8fe1703278dee8f20b2417cbfaa4a04e08b22790a52dc3ebab579c96a6e4287206e859c961bf46b5038a0aca7d329cb0be8e0a4b83d474875cb7e3111af551b15eae6cba36ca1c522aa04ae7d0b221776740dff5756217a3066f261b50ca24c972ca990b7f2fb8e615cdff296d566470d3faa139bab71aa8f77907248f2b98b3ee585f9c13fce794b29d9ce1154d18a72d6b0c97091beca0b49e17b85f106e01d608fa73d4592ec603b824eee2baecf4e78e1e9faf1773f8fcbed105af17c882ccb8b4dd0b42b4356323f415815a5cecd46a812eb2cab1f815d89e7c06b4144992954fe1981dad7cc41ac81faa5c02cd20cc20ba3d4e35f4b1576a540d46a7258d6c69f164abd70b7f15da7a5153fea8f96951f533092f06ff0c6f53c2a9631fafe831ed0202a5133cb417d3877201385fb279a29ac6ce6467d01a40ca9fd35d4cf3de050014897358221a4e8697b4fcd2b5db6176b4c06c7ea4473e5d81045aec42dd95a28489114b1d9be3f69aa81c265ebcb3f1de5be459ec946aedafebb2ecf414c0d7c37f5961a3bee6facfcfd317bee76de48eac3437eb46c86b9441a173d5d3e8141f28e3afe60c41cc38a28a75c2d02e78eb16095046afc3831de07c3c36370c6acd759dcc437a2025f88291954d1ee242625ccd1a6215d7c9435271e8e9e218880255f78da983c350d2b817cfa58dae220cf13f4dbd4"}, @HWSIM_ATTR_FLAGS={0x8, 0x4, 0x4}, @HWSIM_ATTR_RADIO_ID={0x8, 0xa, 0x5}]}, 0x15b4}, 0x1, 0x0, 0x0, 0x4002}, 0x27a482c02a01215f) 5.071678346s ago: executing program 2 (id=6251): mmap$auto(0x0, 0x2000d, 0x0, 0xeb1, 0xb56c, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0xfd, 0x5, 0x4) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) syz_open_procfs$namespace(0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time_for_children\x00') socket(0x29, 0x2, 0x0) socket(0x15, 0x5, 0x0) getpeername$auto(0x3, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x100) copy_file_range$auto(0x6, &(0x7f0000000080)=0x1, 0x0, &(0x7f00000000c0)=0x7, 0x100000000000, 0x9) bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0) 4.870967872s ago: executing program 2 (id=6253): madvise$auto(0x0, 0x23, 0x18) tkill$auto(0x1, 0x7) tkill$auto(0x0, 0xf) waitid$auto(0x7f, 0x8009, &(0x7f0000000000)={@_si_pad}, 0x4, 0x0) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) read$auto(0xfffffffd, &(0x7f0000000080)='%\x00', 0x40) 4.07903098s ago: executing program 3 (id=6260): close_range$auto(0x2, 0x8000, 0x0) 4.078892737s ago: executing program 2 (id=6261): syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') socketpair$auto(0x0, 0x9, 0xb4, &(0x7f0000000040)=0x6) socket(0x2b, 0x1, 0x1) getsockopt$auto(0x4, 0x11e, 0x7, 0xfffffffffffffffc, 0x0) 3.679730516s ago: executing program 3 (id=6264): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) cachestat$auto(0x0, 0x0, 0x0, 0x0) 3.462549592s ago: executing program 3 (id=6266): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_IOAM6(&(0x7f0000000040), r0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd96b1fddb9edd0500"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x40) (fail_nth: 1) 2.901432233s ago: executing program 3 (id=6269): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) cachestat$auto(0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 2.019715722s ago: executing program 3 (id=6272): epoll_create1$auto(0x10000) syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000000040), 0xffffffffffffffff) listen$auto(0x1, 0x6) setreuid$auto(0x7f, 0x6) io_uring_setup$auto(0x1, &(0x7f0000000080)={0x20, 0x8001, 0x9, 0x200, 0x3, 0xd, 0x9, [0x101, 0x1, 0x8], {0x8001, 0x1e87, 0x99, 0x7, 0x2, 0xfffffff8, 0x9, 0x5, 0x95}, {0x6, 0x4, 0x4, 0x6, 0x2, 0x2e47, 0x5, 0x10, 0x3}}) vmsplice$auto(0x1, &(0x7f0000000000)={&(0x7f0000000100), 0x5}, 0x6, 0x8) 1.631924074s ago: executing program 3 (id=6274): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0008, 0x19) (async, rerun: 32) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (rerun: 32) socket(0xa, 0x3, 0x6) (async) close_range$auto(0x2, 0x8000, 0x0) madvise$auto(0x0, 0x7ffffffffffffffc, 0xc) (async) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) 1.413780881s ago: executing program 0 (id=6276): bpf$auto(0xd, &(0x7f0000000080)=@iter_create={0x1, 0x2}, 0x2) 1.253160949s ago: executing program 0 (id=6277): socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x9, 0xfffffffffffffffc, 0xffffffffffffffff) r0 = socket(0x30, 0x1, 0xa7) ioctl$sock_SIOCGIFINDEX(r0, 0x8942, &(0x7f0000000000)={'dvmrp0\x00'}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) fanotify_init$auto(0x5, 0x2) socket(0x1, 0x1, 0x1) set_robust_list$auto(&(0x7f0000000180)={{&(0x7f0000000080)={&(0x7f0000000040)}}, 0x3, &(0x7f0000000140)={&(0x7f0000000100)={&(0x7f00000000c0)}}}, 0x5) sendfile$auto(0x1, 0x3, 0x0, 0xc01) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) pidfd_send_signal$auto(0x2, 0x7, 0x0, 0x1) mmap$auto(0x0, 0x5, 0x1, 0x40eb2, 0x402, 0x300000000000) bpf$auto(0x0, 0x0, 0xaf1) 975.941689ms ago: executing program 0 (id=6278): socket(0x28, 0x1, 0x0) setsockopt$auto(0x3, 0x4, 0x7, 0xffffffffffffffff, 0x3) ioperm$auto(0x7, 0x6, 0x4000000000002) futimesat$auto(0x8, &(0x7f0000000040)='\x00', &(0x7f0000000080)={0x5, 0x1ff}) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x4, 0x3, 0x1ff, 0xfffffffffffffffe, 0x1) open(&(0x7f00000000c0)='./file0\x00', 0x8c40, 0x1) timerfd_create$auto(0x1, 0x0) setuid$auto(0x7) timerfd_gettime$auto(0x4, 0xfffffffffffffffc) setxattr$auto(0x0, &(0x7f0000000000)='{f\x00\x90\x82\xfb\xed\n\xfe\x8b\xae+\xd4\xbc\x9e\xb48_^\xe6\x8d7\x9c\xa0\x938\x0e\xe3F\xd6\xca\xbc\x02\xbb$\x82\xa8\xd0\x011\xd1\x00\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x40000000) 681.597ms ago: executing program 0 (id=6279): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000200), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000040), r0) sigaltstack$auto(&(0x7f0000000040)={0x0, 0x1}, 0x0) sendmsg$auto_OVS_METER_CMD_SET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r2, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@OVS_METER_ATTR_ID={0x8, 0x1, 0x1}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x5}, @OVS_METER_ATTR_MAX_METERS={0x8, 0x7, 0x5}, @OVS_METER_ATTR_STATS={0x14, 0x3, {0x9, 0x1}}, @OVS_METER_ATTR_MAX_METERS={0x8, 0x7, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x24004054) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) msgctl$auto(0xca80, 0x7fffffffffffffff, 0xfffffffffffffffe) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b0010000", @ANYRES16=r1, @ANYBLOB="010027bd7000fedbdf250d"], 0x1b0}, 0x1, 0x0, 0x0, 0x40890}, 0x40000) 246.440525ms ago: executing program 0 (id=6280): fcntl$auto(0x4, 0x4, 0xa553) 0s ago: executing program 0 (id=6281): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000002400)={0x0, 0x0, &(0x7f00000023c0)={&(0x7f0000002200)={0x1c, r0, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000094}, 0x40000) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x9c, r0, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_MAC_HINT={0x76, 0xc8, "a1deae0b353364b8a893fff4cb7d6d35e546027c9f893d12c856a2112b9b27017af6f266eac91814b060af082cd23e2c4367e4320c1d3dbe5b790e07a1ffed479d3ad25e4a02086d178d25967004056db2472daa35204c3172ee232c441c8499ce16016b8ac62374ecace861bdfd96e44594"}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x9}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}]}, 0x9c}}, 0x10) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) clone$auto(0xf, 0x6, 0xfffffffffffffffd, 0xfffffffffffffffd, 0xc0c9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000002400)={0x0, 0x0, &(0x7f00000023c0)={&(0x7f0000002200)={0x1c, r0, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_PUNCT_BITMAP={0x8, 0x142, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000094}, 0x40000) (async) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x9c, r0, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_MAC_HINT={0x76, 0xc8, "a1deae0b353364b8a893fff4cb7d6d35e546027c9f893d12c856a2112b9b27017af6f266eac91814b060af082cd23e2c4367e4320c1d3dbe5b790e07a1ffed479d3ad25e4a02086d178d25967004056db2472daa35204c3172ee232c441c8499ce16016b8ac62374ecace861bdfd96e44594"}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x9}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}]}, 0x9c}}, 0x10) (async) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async) clone$auto(0xf, 0x6, 0xfffffffffffffffd, 0xfffffffffffffffd, 0xc0c9) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) kernel console output (not intermixed with test programs): do_syscall_64+0xcd/0x250 [ 866.521705][T22788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.527607][T22788] RIP: 0033:0x7f103c57df39 [ 866.532028][T22788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 866.551647][T22788] RSP: 002b:00007f103d2f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a4 [ 866.560070][T22788] RAX: ffffffffffffffda RBX: 00007f103c735f80 RCX: 00007f103c57df39 [ 866.568043][T22788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 866.576015][T22788] RBP: 00007f103d2f6090 R08: 0000000000000000 R09: 0000000000000000 [ 866.583989][T22788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 866.591992][T22788] R13: 0000000000000000 R14: 00007f103c735f80 R15: 00007ffcc352c968 [ 866.599993][T22788] [ 867.235771][T22658] coredump: 63(syz.0.5222): written to core: VMAs: 37, size 133259264; core: 95798426 bytes, pos 133267456 [ 868.185319][T22828] coredump: 82(syz.0.5259): coredump has not been created, error -13 [ 868.727473][T22846] FAULT_INJECTION: forcing a failure. [ 868.727473][T22846] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 868.781414][T22846] CPU: 0 UID: 0 PID: 22846 Comm: syz.0.5264 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 868.791904][T22846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 868.802084][T22846] Call Trace: [ 868.805387][T22846] [ 868.808342][T22846] dump_stack_lvl+0x16c/0x1f0 [ 868.813151][T22846] should_fail_ex+0x497/0x5b0 [ 868.817880][T22846] _copy_to_user+0x30/0xc0 [ 868.822345][T22846] simple_read_from_buffer+0xd0/0x160 [ 868.827785][T22846] proc_fail_nth_read+0x198/0x270 [ 868.832855][T22846] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 868.838530][T22846] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 868.844122][T22846] vfs_read+0x1ce/0xbd0 [ 868.848317][T22846] ? __fget_files+0x23a/0x3f0 [ 868.853122][T22846] ? fdget_pos+0x24c/0x360 [ 868.857672][T22846] ? __pfx_lock_release+0x10/0x10 [ 868.862739][T22846] ? __pfx_vfs_read+0x10/0x10 [ 868.867452][T22846] ? __pfx___mutex_lock+0x10/0x10 [ 868.872524][T22846] ? __fget_files+0x244/0x3f0 [ 868.877432][T22846] ksys_read+0x12f/0x260 [ 868.881713][T22846] ? __pfx_ksys_read+0x10/0x10 [ 868.886527][T22846] do_syscall_64+0xcd/0x250 [ 868.891071][T22846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.897003][T22846] RIP: 0033:0x7fe72737c97c [ 868.901439][T22846] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 868.921082][T22846] RSP: 002b:00007fe728253030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 868.929797][T22846] RAX: ffffffffffffffda RBX: 00007fe727535f80 RCX: 00007fe72737c97c [ 868.937821][T22846] RDX: 000000000000000f RSI: 00007fe7282530a0 RDI: 0000000000000003 [ 868.945829][T22846] RBP: 00007fe728253090 R08: 0000000000000000 R09: 0000000000000000 [ 868.953843][T22846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 868.961848][T22846] R13: 0000000000000001 R14: 00007fe727535f80 R15: 00007ffc94671b38 [ 868.969874][T22846] [ 870.201510][T22626] coredump: 176(syz.3.5216): written to core: VMAs: 38, size 97677312; core: 60023974 bytes, pos 97685504 [ 870.225036][ T1264] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.231470][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.043607][T22876] coredump: 132(syz.2.5270): coredump has not been created, error -13 [ 871.497419][T22742] coredump: 106(syz.2.5234): written to core: VMAs: 33, size 97341440; core: 60007310 bytes, pos 97349632 [ 871.572546][T22808] coredump: 19(syz.1.5253): written to core: VMAs: 34, size 80564224; core: 60003270 bytes, pos 80572416 [ 872.197750][T22854] coredump: 35(syz.1.5266): Error writing out the process memory [ 872.246706][T22854] coredump: 35(syz.1.5266): written to core: VMAs: 33, size 80564224; core: 46336594 bytes, pos 66949120 [ 872.568247][T22897] coredump: 1(syz.3.5276): coredump has not been created, error -2 [ 872.749970][T22772] coredump: 1(syz.2.5240): written to core: VMAs: 34, size 80568320; core: 60007410 bytes, pos 80576512 [ 872.985311][T22904] FAULT_INJECTION: forcing a failure. [ 872.985311][T22904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 873.162374][T22904] CPU: 1 UID: 0 PID: 22904 Comm: syz.2.5282 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 873.172859][T22904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 873.182956][T22904] Call Trace: [ 873.186251][T22904] [ 873.189212][T22904] dump_stack_lvl+0x16c/0x1f0 [ 873.193936][T22904] should_fail_ex+0x497/0x5b0 [ 873.198666][T22904] _copy_from_user+0x30/0xf0 [ 873.203291][T22904] __sys_bpf+0x215/0x5780 [ 873.207651][T22904] ? ksys_write+0x21e/0x260 [ 873.212201][T22904] ? __pfx___sys_bpf+0x10/0x10 [ 873.217005][T22904] ? vfs_write+0x14d/0x1140 [ 873.221557][T22904] ? __mutex_unlock_slowpath+0x164/0x650 [ 873.227247][T22904] ? fput+0x30/0x390 [ 873.231183][T22904] ? ksys_write+0x1ad/0x260 [ 873.235720][T22904] ? __pfx_ksys_write+0x10/0x10 [ 873.240616][T22904] __x64_sys_bpf+0x78/0xc0 [ 873.245066][T22904] ? lockdep_hardirqs_on+0x7c/0x110 [ 873.250398][T22904] do_syscall_64+0xcd/0x250 [ 873.254942][T22904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.260877][T22904] RIP: 0033:0x7f304117df39 [ 873.265315][T22904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 873.284953][T22904] RSP: 002b:00007f3041f55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 873.293403][T22904] RAX: ffffffffffffffda RBX: 00007f3041335f80 RCX: 00007f304117df39 [ 873.301401][T22904] RDX: 0000000000000009 RSI: 0000000020000140 RDI: 0000000000000008 [ 873.309401][T22904] RBP: 00007f3041f55090 R08: 0000000000000000 R09: 0000000000000000 [ 873.317397][T22904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 873.325477][T22904] R13: 0000000000000001 R14: 00007f3041335f80 R15: 00007fff18642cc8 [ 873.333585][T22904] [ 875.813981][T22856] coredump: 1(syz.0.5267): written to core: VMAs: 35, size 80642048; core: 60011562 bytes, pos 80650240 [ 876.507096][T22963] Process accounting resumed [ 876.978913][T22974] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5305'. [ 877.446877][T22986] coredump: 1(syz.3.5307): coredump has not been created, error -2 [ 877.526575][ T29] audit: type=1326 audit(8277292354.991:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22987 comm="syz.0.5310" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe72737df39 code=0x0 [ 878.619696][T22883] coredump: 104(syz.0.5273): written to core: VMAs: 38, size 80900096; core: 59950246 bytes, pos 80908288 [ 879.247393][T23019] coredump: 1(syz.0.5320): coredump has not been created, error -2 [ 879.325133][T22921] coredump: 1(syz.1.5288): written to core: VMAs: 34, size 80568320; core: 60007410 bytes, pos 80576512 [ 879.895146][T22887] coredump: 105(syz.0.5273): written to core: VMAs: 39, size 99774464; core: 62125327 bytes, pos 99782656 [ 880.426408][T22937] coredump: 149(syz.2.5294): written to core: VMAs: 33, size 80564224; core: 59929486 bytes, pos 80572416 [ 880.945261][T22938] coredump: 150(syz.2.5294): written to core: VMAs: 35, size 80695296; core: 60011518 bytes, pos 80703488 [ 881.107801][T22948] coredump: 1(syz.1.5298): written to core: VMAs: 34, size 80568320; core: 60007410 bytes, pos 80576512 [ 881.383466][T22821] coredump: 205(syz.3.5251): written to core: VMAs: 37, size 82866176; core: 62108831 bytes, pos 82874368 [ 881.627645][T23058] FAULT_INJECTION: forcing a failure. [ 881.627645][T23058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 881.778937][T23058] CPU: 1 UID: 0 PID: 23058 Comm: syz.3.5334 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 881.789418][T23058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 881.799503][T23058] Call Trace: [ 881.802794][T23058] [ 881.805737][T23058] dump_stack_lvl+0x16c/0x1f0 [ 881.810461][T23058] should_fail_ex+0x497/0x5b0 [ 881.815176][T23058] _copy_to_user+0x30/0xc0 [ 881.819626][T23058] simple_read_from_buffer+0xd0/0x160 [ 881.825038][T23058] proc_fail_nth_read+0x198/0x270 [ 881.830096][T23058] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 881.835675][T23058] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 881.841254][T23058] vfs_read+0x1ce/0xbd0 [ 881.845454][T23058] ? __fget_files+0x23a/0x3f0 [ 881.850166][T23058] ? fdget_pos+0x24c/0x360 [ 881.854623][T23058] ? __pfx_lock_release+0x10/0x10 [ 881.859698][T23058] ? __pfx_vfs_read+0x10/0x10 [ 881.864412][T23058] ? __pfx___mutex_lock+0x10/0x10 [ 881.869486][T23058] ? __fget_files+0x244/0x3f0 [ 881.874204][T23058] ksys_read+0x12f/0x260 [ 881.878480][T23058] ? __pfx_ksys_read+0x10/0x10 [ 881.883286][T23058] do_syscall_64+0xcd/0x250 [ 881.887826][T23058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.893748][T23058] RIP: 0033:0x7f63ed17c97c [ 881.898190][T23058] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 881.917917][T23058] RSP: 002b:00007f63ee03f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 881.926358][T23058] RAX: ffffffffffffffda RBX: 00007f63ed336058 RCX: 00007f63ed17c97c [ 881.934353][T23058] RDX: 000000000000000f RSI: 00007f63ee03f0a0 RDI: 0000000000000004 [ 881.942356][T23058] RBP: 00007f63ee03f090 R08: 0000000000000000 R09: 0000000000000000 [ 881.950351][T23058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 881.958349][T23058] R13: 0000000000000001 R14: 00007f63ed336058 R15: 00007fff9d261278 [ 881.966373][T23058] [ 884.558403][T23114] coredump: 