last executing test programs: 4.243037788s ago: executing program 3 (id=849): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2b, 0x1, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x8, 0x6}, 0x7, 0x0, 0x0, 0x8) sendmmsg$auto(r0, 0x0, 0x1, 0x20000000) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0xc5, 0x40000000400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r2 = socket(0xa, 0x2, 0x0) r3 = socket(0xa, 0x3, 0xff) connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x5) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) mmap$auto(0x0, 0x40000000400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0xefffffffffffffff, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) madvise$auto(0x0, 0xffffffffffff0004, 0x19) r4 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r2) r5 = getpgid$auto(0x0) sendmsg$auto_IPVS_CMD_SET_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001980)=ANY=[@ANYBLOB="f4f90000", @ANYRES16=r4, @ANYBLOB="200025bd7000fddbdf25b50c0000000800060005000000ee0503800ae556ea96b6aac20a2df353bb08ecd46a7f933d1b2db8ce9af498e5ff3a90bfe88cc0b1e2e58b0f02ef589c88720e1e867e4da84e9bd27e4e7c2e138ed9b259006d0495ac1d03abe76afce408df49a9a4d2c79e8416718b6ea62d96bfe4d485b5898da01e69d213069313429fe114911f46d2484000023f80680143806101a7801cfc6de9d8cae98551bfcd02df4c94773fd3f632a92d2e90b87abffc0e9853e06f4681f6c55f1ab08119ada0bfe2b5279869a4d49f99dc73a8f8194af0e291a6c5771dc9b1a071607078fc1a4a2e7f0244eed52736d551bca314cd49b3a8ef473ac1a4897a6153a40800410003000000a903c1b8f22f356617557e15b691eccbc398932491320563ac342a2ab95288925367655e973e7762411be12636f4cf45d53fc66e9b0c150f18ac002500d9f0c83aa09f9b26dd9f933a27e63bc0a0422842679ff85778f553a1bad064afde204f0f843ef8d9dc897d18723cbf6c36aa776191d67d0580e2e0132d66ffad549d7c6de3f03f805627c97d2d6cb142253e5e62cd66c6bad6b4c0bf150a4a1152eab5ae606b76499bfa83ed82637fb80cfff5834c1e49fa94aa1ea07bb570a6402025c58d6e4dfd3a1f4c60fef9eb157ea294b9be46c9114559c0cb86c4ba34d6bce211319d8ba700000004005e801b6180a9a251a5f7309b5b6b8af06ed32ba9a6c9b4845494259b2eee6bf6aceccc80f3c1ac1e002fbb719b8a15e2fe559c7c038ef05802e35f6c3566675751865ee538b9e57ac3c3ac0668a4b3929be439d1ef4cdd24c7415036f9d02f18333fe5fccf1ccb5a61d1e047fa29c9119ab9bbea68f91fc936910e843c7c568c765383c07ce45c309fbf64924e2567db900905537a8003e022f7a04412004b002f6465762f736e617073686f740000000800100000000000000000001ac9e7fa18a431e7722bb11e68f197a5fe5897e29374950e1f12804c6a72fcda8695f6a3b880fdb1f37fe83ff3971ea5d4a81aa00ec4943566d0d9951ff1355418efb711ebde43", @ANYRES32=r5, @ANYBLOB="627d93aa42f40ad39e72806204876c62645d32e22db38cf26b22937449b0acd596f82d21bbab5d200dbe014bca9443d8ef194821a06d9151f0027a098a56ce0fe0fb799d8437668b53f1752dcb19744e1fc8cd0000005e0057801400cf00ff0200000000000000000000000000011400a30020010000000000000000000000000002040053800baa9962d832bfc7a1598f73f290676159d5d963f0ef3f3694e8c4769e09a76a5681c9ac27bac98715719137d62e00005b4616330f58eec7166fdb5686acea5e1073d07a6eb7b91e3eb3ad97fb23c2aa1e37e9c9253c0115d7c961fed3edb90a3043132ec20bdf79be7ae10344c3f520acf5783d0eb3c0e11c56c454f6919da28e35da492fd3bd376918d0d1db7541fe3db6ce2b222834198cbee80a7b8b144af6a3fea938b06a01046b00b17c01cfd1230a8c25de9c6f31e39a6bcfad2f409551b2465a4c1003d3a46dc8740e9d4e1794644249f256fb7ba7b4475e04825ebcdadeb3d0824157cddbcb471d53880652048b58569b6e4c33ce64cb48ab36673752d6980118e2b398045597a158fb9fcc22e5ba4cdb205e8980f4ca5620bc9270655998e15fd4623e70d35bb1c3c2d4386f44f98217d65dc1b99d0995bb4e2f1eecf67e42a1d61f4e23ea7292fa8f0b334f8861a5905219476eac17430e2a6298df7834dd39fea33d5140246b3c8cede37cc5d84006fce1b686f9aa64fbd490f5bdb6e8810f2a4e40acf51b7192f79459045decef991664c54e804cd59dc129e5f055bd68b324e3ce75bb3e4f7e12a5b3c9a7022868b3de8ec536b30525e4728d360702f8d5b0e5ddfdaefc630b8e9dcec51b6492186a79401903db258e75a34ca1c0f85639b3bdb06d35b5d220556679c0e28bdd894e299d6260a47e11406008a472f6a9725b9fef7c39d86f448a815b8fe2272c001580dc641df00c5037ab80751ccffa98cf32a2937c8ff7aa7c751f859c9c5fba646cfa7737c23e8006000800ae00", @ANYRES32=r5, @ANYBLOB="81b8b1fc1c32599be89ba74119c806ea27f3aa5e9c5679a312270e7e81db4890806dea78fbeef252fe7f1b53f45998db15af37e140c0980a2d7fbcd426c4d79699daf726d795c9ee038fbb00977b0cb662122831dd9d93cd3f297d8ba7f0c40aa0be2f15b6a064c90ed84f6e5fbe01f3bf592c3a924602291753fa87cf056ef96dc23104d826ebf0cb14701dd5813e1178921f931c47eb0000e8000280b0009280d4ad4d603c22496113937a8eaa783c1c540b4fee3e91dd97e7e7c707d5c6824da6f81cd4ccfaa1e0192047d92a084580d8d3dcec9e0e1f05aaec27e0061c3bc62f4e2956b774100f323c35da387294d9002cdfc7442311ac9be9543f563477c79fa349fab57e1367f10dbcd33bf486e3e1c04b1bec3231ac4c345e364b8096f1b0b51235e4aa6a8610394439291a753b17c79af7e4bdc46ab8d125d52252171da528cd26fdd0be3f74ecc8f5532c16efa56127ece7fbd51bcfa70b735c7ec1c7afce1a743fcd7567f897de394a1b1e2de669ac1e3c1470ddc986a2e6e4bb6e498e2f568aef08b480bd3b00d0e54a32c271bd9e0950879da3e4c2737fd5fd44e543218a59c7f881c65321dd4af1bf71e7cbcb6258f92b70aa9f5b42168e0fb3273f3d219acd5934c09434a1ec69b329d43e09aeaf5573da3a5de096194513fdafa12d414f66eeb09795b6bd90d9eb8fd276560709fbbd86917aeb46c19debac1e54cec7edc0917120e83aa3c73a52726b0943d667f8bd29865e9ec3a27d64db9d2ddd3b989d839b78", @ANYBLOB="13a27c7448b69fc643ef984460b69ed113398e933d50ced3f038"], 0x6f4}}, 0x24048038) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 4.218659896s ago: executing program 0 (id=850): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010029bd7100f9db73216d5e000008000300"], 0x24}, 0x1, 0x0, 0x0, 0x404c0c1}, 0x80) 4.015305959s ago: executing program 2 (id=853): mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto(0xffffffffffffffff, &(0x7f0000000100)='\x00', 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x651001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x7d31, 0xfbfffffffffefffd, 0x17) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4040804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x10040000000000e, 0x402, 0x40000402, 0x7ffffffb, 0x9, 0xffffffff80000000, 0x9, 0x7, 0x200000100103}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 3.898825897s ago: executing program 0 (id=854): write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000001240)='\t', 0x1) 3.700789555s ago: executing program 0 (id=856): r0 = socket(0xa, 0x5, 0x84) sendto$auto(r0, 0x0, 0x401, 0x8, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb80000000000f00"}, 0x1c) 3.53770185s ago: executing program 0 (id=858): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x402, 0x8000) r0 = socket(0xa, 0x3, 0x4) getsockopt$auto(r0, 0xff, 0x7, 0x0, 0x0) r1 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/apparmor/current\x00', 0x2, 0x0) setsockopt$auto(r1, 0x9, 0x4, &(0x7f0000000080)='.&!E\'^\x00', 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000400), r2) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x1c, r3, 0x305, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x34044040}, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x18b042, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/dummy0/mtu\x00', 0xe3102, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi0\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r4 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) r5 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0x28, r5, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x8001}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004091}, 0x40850) io_uring_enter$auto(r4, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/shm\x00', 0x1a3000, 0x0) r6 = socket(0x10, 0x1, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRESDEC=r6, @ANYBLOB="10002ca4706b67dbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004814) 3.219067856s ago: executing program 3 (id=860): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) (rerun: 32) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) (async) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2e, 0x25dfdbfa, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x2}]}, 0x1c}}, 0x4044820) 2.776077003s ago: executing program 2 (id=862): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) pivot_root$auto(0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r2 = io_uring_setup$auto(0x1, 0x0) socket(0xf, 0xa, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r1, 0x0, 0x4008080) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) ioctl$auto_RNDADDENTROPY2(r2, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x43, 0x65c, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x9, 0x6, 0x10003, 0x83, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/v4l-subdev3\x00', 0x169000, 0x0) open(0x0, 0x96041, 0x1d5) semctl$auto_SETVAL(0x80000003, 0xfffffff8, 0x10, 0x7f3) 2.745282564s ago: executing program 1 (id=863): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/perf_event_max_sample_rate\x00', 0x1181, 0x0) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ab, &(0x7f0000000100)={&(0x7f0000000040)='L', 0x49}, 0x1, &(0x7f0000000040), 0x4c, 0x1}, 0x5}, 0x2, 0x100) 2.668488132s ago: executing program 3 (id=864): unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x22240, 0x155) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), r2) r4 = socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) getsockopt$auto(r4, 0x84, 0x7a, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) ioctl$auto__ctl_fops_dm_ioctl(r0, 0x6, &(0x7f00000001c0)="870036845e1499511c05a041eb1b37f073104bd8be29a9d905f869aa3005974b51fec9293c2b067f8284800df28700cb9cedaaa7f58d078871542f23b38bc5d6ae96619d499bec666be2354a7e056d7fa339fbdd4a1b5589b5e47a54a8e13fe9b9ca08b2fd589f94fbdbe2c6d76d942da1b5f8e0811b2303288b032636a9008c974bcb913b8368087a8652968a13c3008d0ba35c8f9b01ebefde67b83da6f2cb7f39e1ecf5057561ac46f0a4371e4428f4e5108ccfbfd01428e740a7d8cf8b67205124f4ca5fcf5c89c1773eb6") sendmsg$auto_BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="f38327b97000fedbdf250500000008000300", @ANYRES32=r5], 0x1c}}, 0x4008000) socket$nl_generic(0x10, 0x3, 0x5) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace\x00', 0x101501, 0x0) write$auto(0x3, 0x0, 0x81) read$auto(0x3, 0x0, 0x7) 2.572338914s ago: executing program 1 (id=865): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) pivot_root$auto(0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r2 = io_uring_setup$auto(0x1, 0x0) socket(0xf, 0xa, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r1, 0x0, 0x4008080) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) ioctl$auto_RNDADDENTROPY2(r2, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x43, 0x65c, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x9, 0x6, 0x10003, 0x83, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/v4l-subdev3\x00', 0x169000, 0x0) open(0x0, 0x96041, 0x1d5) semctl$auto_SETVAL(0x80000003, 0xfffffff8, 0x10, 0x7f3) 1.846043902s ago: executing program 1 (id=866): r0 = socket(0xa, 0x5, 0x84) bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x6, 0x4, 0xffffffffffffffff, @relative_fd=r0, 0xd}, 0xa3) sendto$auto(r0, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe800000000000f5"}, 0x1c) 1.834962267s ago: executing program 3 (id=867): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) bind$auto(r0, &(0x7f0000000000)=@can, 0x6a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r2}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.556344652s ago: executing program 1 (id=868): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) ioctl$auto(r1, 0x4b32, 0xffffffffffffffff) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x401f, 0x1, 0x8e051, r0, 0x0) bpf$auto(0xd, 0x0, 0x6f5) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/nfs/parameters/nfs_mountpoint_expiry_timeout\x00', 0xa001, 0x0) write$auto(r2, &(0x7f0000000040)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x2, 0x0, 0x3}, 0x6f3) r3 = pidfd_open$auto(0x1, 0x0) setns(r3, 0x60020000) 1.449064321s ago: executing program 0 (id=869): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) pivot_root$auto(0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r2 = io_uring_setup$auto(0x1, 0x0) socket(0xf, 0xa, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r1, 0x0, 0x4008080) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) ioctl$auto_RNDADDENTROPY2(r2, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x43, 0x65c, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x9, 0x6, 0x10003, 0x83, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r3 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/v4l-subdev3\x00', 0x169000, 0x0) open(0x0, 0x96041, 0x1d5) semctl$auto_SETVAL(0x80000003, 0xfffffff8, 0x10, 0x7f3) 1.448098309s ago: executing program 3 (id=870): mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto(0xffffffffffffffff, &(0x7f0000000100)='\x00', 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x651001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x7d31, 0xfbfffffffffefffd, 0x17) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4040804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x10040000000000e, 0x402, 0x40000402, 0x7ffffffb, 0x9, 0xffffffff80000000, 0x9, 0x7, 0x200000100103}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 1.304776301s ago: executing program 