169(syz.0.5357): coredump has not been created, error -13 [ 884.701081][T23119] coredump: 172(syz.0.5360): coredump has not been created, error -13 [ 885.213880][T23076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 885.404848][T22870] coredump: 214(syz.3.5263): written to core: VMAs: 40, size 101875712; core: 64222530 bytes, pos 101883904 [ 885.671386][T23141] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5369'. [ 885.896458][T22618] coredump: 170(syz.3.5215): written to core: VMAs: 38, size 131235840; core: 93705426 bytes, pos 131244032 [ 886.190136][T22866] coredump: 213(syz.3.5263): written to core: VMAs: 40, size 101875712; core: 64222530 bytes, pos 101883904 [ 886.768712][T23169] coredump: 186(syz.0.5377): coredump has not been created, error -13 [ 887.317408][T23185] netlink: 412 bytes leftover after parsing attributes in process `syz.1.5380'. [ 887.666836][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 888.396774][T23209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5388'. [ 888.405706][T23209] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 888.452944][T23125] coredump: 108(syz.1.5361): written to core: VMAs: 35, size 80699392; core: 60138582 bytes, pos 80707584 [ 888.537720][T23213] coredump: 132(syz.1.5390): written to core: VMAs: 1, size 4096; core: 2659 bytes, pos 8192 [ 888.639741][T23217] coredump: 203(syz.0.5391): coredump has not been created, error -13 [ 888.725406][T23050] coredump: 184(syz.2.5331): written to core: VMAs: 36, size 80961536; core: 60015670 bytes, pos 80969728 [ 890.168930][T23048] coredump: 1(syz.2.5331): written to core: VMAs: 36, size 80961536; core: 60015670 bytes, pos 80969728 [ 890.326206][T23245] coredump: 263(syz.3.5395): written to core: VMAs: 4, size 4333568; core: 4209418 bytes, pos 4337664 [ 890.349794][T23259] coredump: 144(syz.1.5404): coredump has not been created, error -13 [ 891.307271][T23284] coredump: 222(syz.0.5410): coredump has not been created, error -13 [ 891.327026][T23285] coredump: 148(syz.1.5409): coredump has not been created, error -13 [ 891.701215][T23295] coredump: 154(syz.1.5413): written to core: VMAs: 1, size 4096; core: 2659 bytes, pos 8192 [ 892.117329][T23309] coredump: 235(syz.0.5417): coredump has not been created, error -13 [ 892.461930][T23319] coredump: 160(syz.1.5420): coredump has not been created, error -13 [ 893.605754][T23350] coredump: 171(syz.1.5431): coredump has not been created, error -13 [ 893.633680][T23354] coredump: 248(syz.0.5432): coredump has not been created, error -13 [ 895.187056][T23383] coredump: 187(syz.1.5441): coredump has not been created, error -13 [ 895.637417][T23394] coredump: 264(syz.0.5444): coredump has not been created, error -13 [ 895.797058][T23395] coredump: 265(syz.0.5444): coredump has not been created, error -13 [ 896.244929][T23377] coredump: 183(syz.1.5439): written to core: VMAs: 38, size 101744640; core: 64222418 bytes, pos 101752832 [ 896.726703][T23153] coredump: 207(syz.2.5370): written to core: VMAs: 37, size 97738752; core: 60286106 bytes, pos 97746944 [ 896.824963][T23183] coredump: 216(syz.2.5375): written to core: VMAs: 42, size 77291520; core: 56161714 bytes, pos 77299712 [ 896.841699][T23404] coredump: 287(syz.3.5442): coredump has not been created, error -13 [ 897.277133][T23343] coredump: 236(syz.2.5428): interrupted: fatal signal pending [ 897.284766][T23343] coredump: 236(syz.2.5428): written to core: VMAs: 34, size 97472512; core: 13400776 bytes, pos 13787136 [ 897.342080][T23175] coredump: 215(syz.2.5375): written to core: VMAs: 42, size 77291520; core: 56161714 bytes, pos 77299712 [ 897.506473][T23418] coredump: 195(syz.1.5451): coredump has not been created, error -13 [ 897.612309][T23173] coredump: 214(syz.2.5375): written to core: VMAs: 36, size 76898304; core: 56140898 bytes, pos 76906496 [ 898.462818][T23271] coredump: 267(syz.3.5403): written to core: VMAs: 35, size 80773120; core: 60138538 bytes, pos 80781312 [ 898.547201][T23436] coredump: 208(syz.1.5460): coredump has not been created, error -13 [ 898.867339][T23448] coredump: 293(syz.3.5457): coredump has not been created, error -13 [ 900.041416][T23311] coredump: 274(syz.3.5415): written to core: VMAs: 34, size 97415168; core: 60015576 bytes, pos 97431552 [ 901.708393][T23470] coredump: 243(syz.2.5469): coredump has not been created, error -13 [ 901.877042][T23473] FAULT_INJECTION: forcing a failure. [ 901.877042][T23473] name failslab, interval 1, probability 0, space 0, times 0 [ 901.925459][T23473] CPU: 0 UID: 0 PID: 23473 Comm: syz.2.5470 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 901.935945][T23473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 901.946033][T23473] Call Trace: [ 901.949329][T23473] [ 901.952274][T23473] dump_stack_lvl+0x16c/0x1f0 [ 901.956988][T23473] should_fail_ex+0x497/0x5b0 [ 901.961702][T23473] ? fs_reclaim_acquire+0xae/0x160 [ 901.966844][T23473] should_failslab+0xc2/0x120 [ 901.971553][T23473] kmem_cache_alloc_node_noprof+0x71/0x310 [ 901.977388][T23473] ? __alloc_skb+0x2b3/0x380 [ 901.982009][T23473] __alloc_skb+0x2b3/0x380 [ 901.986453][T23473] ? __pfx___alloc_skb+0x10/0x10 [ 901.991416][T23473] ? __pfx___might_resched+0x10/0x10 [ 901.996758][T23473] netlink_alloc_large_skb+0x69/0x130 [ 902.002164][T23473] netlink_sendmsg+0x689/0xd70 [ 902.006965][T23473] ? __pfx_netlink_sendmsg+0x10/0x10 [ 902.012285][T23473] ____sys_sendmsg+0x9ae/0xb40 [ 902.017077][T23473] ? copy_msghdr_from_user+0x10b/0x160 [ 902.022560][T23473] ? __pfx_____sys_sendmsg+0x10/0x10 [ 902.027880][T23473] ? find_held_lock+0x2d/0x110 [ 902.032668][T23473] ? __pfx___lock_acquire+0x10/0x10 [ 902.037905][T23473] ___sys_sendmsg+0x135/0x1e0 [ 902.042610][T23473] ? __pfx____sys_sendmsg+0x10/0x10 [ 902.047848][T23473] ? ksys_write+0x21e/0x260 [ 902.052381][T23473] ? __pfx_lock_release+0x10/0x10 [ 902.057458][T23473] ? fdget+0x176/0x210 [ 902.061561][T23473] __sys_sendmsg+0x117/0x1f0 [ 902.066177][T23473] ? __pfx___sys_sendmsg+0x10/0x10 [ 902.071308][T23473] ? __fget_files+0x244/0x3f0 [ 902.076041][T23473] do_syscall_64+0xcd/0x250 [ 902.080581][T23473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 902.086506][T23473] RIP: 0033:0x7f304117df39 [ 902.090939][T23473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 902.110574][T23473] RSP: 002b:00007f3041f55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 902.119021][T23473] RAX: ffffffffffffffda RBX: 00007f3041335f80 RCX: 00007f304117df39 [ 902.127016][T23473] RDX: 0000000004004804 RSI: 0000000020000140 RDI: 0000000000000003 [ 902.135006][T23473] RBP: 00007f3041f55090 R08: 0000000000000000 R09: 0000000000000000 [ 902.142999][T23473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 902.150991][T23473] R13: 0000000000000000 R14: 00007f3041335f80 R15: 00007fff18642cc8 [ 902.158997][T23473] [ 902.187292][T23456] coredump: 287(syz.0.5462): interrupted: fatal signal pending [ 902.239806][T23443] coredump: 283(syz.0.5462): interrupted: fatal signal pending [ 902.301103][T23464] coredump: 218(syz.1.5468): written to core: VMAs: 35, size 82735104; core: 60013299 bytes, pos 82743296 [ 902.302394][T23456] coredump: 287(syz.0.5462): written to core: VMAs: 39, size 85098496; core: 14861534 bytes, pos 15564800 [ 902.366345][T23443] coredump: 283(syz.0.5462): written to core: VMAs: 40, size 85110784; core: 19044706 bytes, pos 19759104 [ 903.115667][T23493] coredump: 304(syz.3.5472): coredump has not been created, error -13 [ 903.571590][T23501] coredump: 290(syz.0.5478): coredump has not been created, error -13 [ 903.661882][T23392] coredump: 262(syz.0.5444): coredump has not been created, error -13 [ 904.516972][T23523] coredump: 239(syz.1.5487): coredump has not been created, error -13 [ 904.534412][T23370] coredump: 283(syz.3.5430): written to core: VMAs: 37, size 101744640; core: 64214126 bytes, pos 101752832 [ 904.721364][T23528] coredump: 242(syz.1.5489): coredump has not been created, error -13 [ 905.448054][T23506] coredump: 255(syz.2.5482): written to core: VMAs: 34, size 80699392; core: 60140214 bytes, pos 80707584 [ 905.697611][T23547] coredump: 300(syz.0.5496): coredump has not been created, error -13 [ 906.576987][T23568] coredump: 259(syz.2.5498): coredump has not been created, error -13 [ 906.771389][T23577] coredump: 262(syz.2.5506): coredump has not been created, error -13 [ 907.007101][T23585] FAULT_INJECTION: forcing a failure. [ 907.007101][T23585] name failslab, interval 1, probability 0, space 0, times 0 [ 907.056604][T23585] CPU: 0 UID: 0 PID: 23585 Comm: syz.1.5508 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 907.067080][T23585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 907.077165][T23585] Call Trace: [ 907.080464][T23585] [ 907.083405][T23585] dump_stack_lvl+0x16c/0x1f0 [ 907.088101][T23585] should_fail_ex+0x497/0x5b0 [ 907.092793][T23585] ? fs_reclaim_acquire+0xae/0x160 [ 907.097999][T23585] should_failslab+0xc2/0x120 [ 907.102684][T23585] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 907.108063][T23585] ? security_inode_alloc+0x34/0x2b0 [ 907.113362][T23585] security_inode_alloc+0x34/0x2b0 [ 907.118485][T23585] inode_init_always+0xc5b/0xf90 [ 907.123439][T23585] alloc_inode+0x7d/0x230 [ 907.127775][T23585] new_inode+0x22/0x210 [ 907.131935][T23585] hugetlbfs_get_inode+0x2d2/0x530 [ 907.137059][T23585] hugetlb_file_setup+0x15b/0x620 [ 907.142095][T23585] ksys_mmap_pgoff+0x189/0x5c0 [ 907.146897][T23585] __x64_sys_mmap+0x125/0x190 [ 907.151578][T23585] do_syscall_64+0xcd/0x250 [ 907.156093][T23585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.161994][T23585] RIP: 0033:0x7f103c57df39 [ 907.166409][T23585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 907.186370][T23585] RSP: 002b:00007f103d2d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 907.194792][T23585] RAX: ffffffffffffffda RBX: 00007f103c736058 RCX: 00007f103c57df39 [ 907.202768][T23585] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 907.210741][T23585] RBP: 00007f103d2d5090 R08: 0000000000000401 R09: 0000300000000000 [ 907.218714][T23585] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000001 [ 907.226685][T23585] R13: 0000000000000000 R14: 00007f103c736058 R15: 00007ffcc352c968 [ 907.234671][T23585] [ 908.637242][T23606] coredump: 332(syz.3.5512): coredump has not been created, error -13 [ 909.107234][T23620] netlink: 'syz.2.5520': attribute type 11 has an invalid length. [ 909.115112][T23620] netlink: 'syz.2.5520': attribute type 11 has an invalid length. [ 909.187647][T23619] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 909.491265][T23567] coredump: 256(syz.1.5503): written to core: VMAs: 35, size 82735104; core: 60011567 bytes, pos 82743296 [ 909.609526][T23634] coredump: 266(syz.1.5515): coredump has not been created, error -13 [ 909.642084][T23572] coredump: 258(syz.1.5503): written to core: VMAs: 35, size 82735104; core: 62108719 bytes, pos 82743296 [ 909.707589][T23573] coredump: 259(syz.1.5503): written to core: VMAs: 37, size 82866176; core: 62117023 bytes, pos 82874368 [ 909.881985][T23630] can: request_module (can-proto-0) failed. [ 910.208313][T23651] coredump: 343(syz.3.5527): coredump has not been created, error -13 [ 910.801275][T23662] netlink: 'syz.1.5531': attribute type 11 has an invalid length. [ 910.836586][T23662] netlink: 'syz.1.5531': attribute type 11 has an invalid length. [ 910.856744][T23662] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5531'. [ 910.901861][T23661] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 911.261908][T23669] coredump: 349(syz.3.5533): coredump has not been created, error -13 [ 911.510867][T23680] coredump: 352(syz.3.5538): coredump has not been created, error -13 [ 911.787342][T23693] netlink: 'syz.1.5542': attribute type 11 has an invalid length. [ 911.806648][T23693] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5542'. [ 911.821696][T23692] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 911.903576][T23691] nbd: couldn't find a device at index 197 [ 912.209698][T23707] coredump: 294(syz.1.5547): coredump has not been created, error -13 [ 912.224683][T23704] netlink: 'syz.3.5546': attribute type 11 has an invalid length. [ 912.237240][T23704] netlink: 'syz.3.5546': attribute type 11 has an invalid length. [ 912.255474][T23704] netlink: 5 bytes leftover after parsing attributes in process `syz.3.5546'. [ 912.286979][T23703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 912.599565][T23722] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5554'. [ 912.623909][T23724] netlink: 5 bytes leftover after parsing attributes in process `syz.0.5553'. [ 912.659487][T23720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 912.868381][T23735] coredump: 305(syz.1.5558): coredump has not been created, error -13 [ 913.138133][T23743] coredump: 344(syz.0.5560): coredump has not been created, error -2 [ 913.689904][T23758] coredump: 368(syz.3.5564): written to core: VMAs: 1, size 4096; core: 2659 bytes, pos 8192 [ 913.977777][T23767] coredump: 371(syz.3.5567): coredump has not been created, error -13 [ 914.611489][T23636] coredump: 279(syz.2.5523): written to core: VMAs: 36, size 98689024; core: 61240418 bytes, pos 98697216 [ 914.795379][T23779] coredump: 1(syz.2.5570): written to core: VMAs: 3, size 135168; core: 10962 bytes, pos 139264 [ 915.406315][T23787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5575'. [ 915.436597][T23787] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 915.942785][T23805] coredump: 384(syz.3.5580): coredump has not been created, error -13 [ 916.176902][T23802] Invalid ELF header magic: != ELF [ 917.018327][T23763] coredump: 315(syz.1.5568): interrupted: fatal signal pending [ 917.028188][T23741] coredump: 343(syz.0.5560): written to core: VMAs: 36, size 97681408; core: 60277814 bytes, pos 97689600 [ 917.066633][T23763] coredump: 315(syz.1.5568): written to core: VMAs: 34, size 80637952; core: 41409162 bytes, pos 62042112 [ 918.562244][T23820] coredump: 367(syz.0.5583): written to core: VMAs: 36, size 97546240; core: 60040246 bytes, pos 97554432 [ 919.324611][T23840] coredump: 377(syz.0.5589): coredump has not been created, error -13 [ 920.136019][T23759] coredump: 314(syz.1.5565): written to core: VMAs: 35, size 131104768; core: 93705258 bytes, pos 131112960 [ 920.615115][T23725] coredump: 362(syz.3.5551): written to core: VMAs: 36, size 80769024; core: 60007478 bytes, pos 80777216 [ 921.040414][T23710] coredump: 288(syz.2.5540): written to core: VMAs: 36, size 86990848; core: 66307126 bytes, pos 86999040 [ 921.642972][T23869] coredump: 337(syz.1.5599): coredump has not been created, error -13 [ 921.969086][T23882] coredump: 309(syz.2.5595): coredump has not been created, error -13 [ 922.094032][T23883] coredump: 310(syz.2.5595): coredump has not been created, error -13 [ 922.669076][T23889] FAULT_INJECTION: forcing a failure. [ 922.669076][T23889] name failslab, interval 1, probability 0, space 0, times 0 [ 922.697274][T23889] CPU: 0 UID: 0 PID: 23889 Comm: syz.1.5603 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 922.707739][T23889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 922.717795][T23889] Call Trace: [ 922.721159][T23889] [ 922.724092][T23889] dump_stack_lvl+0x16c/0x1f0 [ 922.728805][T23889] should_fail_ex+0x497/0x5b0 [ 922.733497][T23889] ? fs_reclaim_acquire+0xae/0x160 [ 922.738613][T23889] should_failslab+0xc2/0x120 [ 922.743296][T23889] __kmalloc_node_track_caller_noprof+0xcf/0x440 [ 922.749633][T23889] ? kasprintf+0xc8/0x100 [ 922.753972][T23889] kvasprintf+0xbd/0x160 [ 922.758222][T23889] ? __pfx_kvasprintf+0x10/0x10 [ 922.763079][T23889] ? lockdep_hardirqs_on+0x7c/0x110 [ 922.768285][T23889] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 922.774097][T23889] ? __debug_object_init+0x34a/0x480 [ 922.779393][T23889] kasprintf+0xc8/0x100 [ 922.783551][T23889] ? __pfx_kasprintf+0x10/0x10 [ 922.788325][T23889] ? lockdep_init_map_type+0x16d/0x7d0 [ 922.793803][T23889] ieee80211_alloc_led_names+0x86/0x420 [ 922.799358][T23889] ieee80211_alloc_hw_nm+0x1941/0x2260 [ 922.804824][T23889] mac80211_hwsim_new_radio+0x201/0x56c0 [ 922.810478][T23889] ? __sys_sendmsg+0x117/0x1f0 [ 922.815256][T23889] ? do_syscall_64+0xcd/0x250 [ 922.819957][T23889] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 922.826067][T23889] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 922.832159][T23889] hwsim_new_radio_nl+0xb42/0x12b0 [ 922.837285][T23889] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 922.842846][T23889] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 922.850228][T23889] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 922.857619][T23889] genl_family_rcv_msg_doit+0x202/0x2f0 [ 922.863177][T23889] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 922.869263][T23889] ? bpf_lsm_capable+0x9/0x10 [ 922.873947][T23889] ? security_capable+0x7e/0x260 [ 922.878896][T23889] ? ns_capable+0xd7/0x110 [ 922.883325][T23889] genl_rcv_msg+0x565/0x800 [ 922.887841][T23889] ? __pfx_genl_rcv_msg+0x10/0x10 [ 922.892874][T23889] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 922.898441][T23889] netlink_rcv_skb+0x165/0x410 [ 922.903211][T23889] ? __pfx_genl_rcv_msg+0x10/0x10 [ 922.908250][T23889] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 922.913553][T23889] ? down_read+0xc9/0x330 [ 922.917892][T23889] ? __pfx_down_read+0x10/0x10 [ 922.922667][T23889] ? netlink_deliver_tap+0x1ae/0xcf0 [ 922.927993][T23889] genl_rcv+0x28/0x40 [ 922.931988][T23889] netlink_unicast+0x53c/0x7f0 [ 922.936768][T23889] ? __pfx_netlink_unicast+0x10/0x10 [ 922.942062][T23889] ? __phys_addr_symbol+0x30/0x80 [ 922.947090][T23889] ? __check_object_size+0x488/0x710 [ 922.952388][T23889] netlink_sendmsg+0x8b8/0xd70 [ 922.957165][T23889] ? __pfx_netlink_sendmsg+0x10/0x10 [ 922.962467][T23889] ____sys_sendmsg+0x9ae/0xb40 [ 922.967246][T23889] ? copy_msghdr_from_user+0x10b/0x160 [ 922.972708][T23889] ? __pfx_____sys_sendmsg+0x10/0x10 [ 922.978010][T23889] ? find_held_lock+0x2d/0x110 [ 922.982779][T23889] ? __pfx___lock_acquire+0x10/0x10 [ 922.987996][T23889] ___sys_sendmsg+0x135/0x1e0 [ 922.992680][T23889] ? __pfx____sys_sendmsg+0x10/0x10 [ 922.997895][T23889] ? ksys_write+0x21e/0x260 [ 923.002407][T23889] ? __pfx_lock_release+0x10/0x10 [ 923.007455][T23889] ? fdget+0x176/0x210 [ 923.011539][T23889] __sys_sendmsg+0x117/0x1f0 [ 923.016132][T23889] ? __pfx___sys_sendmsg+0x10/0x10 [ 923.021245][T23889] ? __fget_files+0x244/0x3f0 [ 923.025953][T23889] do_syscall_64+0xcd/0x250 [ 923.030474][T23889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.036372][T23889] RIP: 0033:0x7f103c57df39 [ 923.040788][T23889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 923.060428][T23889] RSP: 002b:00007f103d2f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 923.068939][T23889] RAX: ffffffffffffffda RBX: 00007f103c735f80 RCX: 00007f103c57df39 [ 923.076919][T23889] RDX: 0000000000048000 RSI: 0000000020000840 RDI: 0000000000000003 [ 923.084896][T23889] RBP: 00007f103d2f6090 R08: 0000000000000000 R09: 0000000000000000 [ 923.092954][T23889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 923.101362][T23889] R13: 0000000000000000 R14: 00007f103c735f80 R15: 00007ffcc352c968 [ 923.109347][T23889] [ 923.496710][ T54] Bluetooth: hci4: command 0x0406 tx timeout [ 924.173760][T23911] coredump: 350(syz.1.5608): coredump has not been created, error -13 [ 924.410655][T23856] coredump: 394(syz.3.5593): interrupted: fatal signal pending [ 924.452365][T23856] coredump: 394(syz.3.5593): written to core: VMAs: 34, size 80637952; core: 24447626 bytes, pos 33288192 [ 924.775763][T23923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5612'. [ 924.856653][T23923] openvswitch: netlink: Flow key attr not present in new flow. [ 925.477308][T23937] coredump: 400(syz.3.5618): coredump has not been created, error -13 [ 925.645960][T23942] coredump: 1(syz.1.5617): written to core: VMAs: 1, size 4096; core: 2659 bytes, pos 8192 [ 925.773467][T23938] FAULT_INJECTION: forcing a failure. [ 925.773467][T23938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 925.966614][T23938] CPU: 0 UID: 0 PID: 23938 Comm: syz.2.5615 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 925.977105][T23938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 925.987190][T23938] Call Trace: [ 925.990482][T23938] [ 925.993421][T23938] dump_stack_lvl+0x16c/0x1f0 [ 925.998138][T23938] should_fail_ex+0x497/0x5b0 [ 926.002948][T23938] _copy_from_user+0x30/0xf0 [ 926.007569][T23938] get_bitmap+0xdf/0x1a0 [ 926.011844][T23938] get_nodes+0x169/0x210 [ 926.016117][T23938] ? __pfx_get_nodes+0x10/0x10 [ 926.020910][T23938] ? __fget_files+0x244/0x3f0 [ 926.025627][T23938] kernel_mbind+0x147/0x200 [ 926.030174][T23938] ? __pfx_kernel_mbind+0x10/0x10 [ 926.035240][T23938] do_syscall_64+0xcd/0x250 [ 926.039781][T23938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.045716][T23938] RIP: 0033:0x7f304117df39 [ 926.050157][T23938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 926.069798][T23938] RSP: 002b:00007f3041f34038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 926.078237][T23938] RAX: ffffffffffffffda RBX: 00007f3041336058 RCX: 00007f304117df39 [ 926.086235][T23938] RDX: 0000000000000006 RSI: 0000000000000008 RDI: 0000000000000000 [ 926.094233][T23938] RBP: 00007f3041f34090 R08: 00000000000000f8 R09: 0000000000000002 [ 926.102233][T23938] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000001 [ 926.110225][T23938] R13: 0000000000000000 R14: 00007f3041336058 R15: 00007fff18642cc8 [ 926.118238][T23938] [ 926.797030][T23963] coredump: 408(syz.3.5627): coredump has not been created, error -13 [ 926.816683][T23960] netlink: 'syz.2.5625': attribute type 11 has an invalid length. [ 926.824555][T23960] netlink: 'syz.2.5625': attribute type 11 has an invalid length. [ 926.946567][T23960] netlink: 5 bytes leftover after parsing attributes in process `syz.2.5625'. [ 927.023830][T23959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 927.290109][T23971] FAULT_INJECTION: forcing a failure. [ 927.290109][T23971] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 927.465776][T23971] CPU: 0 UID: 0 PID: 23971 Comm: syz.0.5628 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 927.476247][T23971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 927.486408][T23971] Call Trace: [ 927.489700][T23971] [ 927.492644][T23971] dump_stack_lvl+0x16c/0x1f0 [ 927.497349][T23971] should_fail_ex+0x497/0x5b0 [ 927.502055][T23971] _copy_from_user+0x30/0xf0 [ 927.506667][T23971] sk_setsockopt+0x1f2/0x3e40 [ 927.511371][T23971] ? __pfx_sk_setsockopt+0x10/0x10 [ 927.516507][T23971] ? __pfx___might_resched+0x10/0x10 [ 927.521817][T23971] ? __pfx_lock_release+0x10/0x10 [ 927.526862][T23971] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 927.532610][T23971] ? aa_sk_perm+0x2f5/0xb20 [ 927.537141][T23971] ? __pfx_aa_sk_perm+0x10/0x10 [ 927.542014][T23971] ? proc_fail_nth_write+0xa0/0x250 [ 927.547233][T23971] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 927.552890][T23971] do_sock_setsockopt+0x3f4/0x480 [ 927.558031][T23971] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 927.563703][T23971] ? __pfx_vfs_write+0x10/0x10 [ 927.568510][T23971] ? do_sys_openat2+0xb1/0x1e0 [ 927.573300][T23971] ? fdget+0x176/0x210 [ 927.577390][T23971] __sys_setsockopt+0x1a4/0x270 [ 927.582243][T23971] ? __pfx___sys_setsockopt+0x10/0x10 [ 927.587618][T23971] ? ksys_write+0x1ad/0x260 [ 927.592130][T23971] ? __pfx_ksys_write+0x10/0x10 [ 927.596992][T23971] __x64_sys_setsockopt+0xbd/0x160 [ 927.602101][T23971] ? do_syscall_64+0x91/0x250 [ 927.606799][T23971] ? lockdep_hardirqs_on+0x7c/0x110 [ 927.612015][T23971] do_syscall_64+0xcd/0x250 [ 927.616546][T23971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 927.622468][T23971] RIP: 0033:0x7fe72737df39 [ 927.626884][T23971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 927.646505][T23971] RSP: 002b:00007fe728253038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 927.654926][T23971] RAX: ffffffffffffffda RBX: 00007fe727535f80 RCX: 00007fe72737df39 [ 927.662898][T23971] RDX: 0000000000000049 RSI: 0000000000000001 RDI: 0000000000000001 [ 927.670880][T23971] RBP: 00007fe728253090 R08: 00000000000000bb R09: 0000000000000000 [ 927.678859][T23971] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 927.686839][T23971] R13: 0000000000000000 R14: 00007fe727535f80 R15: 00007ffc94671b38 [ 927.694829][T23971] [ 929.087529][T23984] FAULT_INJECTION: forcing a failure. [ 929.087529][T23984] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 929.246722][T23984] CPU: 0 UID: 0 PID: 23984 Comm: syz.0.5632 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 929.257196][T23984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 929.267286][T23984] Call Trace: [ 929.270587][T23984] [ 929.273626][T23984] dump_stack_lvl+0x16c/0x1f0 [ 929.278361][T23984] should_fail_ex+0x497/0x5b0 [ 929.283077][T23984] ? fs_reclaim_acquire+0xae/0x160 [ 929.288222][T23984] should_fail_alloc_page+0xe7/0x130 [ 929.293550][T23984] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 929.299736][T23984] ? __pfx_mark_lock+0x10/0x10 [ 929.304551][T23984] __alloc_pages_noprof+0x190/0x25c0 [ 929.309879][T23984] ? __pfx_mark_lock+0x10/0x10 [ 929.314675][T23984] ? lock_acquire+0x1b1/0x560 [ 929.319392][T23984] ? hlock_class+0x4e/0x130 [ 929.323926][T23984] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 929.329692][T23984] ? __lock_acquire+0xbdd/0x3ce0 [ 929.334669][T23984] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 929.340600][T23984] ? policy_nodemask+0xea/0x4e0 [ 929.345485][T23984] alloc_pages_mpol_noprof+0x275/0x610 [ 929.350985][T23984] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 929.357006][T23984] ? find_held_lock+0x2d/0x110 [ 929.361804][T23984] folio_alloc_mpol_noprof+0x36/0xd0 [ 929.367126][T23984] shmem_alloc_folio+0x135/0x160 [ 929.372101][T23984] shmem_alloc_and_add_folio+0x48b/0xc00 [ 929.377781][T23984] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 929.383982][T23984] ? shmem_allowable_huge_orders+0x208/0x440 [ 929.389995][T23984] shmem_get_folio_gfp+0x689/0x1530 [ 929.395227][T23984] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 929.400891][T23984] ? copy_page_from_iter_atomic+0x32a/0x1440 [ 929.406912][T23984] shmem_write_begin+0x161/0x300 [ 929.411883][T23984] ? __pfx_fault_in_readable+0x10/0x10 [ 929.417372][T23984] ? __pfx_shmem_write_begin+0x10/0x10 [ 929.422870][T23984] generic_perform_write+0x2ba/0x920 [ 929.428198][T23984] ? __pfx_generic_perform_write+0x10/0x10 [ 929.434031][T23984] ? __mark_inode_dirty+0x71a/0xe60 [ 929.439261][T23984] ? generic_update_time+0xcf/0xf0 [ 929.444396][T23984] ? mnt_put_write_access_file+0x45/0xf0 [ 929.450059][T23984] shmem_file_write_iter+0x10e/0x140 [ 929.455379][T23984] vfs_write+0x6b5/0x1140 [ 929.459762][T23984] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 929.465607][T23984] ? __pfx_vfs_write+0x10/0x10 [ 929.470408][T23984] ? __pfx___mutex_lock+0x10/0x10 [ 929.475488][T23984] ksys_write+0x12f/0x260 [ 929.479857][T23984] ? __pfx_ksys_write+0x10/0x10 [ 929.484751][T23984] do_syscall_64+0xcd/0x250 [ 929.489294][T23984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.495225][T23984] RIP: 0033:0x7fe72737df39 [ 929.499662][T23984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 929.519388][T23984] RSP: 002b:00007fe728253038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 929.527837][T23984] RAX: ffffffffffffffda RBX: 00007fe727535f80 RCX: 00007fe72737df39 [ 929.535832][T23984] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 929.543914][T23984] RBP: 00007fe728253090 R08: 0000000000000000 R09: 0000000000000000 [ 929.551910][T23984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 929.559913][T23984] R13: 0000000000000000 R14: 00007fe727535f80 R15: 00007ffc94671b38 [ 929.567933][T23984] [ 930.170870][T23969] coredump: 411(syz.3.5629): interrupted: fatal signal pending [ 930.218677][T23999] coredump: 380(syz.1.5638): coredump has not been created, error -13 [ 930.236584][T23969] coredump: 411(syz.3.5629): Error writing out the process memory [ 930.244520][T23969] coredump: 411(syz.3.5629): written to core: VMAs: 34, size 80637952; core: 36395658 bytes, pos 57036800 [ 930.335672][T23906] coredump: 398(syz.0.5606): written to core: VMAs: 37, size 97681408; core: 60155034 bytes, pos 97689600 [ 931.213851][T24010] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5641'. [ 931.661154][ T1264] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.668352][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.047441][T23803] coredump: 301(syz.2.5577): written to core: VMAs: 34, size 131031040; core: 93697010 bytes, pos 131039232 [ 932.326686][T24026] coredump: 420(syz.3.5647): coredump has not been created, error -13 [ 932.926914][T24037] coredump: 426(syz.3.5650): coredump has not been created, error -13 [ 933.738454][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 933.903585][T23976] coredump: 373(syz.1.5630): written to core: VMAs: 38, size 114458624; core: 93709522 bytes, pos 114466816 [ 935.049359][T23853] coredump: 381(syz.0.5590): written to core: VMAs: 38, size 131235840; core: 93709522 bytes, pos 131244032 [ 935.281438][T24061] coredump: 350(syz.2.5657): coredump has not been created, error -13 [ 936.340437][T23944] coredump: 324(syz.2.5615): written to core: VMAs: 36, size 80961536; core: 60204086 bytes, pos 80969728 [ 938.682572][T24086] coredump: 440(syz.0.5660): coredump has not been created, error -13 [ 938.833329][T24089] coredump: 444(syz.3.5666): coredump has not been created, error -13 [ 940.969569][T24111] coredump: 460(syz.3.5675): coredump has not been created, error -13 [ 941.418854][T24117] coredump: 464(syz.3.5676): coredump has not been created, error -13 [ 942.899118][T23987] coredump: 335(syz.2.5633): written to core: VMAs: 35, size 97472512; core: 60027902 bytes, pos 97480704 [ 943.372739][T24096] coredump: 441(syz.0.5668): interrupted: fatal signal pending [ 943.446547][T24096] coredump: 441(syz.0.5668): written to core: VMAs: 38, size 93614080; core: 15163950 bytes, pos 24125440 [ 943.752314][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 943.761845][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 943.770304][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 943.799662][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 943.808785][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 943.816227][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 944.382536][T24127] chnl_net:caif_netlink_parms(): no params data found [ 945.736916][T24154] coredump: 475(syz.3.5684): coredump has not been created, error -13 [ 945.916787][ T5234] Bluetooth: hci0: command tx timeout [ 946.575946][T24127] bridge0: port 1(bridge_slave_0) entered blocking state [ 946.618542][T24127] bridge0: port 1(bridge_slave_0) entered disabled state [ 946.625784][T24127] bridge_slave_0: entered allmulticast mode [ 946.692687][T24127] bridge_slave_0: entered promiscuous mode [ 946.717727][T24127] bridge0: port 2(bridge_slave_1) entered blocking state [ 946.724892][T24127] bridge0: port 2(bridge_slave_1) entered disabled state [ 946.766155][T24127] bridge_slave_1: entered allmulticast mode [ 946.806689][T24127] bridge_slave_1: entered promiscuous mode [ 946.875108][T24169] coredump: 453(syz.0.5685): coredump has not been created, error -13 [ 947.976774][ T54] Bluetooth: hci0: command tx timeout [ 948.271473][T24127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 948.328788][T24127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 948.809180][T24127] team0: Port device team_slave_0 added [ 948.877600][T24127] team0: Port device team_slave_1 added [ 949.096772][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 949.548779][T23899] coredump: 314(syz.2.5602): written to core: VMAs: 37, size 131162112; core: 93705370 bytes, pos 131170304 [ 949.646704][T24168] coredump: 479(syz.3.5687): Error writing out the process memory [ 949.709697][T24168] coredump: 479(syz.3.5687): written to core: VMAs: 36, size 80769024; core: 19661246 bytes, pos 28631040 [ 949.726112][T24066] coredump: 436(syz.0.5659): written to core: VMAs: 38, size 97550336; core: 60147030 bytes, pos 97558528 [ 950.056723][ T5234] Bluetooth: hci0: command tx timeout [ 950.167355][T24127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 950.174422][T24127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 950.306655][T24188] coredump: 382(syz.2.5693): coredump has not been created, error -13 [ 950.336590][T24127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 950.398792][T24127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 950.405771][T24127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 950.586547][T24127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 951.165141][T23945] coredump: 405(syz.0.5616): written to core: VMAs: 38, size 114458624; core: 93705426 bytes, pos 114466816 [ 951.287299][T24198] FAULT_INJECTION: forcing a failure. [ 951.287299][T24198] name failslab, interval 1, probability 0, space 0, times 0 [ 951.405039][T24198] CPU: 1 UID: 0 PID: 24198 Comm: syz.3.5694 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 951.415505][T24198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 951.425578][T24198] Call Trace: [ 951.428870][T24198] [ 951.431811][T24198] dump_stack_lvl+0x16c/0x1f0 [ 951.436524][T24198] should_fail_ex+0x497/0x5b0 [ 951.441227][T24198] ? fs_reclaim_acquire+0xae/0x160 [ 951.446357][T24198] should_failslab+0xc2/0x120 [ 951.451056][T24198] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 951.456450][T24198] ? ptlock_alloc+0x1f/0x70 [ 951.460982][T24198] ptlock_alloc+0x1f/0x70 [ 951.465333][T24198] pte_alloc_one+0x74/0x360 [ 951.469860][T24198] do_pte_missing+0x1ae0/0x3e50 [ 951.474745][T24198] __handle_mm_fault+0x100a/0x2a10 [ 951.479887][T24198] ? __pfx_mt_find+0x10/0x10 [ 951.484500][T24198] ? __pfx_lock_acquire+0x10/0x10 [ 951.489547][T24198] ? __pfx___handle_mm_fault+0x10/0x10 [ 951.495043][T24198] ? find_vma+0xc0/0x140 [ 951.499303][T24198] ? __pfx_find_vma+0x10/0x10 [ 951.504010][T24198] handle_mm_fault+0x3fa/0xaa0 [ 951.508802][T24198] do_user_addr_fault+0x7a3/0x13f0 [ 951.513947][T24198] exc_page_fault+0x5c/0xc0 [ 951.518567][T24198] asm_exc_page_fault+0x26/0x30 [ 951.523441][T24198] RIP: 0010:copy_iovec_from_user+0x79/0x170 [ 951.529357][T24198] Code: e8 6c c2 06 fd 4d 85 f6 0f 85 c6 00 00 00 e8 ae c0 06 fd 0f 01 cb 0f ae e8 49 bf 00 00 00 00 00 fc ff df e8 99 c0 06 fd 31 db <48> 8b 45 08 31 ff 89 de 49 89 c6 e8 c7 c2 06 fd 85 db 0f 85 b1 00 [ 951.548987][T24198] RSP: 0018:ffffc9000f97f930 EFLAGS: 00050246 [ 951.555071][T24198] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff84856934 [ 951.563054][T24198] RDX: ffff88801eb95a00 RSI: ffffffff84856957 RDI: 0000000000000006 [ 951.571038][T24198] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 [ 951.579020][T24198] R10: 0000000000000140 R11: 0000000000000000 R12: ffff88803097cc00 [ 951.587001][T24198] R13: 0000000000000014 R14: 