1 (id=871): mmap$auto(0x0, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto(0xffffffffffffffff, &(0x7f0000000100)='\x00', 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x651001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) select$auto(0x0, 0x0, 0x0, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x3, 0x0) chdir$auto(&(0x7f0000000280)='}[,&*}\x00') creat$auto(0x0, 0x0) 1.035107722s ago: executing program 2 (id=872): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x40802, 0x0) r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r1, 0x0, 0x1) write$auto_evm_key_ops_evm_secfs(r0, 0x0, 0xa) 868.669199ms ago: executing program 2 (id=873): sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ab, &(0x7f0000000100)={&(0x7f0000000040)='L', 0x49}, 0x1, &(0x7f0000000040), 0x4c, 0x1}, 0x5}, 0x2, 0x100) 495.191717ms ago: executing program 2 (id=874): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) io_uring_setup$auto(0x9e6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), r0) socket$nl_generic(0x10, 0x3, 0x10) 455.390908ms ago: executing program 0 (id=875): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x3, 0xff) connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x9, 0x0) shutdown$auto(0x200000003, 0x2) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) madvise$auto(0x0, 0xffffffffffff0004, 0x19) getpgid$auto(0x0) sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000001900)={0x20, 0x0, 0x20, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x20}}, 0x4c0a4) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 217.10776ms ago: executing program 3 (id=876): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2b, 0x1, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x8, 0x6}, 0x7, 0x0, 0x0, 0x8) sendmmsg$auto(r0, 0x0, 0x1, 0x20000000) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0xc5, 0x40000000400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r2 = socket(0xa, 0x2, 0x0) r3 = socket(0xa, 0x3, 0xff) connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x5) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) mmap$auto(0x0, 0x40000000400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x1ffff000, 0x7, 0x100000000) mbind$auto(0x0, 0x100000004, 0xefffffffffffffff, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) madvise$auto(0x0, 0xffffffffffff0004, 0x19) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r2) getpgid$auto(0x0) sendmsg$auto_IPVS_CMD_SET_CONFIG(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001980)=ANY=[], 0x6f4}}, 0x24048038) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 40.253225ms ago: executing program 2 (id=877): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r0, 0x80104592, &(0x7f0000000080)={0x2000, 0x800007, 0x5}) io_uring_setup$auto(0x6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000500)='/proc/sys/fs/xfs/stats_clear\x00', 0x1, 0x0) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyb5\x00', 0x48140, 0x0) readv$auto(r1, &(0x7f00000000c0)={0x0, 0x5}, 0x3) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/ptyrf/uevent\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xffffffffffffffff, 0x7ffc) madvise$auto(0x0, 0x1010001, 0x100000003) read$auto(r1, 0x0, 0x2000000000000020) mmap$auto(0xff0f200000000000, 0x400008, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8002) madvise$auto(0xfffffffffffffffd, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x16) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x64) r3 = io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) syz_clone3(&(0x7f0000000380)={0x80400, &(0x7f0000000100)=0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0), {0x2a}, &(0x7f0000000200)=""/237, 0xed, &(0x7f0000000300)=""/43, &(0x7f0000000340)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x4, {r3}}, 0x58) waitid$auto(0xb, r4, &(0x7f0000000400)={@_si_pad}, 0x2, &(0x7f0000000540)={{0x8001, 0x4}, {0x8, 0x100000001}, 0x5, 0x0, 0x6, 0x2, 0x6, 0xffffffffffff60f5, 0x2, 0x380000000000, 0x8000000000000000, 0x2, 0x1000, 0x5, 0xf, 0x1}) 0s ago: executing program 1 (id=878): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop3/queue/wbt_lat_usec\x00', 0x10b001, 0x0) write$auto(r0, &(0x7f0000000180)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (fail_nth: 3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.9' (ED25519) to the list of known hosts. [ 86.748650][ T5831] cgroup: Unknown subsys name 'net' [ 86.866950][ T5831] cgroup: Unknown subsys name 'cpuset' [ 86.876579][ T5831] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.605243][ T5831] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.666913][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.668007][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.675087][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.688921][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.696933][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.704694][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.712280][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.721121][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.729356][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.735462][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.744512][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.754632][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.761984][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.763370][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.780846][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.787506][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.796365][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.805403][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.812573][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.821862][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.313837][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 91.410456][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 91.433305][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 91.561518][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 91.620017][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.627247][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.634625][ T5847] bridge_slave_0: entered allmulticast mode [ 91.641889][ T5847] bridge_slave_0: entered promiscuous mode [ 91.686735][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.694157][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.701618][ T5847] bridge_slave_1: entered allmulticast mode [ 91.709067][ T5847] bridge_slave_1: entered promiscuous mode [ 91.740824][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.749913][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.757350][ T5840] bridge_slave_0: entered allmulticast mode [ 91.765213][ T5840] bridge_slave_0: entered promiscuous mode [ 91.801170][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.808614][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.816444][ T5843] bridge_slave_0: entered allmulticast mode [ 91.824646][ T5843] bridge_slave_0: entered promiscuous mode [ 91.832606][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.840938][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.848905][ T5840] bridge_slave_1: entered allmulticast mode [ 91.856948][ T5840] bridge_slave_1: entered promiscuous mode [ 91.889326][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.908201][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.915670][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.926817][ T5843] bridge_slave_1: entered allmulticast mode [ 91.935124][ T5843] bridge_slave_1: entered promiscuous mode [ 91.962263][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.973968][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.050759][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.099591][ T5847] team0: Port device team_slave_0 added [ 92.151945][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.166015][ T5847] team0: Port device team_slave_1 added [ 92.188213][ T5840] team0: Port device team_slave_0 added [ 92.195073][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.202538][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.210298][ T5841] bridge_slave_0: entered allmulticast mode [ 92.217721][ T5841] bridge_slave_0: entered promiscuous mode [ 92.239563][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.264148][ T5840] team0: Port device team_slave_1 added [ 92.277030][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.285133][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.292273][ T5841] bridge_slave_1: entered allmulticast mode [ 92.299559][ T5841] bridge_slave_1: entered promiscuous mode [ 92.380644][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.388085][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.414371][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.428676][ T5843] team0: Port device team_slave_0 added [ 92.437760][ T5843] team0: Port device team_slave_1 added [ 92.448134][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.455423][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.481662][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.496249][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.505996][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.513277][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.539275][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.569153][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.576264][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.602247][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.621432][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.670452][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.677502][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.703613][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.717665][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.724697][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.750627][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.797974][ T5847] hsr_slave_0: entered promiscuous mode [ 92.804371][ T5847] hsr_slave_1: entered promiscuous mode [ 92.814929][ T5841] team0: Port device team_slave_0 added [ 92.843371][ T5853] Bluetooth: hci2: command tx timeout [ 92.843870][ T5849] Bluetooth: hci3: command tx timeout [ 92.849008][ T5152] Bluetooth: hci1: command tx timeout [ 92.865985][ T5841] team0: Port device team_slave_1 added [ 92.923374][ T5152] Bluetooth: hci0: command tx timeout [ 92.946268][ T5840] hsr_slave_0: entered promiscuous mode [ 92.953630][ T5840] hsr_slave_1: entered promiscuous mode [ 92.959710][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.967430][ T5840] Cannot create hsr debugfs directory [ 92.992082][ T5843] hsr_slave_0: entered promiscuous mode [ 92.998484][ T5843] hsr_slave_1: entered promiscuous mode [ 93.004730][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.012292][ T5843] Cannot create hsr debugfs directory [ 93.064592][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.071561][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.098805][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.146267][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.153600][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.179712][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.399647][ T5841] hsr_slave_0: entered promiscuous mode [ 93.406859][ T5841] hsr_slave_1: entered promiscuous mode [ 93.413052][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.420890][ T5841] Cannot create hsr debugfs directory [ 93.562270][ T5847] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.582255][ T5847] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.620440][ T5847] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.648048][ T5847] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.703723][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.714112][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.731070][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.751803][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.840602][ T5843] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.852101][ T5843] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.863949][ T5843] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.874048][ T5843] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.969537][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.990346][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.000389][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.014932][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.097786][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.147972][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.184867][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.218811][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.229149][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.236625][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.264656][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.271767][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.294376][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.304850][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.311997][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.329194][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.336367][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.401920][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.420655][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.457203][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.464371][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.485647][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.499387][ T3024] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.506526][ T3024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.543986][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.551106][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.587434][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.594650][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.886358][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.924837][ T5152] Bluetooth: hci1: command tx timeout [ 94.927951][ T5849] Bluetooth: hci2: command tx timeout [ 94.930236][ T5853] Bluetooth: hci3: command tx timeout [ 95.004433][ T5152] Bluetooth: hci0: command tx timeout [ 95.022725][ T5840] veth0_vlan: entered promiscuous mode [ 95.049765][ T5840] veth1_vlan: entered promiscuous mode [ 95.131370][ T5840] veth0_macvtap: entered promiscuous mode [ 95.149602][ T5840] veth1_macvtap: entered promiscuous mode [ 95.160262][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.191951][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.209391][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.228398][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.252078][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.260948][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.271050][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.280486][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.290818][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.361542][ T5841] veth0_vlan: entered promiscuous mode [ 95.397997][ T5841] veth1_vlan: entered promiscuous mode [ 95.407366][ T5847] veth0_vlan: entered promiscuous mode [ 95.454613][ T5847] veth1_vlan: entered promiscuous mode [ 95.471152][ T5843] veth0_vlan: entered promiscuous mode [ 95.514547][ T5841] veth0_macvtap: entered promiscuous mode [ 95.537537][ T5843] veth1_vlan: entered promiscuous mode [ 95.549773][ T5841] veth1_macvtap: entered promiscuous mode [ 95.560426][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.579985][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.605422][ T5847] veth0_macvtap: entered promiscuous mode [ 95.622727][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.634224][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.649100][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.669170][ T5847] veth1_macvtap: entered promiscuous mode [ 95.686836][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.697589][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.709038][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.738153][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.748677][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.758780][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.768966][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.781801][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.791172][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.798584][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.811010][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.821331][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.831813][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.844531][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.855656][ T5843] veth0_macvtap: entered promiscuous mode [ 95.886176][ T5843] veth1_macvtap: entered promiscuous mode [ 95.908528][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.919680][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.929635][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.940335][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.952141][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.006933][ T5847] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.018664][ T5847] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.028939][ T5847] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.037927][ T5847] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.072252][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.096988][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.108784][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.118834][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.129558][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.139634][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.150190][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.161613][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.177976][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.186047][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.220236][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.237378][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.249449][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.270191][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.281368][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.292420][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.304819][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.365513][ T5843] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.374486][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.374522][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.398919][ T5843] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.408419][ T5843] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.420522][ T5843] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.517296][ T3024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.538942][ T3024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.730774][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.751649][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.771346][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.796977][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.929036][ T10] cfg80211: failed to load regulatory.db [ 97.003812][ T5152] Bluetooth: hci2: command tx timeout [ 97.009568][ T5853] Bluetooth: hci1: command tx timeout [ 97.009579][ T5849] Bluetooth: hci3: command tx timeout [ 97.083612][ T5152] Bluetooth: hci0: command tx timeout [ 97.115640][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.176056][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.213479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.268741][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 97.433238][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.441874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.503377][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 98.133276][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.160084][ T5922] ptrace attach of "./syz-executor exec"[5847] was attempted by "./syz-executor exec"[5922] [ 98.371744][ T5939] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.723117][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.732050][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 98.741078][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.749711][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.083388][ T5152] Bluetooth: hci3: command tx timeout [ 99.083581][ T5853] Bluetooth: hci2: command tx timeout [ 99.088819][ T5152] Bluetooth: hci1: command tx timeout [ 99.172946][ T5152] Bluetooth: hci0: command tx timeout [ 99.350254][ T5945] ptrace attach of "./syz-executor exec"[5847] was attempted by "./syz-executor exec"[5945] [ 100.110691][ T5963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe00 [ 100.159646][ T5963] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 100.221612][ T5963] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 100.257195][ T5963] page_type: f5(slab) [ 100.261256][ T5963] raw: 00fff00000000040 ffff8881404088c0 dead000000000122 0000000000000000 [ 100.368079][ T5963] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 100.432387][ T5967] could not allocate digest TFM handle binfmt_misc [ 100.550828][ T5963] head: 00fff00000000040 ffff8881404088c0 dead000000000122 0000000000000000 [ 100.625311][ T5963] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 100.634140][ T5963] head: 00fff00000000002 ffffea0001ff8001 00000000ffffffff 00000000ffffffff [ 100.642958][ T5963] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 100.651666][ T5963] page dumped because: unmovable page [ 100.657186][ T5963] page_owner tracks the page as allocated [ 100.663542][ T5963] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5226, tgid 5226 (udevadm), ts 41243483999, free_ts 33675694293 [ 100.689449][ T5963] post_alloc_hook+0x181/0x1b0 [ 100.704799][ T5963] get_page_from_freelist+0x135c/0x3920 [ 100.718809][ T5963] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 100.770686][ T5963] alloc_pages_mpol+0x1fb/0x550 [ 100.835023][ T5963] new_slab+0x244/0x340 [ 100.839348][ T5963] ___slab_alloc+0xd9c/0x1940 [ 100.951861][ T5963] __slab_alloc.constprop.0+0x56/0xb0 [ 101.002318][ T5963] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 101.056388][ T5963] alloc_inode+0xc3/0x240 [ 101.087274][ T5963] iget_locked+0x2e4/0x830 [ 101.091804][ T5963] kernfs_get_inode+0x48/0x460 [ 101.126143][ T5963] kernfs_iop_lookup+0x1a7/0x2d0 [ 101.131248][ T5963] __lookup_slow+0x24e/0x460 [ 101.164285][ T5963] walk_component+0x353/0x5b0 [ 101.169139][ T5963] path_lookupat+0x17e/0x780 [ 101.217581][ T5963] filename_lookup+0x224/0x5f0 [ 101.222502][ T5963] page last free pid 1 tgid 1 stack trace: [ 101.396344][ T5963] __free_frozen_pages+0x69d/0xff0 [ 101.434760][ T5963] free_contig_range+0x135/0x3f0 [ 101.512487][ T5963] destroy_args+0x66f/0x830 [ 101.522971][ T5963] debug_vm_pgtable+0x130e/0x2d50 [ 101.602043][ T5963] do_one_initcall+0x120/0x6e0 [ 101.672886][ T5963] kernel_init_freeable+0x5c2/0x900 [ 101.680691][ T5963] kernel_init+0x1c/0x2b0 [ 101.692867][ T5963] ret_from_fork+0x45/0x80 [ 101.697426][ T5963] ret_from_fork_asm+0x1a/0x30 [ 101.987931][ T5990] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 103.634488][ T6008] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 103.661239][ T6008] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 103.722114][ T6008] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 103.732998][ T6008] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 103.739514][ T6008] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.809876][ T6008] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.825524][ T6008] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 103.874950][ T6008] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.964540][ T6008] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.985429][ T6008] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 103.998649][ T6008] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 104.071073][ T6008] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 105.093485][ T6007] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 105.148756][ T6007] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 105.205235][ T6007] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 105.212027][ T6007] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 106.293371][ T5152] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 106.363663][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 106.959086][ T6059] capability: warning: `syz.2.37' uses 32-bit capabilities (legacy support in use) [ 106.974006][ T6047] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 106.981616][ T6047] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 106.993283][ T6047] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 106.999387][ T6047] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 109.011191][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 109.088531][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 109.089565][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 109.330754][ T5152] Bluetooth: hci0: unexpected event 0x23 length: 127 > 13 [ 109.358675][ T6075] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 109.389192][ T6088] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.413405][ T6075] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 109.420643][ T6075] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 109.428558][ T6075] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 110.209249][ T6108] HfR: entered promiscuous mode [ 110.234743][ T6108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.51'. [ 110.243915][ T6108] HfR: left promiscuous mode [ 