0000000000000000 R15: dffffc0000000000 [ 951.594996][T24198] ? copy_iovec_from_user+0x54/0x170 [ 951.600299][T24198] ? copy_iovec_from_user+0x77/0x170 [ 951.605622][T24198] iovec_from_user.part.0+0x65/0x130 [ 951.610936][T24198] __import_iovec+0xdc/0x6e0 [ 951.615559][T24198] import_iovec+0x108/0x140 [ 951.620090][T24198] copy_msghdr_from_user+0xfa/0x160 [ 951.625316][T24198] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 951.631157][T24198] ? find_held_lock+0x2d/0x110 [ 951.635943][T24198] ___sys_recvmsg+0xdc/0x1a0 [ 951.640556][T24198] ? __pfx____sys_recvmsg+0x10/0x10 [ 951.645793][T24198] ? fdget+0x176/0x210 [ 951.649891][T24198] do_recvmmsg+0x2ba/0x750 [ 951.654331][T24198] ? __pfx_do_recvmmsg+0x10/0x10 [ 951.659288][T24198] ? vfs_write+0x14d/0x1140 [ 951.663826][T24198] ? __mutex_unlock_slowpath+0x164/0x650 [ 951.669496][T24198] ? __fget_files+0x244/0x3f0 [ 951.674293][T24198] __x64_sys_recvmmsg+0x239/0x290 [ 951.679338][T24198] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 951.684912][T24198] do_syscall_64+0xcd/0x250 [ 951.689444][T24198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 951.695361][T24198] RIP: 0033:0x7f63ed17df39 [ 951.699790][T24198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 951.719500][T24198] RSP: 002b:00007f63ee03f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 951.727952][T24198] RAX: ffffffffffffffda RBX: 00007f63ed336058 RCX: 00007f63ed17df39 [ 951.735973][T24198] RDX: 0000000000000003 RSI: 0000000020000580 RDI: 0000000000000005 [ 951.743960][T24198] RBP: 00007f63ee03f090 R08: 0000000000000000 R09: 0000000000000000 [ 951.751947][T24198] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 951.759950][T24198] R13: 0000000000000001 R14: 00007f63ed336058 R15: 00007fff9d261278 [ 951.767982][T24198] [ 951.968269][T24200] coredump: 386(syz.2.5695): coredump has not been created, error -13 [ 952.060019][T24127] hsr_slave_0: entered promiscuous mode [ 952.146559][ T5234] Bluetooth: hci0: command tx timeout [ 952.483758][T24127] hsr_slave_1: entered promiscuous mode [ 952.756648][T24127] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 952.796706][T24127] Cannot create hsr debugfs directory [ 954.203480][T24217] coredump: 391(syz.2.5702): coredump has not been created, error -13 [ 955.202437][T24127] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.353760][T24231] coredump: 500(syz.3.5705): coredump has not been created, error -13 [ 955.972893][T24127] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.333094][T24118] coredump: 363(syz.2.5674): written to core: VMAs: 34, size 80830464; core: 60269510 bytes, pos 80838656 [ 956.598947][T24127] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.714158][T24251] coredump: 479(syz.0.5711): coredump has not been created, error -13 [ 957.075700][T24099] coredump: 359(syz.2.5663): written to core: VMAs: 38, size 101801984; core: 64222374 bytes, pos 101810176 [ 957.089455][T24127] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.828661][T24127] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 957.900549][T24127] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 957.988843][T24127] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 958.079387][T24127] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 958.254200][T24020] coredump: 422(syz.0.5642): written to core: VMAs: 38, size 114458624; core: 93705426 bytes, pos 114466816 [ 958.338876][T24127] 8021q: adding VLAN 0 to HW filter on device bond0 [ 958.397777][T24127] 8021q: adding VLAN 0 to HW filter on device team0 [ 958.426218][ T8281] bridge0: port 1(bridge_slave_0) entered blocking state [ 958.433385][ T8281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 958.463582][ T8281] bridge0: port 2(bridge_slave_1) entered blocking state [ 958.470764][ T8281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 958.584299][T24127] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 958.606014][T24127] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 958.936835][T24275] coredump: 410(syz.2.5719): coredump has not been created, error -13 [ 959.090626][T24127] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 959.143391][T24240] coredump: 505(syz.3.5707): interrupted: fatal signal pending [ 959.218917][T24127] veth0_vlan: entered promiscuous mode [ 959.227335][T24240] coredump: 505(syz.3.5707): written to core: VMAs: 34, size 76705792; core: 29520838 bytes, pos 50237440 [ 959.452648][T24241] coredump: 503(syz.3.5707): interrupted: fatal signal pending [ 959.486615][T24241] coredump: 503(syz.3.5707): written to core: VMAs: 38, size 93745152; core: 21014770 bytes, pos 30097408 [ 960.091290][T24127] veth1_vlan: entered promiscuous mode [ 960.182890][T24127] veth0_macvtap: entered promiscuous mode [ 960.278917][T24127] veth1_macvtap: entered promiscuous mode [ 960.402875][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 960.466715][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 960.521304][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 960.594009][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 960.631886][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 960.676273][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 960.716664][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 960.772230][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 960.826676][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 960.888082][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 960.928078][T24127] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 960.992592][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 961.052306][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 961.094159][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 961.135746][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 961.184676][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 961.234639][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 961.285519][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 961.326587][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 961.366558][T24127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 961.406695][T24127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 961.457925][T24127] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 961.510265][T24127] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 961.569901][T24127] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 961.599674][T24127] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 961.623533][T24127] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 961.999268][T24290] coredump: 513(syz.3.5723): coredump has not been created, error -13 [ 962.442972][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 962.923179][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 963.053533][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 963.124956][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 963.448275][T24307] coredump: 502(syz.0.5729): coredump has not been created, error -13 [ 963.684817][T24285] coredump: 411(syz.2.5722): interrupted: fatal signal pending [ 963.692920][T24285] coredump: 411(syz.2.5722): written to core: VMAs: 35, size 80695296; core: 14655878 bytes, pos 15171584 [ 963.812842][T24315] coredump: 8(syz.1.5731): coredump has not been created, error -13 [ 964.137340][T24323] FAULT_INJECTION: forcing a failure. [ 964.137340][T24323] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 964.170061][T24323] CPU: 0 UID: 0 PID: 24323 Comm: syz.2.5734 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 964.180540][T24323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 964.190624][T24323] Call Trace: [ 964.193926][T24323] [ 964.196880][T24323] dump_stack_lvl+0x16c/0x1f0 [ 964.201598][T24323] should_fail_ex+0x497/0x5b0 [ 964.206321][T24323] _copy_from_user+0x30/0xf0 [ 964.210946][T24323] copy_msghdr_from_user+0x99/0x160 [ 964.216183][T24323] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 964.222027][T24323] ? find_held_lock+0x2d/0x110 [ 964.226856][T24323] ? __pfx___lock_acquire+0x10/0x10 [ 964.232097][T24323] ___sys_sendmsg+0xff/0x1e0 [ 964.236732][T24323] ? __pfx____sys_sendmsg+0x10/0x10 [ 964.241978][T24323] ? ksys_write+0x21e/0x260 [ 964.246519][T24323] ? __pfx_lock_release+0x10/0x10 [ 964.251598][T24323] ? fdget+0x176/0x210 [ 964.255717][T24323] __sys_sendmsg+0x117/0x1f0 [ 964.260401][T24323] ? __pfx___sys_sendmsg+0x10/0x10 [ 964.265545][T24323] ? __fget_files+0x244/0x3f0 [ 964.270283][T24323] do_syscall_64+0xcd/0x250 [ 964.274848][T24323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 964.280780][T24323] RIP: 0033:0x7f304117df39 [ 964.285219][T24323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 964.304859][T24323] RSP: 002b:00007f3041f55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 964.313310][T24323] RAX: ffffffffffffffda RBX: 00007f3041335f80 RCX: 00007f304117df39 [ 964.321312][T24323] RDX: 0000000020004800 RSI: 0000000020000ec0 RDI: 0000000000000004 [ 964.329309][T24323] RBP: 00007f3041f55090 R08: 0000000000000000 R09: 0000000000000000 [ 964.337461][T24323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 964.345518][T24323] R13: 0000000000000000 R14: 00007f3041335f80 R15: 00007fff18642cc8 [ 964.353505][T24323] [ 964.466562][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 964.545134][T24335] coredump: 420(syz.2.5738): coredump has not been created, error -13 [ 964.598581][T24336] FAULT_INJECTION: forcing a failure. [ 964.598581][T24336] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 964.636557][T24336] CPU: 0 UID: 0 PID: 24336 Comm: syz.1.5739 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 964.647038][T24336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 964.657114][T24336] Call Trace: [ 964.660419][T24336] [ 964.663370][T24336] dump_stack_lvl+0x16c/0x1f0 [ 964.668082][T24336] should_fail_ex+0x497/0x5b0 [ 964.672799][T24336] _copy_from_user+0x30/0xf0 [ 964.677417][T24336] copy_clone_args_from_user+0x156/0x780 [ 964.683093][T24336] ? ksys_write+0x12f/0x260 [ 964.687632][T24336] ? __pfx_copy_clone_args_from_user+0x10/0x10 [ 964.693840][T24336] ? vfs_write+0x14d/0x1140 [ 964.698400][T24336] __do_sys_clone3+0xaa/0x270 [ 964.703110][T24336] ? __pfx___do_sys_clone3+0x10/0x10 [ 964.708446][T24336] do_syscall_64+0xcd/0x250 [ 964.712964][T24336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 964.718876][T24336] RIP: 0033:0x7f78cdd7df39 [ 964.723296][T24336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 964.742946][T24336] RSP: 002b:00007f78cec4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 964.751367][T24336] RAX: ffffffffffffffda RBX: 00007f78cdf35f80 RCX: 00007f78cdd7df39 [ 964.759349][T24336] RDX: 0000000000000000 RSI: 0000000000000958 RDI: 0000000020000340 [ 964.767327][T24336] RBP: 00007f78cec4f090 R08: 0000000000000000 R09: 0000000000000000 [ 964.775305][T24336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 964.783282][T24336] R13: 0000000000000001 R14: 00007f78cdf35f80 R15: 00007fff7d6e6708 [ 964.791282][T24336] [ 965.040535][T24346] coredump: 425(syz.2.5742): coredump has not been created, error -13 [ 965.655739][T24360] coredump: 430(syz.2.5748): coredump has not been created, error -13 [ 966.268735][T24380] ptrace attach of ""[22064] was attempted by "./syz-executor exec"[24380] [ 966.522538][T24385] coredump: 30(syz.1.5757): coredump has not been created, error -13 [ 967.264952][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 967.283963][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 967.297020][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 967.347015][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 967.366927][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 967.377792][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 967.484708][ T8281] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 967.986352][ T8281] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 967.996137][T24407] coredump: 534(syz.3.5764): written to core: VMAs: 1, size 4096; core: 2659 bytes, pos 8192 [ 968.954465][T24381] coredump: 436(syz.2.5754): written to core: VMAs: 36, size 97472512; core: 60019766 bytes, pos 97480704 [ 969.415748][T24412] coredump: 40(syz.1.5766): coredump has not been created, error -13 [ 969.526835][ T54] Bluetooth: hci1: command tx timeout [ 969.805405][ T8281] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 969.847953][T24414] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5767'. [ 970.050696][ T8281] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 970.155675][T24397] chnl_net:caif_netlink_parms(): no params data found [ 970.504142][T24435] FAULT_INJECTION: forcing a failure. [ 970.504142][T24435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 970.562991][T24357] coredump: 527(syz.3.5746): written to core: VMAs: 34, size 80637952; core: 60003270 bytes, pos 80646144 [ 970.616581][T24435] CPU: 0 UID: 0 PID: 24435 Comm: syz.1.5770 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 970.627058][T24435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 970.637228][T24435] Call Trace: [ 970.640526][T24435] [ 970.643479][T24435] dump_stack_lvl+0x16c/0x1f0 [ 970.648281][T24435] should_fail_ex+0x497/0x5b0 [ 970.653011][T24435] _copy_from_user+0x30/0xf0 [ 970.657631][T24435] __sys_bpf+0x215/0x5780 [ 970.661998][T24435] ? ksys_write+0x21e/0x260 [ 970.666539][T24435] ? __pfx___sys_bpf+0x10/0x10 [ 970.671332][T24435] ? vfs_write+0x14d/0x1140 [ 970.675880][T24435] ? __mutex_unlock_slowpath+0x164/0x650 [ 970.681569][T24435] ? fput+0x30/0x390 [ 970.685492][T24435] ? ksys_write+0x1ad/0x260 [ 970.690033][T24435] ? __pfx_ksys_write+0x10/0x10 [ 970.694920][T24435] __x64_sys_bpf+0x78/0xc0 [ 970.699366][T24435] ? lockdep_hardirqs_on+0x7c/0x110 [ 970.704595][T24435] do_syscall_64+0xcd/0x250 [ 970.709138][T24435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 970.715063][T24435] RIP: 0033:0x7f78cdd7df39 [ 970.719501][T24435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 970.739226][T24435] RSP: 002b:00007f78cec4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 970.747669][T24435] RAX: ffffffffffffffda RBX: 00007f78cdf35f80 RCX: 00007f78cdd7df39 [ 970.755669][T24435] RDX: 00000000000000cf RSI: 0000000020000000 RDI: 0000000000000001 [ 970.763666][T24435] RBP: 00007f78cec4f090 R08: 0000000000000000 R09: 0000000000000000 [ 970.771661][T24435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 970.779657][T24435] R13: 0000000000000000 R14: 00007f78cdf35f80 R15: 00007fff7d6e6708 [ 970.787668][T24435] [ 970.860394][T24397] bridge0: port 1(bridge_slave_0) entered blocking state [ 970.885367][T24397] bridge0: port 1(bridge_slave_0) entered disabled state [ 970.926771][T24397] bridge_slave_0: entered allmulticast mode [ 970.933896][T24397] bridge_slave_0: entered promiscuous mode [ 970.962662][T24397] bridge0: port 2(bridge_slave_1) entered blocking state [ 971.001159][T24397] bridge0: port 2(bridge_slave_1) entered disabled state [ 971.012207][T24397] bridge_slave_1: entered allmulticast mode [ 971.022565][T24397] bridge_slave_1: entered promiscuous mode [ 971.307877][ T8281] bridge_slave_1: left allmulticast mode [ 971.313577][ T8281] bridge_slave_1: left promiscuous mode [ 971.338129][T24452] coredump: 50(syz.1.5775): coredump has not been created, error -13 [ 971.347361][ T8281] bridge0: port 2(bridge_slave_1) entered disabled state [ 971.467312][ T8281] bridge_slave_0: left allmulticast mode [ 971.473017][ T8281] bridge_slave_0: left promiscuous mode [ 971.498350][ T8281] bridge0: port 1(bridge_slave_0) entered disabled state [ 971.576636][ T54] Bluetooth: hci1: command tx timeout [ 973.576649][T24481] coredump: 59(syz.1.5784): coredump has not been created, error -13 [ 973.656901][ T54] Bluetooth: hci1: command tx timeout [ 974.367950][ T8281] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 974.417032][ T8281] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 974.519254][ T8281] bond0 (unregistering): Released all slaves [ 974.588868][T24397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 974.626429][T24397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 975.139406][T24512] coredump: 476(syz.2.5794): coredump has not been created, error -13 [ 975.170958][T24397] team0: Port device team_slave_0 added [ 975.200005][T24397] team0: Port device team_slave_1 added [ 975.668124][T24382] coredump: 530(syz.3.5746): written to core: VMAs: 38, size 84967424; core: 64210135 bytes, pos 84975616 [ 975.715925][T24376] coredump: 529(syz.3.5746): written to core: VMAs: 38, size 84967424; core: 62112983 bytes, pos 84975616 [ 975.736839][ T54] Bluetooth: hci1: command tx timeout [ 975.739319][T24397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 975.751750][T24426] coredump: 45(syz.1.5768): written to core: VMAs: 34, size 97345536; core: 60007410 bytes, pos 97353728 [ 975.804500][T24397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 975.834749][T24397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 976.399818][T24397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 976.408490][T24397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 976.489429][T24397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 976.643311][ T8281] hsr_slave_0: left promiscuous mode [ 976.754741][ T8281] hsr_slave_1: left promiscuous mode [ 976.776753][T24558] coredump: 72(syz.1.5803): coredump has not been created, error -13 [ 976.869015][ T8281] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 976.889051][ T8281] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 976.997280][ T8281] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 977.004748][ T8281] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 977.097569][ T8281] veth1_macvtap: left promiscuous mode [ 977.103157][ T8281] veth0_macvtap: left promiscuous mode [ 977.116917][ T8281] veth1_vlan: left promiscuous mode [ 977.136659][ T8281] veth0_vlan: left promiscuous mode [ 977.545451][T24567] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5807'. [ 979.057513][T24564] delete_channel: no stack [ 979.074556][T24593] coredump: 498(syz.2.5812): coredump has not been created, error -13 [ 979.507747][ T8281] team0 (unregistering): Port device team_slave_1 removed [ 979.618488][ T8281] team0 (unregistering): Port device team_slave_0 removed [ 980.732527][T24616] coredump: 506(syz.2.5820): coredump has not been created, error -13 [ 980.955700][T24537] coredump: 482(syz.2.5798): written to core: VMAs: 35, size 97472512; core: 60027902 bytes, pos 97480704 [ 981.450105][T24397] hsr_slave_0: entered promiscuous mode [ 981.522513][T24397] hsr_slave_1: entered promiscuous mode [ 982.384374][T24454] coredump: 459(syz.2.5776): written to core: VMAs: 35, size 131031040; core: 93701211 bytes, pos 131039232 [ 982.763093][T24658] coredump: 91(syz.1.5829): coredump has not been created, error -13 [ 983.699927][T24397] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 983.739306][T24397] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 983.775785][T24397] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 983.825722][T24397] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 984.079822][T24397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 984.130624][T24397] 8021q: adding VLAN 0 to HW filter on device team0 [ 984.199148][ T8281] bridge0: port 1(bridge_slave_0) entered blocking state [ 984.206706][ T8281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 984.251114][ T8281] bridge0: port 2(bridge_slave_1) entered blocking state [ 984.258299][ T8281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 984.359050][T24695] coredump: 100(syz.1.5837): coredump has not been created, error -13 [ 984.382352][T24397] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 984.421206][T24397] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 984.751741][T24397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 984.857818][T24397] veth0_vlan: entered promiscuous mode [ 984.898551][T24397] veth1_vlan: entered promiscuous mode [ 984.989508][T24397] veth0_macvtap: entered promiscuous mode [ 985.009173][T24397] veth1_macvtap: entered promiscuous mode [ 985.070776][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 985.116611][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.139847][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 985.166721][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.205782][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 985.234901][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.254266][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 985.285621][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.313253][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 985.346689][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.367446][T24397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 985.410807][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 985.446551][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.456408][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 985.507365][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.526578][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 985.563310][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.586567][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 985.611058][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.646606][T24397] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 985.664930][T24397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 985.698584][T24397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 985.719963][T24397] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 985.741650][T24397] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 985.763886][T24397] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 985.773226][T24397] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 986.008251][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 986.017926][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 986.020319][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 986.033442][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 986.873365][T24687] coredump: 518(syz.2.5836): interrupted: fatal signal pending [ 986.891449][T24687] coredump: 518(syz.2.5836): written to core: VMAs: 33, size 80564224; core: 37321298 bytes, pos 57909248 [ 988.731536][T24794] FAULT_INJECTION: forcing a failure. [ 988.731536][T24794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 988.806684][T24794] CPU: 0 UID: 0 PID: 24794 Comm: syz.2.5865 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 988.817166][T24794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 988.827250][T24794] Call Trace: [ 988.830542][T24794] [ 988.833489][T24794] dump_stack_lvl+0x16c/0x1f0 [ 988.838212][T24794] should_fail_ex+0x497/0x5b0 [ 988.842936][T24794] _copy_from_iter+0x48b/0x13e0 [ 988.847820][T24794] ? iovec_from_user.part.0+0xf3/0x130 [ 988.853309][T24794] ? __pfx__copy_from_iter+0x10/0x10 [ 988.858622][T24794] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 988.864728][T24794] ? __pfx___mutex_lock+0x10/0x10 [ 988.869797][T24794] copy_page_from_iter+0xa5/0x120 [ 988.874855][T24794] pipe_write+0xd1e/0x1b30 [ 988.879305][T24794] ? __pfx_pipe_write+0x10/0x10 [ 988.884166][T24794] ? __pfx_aa_file_perm+0x10/0x10 [ 988.889196][T24794] ? rcu_is_watching+0x12/0xc0 [ 988.893965][T24794] ? trace_kmalloc+0x2d/0xe0 [ 988.898570][T24794] ? __kmalloc_noprof+0x207/0x410 [ 988.903634][T24794] ? copy_iovec_from_user+0x12d/0x170 [ 988.909020][T24794] do_iter_readv_writev+0x532/0x7f0 [ 988.914237][T24794] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 988.919975][T24794] ? bpf_lsm_file_permission+0x9/0x10 [ 988.925352][T24794] ? security_file_permission+0x71/0x210 [ 988.931009][T24794] vfs_writev+0x363/0xdd0 [ 988.935349][T24794] ? find_held_lock+0x2d/0x110 [ 988.940129][T24794] ? __pfx_vfs_writev+0x10/0x10 [ 988.944990][T24794] ? find_held_lock+0x2d/0x110 [ 988.949764][T24794] ? __pfx_lock_release+0x10/0x10 [ 988.954806][T24794] ? __fget_files+0x244/0x3f0 [ 988.959504][T24794] ? do_writev+0x289/0x370 [ 988.963930][T24794] do_writev+0x289/0x370 [ 988.968189][T24794] ? __pfx_do_writev+0x10/0x10 [ 988.972970][T24794] do_syscall_64+0xcd/0x250 [ 988.977487][T24794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 988.983397][T24794] RIP: 0033:0x7f304117df39 [ 988.987815][T24794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 989.007430][T24794] RSP: 002b:00007f3041f55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 989.015851][T24794] RAX: ffffffffffffffda RBX: 00007f3041335f80 RCX: 00007f304117df39 [ 989.023859][T24794] RDX: 0000000000000009 RSI: 0000000020000040 RDI: 0000000000000000 [ 989.031849][T24794] RBP: 00007f3041f55090 R08: 0000000000000000 R09: 0000000000000000 [ 989.039838][T24794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 989.047821][T24794] R13: 0000000000000000 R14: 00007f3041335f80 R15: 00007fff18642cc8 [ 989.055812][T24794] [ 989.325612][T24801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5868'. [ 989.574325][T24811] coredump: 134(syz.1.5870): written to core: VMAs: 1, size 4096; core: 2659 bytes, pos 8192 [ 989.688339][T24818] coredump: 136(syz.1.5870): written to core: VMAs: 3, size 135168; core: 10962 bytes, pos 139264 [ 990.953630][T24850] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5884'. [ 992.072663][T24890] FAULT_INJECTION: forcing a failure. [ 992.072663][T24890] name fail_futex, interval 1, probability 0, space 0, times 0 [ 992.086022][T24890] CPU: 1 UID: 0 PID: 24890 Comm: syz.1.5895 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 992.096471][T24890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 992.106550][T24890] Call Trace: [ 992.109853][T24890] [ 992.112809][T24890] dump_stack_lvl+0x16c/0x1f0 [ 992.117535][T24890] should_fail_ex+0x497/0x5b0 [ 992.122255][T24890] should_fail_futex+0x4c/0x60 [ 992.127062][T24890] futex_lock_pi_atomic+0xd3/0x980 [ 992.132220][T24890] ? __pfx_futex_lock_pi_atomic+0x10/0x10 [ 992.137972][T24890] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 992.143374][T24890] ? __pfx_get_futex_key+0x10/0x10 [ 992.148533][T24890] futex_lock_pi+0x2cc/0x710 [ 992.153248][T24890] ? __pfx_futex_lock_pi+0x10/0x10 [ 992.158465][T24890] ? find_held_lock+0x2d/0x110 [ 992.163262][T24890] ? __pfx_futex_wake_mark+0x10/0x10 [ 992.168582][T24890] ? vfs_write+0x14d/0x1140 [ 992.173132][T24890] do_futex+0x11b/0x350 [ 992.177317][T24890] ? __pfx_do_futex+0x10/0x10 [ 992.182033][T24890] __x64_sys_futex+0x1e1/0x4c0 [ 992.186832][T24890] ? fput+0x30/0x390 [ 992.190749][T24890] ? __pfx___x64_sys_futex+0x10/0x10 [ 992.196042][T24890] ? ksys_write+0x1ad/0x260 [ 992.200557][T24890] ? __pfx_ksys_write+0x10/0x10 [ 992.205423][T24890] do_syscall_64+0xcd/0x250 [ 992.209937][T24890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.215842][T24890] RIP: 0033:0x7f78cdd7df39 [ 992.220258][T24890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 992.239869][T24890] RSP: 002b:00007f78cec2e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 992.248314][T24890] RAX: ffffffffffffffda RBX: 00007f78cdf36058 RCX: 00007f78cdd7df39 [ 992.256286][T24890] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 992.264255][T24890] RBP: 00007f78cec2e090 R08: 0000000000000000 R09: 0000000080000001 [ 992.272225][T24890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 992.280197][T24890] R13: 0000000000000000 R14: 00007f78cdf36058 R15: 00007fff7d6e6708 [ 992.288187][T24890] [ 992.466940][T24779] coredump: 525(syz.2.5858): written to core: VMAs: 34, size 97476608; core: 60142578 bytes, pos 97484800 [ 993.098180][ T1264] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.105124][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.301235][T24911] Process accounting resumed [ 994.365326][T24758] coredump: 629(syz.3.5852): written to core: VMAs: 37, size 95453184; core: 74622062 bytes, pos 95461376 [ 994.377761][T24944] FAULT_INJECTION: forcing a failure. [ 994.377761][T24944] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 994.377798][T24944] CPU: 0 UID: 0 PID: 24944 Comm: syz.1.5919 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 994.377828][T24944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 994.377843][T24944] Call Trace: [ 994.377852][T24944] [ 994.377862][T24944] dump_stack_lvl+0x16c/0x1f0 [ 994.377901][T24944] should_fail_ex+0x497/0x5b0 [ 994.377936][T24944] ? fs_reclaim_acquire+0xae/0x160 [ 994.377963][T24944] should_fail_alloc_page+0xe7/0x130 [ 994.377995][T24944] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 994.378027][T24944] __alloc_pages_noprof+0x190/0x25c0 [ 994.378059][T24944] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 994.378097][T24944] ? find_held_lock+0x2d/0x110 [ 994.378128][T24944] ? ksys_write+0x12f/0x260 [ 994.378163][T24944] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 994.378192][T24944] ? find_held_lock+0x2d/0x110 [ 994.378221][T24944] ? ksys_write+0x21e/0x260 [ 994.479569][T24944] ? vfs_write+0x14d/0x1140 [ 994.484098][T24944] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 994.490028][T24944] ? policy_nodemask+0xea/0x4e0 [ 994.494895][T24944] alloc_pages_mpol_noprof+0x275/0x610 [ 994.500368][T24944] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 994.506362][T24944] ? fput+0x30/0x390 [ 994.510275][T24944] get_free_pages_noprof+0xc/0x40 [ 994.515310][T24944] __do_sys_mincore+0xf0/0x620 [ 994.520091][T24944] do_syscall_64+0xcd/0x250 [ 994.524609][T24944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.530513][T24944] RIP: 0033:0x7f78cdd7df39 [ 994.534932][T24944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 994.554544][T24944] RSP: 002b:00007f78cec4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 994.562971][T24944] RAX: ffffffffffffffda RBX: 00007f78cdf35f80 RCX: 00007f78cdd7df39 [ 994.570951][T24944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 994.578921][T24944] RBP: 00007f78cec4f090 R08: 0000000000000000 R09: 0000000000000000 [ 994.586904][T24944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 994.594874][T24944] R13: 0000000000000001 R14: 00007f78cdf35f80 R15: 00007fff7d6e6708 [ 994.602859][T24944] [ 994.886027][T24954] coredump: 574(syz.2.5924): coredump has not been created, error -13 [ 995.494887][T24968] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 998.538157][T24837] coredump: 143(syz.1.5877): written to core: VMAs: 35, size 97472512; core: 60023806 bytes, pos 97480704 [ 998.688659][T25053] coredump: 174(syz.1.5955): written to core: VMAs: 1, size 4096; core: 2659 bytes, pos 8192 [ 998.858034][T25055] coredump: 176(syz.1.5955): written to core: VMAs: 3, size 135168; core: 10962 bytes, pos 139264 [ 998.991812][T24835] coredump: 142(syz.1.5877): written to core: VMAs: 33, size 97341440; core: 60007310 bytes, pos 97349632 [ 1000.505921][T25038] coredump: 95(syz.0.5951): written to core: VMAs: 39, size 93806592; core: 56153354 bytes, pos 93814784 [ 1001.855104][T25083] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5966'. [ 1001.944578][T25083] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1002.056082][T25057] coredump: 101(syz.0.5956): written to core: VMAs: 36, size 80961536; core: 60277814 bytes, pos 80969728 [ 1003.121170][T25000] coredump: 164(syz.1.5931): interrupted: fatal signal pending [ 1003.164572][T25000] coredump: 164(syz.1.5931): written to core: VMAs: 36, size 131162112; core: 57050210 bytes, pos 94515200 [ 1003.740100][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.874985][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.116824][T25136] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5985'. [ 1005.797474][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1006.204635][T25134] coredump: 625(syz.2.5984): written to core: VMAs: 33, size 97341440; core: 60007310 bytes, pos 97349632 [ 1006.787111][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1007.197011][ T12] bridge_slave_1: left allmulticast mode [ 1007.202790][ T12] bridge_slave_1: left promiscuous mode [ 1007.276923][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1007.341064][ T12] bridge_slave_0: left allmulticast mode [ 1007.386735][ T12] bridge_slave_0: left promiscuous mode [ 1007.392517][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1007.844143][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1007.886875][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1007.894854][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1007.904149][ T5234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1007.913241][ T5234] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1007.920862][ T5234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1009.731441][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1009.773370][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1009.808423][ T12] bond0 (unregistering): Released all slaves [ 1009.977025][ T5234] Bluetooth: hci0: command tx timeout [ 1012.056815][ T5234] Bluetooth: hci0: command tx timeout [ 1013.691931][T25179] chnl_net:caif_netlink_parms(): no params data found [ 1014.035032][ T12] hsr_slave_0: left promiscuous mode [ 1014.114586][ T12] hsr_slave_1: left promiscuous mode [ 1014.145090][ T5234] Bluetooth: hci0: command tx timeout [ 1014.267711][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1014.287648][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1014.312989][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1015.487779][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1015.607500][ T12] veth1_macvtap: left promiscuous mode [ 1015.613057][ T12] veth0_macvtap: left promiscuous mode [ 1015.664488][ T12] veth1_vlan: left promiscuous mode [ 1015.679250][ T12] veth0_vlan: left promiscuous mode [ 1015.712172][T25303] coredump: 697(syz.2.6038): written to core: VMAs: 36, size 84893696; core: 64209974 bytes, pos 84901888 [ 1015.997068][T25306] coredump: 714(syz.3.6039): coredump has not been created, error -2 [ 1016.222307][ T5234] Bluetooth: hci0: command tx timeout [ 1017.317897][T25192] coredump: 148(syz.0.6006): written to core: VMAs: 35, size 97607680; core: 60150826 bytes, pos 97615872 [ 1017.935345][T25328] coredump: 722(syz.3.6044): coredump has not been created, error -13 [ 1018.756163][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1018.985799][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1020.222924][T25348] FAULT_INJECTION: forcing a failure. [ 1020.222924][T25348] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1020.335207][T25348] CPU: 1 UID: 0 PID: 25348 Comm: syz.3.6051 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1020.345670][T25348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1020.355735][T25348] Call Trace: [ 1020.359027][T25348] [ 1020.361973][T25348] dump_stack_lvl+0x16c/0x1f0 [ 1020.366683][T25348] should_fail_ex+0x497/0x5b0 [ 1020.371386][T25348] _copy_to_user+0x30/0xc0 [ 1020.375825][T25348] simple_read_from_buffer+0xd0/0x160 [ 1020.381220][T25348] proc_fail_nth_read+0x198/0x270 [ 1020.386262][T25348] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1020.391831][T25348] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1020.397393][T25348] vfs_read+0x1ce/0xbd0 [ 1020.401667][T25348] ? __pfx_vfs_read+0x10/0x10 [ 1020.406383][T25348] ksys_read+0x12f/0x260 [ 1020.410738][T25348] ? __pfx_ksys_read+0x10/0x10 [ 1020.415521][T25348] ? syscall_user_dispatch+0x77/0x140 [ 1020.420924][T25348] do_syscall_64+0xcd/0x250 [ 1020.425454][T25348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1020.431368][T25348] RIP: 0033:0x7f63ed17c97c [ 1020.435791][T25348] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1020.455414][T25348] RSP: 002b:00007f63ee060030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1020.463868][T25348] RAX: ffffffffffffffda RBX: 00007f63ed335f80 RCX: 00007f63ed17c97c [ 1020.471879][T25348] RDX: 000000000000000f RSI: 00007f63ee0600a0 RDI: 0000000000000003 [ 1020.479861][T25348] RBP: 00007f63ee060090 R08: 0000000000000000 R09: 0000000000000000 [ 1020.487844][T25348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1020.495822][T25348] R13: 0000000000000000 R14: 00007f63ed335f80 R15: 00007fff9d261278 [ 1020.503835][T25348] [ 1021.080649][T25351] coredump: 183(syz.0.6052): coredump has not been created, error -13 [ 1021.288183][T25354] FAULT_INJECTION: forcing a failure. [ 1021.288183][T25354] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1021.374660][T25354] CPU: 1 UID: 0 PID: 25354 Comm: syz.3.6053 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1021.385134][T25354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1021.395203][T25354] Call Trace: [ 1021.398491][T25354] [ 1021.401436][T25354] dump_stack_lvl+0x16c/0x1f0 [ 1021.406143][T25354] should_fail_ex+0x497/0x5b0 [ 1021.410848][T25354] _copy_from_user+0x30/0xf0 [ 1021.415459][T25354] copy_msghdr_from_user+0x99/0x160 [ 1021.420677][T25354] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1021.426519][T25354] ? find_held_lock+0x2d/0x110 [ 1021.431308][T25354] ___sys_recvmsg+0xdc/0x1a0 [ 1021.435915][T25354] ? __pfx____sys_recvmsg+0x10/0x10 [ 1021.441151][T25354] ? fdget+0x176/0x210 [ 1021.445247][T25354] do_recvmmsg+0x2ba/0x750 [ 1021.449695][T25354] ? __pfx_do_recvmmsg+0x10/0x10 [ 1021.454655][T25354] ? vfs_write+0x14d/0x1140 [ 1021.459190][T25354] ? __mutex_unlock_slowpath+0x164/0x650 [ 1021.464862][T25354] ? __fget_files+0x244/0x3f0 [ 1021.469577][T25354] __x64_sys_recvmmsg+0x239/0x290 [ 1021.474623][T25354] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1021.480198][T25354] do_syscall_64+0xcd/0x250 [ 1021.484730][T25354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1021.490645][T25354] RIP: 0033:0x7f63ed17df39 [ 1021.495075][T25354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1021.514710][T25354] RSP: 002b:00007f63ee03f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1021.523142][T25354] RAX: ffffffffffffffda RBX: 00007f63ed336058 RCX: 00007f63ed17df39 [ 1021.531126][T25354] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000005 [ 1021.539112][T25354] RBP: 00007f63ee03f090 R08: 0000000000000000 R09: 0000000000000000 [ 1021.547094][T25354] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 1021.555075][T25354] R13: 0000000000000001 R14: 00007f63ed336058 R15: 00007fff9d261278 [ 1021.563078][T25354] [ 1022.717297][T25179] bridge0: port 1(bridge_slave_0) entered blocking state [ 1022.724426][T25179] bridge0: port 1(bridge_slave_0) entered disabled state [ 1022.788180][T25179] bridge_slave_0: entered allmulticast mode [ 1022.795658][T25179] bridge_slave_0: entered promiscuous mode [ 1022.871973][T25179] bridge0: port 2(bridge_slave_1) entered blocking state [ 1022.937118][T25179] bridge0: port 2(bridge_slave_1) entered disabled state [ 1022.944365][T25179] bridge_slave_1: entered allmulticast mode [ 1023.007454][T25179] bridge_slave_1: entered promiscuous mode [ 1023.464060][T25378] coredump: 703(syz.2.6055): written to core: VMAs: 2, size 2101248; core: 2099915 bytes, pos 2105344 [ 1023.513590][T25179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1023.567762][T25179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1023.920360][T25179] team0: Port device team_slave_0 added [ 1023.960407][T25179] team0: Port device team_slave_1 added [ 1024.146588][T25179] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1024.153572][T25179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1024.187279][T25389] coredump: 708(syz.2.6061): coredump has not been created, error -13 [ 1024.285712][T25179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1024.329640][T25179] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1024.394578][T25179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1024.523784][T25179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1024.926369][T25179] hsr_slave_0: entered promiscuous mode [ 1025.249456][T25179] hsr_slave_1: entered promiscuous mode [ 1025.271372][T25179] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1025.306550][T25179] Cannot create hsr debugfs directory [ 1026.497078][T25425] coredump: 745(syz.3.6071): coredump has not been created, error -13 [ 1027.978658][T25179] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1028.119583][T25179] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1028.200868][T25179] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1028.291288][T25179] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1028.649596][T25179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1028.684167][T25326] coredump: 173(syz.0.6043): written to core: VMAs: 34, size 80830464; core: 60269510 bytes, pos 80838656 [ 1028.743943][T25179] 8021q: adding VLAN 0 to HW filter on device team0 [ 1028.816066][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1028.823233][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1028.932487][ T2903] bridge0: port 2(bridge_slave_1) entered blocking state [ 1028.939687][ T2903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1029.985935][T25179] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1030.160124][T25179] veth0_vlan: entered promiscuous mode [ 1030.205493][T25179] veth1_vlan: entered promiscuous mode [ 1030.360680][T25179] veth0_macvtap: entered promiscuous mode [ 1030.413020][T25179] veth1_macvtap: entered promiscuous mode [ 1030.482173][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1030.530106][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.610978][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1030.678280][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.715722][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1030.762306][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.828974][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1030.865471][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.906087][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1030.938063][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1030.984526][T25179] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1031.189127][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1031.264519][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1031.311327][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1031.366741][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1031.417100][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1031.493250][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1031.540570][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1032.255335][T25443] coredump: 728(syz.2.6076): written to core: VMAs: 3, size 33710080; core: 33708842 bytes, pos 33714176 [ 1032.671224][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1032.681770][T25179] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1032.692306][T25179] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1032.703902][T25179] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1032.714097][T25179] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1032.722957][T25179] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1032.732004][T25179] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1032.741017][T25179] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1034.122964][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1034.200271][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1034.298832][T25506] coredump: 750(syz.2.6090): coredump has not been created, error -13 [ 1034.339408][ T1110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1034.362974][ T1110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1034.978584][T25510] coredump: 209(syz.0.6092): coredump has not been created, error -13 [ 1036.743899][T25468] coredump: 207(syz.0.6079): interrupted: fatal signal pending [ 1036.792435][T25468] coredump: 207(syz.0.6079): written to core: VMAs: 35, size 149905408; core: 3896362 bytes, pos 4284416 [ 1036.965755][T25476] coredump: 208(syz.0.6079): interrupted: fatal signal pending [ 1037.053743][T25476] coredump: 208(syz.0.6079): written to core: VMAs: 40, size 150036480; core: 6460738 bytes, pos 6971392 [ 1038.383885][T25582] coredump: 764(syz.2.6100): coredump has not been created, error -13 [ 1039.290396][T25600] netlink: 'syz.2.6109': attribute type 9 has an invalid length. [ 1039.825718][T25609] coredump: 781(syz.2.6112): coredump has not been created, error -13 [ 1040.052568][T25614] syz_tun: tun_chr_ioctl cmd 1074025684 [ 1041.013340][T25535] coredump: 7(syz.1.6002): written to core: VMAs: 39, size 103899136; core: 66315486 bytes, pos 103907328 [ 1042.073463][T25591] coredump: 15(syz.1.6104): interrupted: fatal signal pending [ 1042.098790][T25591] coredump: 15(syz.1.6104): written to core: VMAs: 33, size 80564224; core: 44825170 bytes, pos 65425408 [ 1042.552723][T25637] coredump: 796(syz.2.6122): coredump has not been created, error -13 [ 1044.650315][T25624] coredump: 220(syz.0.6117): interrupted: fatal signal pending [ 1044.686517][T25624] coredump: 220(syz.0.6117): written to core: VMAs: 34, size 97341440; core: 45861532 bytes, pos 83202048 [ 1045.206798][T25615] coredump: 784(syz.2.6114): written to core: VMAs: 35, size 82726912; core: 62108670 bytes, pos 82735104 [ 1048.735689][T25739] coredump: 40(syz.1.6155): coredump has not been created, error -13 [ 1049.255185][T25754] FAULT_INJECTION: forcing a failure. [ 1049.255185][T25754] name failslab, interval 1, probability 0, space 0, times 0 [ 1049.368435][T25754] CPU: 1 UID: 0 PID: 25754 Comm: syz.2.6163 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1049.378908][T25754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1049.388987][T25754] Call Trace: [ 1049.392279][T25754] [ 1049.395220][T25754] dump_stack_lvl+0x16c/0x1f0 [ 1049.399939][T25754] should_fail_ex+0x497/0x5b0 [ 1049.404652][T25754] ? fs_reclaim_acquire+0xae/0x160 [ 1049.409790][T25754] should_failslab+0xc2/0x120 [ 1049.414496][T25754] __kmalloc_noprof+0xcb/0x410 [ 1049.419294][T25754] copy_splice_read+0x1a8/0xb90 [ 1049.424183][T25754] ? __pfx_copy_splice_read+0x10/0x10 [ 1049.429581][T25754] ? trace_contention_end+0xea/0x140 [ 1049.434901][T25754] ? find_held_lock+0x2d/0x110 [ 1049.439700][T25754] ? __pfx___mutex_lock+0x10/0x10 [ 1049.444750][T25754] ? __pfx_lock_release+0x10/0x10 [ 1049.449811][T25754] ? ksys_write+0x12f/0x260 [ 1049.454356][T25754] sock_splice_read+0xe9/0x110 [ 1049.459153][T25754] ? __pfx_sock_splice_read+0x10/0x10 [ 1049.464547][T25754] do_splice_read+0x282/0x370 [ 1049.469253][T25754] splice_file_to_pipe+0x109/0x120 [ 1049.474399][T25754] do_sendfile+0x431/0xe40 [ 1049.478859][T25754] ? __pfx_do_sendfile+0x10/0x10 [ 1049.483827][T25754] ? __fget_files+0x244/0x3f0 [ 1049.488541][T25754] __x64_sys_sendfile64+0x1da/0x220 [ 1049.493766][T25754] ? ksys_write+0x1ad/0x260 [ 1049.498392][T25754] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1049.504236][T25754] do_syscall_64+0xcd/0x250 [ 1049.508776][T25754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1049.514698][T25754] RIP: 0033:0x7f304117df39 [ 1049.519136][T25754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1049.538813][T25754] RSP: 002b:00007f3041f55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1049.547267][T25754] RAX: ffffffffffffffda RBX: 00007f3041335f80 RCX: 00007f304117df39 [ 1049.555261][T25754] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1049.563259][T25754] RBP: 00007f3041f55090 R08: 0000000000000000 R09: 0000000000000000 [ 1049.571257][T25754] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 1049.579336][T25754] R13: 0000000000000000 R14: 00007f3041335f80 R15: 00007fff18642cc8 [ 1049.587348][T25754] [ 1050.754409][T25583] coredump: 1(syz.0.6095): written to core: VMAs: 36, size 133259264; core: 95802466 bytes, pos 133267456 [ 1051.308156][T25800] FAULT_INJECTION: forcing a failure. [ 1051.308156][T25800] name failslab, interval 1, probability 0, space 0, times 0 [ 1051.374580][T25800] CPU: 1 UID: 0 PID: 25800 Comm: syz.2.6177 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1051.385057][T25800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1051.395132][T25800] Call Trace: [ 1051.398426][T25800] [ 1051.401367][T25800] dump_stack_lvl+0x16c/0x1f0 [ 1051.406075][T25800] should_fail_ex+0x497/0x5b0 [ 1051.410781][T25800] ? fs_reclaim_acquire+0xae/0x160 [ 1051.415911][T25800] should_failslab+0xc2/0x120 [ 1051.420612][T25800] __kmalloc_cache_node_noprof+0x6e/0x360 [ 1051.426355][T25800] ? __get_vm_area_node+0xe1/0x2d0 [ 1051.431498][T25800] __get_vm_area_node+0xe1/0x2d0 [ 1051.436456][T25800] __vmalloc_node_range_noprof+0x26a/0x15b0 [ 1051.442378][T25800] ? kernel_clone+0xfd/0x960 [ 1051.447008][T25800] ? lockdep_hardirqs_on+0x7c/0x110 [ 1051.452243][T25800] ? kernel_clone+0xfd/0x960 [ 1051.456872][T25800] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1051.463231][T25800] ? rcu_is_watching+0x12/0xc0 [ 1051.468021][T25800] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 1051.473424][T25800] ? kmem_cache_alloc_node_noprof+0x1a2/0x310 [ 1051.479518][T25800] ? kernel_clone+0xfd/0x960 [ 1051.484138][T25800] copy_process+0x29c5/0x6f00 [ 1051.488844][T25800] ? kernel_clone+0xfd/0x960 [ 1051.493463][T25800] ? __might_fault+0x13b/0x190 [ 1051.498270][T25800] ? __pfx_copy_process+0x10/0x10 [ 1051.503325][T25800] ? __might_fault+0xe3/0x190 [ 1051.508042][T25800] ? _copy_from_user+0x5d/0xf0 [ 1051.512835][T25800] kernel_clone+0xfd/0x960 [ 1051.517286][T25800] ? ksys_write+0x12f/0x260 [ 1051.521818][T25800] ? __pfx_kernel_clone+0x10/0x10 [ 1051.526886][T25800] ? vfs_write+0x14d/0x1140 [ 1051.531427][T25800] __do_sys_clone3+0x1f5/0x270 [ 1051.536218][T25800] ? __pfx___do_sys_clone3+0x10/0x10 [ 1051.541563][T25800] do_syscall_64+0xcd/0x250 [ 1051.546106][T25800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1051.552032][T25800] RIP: 0033:0x7f304117df39 [ 1051.556467][T25800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1051.576104][T25800] RSP: 002b:00007f3041f55038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1051.584548][T25800] RAX: ffffffffffffffda RBX: 00007f3041335f80 RCX: 00007f304117df39 [ 1051.592543][T25800] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000020000400 [ 1051.600543][T25800] RBP: 00007f3041f55090 R08: 0000000000000000 R09: 0000000000000000 [ 1051.608539][T25800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1051.616524][T25800] R13: 0000000000000001 R14: 00007f3041335f80 R15: 00007fff18642cc8 [ 1051.624692][T25800] [ 1051.973062][T25683] coredump: 818(syz.2.6138): written to core: VMAs: 33, size 97341440; core: 60019616 bytes, pos 97357824 [ 1052.374697][T25798] netlink: 'syz.3.6180': attribute type 11 has an invalid length. [ 1052.562368][T25800] syz.2.6177: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1052.666548][T25800] CPU: 1 UID: 0 PID: 25800 Comm: syz.2.6177 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1052.677010][T25800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1052.687065][T25800] Call Trace: [ 1052.690342][T25800] [ 1052.693275][T25800] dump_stack_lvl+0x16c/0x1f0 [ 1052.697973][T25800] warn_alloc+0x24d/0x3a0 [ 1052.703534][T25800] ? __pfx_warn_alloc+0x10/0x10 [ 1052.708413][T25800] ? fs_reclaim_acquire+0xae/0x160 [ 1052.713531][T25800] ? trace_kmalloc+0x2d/0xe0 [ 1052.718136][T25800] ? __kasan_kmalloc+0x8a/0xb0 [ 1052.722904][T25800] ? __get_vm_area_node+0x1bc/0x2d0 [ 1052.728110][T25800] __vmalloc_node_range_noprof+0xd34/0x15b0 [ 1052.734010][T25800] ? lockdep_hardirqs_on+0x7c/0x110 [ 1052.739217][T25800] ? kernel_clone+0xfd/0x960 [ 1052.743816][T25800] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1052.750148][T25800] ? rcu_is_watching+0x12/0xc0 [ 1052.754911][T25800] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 1052.760307][T25800] ? kmem_cache_alloc_node_noprof+0x1a2/0x310 [ 1052.766380][T25800] ? kernel_clone+0xfd/0x960 [ 1052.770977][T25800] copy_process+0x29c5/0x6f00 [ 1052.775658][T25800] ? kernel_clone+0xfd/0x960 [ 1052.780590][T25800] ? __might_fault+0x13b/0x190 [ 1052.785390][T25800] ? __pfx_copy_process+0x10/0x10 [ 1052.790424][T25800] ? __might_fault+0xe3/0x190 [ 1052.795122][T25800] ? _copy_from_user+0x5d/0xf0 [ 1052.799901][T25800] kernel_clone+0xfd/0x960 [ 1052.804328][T25800] ? ksys_write+0x12f/0x260 [ 1052.808846][T25800] ? __pfx_kernel_clone+0x10/0x10 [ 1052.813886][T25800] ? vfs_write+0x14d/0x1140 [ 1052.818423][T25800] __do_sys_clone3+0x1f5/0x270 [ 1052.823215][T25800] ? __pfx___do_sys_clone3+0x10/0x10 [ 1052.828552][T25800] do_syscall_64+0xcd/0x250 [ 1052.833073][T25800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1052.839065][T25800] RIP: 