110.523669][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 111.483104][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 111.489696][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 111.492994][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 112.133812][ T6133] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 112.140301][ T6133] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 112.148547][ T6133] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 112.155131][ T6133] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 113.493006][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout [ 113.786755][ T6167] HfR: entered promiscuous mode [ 113.893844][ T6173] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 113.905326][ T6173] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 113.951879][ T6173] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 114.055970][ T6173] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 115.173790][ T6198] Zero length message leads to an empty skb [ 115.327965][ T6197] HfR: entered promiscuous mode [ 115.410977][ T6197] netlink: 12 bytes leftover after parsing attributes in process `syz.3.80'. [ 115.420137][ T6197] HfR: left promiscuous mode [ 115.963171][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 115.963202][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 115.969205][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout [ 116.135298][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 117.186059][ T6212] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 117.192764][ T6212] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 117.211867][ T6212] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 117.228293][ T6212] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 118.128012][ T6219] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 118.135394][ T6219] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 118.141542][ T6219] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 118.169537][ T6219] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 118.701992][ T6238] netlink: 28 bytes leftover after parsing attributes in process `syz.3.91'. [ 118.739611][ T6238] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 119.643947][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 120.246958][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 120.258798][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 120.269643][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 120.979956][ T6262] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 121.000506][ T6262] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 121.018633][ T6262] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 121.030685][ T6262] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 121.725302][ T6282] openvswitch: HfR: Dropping previously announced user features [ 122.123920][ T6286] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 122.130601][ T6286] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 122.136789][ T6286] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 122.143566][ T6286] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 123.196569][ T6302] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 123.227656][ T6310] HfR: entered promiscuous mode [ 123.240728][ T6302] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 123.253242][ T6302] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 123.271275][ T6302] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 123.282403][ T6310] netlink: 12 bytes leftover after parsing attributes in process `syz.0.114'. [ 123.292565][ T6310] HfR: left promiscuous mode [ 123.937384][ T6321] HfR: entered promiscuous mode [ 124.773263][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 125.243002][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 125.332927][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 125.336135][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 125.345972][ T6343] netlink: 12 bytes leftover after parsing attributes in process `syz.1.124'. [ 126.641382][ T6361] netlink: 28 bytes leftover after parsing attributes in process `syz.3.130'. [ 127.415327][ T6366] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 127.422537][ T6366] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 127.434702][ T6366] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 127.441082][ T6366] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 127.979206][ T6392] HfR: entered promiscuous mode [ 128.010764][ T6392] netlink: 12 bytes leftover after parsing attributes in process `syz.1.138'. [ 128.053674][ T6392] HfR: left promiscuous mode [ 128.345680][ T6402] netlink: 28 bytes leftover after parsing attributes in process `syz.2.141'. [ 128.475232][ T6402] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 129.113530][ T6394] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 129.127270][ T6394] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 129.150930][ T6394] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 129.159040][ T6394] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 129.696816][ T6423] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 129.716868][ T6423] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 129.733875][ T6423] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 129.762122][ T6423] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 131.724333][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 131.730432][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 131.803169][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 131.810374][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 132.431633][ T6472] openvswitch: HfR: Dropping previously announced user features [ 132.486493][ T6453] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 132.529000][ T6453] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 132.583171][ T6453] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 132.651548][ T6453] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 133.100593][ T6477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.165'. [ 133.150661][ T6477] netlink: 32 bytes leftover after parsing attributes in process `syz.1.165'. [ 133.924680][ T6486] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 133.942986][ T6486] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 133.949104][ T6486] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 133.970217][ T6486] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 135.159231][ T6516] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 135.183449][ T6516] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 135.235609][ T6516] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 135.241699][ T6516] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 135.253818][ T6523] netlink: 32 bytes leftover after parsing attributes in process `syz.0.179'. [ 135.645654][ T6529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.180'. [ 135.704952][ T6529] netlink: 32 bytes leftover after parsing attributes in process `syz.2.180'. [ 136.501665][ T6554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.190'. [ 137.146898][ T6550] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 137.156262][ T6550] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 137.162393][ T6550] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 137.173264][ T6550] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 137.368994][ T5849] Bluetooth: hci0: unexpected event 0x23 length: 127 > 13 [ 137.888916][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.902613][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.603911][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 139.210045][ T5849] Bluetooth: hci0: unexpected event 0x23 length: 127 > 13 [ 139.243001][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 139.256630][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 139.262730][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 139.632108][ T6615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.208'. [ 139.702010][ T6604] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 139.714432][ T6604] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 139.733972][ T6604] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 139.740121][ T6604] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 140.229090][ T6627] netlink: 4 bytes leftover after parsing attributes in process `syz.3.213'. [ 140.527767][ T6633] openvswitch: HfR: Dropping previously announced user features [ 140.845484][ T6640] netlink: 12 bytes leftover after parsing attributes in process `syz.0.214'. [ 141.163212][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 141.723120][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 141.812912][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 141.813070][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 142.040115][ T6650] netlink: 12 bytes leftover after parsing attributes in process `syz.1.217'. [ 142.782468][ T6654] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 142.793450][ T6654] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 142.829405][ T6654] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 142.840835][ T6654] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 144.282930][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 144.485914][ T6678] FAULT_INJECTION: forcing a failure. [ 144.485914][ T6678] name failslab, interval 1, probability 0, space 0, times 1 [ 144.518777][ T6678] CPU: 1 UID: 0 PID: 6678 Comm: syz.0.228 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 144.518836][ T6678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 144.518869][ T6678] Call Trace: [ 144.518879][ T6678] [ 144.518893][ T6678] dump_stack_lvl+0x16c/0x1f0 [ 144.518940][ T6678] should_fail_ex+0x512/0x640 [ 144.518979][ T6678] should_failslab+0xc2/0x120 [ 144.519017][ T6678] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 144.519053][ T6678] ? zswap_store+0x839/0x25c0 [ 144.519084][ T6678] zswap_store+0x839/0x25c0 [ 144.519114][ T6678] ? find_held_lock+0x2b/0x80 [ 144.519148][ T6678] ? __pfx_zswap_store+0x10/0x10 [ 144.519172][ T6678] ? do_raw_spin_lock+0x12c/0x2b0 [ 144.519195][ T6678] ? find_held_lock+0x2b/0x80 [ 144.519224][ T6678] ? folio_free_swap+0x171/0x580 [ 144.519263][ T6678] ? do_raw_spin_unlock+0x172/0x230 [ 144.519287][ T6678] ? swp_swap_info+0xce/0x130 [ 144.519324][ T6678] ? __pfx_swp_swap_info+0x10/0x10 [ 144.519371][ T6678] swap_writepage+0x3bd/0x1170 [ 144.519397][ T6678] ? folio_clear_dirty_for_io+0x112/0x810 [ 144.519430][ T6678] pageout+0x3b0/0xa90 [ 144.519460][ T6678] ? __pfx_pageout+0x10/0x10 [ 144.519531][ T6678] ? on_each_cpu_cond_mask+0x5a/0x90 [ 144.519578][ T6678] ? arch_tlbbatch_flush+0x279/0x3c0 [ 144.519629][ T6678] shrink_folio_list+0x2f27/0x40e0 [ 144.519683][ T6678] ? __pfx_shrink_folio_list+0x10/0x10 [ 144.519719][ T6678] ? __lock_acquire+0x530/0x1ba0 [ 144.519760][ T6678] ? stack_trace_save+0x8e/0xc0 [ 144.519791][ T6678] ? __pfx_stack_trace_save+0x10/0x10 [ 144.519828][ T6678] ? __lock_acquire+0x5ca/0x1ba0 [ 144.519869][ T6678] ? find_held_lock+0x2b/0x80 [ 144.519899][ T6678] ? __update_page_owner_handle+0x37c/0x530 [ 144.519963][ T6678] ? __pfx___page_table_check_zero+0x10/0x10 [ 144.520027][ T6678] reclaim_folio_list+0xd7/0x5d0 [ 144.520064][ T6678] ? cgroup_rstat_updated+0x2a/0xb20 [ 144.520093][ T6678] ? __pfx_reclaim_folio_list+0x10/0x10 [ 144.520142][ T6678] ? lru_gen_update_size+0x543/0xe10 [ 144.520185][ T6678] ? lru_gen_del_folio+0x32b/0x540 [ 144.520220][ T6678] reclaim_pages+0x47b/0x650 [ 144.520260][ T6678] ? __pfx_reclaim_pages+0x10/0x10 [ 144.520293][ T6678] ? find_held_lock+0x2b/0x80 [ 144.520324][ T6678] ? madvise_cold_or_pageout_pte_range+0x601/0x20f0 [ 144.520376][ T6678] madvise_cold_or_pageout_pte_range+0x13a9/0x20f0 [ 144.520438][ T6678] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 144.520501][ T6678] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 144.520548][ T6678] walk_pgd_range+0xba7/0x1a90 [ 144.520600][ T6678] ? mt_find+0x3ef/0xa30 [ 144.520660][ T6678] ? __pfx_walk_pgd_range+0x10/0x10 [ 144.520702][ T6678] ? folios_put_refs+0x5ce/0x740 [ 144.520749][ T6678] __walk_page_range+0x163/0x820 [ 144.520792][ T6678] ? find_vma+0xbf/0x140 [ 144.520834][ T6678] ? __pfx_find_vma+0x10/0x10 [ 144.520881][ T6678] ? walk_page_test+0x9b/0x180 [ 144.520921][ T6678] walk_page_range_mm+0x54d/0x8a0 [ 144.520964][ T6678] ? __pfx_walk_page_range_mm+0x10/0x10 [ 144.521010][ T6678] ? find_held_lock+0x2b/0x80 [ 144.521042][ T6678] ? mlock_drain_local+0x22d/0x4f0 [ 144.521083][ T6678] walk_page_range+0x63/0x90 [ 144.521126][ T6678] madvise_pageout+0x316/0x800 [ 144.521171][ T6678] ? __pfx_madvise_pageout+0x10/0x10 [ 144.521233][ T6678] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 144.521283][ T6678] madvise_vma_behavior+0x416/0x1d50 [ 144.521332][ T6678] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 144.521378][ T6678] ? find_vma_prev+0xda/0x160 [ 144.521405][ T6678] ? __pfx_find_vma_prev+0x10/0x10 [ 144.521442][ T6678] ? futex_wait+0x120/0x380 [ 144.521489][ T6678] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 144.521532][ T6678] madvise_walk_vmas+0x1ce/0x2c0 [ 144.521575][ T6678] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 144.521627][ T6678] madvise_do_behavior+0x12b/0x3b0 [ 144.521675][ T6678] ? __pfx___might_resched+0x10/0x10 [ 144.521714][ T6678] ? __pfx_madvise_do_behavior+0x10/0x10 [ 144.521777][ T6678] do_madvise+0x10b/0x170 [ 144.521822][ T6678] __x64_sys_madvise+0xa9/0x110 [ 144.521865][ T6678] ? lockdep_hardirqs_on+0x7c/0x110 [ 144.521904][ T6678] do_syscall_64+0xcd/0x230 [ 144.521951][ T6678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.521980][ T6678] RIP: 0033:0x7f0f5b58e169 [ 144.522011][ T6678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.522039][ T6678] RSP: 002b:00007f0f5c473038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 144.522071][ T6678] RAX: ffffffffffffffda RBX: 00007f0f5b7b5fa0 RCX: 00007f0f5b58e169 [ 144.522091][ T6678] RDX: 0000000000000015 RSI: 0000000000000005 RDI: 0000000000000000 [ 144.522107][ T6678] RBP: 00007f0f5b610a68 R08: 0000000000000000 R09: 0000000000000000 [ 144.522125][ T6678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.522140][ T6678] R13: 0000000000000000 R14: 00007f0f5b7b5fa0 R15: 00007ffccb884478 [ 144.522177][ T6678] [ 145.021673][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 145.027787][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 145.044193][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 145.087685][ T6685] netlink: 8 bytes leftover after parsing attributes in process `syz.3.230'. [ 145.101304][ T6685] netlink: 32 bytes leftover after parsing attributes in process `syz.3.230'. [ 145.169950][ T6686] netlink: 12 bytes leftover after parsing attributes in process `syz.2.229'. [ 145.179137][ T6686] HfR: left promiscuous mode [ 145.632840][ T6691] netlink: 12 bytes leftover after parsing attributes in process `syz.3.233'. [ 145.643820][ T6691] HfR: left promiscuous mode [ 145.962673][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.1.234'. [ 146.153883][ T6702] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 146.657327][ T6716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.240'. [ 147.008863][ T6718] netlink: 12 bytes leftover after parsing attributes in process `syz.3.239'. [ 148.179238][ T6739] netlink: 12 bytes leftover after parsing attributes in process `syz.1.245'. [ 148.826882][ T6745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.248'. [ 148.930470][ T6747] FAULT_INJECTION: forcing a failure. [ 148.930470][ T6747] name failslab, interval 1, probability 0, space 0, times 0 [ 148.992587][ T6747] CPU: 1 UID: 0 PID: 6747 Comm: syz.2.249 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 148.992628][ T6747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.992643][ T6747] Call Trace: [ 148.992652][ T6747] [ 148.992663][ T6747] dump_stack_lvl+0x16c/0x1f0 [ 148.992709][ T6747] should_fail_ex+0x512/0x640 [ 148.992747][ T6747] should_failslab+0xc2/0x120 [ 148.992785][ T6747] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 148.992826][ T6747] ? zswap_store+0x839/0x25c0 [ 148.992856][ T6747] zswap_store+0x839/0x25c0 [ 148.992886][ T6747] ? find_held_lock+0x2b/0x80 [ 148.992920][ T6747] ? __pfx_zswap_store+0x10/0x10 [ 148.992944][ T6747] ? do_raw_spin_lock+0x12c/0x2b0 [ 148.992967][ T6747] ? find_held_lock+0x2b/0x80 [ 148.992995][ T6747] ? folio_free_swap+0x171/0x580 [ 148.993032][ T6747] ? do_raw_spin_unlock+0x172/0x230 [ 148.993056][ T6747] ? swp_swap_info+0xce/0x130 [ 148.993101][ T6747] ? __pfx_swp_swap_info+0x10/0x10 [ 148.993149][ T6747] swap_writepage+0x3bd/0x1170 [ 148.993174][ T6747] ? folio_clear_dirty_for_io+0x112/0x810 [ 148.993208][ T6747] pageout+0x3b0/0xa90 [ 148.993237][ T6747] ? __pfx_pageout+0x10/0x10 [ 148.993306][ T6747] ? __pfx_try_to_unmap_one+0x10/0x10 [ 148.993335][ T6747] ? __pfx_folio_not_mapped+0x10/0x10 [ 148.993360][ T6747] ? __pfx_folio_lock_anon_vma_read+0x10/0x10 [ 148.993396][ T6747] ? noop_dirty_folio+0x96/0xb0 [ 148.993443][ T6747] shrink_folio_list+0x2f27/0x40e0 [ 148.993488][ T6747] ? __pfx_shrink_folio_list+0x10/0x10 [ 148.993522][ T6747] ? __lock_acquire+0x530/0x1ba0 [ 148.993563][ T6747] ? stack_trace_save+0x8e/0xc0 [ 148.993593][ T6747] ? __pfx_stack_trace_save+0x10/0x10 [ 148.993629][ T6747] ? __lock_acquire+0x5ca/0x1ba0 [ 148.993670][ T6747] ? find_held_lock+0x2b/0x80 [ 148.993699][ T6747] ? __update_page_owner_handle+0x37c/0x530 [ 148.993762][ T6747] ? __pfx___page_table_check_zero+0x10/0x10 [ 148.993807][ T6747] reclaim_folio_list+0xd7/0x5d0 [ 148.993842][ T6747] ? cgroup_rstat_updated+0x2a/0xb20 [ 148.993869][ T6747] ? __pfx_reclaim_folio_list+0x10/0x10 [ 148.993917][ T6747] ? lru_gen_update_size+0x543/0xe10 [ 148.993956][ T6747] ? lru_gen_del_folio+0x32b/0x540 [ 148.993988][ T6747] reclaim_pages+0x47b/0x650 [ 148.994025][ T6747] ? __pfx_reclaim_pages+0x10/0x10 [ 148.994056][ T6747] ? find_held_lock+0x2b/0x80 [ 148.994092][ T6747] ? madvise_cold_or_pageout_pte_range+0x601/0x20f0 [ 148.994142][ T6747] madvise_cold_or_pageout_pte_range+0x13a9/0x20f0 [ 148.994201][ T6747] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 148.994261][ T6747] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 148.994305][ T6747] walk_pgd_range+0xba7/0x1a90 [ 148.994353][ T6747] ? mt_find+0x3ef/0xa30 [ 148.994404][ T6747] ? __pfx_walk_pgd_range+0x10/0x10 [ 148.994444][ T6747] ? psi_task_switch+0x2c1/0x8e0 [ 148.994481][ T6747] __walk_page_range+0x163/0x820 [ 148.994521][ T6747] ? find_vma+0xbf/0x140 [ 148.994560][ T6747] ? __pfx_find_vma+0x10/0x10 [ 148.994603][ T6747] ? walk_page_test+0x9b/0x180 [ 148.994640][ T6747] walk_page_range_mm+0x54d/0x8a0 [ 148.994680][ T6747] ? __pfx_walk_page_range_mm+0x10/0x10 [ 148.994723][ T6747] ? find_held_lock+0x2b/0x80 [ 148.994753][ T6747] ? mlock_drain_local+0x22d/0x4f0 [ 148.994790][ T6747] walk_page_range+0x63/0x90 [ 148.994830][ T6747] madvise_pageout+0x316/0x800 [ 148.994872][ T6747] ? __pfx_madvise_pageout+0x10/0x10 [ 148.994931][ T6747] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 148.994976][ T6747] madvise_vma_behavior+0x416/0x1d50 [ 148.995023][ T6747] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 148.995069][ T6747] ? find_vma_prev+0xda/0x160 [ 148.995094][ T6747] ? __pfx_find_vma_prev+0x10/0x10 [ 148.995117][ T6747] ? __up_read+0x1f8/0x750 [ 148.995169][ T6747] ? futex_wait+0x120/0x380 [ 148.995213][ T6747] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 148.995252][ T6747] madvise_walk_vmas+0x1ce/0x2c0 [ 148.995293][ T6747] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 148.995340][ T6747] madvise_do_behavior+0x12b/0x3b0 [ 148.995379][ T6747] ? __pfx___might_resched+0x10/0x10 [ 148.995413][ T6747] ? __pfx_madvise_do_behavior+0x10/0x10 [ 148.995470][ T6747] do_madvise+0x10b/0x170 [ 148.995511][ T6747] __x64_sys_madvise+0xa9/0x110 [ 148.995549][ T6747] ? lockdep_hardirqs_on+0x7c/0x110 [ 148.995587][ T6747] do_syscall_64+0xcd/0x230 [ 148.995629][ T6747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.995657][ T6747] RIP: 0033:0x7f2cbcd8e169 [ 148.995678][ T6747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.995702][ T6747] RSP: 002b:00007f2cbdcc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 148.995728][ T6747] RAX: ffffffffffffffda RBX: 00007f2cbcfb5fa0 RCX: 00007f2cbcd8e169 [ 148.995746][ T6747] RDX: 0000000000000015 RSI: 0000000000000005 RDI: 0000000000000000 [ 148.995761][ T6747] RBP: 00007f2cbce10a68 R08: 0000000000000000 R09: 0000000000000000 [ 148.995775][ T6747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.995789][ T6747] R13: 0000000000000000 R14: 00007f2cbcfb5fa0 R15: 00007fffcd22d7d8 [ 148.995818][ T6747] [ 151.411450][ T6778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.259'. [ 152.425649][ T6789] netlink: 12 bytes leftover after parsing attributes in process `syz.1.260'. [ 152.500153][ T6781] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 152.582261][ T6781] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 152.661533][ T6781] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 152.734479][ T6781] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 153.257633][ T6796] netlink: 8 bytes leftover after parsing attributes in process `syz.3.263'. [ 154.099311][ T6801] netlink: 12 bytes leftover after parsing attributes in process `syz.3.265'. [ 154.375115][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 154.544268][ T6808] netlink: 12 bytes leftover after parsing attributes in process `syz.0.266'. [ 154.613580][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 154.687026][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 154.762946][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 155.466257][ T6818] netlink: 28 bytes leftover after parsing attributes in process `syz.3.269'. [ 155.987295][ T6827] netlink: 28 bytes leftover after parsing attributes in process `syz.1.271'. [ 156.242007][ T6824] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 156.347810][ T6824] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 156.425373][ T6824] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 156.573504][ T6824] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 157.047967][ T6838] netlink: 12 bytes leftover after parsing attributes in process `syz.1.275'. [ 157.154851][ T6845] netlink: 4 bytes leftover after parsing attributes in process `syz.3.278'. [ 157.812843][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 158.071770][ T6853] netlink: 12 bytes leftover after parsing attributes in process `syz.0.279'. [ 158.365126][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 158.442993][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 158.603716][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 160.414504][ T6878] netlink: 28 bytes leftover after parsing attributes in process `syz.2.284'. [ 161.160991][ T6885] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 161.168940][ T6885] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 161.180133][ T6885] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 161.199602][ T6885] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 161.876396][ T6898] netlink: 28 bytes leftover after parsing attributes in process `syz.3.290'. [ 163.118902][ T6900] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 163.136089][ T6900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 163.176167][ T6900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 163.197100][ T6900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 163.520380][ T6920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.295'. [ 163.796893][ T6921] netlink: 28 bytes leftover after parsing attributes in process `syz.1.296'. [ 164.046872][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 165.012519][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.301'. [ 165.154297][ T6937] netlink: 12 bytes leftover after parsing attributes in process `syz.3.302'. [ 165.163481][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 165.252987][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 165.259242][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.599383][ T6939] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 165.627857][ T6939] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 165.634063][ T6939] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 165.650852][ T6939] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 167.024111][ T6962] netlink: 28 bytes leftover after parsing attributes in process `syz.2.308'. [ 167.649830][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 167.656198][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 167.656200][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout [ 167.723588][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 168.245091][ T6970] netlink: 28 bytes leftover after parsing attributes in process `syz.2.311'. [ 169.468445][ T6989] netlink: 12 bytes leftover after parsing attributes in process `syz.0.316'. [ 169.891857][ T6980] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 169.960106][ T6980] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 170.007519][ T6980] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 170.105578][ T6980] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 171.492221][ T7007] netlink: 12 bytes leftover after parsing attributes in process `syz.0.320'. [ 171.564309][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.962922][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 172.043937][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 172.124400][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 172.244840][ T7015] netlink: 28 bytes leftover after parsing attributes in process `syz.2.322'. [ 172.657683][ T7022] netlink: 12 bytes leftover after parsing attributes in process `syz.0.324'. [ 173.372683][ T7032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.326'. [ 173.966991][ T7012] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 173.983681][ T7012] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 173.989939][ T7012] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 174.000085][ T7012] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 174.633690][ T7044] netlink: 28 bytes leftover after parsing attributes in process `syz.1.330'. [ 174.691282][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 175.095595][ T7050] netlink: 12 bytes leftover after parsing attributes in process `syz.3.331'. [ 176.043002][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 176.049758][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 176.049766][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.504035][ T7066] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 176.513124][ T7066] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 176.523202][ T7066] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 176.563121][ T7066] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 177.656702][ T7085] netlink: 12 bytes leftover after parsing attributes in process `syz.3.340'. [ 178.196684][ T7089] netlink: 4 bytes leftover after parsing attributes in process `syz.1.341'. [ 178.523146][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 178.602967][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 178.610121][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 178.873616][ T7092] netlink: 28 bytes leftover after parsing attributes in process `syz.3.342'. [ 179.330231][ T7064] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 179.348345][ T7064] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 179.397412][ T7064] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 179.403685][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 179.537575][ T7064] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 180.226415][ T7105] netlink: 4 bytes leftover after parsing attributes in process `syz.0.344'. [ 180.610448][ T7111] netlink: 12 bytes leftover after parsing attributes in process `syz.3.346'. [ 181.406943][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 181.406953][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 181.563009][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 182.268687][ T7118] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 182.296710][ T7118] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 182.315550][ T7118] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 182.333122][ T7118] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 182.646272][ T7131] netlink: 12 bytes leftover after parsing attributes in process `syz.3.352'. [ 183.815611][ T7133] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 183.822136][ T7133] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 183.829579][ T7133] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 183.836332][ T7133] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 185.243067][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 185.888593][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 185.888703][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 185.894666][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.023912][ T7186] netlink: 12 bytes leftover after parsing attributes in process `syz.1.368'. [ 188.274340][ T7191] netlink: 12 bytes leftover after parsing attributes in process `syz.2.369'. [ 188.709335][ T7196] netlink: 12 bytes leftover after parsing attributes in process `syz.0.371'. [ 189.678285][ T7206] netlink: 12 bytes leftover after parsing attributes in process `syz.1.373'. [ 191.429383][ T7231] netlink: 12 bytes leftover after parsing attributes in process `syz.3.383'. [ 191.726744][ T7237] netlink: 12 bytes leftover after parsing attributes in process `syz.2.384'. [ 191.747595][ T7217] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 191.906946][ T7217] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 191.913443][ T7217] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 191.921549][ T7217] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 192.598861][ T7244] netlink: 12 bytes leftover after parsing attributes in process `syz.0.386'. [ 193.534679][ T7246] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 193.542946][ T7246] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 193.571207][ T7246] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 193.606560][ T7246] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 194.075449][ T7264] netlink: 28 bytes leftover after parsing attributes in process `syz.3.394'. [ 194.425893][ T7270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.395'. [ 194.735442][ T7280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.397'. [ 194.922868][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 195.569305][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 195.642906][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 195.643069][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 197.051011][ T7315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.410'. [ 197.157997][ T7316] netlink: 12 bytes leftover after parsing attributes in process `syz.3.411'. [ 197.921098][ T7308] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 197.928127][ T7308] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 197.934404][ T7308] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 197.940667][ T7308] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 198.016360][ T7324] netlink: 4 bytes leftover after parsing attributes in process `syz.3.412'. [ 199.332845][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.340000][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.723009][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout [ 199.963543][ T5853] Bluetooth: hci3: command 0x0c1a tx timeout [ 199.965442][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 199.969655][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 202.363370][ T7359] netlink: 28 bytes leftover after parsing attributes in process `syz.2.422'. [ 202.583877][ T7358] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 202.633757][ T7358] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 202.677428][ T7358] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 202.720049][ T7358] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 203.623181][ T7367] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 203.629398][ T7367] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 203.653105][ T7367] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 203.659360][ T7367] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 204.296266][ T7384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.428'. [ 204.667286][ T7379] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 204.673928][ T7379] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 204.679965][ T7379] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 204.688694][ T7379] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 205.193168][ T7396] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 205.234786][ T7396] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 205.240993][ T7396] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 205.247313][ T7396] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 205.784654][ T7406] netlink: 28 bytes leftover after parsing attributes in process `syz.3.433'. [ 206.480755][ T7418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.438'. [ 207.146551][ T7414] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 207.163310][ T7414] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 207.179609][ T7414] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 207.194773][ T7414] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 208.603009][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 209.226256][ T7447] netlink: 28 bytes leftover after parsing attributes in process `syz.0.444'. [ 209.245470][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 209.251543][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 209.261775][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 209.280603][ T7447] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 209.506265][ T7442] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 209.513115][ T7442] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 209.522169][ T7442] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 209.543933][ T7442] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 210.037788][ T7466] netlink: 28 bytes leftover after parsing attributes in process `syz.3.448'. [ 210.810997][ T7484] netlink: 28 bytes leftover after parsing attributes in process `syz.1.453'. [ 211.271296][ T7469] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 211.278060][ T7469] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 211.293174][ T7469] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 211.299502][ T7469] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 211.640735][ T7494] mmap: syz.3.457 (7494) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 211.708152][ T7499] FAULT_INJECTION: forcing a failure. [ 211.708152][ T7499] name failslab, interval 1, probability 0, space 0, times 0 [ 211.729679][ T7498] FAULT_INJECTION: forcing a failure. [ 211.729679][ T7498] name failslab, interval 1, probability 0, space 0, times 0 [ 211.747147][ T7499] CPU: 0 UID: 0 PID: 7499 Comm: syz.0.458 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 211.747184][ T7499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 211.747205][ T7499] Call Trace: [ 211.747214][ T7499] [ 211.747227][ T7499] dump_stack_lvl+0x16c/0x1f0 [ 211.747272][ T7499] should_fail_ex+0x512/0x640 [ 211.747304][ T7499] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 211.747343][ T7499] should_failslab+0xc2/0x120 [ 211.747378][ T7499] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 211.747412][ T7499] ? __alloc_skb+0x2b2/0x380 [ 211.747453][ T7499] __alloc_skb+0x2b2/0x380 [ 211.747487][ T7499] ? __pfx___alloc_skb+0x10/0x10 [ 211.747524][ T7499] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 211.747562][ T7499] ? __lock_acquire+0xaa4/0x1ba0 [ 211.747607][ T7499] netlink_alloc_large_skb+0x69/0x130 [ 211.747649][ T7499] netlink_sendmsg+0x6a1/0xdd0 [ 211.747694][ T7499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.747744][ T7499] ____sys_sendmsg+0xa95/0xc70 [ 211.747770][ T7499] ? copy_msghdr_from_user+0x10a/0x160 [ 211.747805][ T7499] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.747857][ T7499] ___sys_sendmsg+0x134/0x1d0 [ 211.747897][ T7499] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.747974][ T7499] __sys_sendmsg+0x16d/0x220 [ 211.748011][ T7499] ? __pfx___sys_sendmsg+0x10/0x10 [ 211.748056][ T7499] ? rcu_is_watching+0x12/0xc0 [ 211.748094][ T7499] do_syscall_64+0xcd/0x230 [ 211.748138][ T7499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.748167][ T7499] RIP: 0033:0x7f0f5b58e169 [ 211.748188][ T7499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.748214][ T7499] RSP: 002b:00007f0f5c473038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.748239][ T7499] RAX: ffffffffffffffda RBX: 00007f0f5b7b5fa0 RCX: 00007f0f5b58e169 [ 211.748256][ T7499] RDX: 00000000200080c0 RSI: 0000200000000180 RDI: 0000000000000004 [ 211.748273][ T7499] RBP: 00007f0f5c473090 R08: 0000000000000000 R09: 0000000000000000 [ 211.748288][ T7499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.748303][ T7499] R13: 0000000000000000 R14: 00007f0f5b7b5fa0 R15: 00007ffccb884478 [ 211.748338][ T7499] [ 211.980405][ T7498] CPU: 1 UID: 0 PID: 7498 Comm: syz.2.456 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 211.980442][ T7498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 211.980457][ T7498] Call Trace: [ 211.980466][ T7498] [ 211.980475][ T7498] dump_stack_lvl+0x16c/0x1f0 [ 211.980517][ T7498] should_fail_ex+0x512/0x640 [ 211.980561][ T7498] should_failslab+0xc2/0x120 [ 211.980596][ T7498] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 211.980628][ T7498] ? find_held_lock+0x2b/0x80 [ 211.980652][ T7498] ? dst_alloc+0x99/0x1a0 [ 211.980686][ T7498] dst_alloc+0x99/0x1a0 [ 211.980719][ T7498] rt_dst_alloc+0x35/0x3a0 [ 211.980757][ T7498] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 211.980794][ T7498] ip_route_output_key_hash+0x137/0x2e0 [ 211.980823][ T7498] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 211.980861][ T7498] ? find_held_lock+0x2b/0x80 [ 211.980891][ T7498] ip_route_output_flow+0x27/0x150 [ 211.980921][ T7498] udp_sendmsg+0x1bc3/0x29e0 [ 211.980960][ T7498] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 211.981000][ T7498] ? __pfx_udp_sendmsg+0x10/0x10 [ 211.981048][ T7498] ? reacquire_held_locks+0xcd/0x1f0 [ 211.981081][ T7498] ? release_sock+0x21/0x220 [ 211.981119][ T7498] ? find_held_lock+0x2b/0x80 [ 211.981171][ T7498] ? inet_autobind+0x145/0x1a0 [ 211.981207][ T7498] ? __local_bh_enable_ip+0xa4/0x120 [ 211.981241][ T7498] ? inet_autobind+0x14a/0x1a0 [ 211.981280][ T7498] ? __pfx_udp_sendmsg+0x10/0x10 [ 211.981319][ T7498] inet_sendmsg+0x105/0x140 [ 211.981345][ T7498] __sys_sendto+0x431/0x510 [ 211.981378][ T7498] ? __pfx___sys_sendto+0x10/0x10 [ 211.981440][ T7498] ? ksys_write+0x1b9/0x240 [ 211.981467][ T7498] ? __pfx_ksys_write+0x10/0x10 [ 211.981494][ T7498] ? rcu_is_watching+0x12/0xc0 [ 211.981527][ T7498] __x64_sys_sendto+0xe0/0x1c0 [ 211.981568][ T7498] ? do_syscall_64+0x91/0x230 [ 211.981609][ T7498] ? lockdep_hardirqs_on+0x7c/0x110 [ 211.981647][ T7498] do_syscall_64+0xcd/0x230 [ 211.981689][ T7498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.981717][ T7498] RIP: 0033:0x7f2cbcd8e169 [ 211.981739][ T7498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.981765][ T7498] RSP: 002b:00007f2cbdcc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 211.981791][ T7498] RAX: ffffffffffffffda RBX: 00007f2cbcfb5fa0 RCX: 00007f2cbcd8e169 [ 211.981809][ T7498] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000003 [ 211.981825][ T7498] RBP: 00007f2cbdcc9090 R08: 0000200000000100 R09: 000000000000001d [ 211.981841][ T7498] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000001 [ 211.981856][ T7498] R13: 0000000000000000 R14: 00007f2cbcfb5fa0 R15: 00007fffcd22d7d8 [ 211.981891][ T7498] [ 212.374180][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 212.902438][ T7511] netlink: 28 bytes leftover after parsing attributes in process `syz.3.460'. [ 213.323157][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 213.329218][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 213.335224][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 214.733370][ T7529] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 214.739581][ T7529] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 214.836388][ T7529] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 214.872809][ T7529] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 215.815233][ T7553] netlink: 4 bytes leftover after parsing attributes in process `syz.3.471'. [ 216.042948][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 216.485725][ T7567] netlink: 28 bytes leftover after parsing attributes in process `syz.0.473'. [ 216.772847][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 216.842957][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 216.849408][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 218.678739][ T7590] FAULT_INJECTION: forcing a failure. [ 218.678739][ T7590] name failslab, interval 1, probability 0, space 0, times 0 [ 218.774418][ T7590] CPU: 1 UID: 0 PID: 7590 Comm: syz.0.480 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 218.774462][ T7590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 218.774478][ T7590] Call Trace: [ 218.774487][ T7590] [ 218.774497][ T7590] dump_stack_lvl+0x16c/0x1f0 [ 218.774543][ T7590] should_fail_ex+0x512/0x640 [ 218.774575][ T7590] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 218.774611][ T7590] should_failslab+0xc2/0x120 [ 218.774648][ T7590] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 218.774678][ T7590] ? __proc_create+0xc3/0x8c0 [ 218.774708][ T7590] ? __proc_create+0x2ce/0x8c0 [ 218.774743][ T7590] __proc_create+0x2ce/0x8c0 [ 218.774775][ T7590] ? __pfx___proc_create+0x10/0x10 [ 218.774811][ T7590] ? _raw_write_unlock+0x28/0x50 [ 218.774844][ T7590] ? proc_register+0x314/0x5f0 [ 218.774879][ T7590] proc_create_reg+0x7d/0x180 [ 218.774913][ T7590] ? __pfx_rt6_stats_seq_show+0x10/0x10 [ 218.774941][ T7590] proc_create_net_single+0x86/0x170 [ 218.774975][ T7590] ? __pfx_proc_create_net_single+0x10/0x10 [ 218.775012][ T7590] ? fib_default_rule_add+0x341/0x420 [ 218.775051][ T7590] ? __pfx_ip6_route_net_init_late+0x10/0x10 [ 218.775081][ T7590] ip6_route_net_init_late+0x9c/0x110 [ 218.775110][ T7590] ops_init+0x1df/0x5f0 [ 218.775152][ T7590] setup_net+0x21e/0x850 [ 218.775194][ T7590] ? __pfx_setup_net+0x10/0x10 [ 218.775230][ T7590] ? lockdep_init_map_type+0x5c/0x280 [ 218.775268][ T7590] ? __pfx_down_read_killable+0x10/0x10 [ 218.775296][ T7590] ? debug_mutex_init+0x37/0x70 [ 218.775332][ T7590] copy_net_ns+0x2a6/0x5f0 [ 218.775376][ T7590] create_new_namespaces+0x3ea/0xad0 [ 218.775417][ T7590] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 218.775453][ T7590] ksys_unshare+0x45b/0xa40 [ 218.775493][ T7590] ? __pfx_ksys_unshare+0x10/0x10 [ 218.775528][ T7590] ? xfd_validate_state+0x5d/0x180 [ 218.775556][ T7590] ? rcu_is_watching+0x12/0xc0 [ 218.775591][ T7590] __x64_sys_unshare+0x31/0x40 [ 218.775629][ T7590] do_syscall_64+0xcd/0x230 [ 218.775669][ T7590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.775695][ T7590] RIP: 0033:0x7f0f5b58e169 [ 218.775717][ T7590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.775742][ T7590] RSP: 002b:00007f0f5c473038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 218.775767][ T7590] RAX: ffffffffffffffda RBX: 00007f0f5b7b5fa0 RCX: 00007f0f5b58e169 [ 218.775784][ T7590] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 218.775799][ T7590] RBP: 00007f0f5b610a68 R08: 0000000000000000 R09: 0000000000000000 [ 218.775815][ T7590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 218.775830][ T7590] R13: 0000000000000000 R14: 00007f0f5b7b5fa0 R15: 00007ffccb884478 [ 218.775863][ T7590] [ 219.742770][ T7596] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 219.823793][ T7596] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 219.855171][ T7596] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 219.892870][ T7596] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 221.482981][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 221.803054][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 221.883220][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 221.885307][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 222.215973][ T7656] netlink: 28 bytes leftover after parsing attributes in process `syz.2.496'. [ 222.355279][ T7661] netlink: 28 bytes leftover after parsing attributes in process `syz.3.498'. [ 223.512940][ T7660] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 223.596074][ T7660] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 223.643933][ T7660] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 223.704575][ T7660] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 224.662949][ T7672] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 224.673013][ T7672] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 224.693021][ T7672] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 224.699151][ T7672] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 226.136450][ T7701] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 226.155951][ T7701] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 226.176958][ T7701] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 226.212614][ T7701] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 226.387392][ T7712] FAULT_INJECTION: forcing a failure. [ 226.387392][ T7712] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 226.411281][ T7712] CPU: 0 UID: 0 PID: 7712 Comm: syz.2.507 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 226.411319][ T7712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 226.411336][ T7712] Call Trace: [ 226.411345][ T7712] [ 226.411355][ T7712] dump_stack_lvl+0x16c/0x1f0 [ 226.411400][ T7712] should_fail_ex+0x512/0x640 [ 226.411439][ T7712] _copy_from_user+0x2e/0xd0 [ 226.411480][ T7712] ? __pfx_event_inject_write+0x10/0x10 [ 226.411529][ T7712] memdup_user_nul+0x6c/0x120 [ 226.411573][ T7712] event_inject_write+0xc6/0x2030 [ 226.411618][ T7712] ? __pfx_aa_file_perm+0x10/0x10 [ 226.411662][ T7712] ? __lock_acquire+0xaa4/0x1ba0 [ 226.411713][ T7712] ? __pfx_event_inject_write+0x10/0x10 [ 226.411757][ T7712] ? iovec_from_user+0xbb/0x140 [ 226.411812][ T7712] ? __pfx_event_inject_write+0x10/0x10 [ 226.411854][ T7712] vfs_writev+0x6c4/0xdc0 [ 226.411877][ T7712] ? __pfx___mutex_trylock_common+0x10/0x10 [ 226.411926][ T7712] ? __pfx_vfs_writev+0x10/0x10 [ 226.411951][ T7712] ? __mutex_lock+0x1ca/0xb90 [ 226.411997][ T7712] ? __pfx___mutex_lock+0x10/0x10 [ 226.412046][ T7712] ? __fget_files+0x20e/0x3c0 [ 226.412069][ T7712] ? __fget_files+0x140/0x3c0 [ 226.412102][ T7712] ? do_writev+0x132/0x330 [ 226.412125][ T7712] do_writev+0x132/0x330 [ 226.412150][ T7712] ? __pfx_do_writev+0x10/0x10 [ 226.412173][ T7712] ? rcu_is_watching+0x12/0xc0 [ 226.412210][ T7712] do_syscall_64+0xcd/0x230 [ 226.412252][ T7712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.412278][ T7712] RIP: 0033:0x7f2cbcd8e169 [ 226.412299][ T7712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.412323][ T7712] RSP: 002b:00007f2cbdcc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 226.412348][ T7712] RAX: ffffffffffffffda RBX: 00007f2cbcfb5fa0 RCX: 00007f2cbcd8e169 [ 226.412364][ T7712] RDX: 0000000000000002 RSI: 0000200000000080 RDI: 0000000000000003 [ 226.412380][ T7712] RBP: 00007f2cbdcc9090 R08: 0000000000000000 R09: 0000000000000000 [ 226.412395][ T7712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.412409][ T7712] R13: 0000000000000000 R14: 00007f2cbcfb5fa0 R15: 00007fffcd22d7d8 [ 226.412443][ T7712] [ 227.017152][ T7722] FAULT_INJECTION: forcing a failure. [ 227.017152][ T7722] name failslab, interval 1, probability 0, space 0, times 0 [ 227.060800][ T7722] CPU: 0 UID: 0 PID: 7722 Comm: syz.2.511 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 227.060838][ T7722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 227.060854][ T7722] Call Trace: [ 227.060862][ T7722] [ 227.060872][ T7722] dump_stack_lvl+0x16c/0x1f0 [ 227.060917][ T7722] should_fail_ex+0x512/0x640 [ 227.060952][ T7722] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 227.060989][ T7722] should_failslab+0xc2/0x120 [ 227.061023][ T7722] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 227.061058][ T7722] ? radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 227.061100][ T7722] radix_tree_node_alloc.constprop.0+0x7c/0x350 [ 227.061143][ T7722] idr_get_free+0x528/0xa30 [ 227.061194][ T7722] idr_alloc_u32+0x190/0x2f0 [ 227.061234][ T7722] ? __pfx_idr_alloc_u32+0x10/0x10 [ 227.061274][ T7722] ? __pfx___mutex_lock+0x10/0x10 [ 227.061321][ T7722] idr_alloc+0xc0/0x130 [ 227.061355][ T7722] ? __pfx_idr_alloc+0x10/0x10 [ 227.061389][ T7722] ? __radix_tree_lookup+0x21f/0x2c0 [ 227.061431][ T7722] ppp_dev_configure+0x905/0xc80 [ 227.061466][ T7722] ppp_ioctl+0x17e0/0x2660 [ 227.061506][ T7722] ? find_held_lock+0x2b/0x80 [ 227.061535][ T7722] ? __pfx_ppp_ioctl+0x10/0x10 [ 227.061572][ T7721] netlink: 28 bytes leftover after parsing attributes in process `syz.1.509'. [ 227.061570][ T7722] ? __fget_files+0x20e/0x3c0 [ 227.061601][ T7722] ? __pfx_ppp_ioctl+0x10/0x10 [ 227.061627][ T7722] __x64_sys_ioctl+0x190/0x200 [ 227.061673][ T7722] do_syscall_64+0xcd/0x230 [ 227.061722][ T7722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.061751][ T7722] RIP: 0033:0x7f2cbcd8e169 [ 227.061773][ T7722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.061801][ T7722] RSP: 002b:00007f2cbdcc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.061827][ T7722] RAX: ffffffffffffffda RBX: 00007f2cbcfb5fa0 RCX: 00007f2cbcd8e169 [ 227.061846][ T7722] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000007 [ 227.061862][ T7722] RBP: 00007f2cbce10a68 R08: 0000000000000000 R09: 0000000000000000 [ 227.061880][ T7722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 227.061897][ T7722] R13: 0000000000000000 R14: 00007f2cbcfb5fa0 R15: 00007fffcd22d7d8 [ 227.061933][ T7722] [ 227.302679][ T7713] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 227.309043][ T7713] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 227.315934][ T7713] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 227.322237][ T7713] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 227.364183][ T7724] netlink: 338 bytes leftover after parsing attributes in process `syz.0.513'. [ 227.429927][ T7731] netlink: 'syz.0.513': attribute type 19 has an invalid length. [ 227.455155][ T7731] netlink: 114 bytes leftover after parsing attributes in process `syz.0.513'. [ 227.461728][ T7730] netlink: 338 bytes leftover after parsing attributes in process `syz.0.513'. [ 228.044197][ T7740] netlink: 24 bytes leftover after parsing attributes in process `syz.1.516'. [ 228.329012][ T7748] netlink: 12 bytes leftover after parsing attributes in process `syz.2.519'. [ 228.479664][ T7747] netlink: 24 bytes leftover after parsing attributes in process `syz.1.518'. [ 229.292496][ T7770] netlink: 24 bytes leftover after parsing attributes in process `syz.2.525'. [ 229.323246][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 229.323358][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 229.329290][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 229.523900][ T7773] FAULT_INJECTION: forcing a failure. [ 229.523900][ T7773] name failslab, interval 1, probability 0, space 0, times 0 [ 229.538103][ T7773] CPU: 0 UID: 0 PID: 7773 Comm: syz.1.526 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 229.538141][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 229.538156][ T7773] Call Trace: [ 229.538165][ T7773] [ 229.538175][ T7773] dump_stack_lvl+0x16c/0x1f0 [ 229.538239][ T7773] should_fail_ex+0x512/0x640 [ 229.538273][ T7773] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 