0033:0x7f304117df39 [ 1052.843483][T25800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1052.863106][T25800] RSP: 002b:00007f3041f55038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 1052.871522][T25800] RAX: ffffffffffffffda RBX: 00007f3041335f80 RCX: 00007f304117df39 [ 1052.879495][T25800] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000020000400 [ 1052.887467][T25800] RBP: 00007f3041f55090 R08: 0000000000000000 R09: 0000000000000000 [ 1052.895446][T25800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1052.903419][T25800] R13: 0000000000000001 R14: 00007f3041335f80 R15: 00007fff18642cc8 [ 1052.911410][T25800] [ 1053.186655][T25814] netlink: 'syz.0.6182': attribute type 9 has an invalid length. [ 1053.623059][T25800] Mem-Info: [ 1053.626213][T25800] active_anon:37856 inactive_anon:0 isolated_anon:0 [ 1053.626213][T25800] active_file:6321 inactive_file:53454 isolated_file:0 [ 1053.626213][T25800] unevictable:777 dirty:128 writeback:0 [ 1053.626213][T25800] slab_reclaimable:10264 slab_unreclaimable:99039 [ 1053.626213][T25800] mapped:32888 shmem:27594 pagetables:1042 [ 1053.626213][T25800] sec_pagetables:0 bounce:0 [ 1053.626213][T25800] kernel_misc_reclaimable:0 [ 1053.626213][T25800] free:1295948 free_pcp:7911 free_cma:0 [ 1053.746572][T25800] Node 0 active_anon:156624kB inactive_anon:0kB active_file:25284kB inactive_file:213744kB unevictable:1572kB isolated(anon):0kB isolated(file):0kB mapped:134052kB dirty:508kB writeback:0kB shmem:114440kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10088kB pagetables:4068kB sec_pagetables:0kB all_unreclaimable? no [ 1053.792770][T25800] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1053.824031][T25800] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1053.851488][T25800] lowmem_reserve[]: 0 2465 2466 0 0 [ 1053.856970][T25800] Node 0 DMA32 free:1261072kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:159988kB inactive_anon:0kB active_file:25284kB inactive_file:212904kB unevictable:1572kB writepending:508kB present:3129332kB managed:2551300kB mlocked:36kB bounce:0kB free_pcp:2524kB local_pcp:1444kB free_cma:0kB [ 1053.888207][T25819] FAULT_INJECTION: forcing a failure. [ 1053.888207][T25819] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.889311][T25800] lowmem_reserve[]: [ 1053.900888][T25819] CPU: 0 UID: 0 PID: 25819 Comm: syz.0.6184 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1053.900926][T25819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1053.904774][T25800] 0 [ 1053.915099][T25819] Call Trace: [ 1053.915111][T25819] [ 1053.915121][T25819] dump_stack_lvl+0x16c/0x1f0 [ 1053.915163][T25819] should_fail_ex+0x497/0x5b0 [ 1053.915202][T25819] should_failslab+0xc2/0x120 [ 1053.926173][T25800] 0 [ 1053.927710][T25819] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 1053.927748][T25819] ? skb_clone+0x190/0x3f0 [ 1053.927779][T25819] skb_clone+0x190/0x3f0 [ 1053.931063][T25800] 0 0 [ 1053.933984][T25819] dev_queue_xmit_nit+0x38f/0xba0 [ 1053.938737][T25800] 0 [ 1053.943292][T25819] dev_hard_start_xmit+0x56/0x790 [ 1053.948136][T25800] [ 1053.950421][T25819] ? kasan_save_track+0x14/0x30 [ 1053.955832][T25800] Node 0 [ 1053.960182][T25819] __dev_queue_xmit+0x7c7/0x4300 [ 1053.960233][T25819] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1053.964582][T25800] Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:840kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1053.967225][T25819] ? rcu_is_watching+0x12/0xc0 [ 1053.967254][T25819] ? __copy_skb_header+0x2e8/0x5b0 [ 1053.967278][T25819] ? __skb_clone+0x570/0x760 [ 1053.972327][T25800] lowmem_reserve[]: [ 1053.974776][T25819] netlink_deliver_tap+0xa8a/0xcf0 [ 1053.980187][T25800] 0 [ 1053.982109][T25819] netlink_unicast+0x5e1/0x7f0 [ 1053.987039][T25800] 0 [ 1053.989847][T25819] ? __pfx_netlink_unicast+0x10/0x10 [ 1053.994754][T25800] 0 0 [ 1054.000102][T25819] ? __phys_addr_symbol+0x30/0x80 [ 1054.000133][T25819] ? __check_object_size+0x488/0x710 [ 1054.000166][T25819] netlink_sendmsg+0x8b8/0xd70 [ 1054.000203][T25819] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1054.000249][T25819] ____sys_sendmsg+0x9ae/0xb40 [ 1054.036610][T25800] 0 [ 1054.040698][T25819] ? copy_msghdr_from_user+0x10b/0x160 [ 1054.040734][T25819] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1054.044576][T25800] [ 1054.049612][T25819] ? find_held_lock+0x2d/0x110 [ 1054.049643][T25819] ? __pfx___lock_acquire+0x10/0x10 [ 1054.049681][T25819] ___sys_sendmsg+0x135/0x1e0 [ 1054.052197][T25800] Node 1 [ 1054.056897][T25819] ? __pfx____sys_sendmsg+0x10/0x10 [ 1054.056941][T25819] ? ksys_write+0x21e/0x260 [ 1054.056975][T25819] ? __pfx_lock_release+0x10/0x10 [ 1054.057022][T25819] ? fdget+0x176/0x210 [ 1054.057060][T25819] __sys_sendmsg+0x117/0x1f0 [ 1054.057085][T25819] ? __pfx___sys_sendmsg+0x10/0x10 [ 1054.057107][T25819] ? __fget_files+0x244/0x3f0 [ 1054.057162][T25819] do_syscall_64+0xcd/0x250 [ 1054.057200][T25819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1054.062304][T25800] Normal free:3927724kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1054.064953][T25819] RIP: 0033:0x7f1298d7df39 [ 1054.078928][T25800] lowmem_reserve[]: [ 1054.082653][T25819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1054.116634][T25800] 0 [ 1054.118144][T25819] RSP: 002b:00007f1299aad038 EFLAGS: 00000246 [ 1054.133040][T25800] 0 [ 1054.135408][T25819] ORIG_RAX: 000000000000002e [ 1054.166535][T25800] 0 [ 1054.169191][T25819] RAX: ffffffffffffffda RBX: 00007f1298f35f80 RCX: 00007f1298d7df39 [ 1054.169213][T25819] RDX: 0000000000004800 RSI: 0000000020000240 RDI: 0000000000000003 [ 1054.169231][T25819] RBP: 00007f1299aad090 R08: 0000000000000000 R09: 0000000000000000 [ 1054.238369][T25800] 0 [ 1054.240849][T25819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1054.243335][T25800] 0 [ 1054.251282][T25819] R13: 0000000000000000 R14: 00007f1298f35f80 R15: 00007fffc4691bb8 [ 1054.251316][T25819] [ 1054.426621][T25800] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1054.466564][T25800] Node 0 DMA32: 1030*4kB (UME) 1859*8kB (UME) 1330*16kB (UME) 899*32kB (UME) 807*64kB (UME) 848*128kB (UME) 351*256kB (UME) 169*512kB (UM) 71*1024kB (UM) 22*2048kB (UME) 177*4096kB (UME) = 1248368kB [ 1054.516574][T25800] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1054.555112][T25800] Node 1 Normal: 163*4kB (UME) 56*8kB (UME) 36*16kB (UME) 167*32kB (UME) 87*64kB (UME) 27*128kB (UME) 18*256kB (UME) 7*512kB (UM) 8*1024kB (UME) 2*2048kB (UE) 950*4096kB (M) = 3927724kB [ 1054.556859][ T1264] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.586600][ T1264] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.666894][T25800] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1054.686565][T25800] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1054.706590][T25800] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1054.735274][T25800] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1054.776802][T25800] 96186 total pagecache pages [ 1054.786683][T25800] 14 pages in swap cache [ 1054.806645][T25800] Free swap = 124192kB [ 1054.816575][T25800] Total swap = 124996kB [ 1054.826607][T25800] 2097051 pages RAM [ 1054.830970][T25800] 0 pages HighMem/MovableOnly [ 1054.846562][T25800] 427376 pages reserved [ 1054.856693][T25800] 0 pages cma reserved [ 1055.234593][T25829] coredump: 269(syz.0.6187): written to core: VMAs: 4, size 4333568; core: 4209418 bytes, pos 4337664 [ 1055.541257][T25830] coredump: 270(syz.0.6187): written to core: VMAs: 4, size 4333568; core: 4332298 bytes, pos 4337664 [ 1055.841771][T25750] coredump: 806(syz.3.6161): written to core: VMAs: 37, size 103841792; core: 66311278 bytes, pos 103849984 [ 1057.966803][T25874] coredump: 291(syz.0.6204): written to core: VMAs: 33, size 80564224; core: 60004946 bytes, pos 80572416 [ 1058.599804][T25880] kexec: Could not allocate control_code_buffer [ 1059.252624][T25901] FAULT_INJECTION: forcing a failure. [ 1059.252624][T25901] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1059.286692][T25901] CPU: 1 UID: 0 PID: 25901 Comm: syz.2.6214 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1059.297154][T25901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1059.307227][T25901] Call Trace: [ 1059.310516][T25901] [ 1059.313457][T25901] dump_stack_lvl+0x16c/0x1f0 [ 1059.318169][T25901] should_fail_ex+0x497/0x5b0 [ 1059.322916][T25901] _copy_from_user+0x30/0xf0 [ 1059.327534][T25901] do_sock_getsockopt+0x319/0x870 [ 1059.332591][T25901] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1059.338166][T25901] ? __fget_files+0x244/0x3f0 [ 1059.342885][T25901] __sys_getsockopt+0x1a1/0x270 [ 1059.347763][T25901] ? __pfx___sys_getsockopt+0x10/0x10 [ 1059.353155][T25901] ? fput+0x30/0x390 [ 1059.357080][T25901] ? ksys_write+0x1ad/0x260 [ 1059.361616][T25901] ? __pfx_ksys_write+0x10/0x10 [ 1059.366519][T25901] __x64_sys_getsockopt+0xbd/0x160 [ 1059.371650][T25901] ? do_syscall_64+0x91/0x250 [ 1059.376349][T25901] ? lockdep_hardirqs_on+0x7c/0x110 [ 1059.381574][T25901] do_syscall_64+0xcd/0x250 [ 1059.386112][T25901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1059.392029][T25901] RIP: 0033:0x7f304117df39 [ 1059.396460][T25901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1059.416098][T25901] RSP: 002b:00007f3041f55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1059.424536][T25901] RAX: ffffffffffffffda RBX: 00007f3041335f80 RCX: 00007f304117df39 [ 1059.432524][T25901] RDX: 0000000000000004 RSI: 0000000000000065 RDI: 0000000000000006 [ 1059.440512][T25901] RBP: 00007f3041f55090 R08: 0000000000000000 R09: 0000000000000000 [ 1059.448499][T25901] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 1059.456499][T25901] R13: 0000000000000000 R14: 00007f3041335f80 R15: 00007fff18642cc8 [ 1059.464511][T25901] [ 1060.335567][T25902] coredump: 865(syz.2.6214): written to core: VMAs: 34, size 93413376; core: 56005574 bytes, pos 93421568 [ 1061.534885][T25887] coredump: 293(syz.0.6208): interrupted: fatal signal pending [ 1061.607393][T25887] coredump: 293(syz.0.6208): written to core: VMAs: 33, size 80564224; core: 38808146 bytes, pos 59404288 [ 1063.561954][T25924] coredump: 295(syz.0.6218): written to core: VMAs: 34, size 97476608; core: 60144310 bytes, pos 97484800 [ 1066.641426][T25933] coredump: 879(syz.2.6226): written to core: VMAs: 33, size 97341440; core: 60013138 bytes, pos 97349632 [ 1069.329181][T25966] coredump: 308(syz.0.6232): written to core: VMAs: 38, size 93675520; core: 56022182 bytes, pos 93683712 [ 1069.727410][T26008] ptrace attach of ""[21871] was attempted by "./syz-executor exec"[26008] [ 1070.629720][ T8281] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.911516][ T8281] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.089228][ T8281] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.188325][T26034] FAULT_INJECTION: forcing a failure. [ 1071.188325][T26034] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1071.219814][ T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1071.229263][ T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1071.229678][T26034] CPU: 0 UID: 0 PID: 26034 Comm: syz.3.6266 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1071.237322][ T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1071.246619][T26034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1071.246638][T26034] Call Trace: [ 1071.246647][T26034] [ 1071.246657][T26034] dump_stack_lvl+0x16c/0x1f0 [ 1071.246702][T26034] should_fail_ex+0x497/0x5b0 [ 1071.246740][T26034] _copy_from_user+0x30/0xf0 [ 1071.255753][ T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1071.263716][T26034] copy_msghdr_from_user+0x99/0x160 [ 1071.263762][T26034] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1071.263792][T26034] ? find_held_lock+0x2d/0x110 [ 1071.263819][T26034] ? __pfx___lock_acquire+0x10/0x10 [ 1071.268215][ T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1071.270017][T26034] ___sys_sendmsg+0xff/0x1e0 [ 1071.277327][ T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1071.279331][T26034] ? __pfx____sys_sendmsg+0x10/0x10 [ 1071.335904][T26034] ? ksys_write+0x21e/0x260 [ 1071.340430][T26034] ? __pfx_lock_release+0x10/0x10 [ 1071.345476][T26034] ? fdget+0x176/0x210 [ 1071.349557][T26034] __sys_sendmsg+0x117/0x1f0 [ 1071.354157][T26034] ? __pfx___sys_sendmsg+0x10/0x10 [ 1071.359272][T26034] ? __fget_files+0x244/0x3f0 [ 1071.363995][T26034] do_syscall_64+0xcd/0x250 [ 1071.368511][T26034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1071.374409][T26034] RIP: 0033:0x7f63ed17df39 [ 1071.378831][T26034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1071.398458][T26034] RSP: 002b:00007f63ee060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1071.406877][T26034] RAX: ffffffffffffffda RBX: 00007f63ed335f80 RCX: 00007f63ed17df39 [ 1071.414847][T26034] RDX: 0000000000000040 RSI: 0000000020000100 RDI: 0000000000000003 [ 1071.422817][T26034] RBP: 00007f63ee060090 R08: 0000000000000000 R09: 0000000000000000 [ 1071.430787][T26034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1071.438768][T26034] R13: 0000000000000000 R14: 00007f63ed335f80 R15: 00007fff9d261278 [ 1071.446753][T26034] [ 1071.525471][ T8281] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.760027][T26043] FAULT_INJECTION: forcing a failure. [ 1071.760027][T26043] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1071.986394][T26043] CPU: 1 UID: 0 PID: 26043 Comm: syz.3.6269 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1071.996865][T26043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1072.006919][T26043] Call Trace: [ 1072.010196][T26043] [ 1072.013132][T26043] dump_stack_lvl+0x16c/0x1f0 [ 1072.017825][T26043] should_fail_ex+0x497/0x5b0 [ 1072.022513][T26043] ? fs_reclaim_acquire+0xae/0x160 [ 1072.027630][T26043] should_fail_alloc_page+0xe7/0x130 [ 1072.033094][T26043] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 1072.039258][T26043] ? mark_lock+0xb5/0xc60 [ 1072.043602][T26043] __alloc_pages_noprof+0x190/0x25c0 [ 1072.048901][T26043] ? hlock_class+0x4e/0x130 [ 1072.053409][T26043] ? mark_lock+0xb5/0xc60 [ 1072.057745][T26043] ? __pfx___lock_acquire+0x10/0x10 [ 1072.062951][T26043] ? hlock_class+0x4e/0x130 [ 1072.067455][T26043] ? mark_lock+0xb5/0xc60 [ 1072.071790][T26043] ? __pfx_mark_lock+0x10/0x10 [ 1072.076567][T26043] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1072.082292][T26043] ? hlock_class+0x4e/0x130 [ 1072.086803][T26043] ? hlock_class+0x4e/0x130 [ 1072.091309][T26043] ? __lock_acquire+0xbdd/0x3ce0 [ 1072.096263][T26043] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1072.102166][T26043] ? policy_nodemask+0xea/0x4e0 [ 1072.107024][T26043] alloc_pages_mpol_noprof+0x275/0x610 [ 1072.112495][T26043] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 1072.118489][T26043] ? mt_find+0x82d/0xa20 [ 1072.122746][T26043] ? __thp_vma_allowable_orders+0x341/0xb40 [ 1072.128646][T26043] ? __pfx_lock_release+0x10/0x10 [ 1072.133679][T26043] __pmd_alloc+0x3f/0x810 [ 1072.138017][T26043] __handle_mm_fault+0x942/0x2a10 [ 1072.143057][T26043] ? __pfx_mt_find+0x10/0x10 [ 1072.147655][T26043] ? __pfx_lock_acquire+0x10/0x10 [ 1072.152691][T26043] ? __pfx___handle_mm_fault+0x10/0x10 [ 1072.158172][T26043] ? find_vma+0xc0/0x140 [ 1072.162414][T26043] ? __pfx_find_vma+0x10/0x10 [ 1072.167102][T26043] handle_mm_fault+0x3fa/0xaa0 [ 1072.171877][T26043] do_user_addr_fault+0x7a3/0x13f0 [ 1072.177004][T26043] exc_page_fault+0x5c/0xc0 [ 1072.181516][T26043] asm_exc_page_fault+0x26/0x30 [ 1072.186546][T26043] RIP: 0010:rep_movs_alternative+0x30/0x70 [ 1072.192359][T26043] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 1072.211969][T26043] RSP: 0018:ffffc90004577de0 EFLAGS: 00050212 [ 1072.218040][T26043] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000010 [ 1072.226014][T26043] RDX: fffff520008aefce RSI: 0000000000000000 RDI: ffffc90004577e60 [ 1072.233983][T26043] RBP: 0000000000000010 R08: 0000000000000001 R09: fffff520008aefcd [ 1072.241977][T26043] R10: ffffc90004577e6f R11: 0000000000000000 R12: 0000000000000010 [ 1072.249948][T26043] R13: ffffc90004577e60 R14: 0000000000000000 R15: 0000000000000000 [ 1072.257936][T26043] _copy_from_user+0xc6/0xf0 [ 1072.262535][T26043] __x64_sys_cachestat+0x194/0x460 [ 1072.267660][T26043] ? __pfx___x64_sys_cachestat+0x10/0x10 [ 1072.273314][T26043] do_syscall_64+0xcd/0x250 [ 1072.277922][T26043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.283822][T26043] RIP: 0033:0x7f63ed17df39 [ 1072.288245][T26043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1072.307856][T26043] RSP: 002b:00007f63ee060038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c3 [ 1072.316282][T26043] RAX: ffffffffffffffda RBX: 00007f63ed335f80 RCX: 00007f63ed17df39 [ 1072.324253][T26043] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1072.332309][T26043] RBP: 00007f63ee060090 R08: 0000000000000000 R09: 0000000000000000 [ 1072.340277][T26043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1072.348245][T26043] R13: 0000000000000000 R14: 00007f63ed335f80 R15: 00007fff9d261278 [ 1072.356230][T26043] [ 1072.398952][ T8281] bridge_slave_1: left allmulticast mode [ 1072.404651][ T8281] bridge_slave_1: left promiscuous mode [ 1072.461577][ T8281] bridge0: port 2(bridge_slave_1) entered disabled state [ 1072.499571][ T8281] bridge_slave_0: left allmulticast mode [ 1072.526646][ T8281] bridge_slave_0: left promiscuous mode [ 1072.532436][ T8281] bridge0: port 1(bridge_slave_0) entered disabled state [ 1073.583523][ T54] Bluetooth: hci2: command tx timeout [ 1073.934684][T26076] netlink: 412 bytes leftover after parsing attributes in process `syz.0.6279'. [ 1074.080050][ T8281] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1074.122030][ T8281] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1074.149417][ T8281] bond0 (unregistering): Released all slaves [ 1074.323916][T26035] chnl_net:caif_netlink_parms(): no params data found [ 1074.812076][T26035] bridge0: port 1(bridge_slave_0) entered blocking state [ 1074.826640][T26035] bridge0: port 1(bridge_slave_0) entered disabled state [ 1074.835601][T26035] bridge_slave_0: entered allmulticast mode [ 1074.868640][T26035] bridge_slave_0: entered promiscuous mode [ 1075.015865][T26035] bridge0: port 2(bridge_slave_1) entered blocking state [ 1075.036579][T26035] bridge0: port 2(bridge_slave_1) entered disabled state [ 1075.043817][T26035] bridge_slave_1: entered allmulticast mode [ 1075.059665][T26035] bridge_slave_1: entered promiscuous mode [ 1075.656673][ T30] INFO: task syz.1.5644:24016 blocked for more than 143 seconds. [ 1075.664455][ T30] Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1075.672673][ T54] Bluetooth: hci2: command tx timeout [ 1075.688554][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1075.981286][T26097] coredump: 365(syz.0.6281): interrupted: fatal signal pending [ 1075.996494][T26097] coredump: 365(syz.0.6281): Error writing out the process memory [ 1076.004390][T26097] coredump: 365(syz.0.6281): written to core: VMAs: 36, size 97738752; core: 7148598 bytes, pos 7655424 [ 1076.129667][T26110] coredump: 373(syz.0.6281): interrupted: fatal signal pending [ 1076.143704][T26110] coredump: 373(syz.0.6281): written to core: VMAs: 50, size 98656256; core: 9672518 bytes, pos 11034624 [ 1076.205830][ T30] task:syz.1.5644 state:D stack:26992 pid:24016 tgid:24015 ppid:22389 flags:0x00000004 [ 1076.218174][ T30] Call Trace: [ 1076.221494][ T30] [ 1076.224446][ T30] __schedule+0xed6/0x5920 [ 1076.228991][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1076.234239][ T30] ? __pfx___schedule+0x10/0x10 [ 1076.239222][ T30] ? schedule+0x298/0x350 [ 1076.243579][ T30] ? __pfx_lock_release+0x10/0x10 [ 1076.249069][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1076.254320][ T30] schedule+0xe7/0x350 [ 1076.258851][ T30] schedule_timeout+0x258/0x2a0 [ 1076.263733][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 1076.269192][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1076.274424][ T30] __wait_for_common+0x3e1/0x600 [ 1076.279476][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 1076.284884][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 1076.290462][ T30] ? __pfx_try_to_wake_up+0x10/0x10 [ 1076.295707][ T30] wait_for_completion_state+0x1c/0x40 [ 1076.301443][ T30] do_coredump+0x833/0x46e0 [ 1076.305971][ T30] ? stack_depot_save_flags+0x28/0x900 [ 1076.311563][ T30] ? __pfx_do_coredump+0x10/0x10 [ 1076.316624][ T30] ? kmem_cache_free+0x152/0x4b0 [ 1076.321597][ T30] ? syscall_exit_to_user_mode+0x150/0x2a0 [ 1076.327492][ T30] ? do_syscall_64+0xda/0x250 [ 1076.332212][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.338457][ T30] get_signal+0x2393/0x27a0 [ 1076.343000][ T30] ? __pfx_get_signal+0x10/0x10 [ 1076.348318][ T30] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1076.354162][ T30] ? force_sig_info_to_task+0x3a0/0x660 [ 1076.360192][ T30] arch_do_signal_or_restart+0x90/0x7e0 [ 1076.365782][ T30] ? __pfx_force_exit_sig+0x10/0x10 [ 1076.371101][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1076.377385][ T30] syscall_exit_to_user_mode+0x150/0x2a0 [ 1076.383061][ T30] do_syscall_64+0xda/0x250 [ 1076.387653][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.393584][ T30] RIP: 0033:0x7f103c57df39 [ 1076.398115][ T30] RSP: 002b:00007f103d2f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1076.406607][ T30] RAX: ffffffffffffffda RBX: 00007f103c735f88 RCX: 00007f103c57df39 [ 1076.414602][ T30] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f103c735f8c [ 1076.424274][ T30] RBP: 00007f103c735f80 R08: 00007f103d2f7080 R09: 0000000000000000 [ 1076.432486][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f103c735f8c [ 1076.440572][ T30] R13: 0000000000000000 R14: 00007ffcc352c880 R15: 00007ffcc352c968 [ 1076.449027][ T30] [ 1076.452118][ T30] [ 1076.452118][ T30] Showing all locks held in the system: [ 1076.460436][ T30] 3 locks held by kworker/u8:0/11: [ 1076.465571][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1212/0x1b30 [ 1076.476879][ T30] #1: ffffc90000107d80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 1076.487383][ T30] #2: ffffffff8fac1d28 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0x51/0xc0 [ 1076.496599][ T30] 1 lock held by khungtaskd/30: [ 1076.501469][ T30] #0: ffffffff8ddb7580 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 1076.511452][ T30] 3 locks held by kworker/u8:2/35: [ 1076.516645][ T30] #0: ffff8881452ba948 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_one_work+0x1212/0x1b30 [ 1076.527534][ T30] #1: ffffc90000ab7d80 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 1076.541211][ T30] #2: ffffffff8fac1d28 (rtnl_mutex){+.+.}-{3:3}, at: cfg80211_dfs_channels_update_work+0xd0/0x640 [ 1076.552484][ T30] 2 locks held by kworker/u8:7/2903: [ 1076.558264][ T30] 1 lock held by dhcpcd/4895: [ 1076.562960][ T30] #0: ffffffff8fac1d28 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x1c1/0x1e10 [ 1076.572243][ T30] 2 locks held by getty/4982: [ 1076.576984][ T30] #0: ffff88802eb2f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1076.586864][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 [ 1076.597140][ T30] 3 locks held by kworker/u8:8/8281: [ 1076.602445][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1212/0x1b30 [ 1076.612915][ T30] #1: ffffc900107cfd80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 1076.623190][ T30] #2: ffffffff8faac110 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xb40 [ 1076.632657][ T30] 1 lock held by syz.3.4989/21613: [ 1076.637940][ T30] 3 locks held by syz-executor/21735: [ 1076.643324][ T30] #0: ffff888061b8cd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 1076.653079][ T30] #1: ffff888061b8c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x2ef/0x11d0 [ 1076.663255][ T30] #2: ffffffff8fd27288 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xc4/0x260 [ 1076.673735][ T30] 1 lock held by syz.1.5644/24023: [ 1076.678936][ T30] 4 locks held by syz-executor/25179: [ 1076.684315][ T30] #0: ffffffff8dece410 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x36c/0x2550 [ 1076.693206][ T30] #1: ffff888061f83118 (&mm->mmap_lock){++++}-{3:3}, at: copy_mm+0x38a/0x2550 [ 1076.702619][ T30] #2: ffff88807f8ba798 (&mm->mmap_lock/1){+.+.}-{3:3}, at: copy_mm+0x3dd/0x2550 [ 1076.711883][ T30] #3: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_store+0x737/0x1fe0 [ 1076.721583][ T30] 3 locks held by syz.1.6165/25762: [ 1076.726873][ T30] #0: ffff8880656ec420 (sb_writers#5){.+.+}-{0:0}, at: get_signal+0x2393/0x27a0 [ 1076.736068][ T30] #1: ffff88806a70bd90 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x86/0x140 [ 1076.747379][ T30] #2: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_store+0x737/0x1fe0 [ 1076.757423][ T30] 3 locks held by syz.1.6165/25764: [ 1076.762637][ T30] #0: ffff8880656ec420 (sb_writers#5){.+.+}-{0:0}, at: get_signal+0x2393/0x27a0 [ 1076.772266][ T30] #1: ffff8880682b4aa0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x86/0x140 [ 1076.783624][ T30] #2: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_store+0x737/0x1fe0 [ 1076.793377][ T30] 3 locks held by syz.1.6167/25784: [ 1076.798692][ T30] #0: ffff8880656ec420 (sb_writers#5){.+.+}-{0:0}, at: get_signal+0x2393/0x27a0 [ 1076.807957][ T30] #1: ffff88804e6529f8 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x86/0x140 [ 1076.819292][ T30] #2: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_store+0x737/0x1fe0 [ 1076.828974][ T30] 3 locks held by syz.1.6178/25804: [ 1076.834180][ T30] 2 locks held by syz.1.6178/25806: [ 1076.839487][ T30] 3 locks held by syz.1.6178/25807: [ 1076.844699][ T30] #0: ffff8880656ec420 (sb_writers#5){.+.+}-{0:0}, at: get_signal+0x2393/0x27a0 [ 1076.853974][ T30] #1: ffff8880383a9660 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x86/0x140 [ 1076.865664][ T30] #2: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_store+0x737/0x1fe0 [ 1076.875882][ T30] 3 locks held by syz.1.6178/25809: [ 1076.881153][ T30] #0: ffff8880656ec420 (sb_writers#5){.+.+}-{0:0}, at: get_signal+0x2393/0x27a0 [ 1076.890430][ T30] #1: ffff88806576a370 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x86/0x140 [ 1076.901714][ T30] #2: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_store+0x737/0x1fe0 [ 1076.911410][ T30] 3 locks held by syz.1.6206/25890: [ 1076.916676][ T30] #0: ffff8880656ec420 (sb_writers#5){.+.+}-{0:0}, at: get_signal+0x2393/0x27a0 [ 1076.925870][ T30] #1: ffff88807cc09660 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x86/0x140 [ 1076.937293][ T30] #2: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_store+0x737/0x1fe0 [ 1076.947092][ T30] 2 locks held by syz-executor/26035: [ 1076.952472][ T30] #0: ffffffff8fac1d28 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1076.962381][ T30] #1: ffffffff8ddc2ef8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x282/0x3b0 [ 1076.972849][ T30] 3 locks held by syz.3.6274/26065: [ 1076.978179][ T30] #0: ffff88806641edf0 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_exit_release+0x2a/0x220 [ 1076.988731][ T30] #1: ffff88807c9c3a98 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x3a9/0x6a0 [ 1076.998874][ T30] #2: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_decompress+0x14f/0x840 [ 1077.008887][ T30] 2 locks held by syz.3.6274/26066: [ 1077.014090][ T30] #0: ffff88807c9c3a98 (&mm->mmap_lock){++++}-{3:3}, at: collapse_huge_page+0x4d6/0x30b0 [ 1077.024278][ T30] #1: ffffe8ffffc17f38 (&acomp_ctx->mutex){+.+.}-{3:3}, at: zswap_store+0x737/0x1fe0 [ 1077.034056][ T30] 1 lock held by syz.0.6281/26110: [ 1077.039251][ T30] #0: ffffffff8ddc2ef8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x1a4/0x3b0 [ 1077.049352][ T30] [ 1077.051687][ T30] ============================================= [ 1077.051687][ T30] [ 1077.060190][ T30] NMI backtrace for cpu 1 [ 1077.064529][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1077.074700][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1077.084759][ T30] Call Trace: [ 1077.088036][ T30] [ 1077.090964][ T30] dump_stack_lvl+0x116/0x1f0 [ 1077.095663][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 1077.100606][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1077.106596][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1077.112581][ T30] watchdog+0xf0c/0x1240 [ 1077.116835][ T30] ? __pfx_watchdog+0x10/0x10 [ 1077.121538][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1077.126755][ T30] ? __kthread_parkme+0x148/0x220 [ 1077.131788][ T30] ? __pfx_watchdog+0x10/0x10 [ 1077.136477][ T30] kthread+0x2c1/0x3a0 [ 1077.140558][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1077.145767][ T30] ? __pfx_kthread+0x10/0x10 [ 1077.150361][ T30] ret_from_fork+0x45/0x80 [ 1077.154789][ T30] ? __pfx_kthread+0x10/0x10 [ 1077.159379][ T30] ret_from_fork_asm+0x1a/0x30 [ 1077.164162][ T30] [ 1077.167666][ T30] Sending NMI from CPU 1 to CPUs 0: [ 1077.172893][ C0] NMI backtrace for cpu 0 [ 1077.172906][ C0] CPU: 0 UID: 0 PID: 21613 Comm: syz.3.4989 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1077.172931][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1077.172942][ C0] RIP: 0010:sha256_transform_rorx+0x6cd/0x1120 [ 1077.172969][ C0] Code: 45 01 ef c5 fd 70 d0 50 44 09 e6 45 01 f1 44 01 fb 45 01 f9 41 01 f1 44 89 ce c4 63 7b f0 eb 19 c4 63 7b f0 f3 0b 03 54 3c 4c <44> 09 de c5 a5 72 d2 0a 41 89 cf c4 43 7b f0 e1 0d 45 31 f5 45 31 [ 1077.172989][ C0] RSP: 0018:ffffc90002eaf200 EFLAGS: 00000203 [ 1077.173006][ C0] RAX: 00000000fa7b593c RBX: 000000006f7f31fd RCX: 00000000729a0d89 [ 1077.173020][ C0] RDX: 0000000025e0cd9d RSI: 0000000000edba92 RDI: 0000000000000100 [ 1077.173034][ C0] RBP: ffffc90002eaf420 R08: 00000000e8ea7149 R09: 0000000000edba92 [ 1077.173048][ C0] R10: 00000000dbf66d12 R11: 00000000253e9663 R12: 00000000da724910 [ 1077.173062][ C0] R13: 00000000bf98feb7 R14: 000000003fadefe6 R15: 0000000046d17349 [ 1077.173076][ C0] FS: 00007f1afaca06c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1077.173098][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1077.173113][ C0] CR2: 00005627cc5e8058 CR3: 0000000067100000 CR4: 00000000003506f0 [ 1077.173127][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1077.173140][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1077.173153][ C0] Call Trace: [ 1077.173160][ C0] [ 1077.173168][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 1077.173193][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1077.173220][ C0] ? nmi_handle+0x1a9/0x5c0 [ 1077.173240][ C0] ? sha256_transform_rorx+0x6cd/0x1120 [ 1077.173265][ C0] ? default_do_nmi+0x6a/0x160 [ 1077.173287][ C0] ? exc_nmi+0x170/0x1e0 [ 1077.173306][ C0] ? end_repeat_nmi+0xf/0x53 [ 1077.173336][ C0] ? sha256_transform_rorx+0x6cd/0x1120 [ 1077.173357][ C0] ? sha256_transform_rorx+0x6cd/0x1120 [ 1077.173378][ C0] ? sha256_transform_rorx+0x6cd/0x1120 [ 1077.173399][ C0] [ 1077.173405][ C0] [ 1077.173431][ C0] ? integrity_kernel_read+0x7f/0xb0 [ 1077.173460][ C0] _sha256_update+0x17e/0x220 [ 1077.173481][ C0] ? __pfx_sha256_transform_rorx+0x10/0x10 [ 1077.173503][ C0] ima_calc_file_hash_tfm+0x302/0x3e0 [ 1077.173527][ C0] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 1077.173564][ C0] ? hlock_class+0x4e/0x130 [ 1077.173586][ C0] ? __lock_acquire+0x163e/0x3ce0 [ 1077.173612][ C0] ? ima_alloc_tfm+0x21d/0x2d0 [ 1077.173632][ C0] ? generic_fillattr+0x663/0x8c0 [ 1077.173656][ C0] ima_calc_file_hash+0x1ba/0x490 [ 1077.173681][ C0] ima_collect_measurement+0x8a7/0xa10 [ 1077.173703][ C0] ? process_measurement+0x70a/0x2370 [ 1077.173728][ C0] ? __pfx_ima_collect_measurement+0x10/0x10 [ 1077.173759][ C0] ? rcu_is_watching+0x12/0xc0 [ 1077.173780][ C0] ? trace_contention_end+0xea/0x140 [ 1077.173808][ C0] ? is_bad_inode+0xd/0x40 [ 1077.173832][ C0] ? xattr_resolve_name+0x27b/0x3f0 [ 1077.173860][ C0] ? vfs_getxattr_alloc+0xf1/0x340 [ 1077.173889][ C0] ? ima_get_hash_algo+0x27d/0x410 [ 1077.173908][ C0] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 1077.173930][ C0] ? process_measurement+0x1271/0x2370 [ 1077.173951][ C0] process_measurement+0x1271/0x2370 [ 1077.173976][ C0] ? __pfx_process_measurement+0x10/0x10 [ 1077.174000][ C0] ? find_held_lock+0x2d/0x110 [ 1077.174022][ C0] ? aa_file_perm+0x4c6/0xfe0 [ 1077.174041][ C0] ? __pfx_lock_release+0x10/0x10 [ 1077.174076][ C0] ? __pfx_aa_file_perm+0x10/0x10 [ 1077.174098][ C0] ? lockdep_init_map_type+0x16d/0x7d0 [ 1077.174127][ C0] ima_file_mmap+0x1b1/0x1d0 [ 1077.174147][ C0] ? __pfx_ima_file_mmap+0x10/0x10 [ 1077.174171][ C0] security_mmap_file+0x8bd/0x990 [ 1077.174191][ C0] vm_mmap_pgoff+0xdb/0x360 [ 1077.174217][ C0] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1077.174245][ C0] ? hugetlbfs_get_inode+0x32d/0x530 [ 1077.174275][ C0] ksys_mmap_pgoff+0x1c8/0x5c0 [ 1077.174298][ C0] __x64_sys_mmap+0x125/0x190 [ 1077.174319][ C0] do_syscall_64+0xcd/0x250 [ 1077.174346][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1077.174372][ C0] RIP: 0033:0x7f1af9f7df39 [ 1077.174389][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1077.174408][ C0] RSP: 002b:00007f1afaca0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1077.174427][ C0] RAX: ffffffffffffffda RBX: 00007f1afa135f80 RCX: 00007f1af9f7df39 [ 1077.174442][ C0] RDX: 00004000000000df RSI: 0080000000000005 RDI: 0000000000000000 [ 1077.174456][ C0] RBP: 00007f1af9ff0216 R08: 0000000000000401 R09: 0000300000000000 [ 1077.174470][ C0] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1077.174483][ C0] R13: 0000000000000000 R14: 00007f1afa135f80 R15: 00007fffbe965c18 [ 1077.174503][ C0] [ 1077.174895][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1077.648682][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 1077.658839][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1077.668895][ T30] Call Trace: [ 1077.672190][ T30] [ 1077.675124][ T30] dump_stack_lvl+0x3d/0x1f0 [ 1077.679746][ T30] panic+0x71d/0x800 [ 1077.683653][ T30] ? __pfx_panic+0x10/0x10 [ 1077.688083][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1077.693466][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1077.699458][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1077.704833][ T30] ? watchdog+0xd76/0x1240 [ 1077.709256][ T30] ? watchdog+0xd69/0x1240 [ 1077.713680][ T30] watchdog+0xd87/0x1240 [ 1077.717933][ T30] ? __pfx_watchdog+0x10/0x10 [ 1077.722614][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1077.727922][ T30] ? __kthread_parkme+0x148/0x220 [ 1077.732951][ T30] ? __pfx_watchdog+0x10/0x10 [ 1077.737641][ T30] kthread+0x2c1/0x3a0 [ 1077.741717][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1077.746925][ T30] ? __pfx_kthread+0x10/0x10 [ 1077.751523][ T30] ret_from_fork+0x45/0x80 [ 1077.755954][ T30] ? __pfx_kthread+0x10/0x10 [ 1077.760581][ T30] ret_from_fork_asm+0x1a/0x30 [ 1077.765365][ T30] [ 1077.768614][ T30] Kernel Offset: disabled [ 1077.772931][ T30] Rebooting in 86400 seconds..