229.538309][ T7773] should_failslab+0xc2/0x120 [ 229.538349][ T7773] __kmalloc_cache_noprof+0x6a/0x3e0 [ 229.538379][ T7773] ? __asan_memset+0x23/0x50 [ 229.538406][ T7773] ? alloc_netdev_mqs+0xece/0x1570 [ 229.538453][ T7773] alloc_netdev_mqs+0xece/0x1570 [ 229.538504][ T7773] ppp_ioctl+0x1761/0x2660 [ 229.538537][ T7773] ? find_held_lock+0x2b/0x80 [ 229.538574][ T7773] ? __pfx_ppp_ioctl+0x10/0x10 [ 229.538611][ T7773] ? __fget_files+0x20e/0x3c0 [ 229.538647][ T7773] ? __pfx_ppp_ioctl+0x10/0x10 [ 229.538679][ T7773] __x64_sys_ioctl+0x190/0x200 [ 229.538726][ T7773] do_syscall_64+0xcd/0x230 [ 229.538771][ T7773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.538801][ T7773] RIP: 0033:0x7f0aafd8e169 [ 229.538823][ T7773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.538851][ T7773] RSP: 002b:00007f0ab0cd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.538878][ T7773] RAX: ffffffffffffffda RBX: 00007f0aaffb5fa0 RCX: 00007f0aafd8e169 [ 229.538897][ T7773] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000007 [ 229.538915][ T7773] RBP: 00007f0aafe10a68 R08: 0000000000000000 R09: 0000000000000000 [ 229.538932][ T7773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.538949][ T7773] R13: 0000000000000000 R14: 00007f0aaffb5fa0 R15: 00007ffc6af00ee8 [ 229.538987][ T7773] [ 229.792822][ T7752] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 229.799052][ T7752] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 229.834690][ T7752] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 229.840806][ T7752] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 230.943022][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 231.882966][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 231.889008][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 231.895833][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 231.917128][ T7803] netlink: 12 bytes leftover after parsing attributes in process `syz.2.533'. [ 232.753913][ T7808] netlink: 8 bytes leftover after parsing attributes in process `syz.2.535'. [ 233.082141][ T7813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.537'. [ 233.691963][ T7805] bridge0: port 3(team0) entered blocking state [ 233.727825][ T7810] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 233.734368][ T7810] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 233.740568][ T7810] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 233.746913][ T7810] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 233.773468][ T7805] bridge0: port 3(team0) entered disabled state [ 233.779915][ T7805] team0: entered allmulticast mode [ 233.874569][ T7805] team_slave_0: entered allmulticast mode [ 233.880371][ T7805] team_slave_1: entered allmulticast mode [ 234.024000][ T7805] team0: entered promiscuous mode [ 234.074034][ T7805] team_slave_0: entered promiscuous mode [ 234.096044][ T7805] team_slave_1: entered promiscuous mode [ 234.102724][ T7805] bridge0: port 3(team0) entered blocking state [ 234.109349][ T7805] bridge0: port 3(team0) entered forwarding state [ 234.142607][ T7827] cgroup: fork rejected by pids controller in /syz3 [ 234.192345][ T7864] netlink: 8 bytes leftover after parsing attributes in process `syz.2.544'. [ 234.586052][ T7866] FAULT_INJECTION: forcing a failure. [ 234.586052][ T7866] name failslab, interval 1, probability 0, space 0, times 0 [ 234.651533][ T7866] CPU: 0 UID: 0 PID: 7866 Comm: syz.0.545 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 234.651572][ T7866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 234.651588][ T7866] Call Trace: [ 234.651596][ T7866] [ 234.651606][ T7866] dump_stack_lvl+0x16c/0x1f0 [ 234.651651][ T7866] should_fail_ex+0x512/0x640 [ 234.651686][ T7866] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 234.651721][ T7866] should_failslab+0xc2/0x120 [ 234.651760][ T7866] __kmalloc_cache_noprof+0x6a/0x3e0 [ 234.651790][ T7866] ? fib6_net_init+0x1dc/0xb00 [ 234.651827][ T7866] fib6_net_init+0x1dc/0xb00 [ 234.651862][ T7866] ? __pfx_fib6_net_init+0x10/0x10 [ 234.651893][ T7866] ops_init+0x1df/0x5f0 [ 234.651935][ T7866] setup_net+0x21e/0x850 [ 234.651980][ T7866] ? __pfx_setup_net+0x10/0x10 [ 234.652018][ T7866] ? lockdep_init_map_type+0x5c/0x280 [ 234.652060][ T7866] ? __pfx_down_read_killable+0x10/0x10 [ 234.652090][ T7866] ? debug_mutex_init+0x37/0x70 [ 234.652123][ T7866] copy_net_ns+0x2a6/0x5f0 [ 234.652168][ T7866] create_new_namespaces+0x3ea/0xad0 [ 234.652222][ T7866] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 234.652260][ T7866] ksys_unshare+0x45b/0xa40 [ 234.652303][ T7866] ? __pfx_ksys_unshare+0x10/0x10 [ 234.652342][ T7866] ? xfd_validate_state+0x5d/0x180 [ 234.652373][ T7866] ? rcu_is_watching+0x12/0xc0 [ 234.652410][ T7866] __x64_sys_unshare+0x31/0x40 [ 234.652450][ T7866] do_syscall_64+0xcd/0x230 [ 234.652493][ T7866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.652521][ T7866] RIP: 0033:0x7f0f5b58e169 [ 234.652546][ T7866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.652573][ T7866] RSP: 002b:00007f0f5c473038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 234.652599][ T7866] RAX: ffffffffffffffda RBX: 00007f0f5b7b5fa0 RCX: 00007f0f5b58e169 [ 234.652617][ T7866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 234.652632][ T7866] RBP: 00007f0f5b610a68 R08: 0000000000000000 R09: 0000000000000000 [ 234.652648][ T7866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 234.652663][ T7866] R13: 0000000000000000 R14: 00007f0f5b7b5fa0 R15: 00007ffccb884478 [ 234.652699][ T7866] [ 235.167103][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 235.802990][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 235.803340][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 235.810266][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 236.816303][ T7917] netlink: 338 bytes leftover after parsing attributes in process `syz.2.549'. [ 236.850674][ T7919] netlink: 338 bytes leftover after parsing attributes in process `syz.2.549'. [ 236.866021][ T7917] netlink: 'syz.2.549': attribute type 19 has an invalid length. [ 236.874664][ T7917] netlink: 114 bytes leftover after parsing attributes in process `syz.2.549'. [ 237.849243][ T7934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.554'. [ 238.053238][ T7939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.555'. [ 238.282226][ T7941] netlink: 28 bytes leftover after parsing attributes in process `syz.1.556'. [ 239.103265][ T7949] netlink: 346 bytes leftover after parsing attributes in process `syz.0.558'. [ 240.618833][ T7985] netlink: 28 bytes leftover after parsing attributes in process `syz.2.567'. [ 241.099495][ T8003] netlink: 32 bytes leftover after parsing attributes in process `syz.1.573'. [ 241.551128][ T8011] netlink: 8 bytes leftover after parsing attributes in process `syz.2.577'. [ 242.159983][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.2.589'. [ 242.369857][ T8028] netlink: 28 bytes leftover after parsing attributes in process `syz.3.581'. [ 242.508573][ T8029] bond0: option all_slaves_active: invalid value () [ 243.414217][ T8034] bond0: option all_slaves_active: invalid value () [ 244.142283][ T8054] netlink: 32 bytes leftover after parsing attributes in process `syz.2.588'. [ 244.814163][ T8062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.592'. [ 245.439333][ T8076] syz.3.598 uses obsolete (PF_INET,SOCK_PACKET) [ 245.663698][ T8080] nbd: must specify at least one socket [ 245.818031][ T8078] netlink: 28 bytes leftover after parsing attributes in process `syz.0.595'. [ 245.875909][ T8083] FAULT_INJECTION: forcing a failure. [ 245.875909][ T8083] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 246.043018][ T8083] CPU: 0 UID: 0 PID: 8083 Comm: syz.3.600 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 246.043054][ T8083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 246.043069][ T8083] Call Trace: [ 246.043078][ T8083] [ 246.043087][ T8083] dump_stack_lvl+0x16c/0x1f0 [ 246.043130][ T8083] should_fail_ex+0x512/0x640 [ 246.043166][ T8083] strncpy_from_user+0x3b/0x2e0 [ 246.043200][ T8083] getname_flags.part.0+0x8f/0x550 [ 246.043243][ T8083] getname_flags+0x93/0xf0 [ 246.043269][ T8083] __x64_sys_acct+0x75/0x230 [ 246.043325][ T8083] ? lockdep_hardirqs_on+0x7c/0x110 [ 246.043381][ T8083] do_syscall_64+0xcd/0x230 [ 246.043422][ T8083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.043450][ T8083] RIP: 0033:0x7fa6d558e169 [ 246.043470][ T8083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.043495][ T8083] RSP: 002b:00007fa6d6435038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 246.043518][ T8083] RAX: ffffffffffffffda RBX: 00007fa6d57b5fa0 RCX: 00007fa6d558e169 [ 246.043534][ T8083] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580 [ 246.043548][ T8083] RBP: 00007fa6d6435090 R08: 0000000000000000 R09: 0000000000000000 [ 246.043562][ T8083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.043575][ T8083] R13: 0000000000000000 R14: 00007fa6d57b5fa0 R15: 00007ffcd761d4c8 [ 246.043607][ T8083] [ 246.453581][ T8088] netlink: 32 bytes leftover after parsing attributes in process `syz.3.601'. [ 247.791133][ T8094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.603'. [ 248.536612][ T8107] netlink: 338 bytes leftover after parsing attributes in process `syz.3.609'. [ 248.565320][ T8107] netlink: 338 bytes leftover after parsing attributes in process `syz.3.609'. [ 248.901189][ T8116] netlink: 32 bytes leftover after parsing attributes in process `syz.3.611'. [ 248.993129][ T8109] FAULT_INJECTION: forcing a failure. [ 248.993129][ T8109] name fail_futex, interval 1, probability 0, space 0, times 1 [ 249.305152][ T8109] CPU: 1 UID: 0 PID: 8109 Comm: syz.0.610 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 249.305185][ T8109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 249.305199][ T8109] Call Trace: [ 249.305206][ T8109] [ 249.305214][ T8109] dump_stack_lvl+0x16c/0x1f0 [ 249.305252][ T8109] should_fail_ex+0x512/0x640 [ 249.305283][ T8109] get_futex_key+0x49e/0x1000 [ 249.305312][ T8109] ? __pfx_get_futex_key+0x10/0x10 [ 249.305337][ T8109] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 249.305374][ T8109] ? ___pte_offset_map+0x1bc/0x540 [ 249.305413][ T8109] futex_wake+0xe7/0x4e0 [ 249.305446][ T8109] ? __pfx_futex_wake+0x10/0x10 [ 249.305481][ T8109] ? lock_vma_under_rcu+0x47d/0x970 [ 249.305518][ T8109] ? lock_vma_under_rcu+0x47d/0x970 [ 249.305559][ T8109] do_futex+0x1e3/0x350 [ 249.305586][ T8109] ? __pfx_do_futex+0x10/0x10 [ 249.305613][ T8109] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 249.305652][ T8109] __x64_sys_futex+0x1e0/0x4c0 [ 249.305680][ T8109] ? exc_page_fault+0x5c/0xc0 [ 249.305711][ T8109] ? __pfx___x64_sys_futex+0x10/0x10 [ 249.305749][ T8109] do_syscall_64+0xcd/0x230 [ 249.305784][ T8109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.305807][ T8109] RIP: 0033:0x7f0f5b58e169 [ 249.305824][ T8109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.305846][ T8109] RSP: 002b:00007f0f5c4730e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 249.305868][ T8109] RAX: ffffffffffffffda RBX: 00007f0f5b7b5fa8 RCX: 00007f0f5b58e169 [ 249.305883][ T8109] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f0f5b7b5fac [ 249.305897][ T8109] RBP: 00007f0f5b7b5fa0 R08: 00007f0f5c474000 R09: 0000000000000000 [ 249.305911][ T8109] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f0f5b7b5fac [ 249.305926][ T8109] R13: 0000000000000000 R14: 00007ffccb884390 R15: 00007ffccb884478 [ 249.305954][ T8109] [ 249.986923][ T8119] netlink: 338 bytes leftover after parsing attributes in process `syz.2.612'. [ 250.046193][ T8122] netlink: 338 bytes leftover after parsing attributes in process `syz.2.612'. [ 250.478843][ T8123] bond0: option all_slaves_active: invalid value () [ 251.485369][ T8136] bond0: option all_slaves_active: invalid value () [ 252.154849][ T8153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.621'. [ 252.557692][ T8160] netlink: 32 bytes leftover after parsing attributes in process `syz.1.622'. [ 253.196340][ T8175] netlink: 338 bytes leftover after parsing attributes in process `syz.0.627'. [ 253.277213][ T8176] netlink: 338 bytes leftover after parsing attributes in process `syz.0.627'. [ 253.789757][ T8181] netlink: 8 bytes leftover after parsing attributes in process `syz.0.629'. [ 253.985252][ T8186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.631'. [ 254.657238][ T8204] netlink: 504 bytes leftover after parsing attributes in process `syz.1.637'. [ 254.889911][ T8209] netlink: 32 bytes leftover after parsing attributes in process `syz.2.638'. [ 256.136310][ T8231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.644'. [ 256.983534][ T8234] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 256.990424][ T8234] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 256.996944][ T8234] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 257.018993][ T8234] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 258.120713][ T8256] FAULT_INJECTION: forcing a failure. [ 258.120713][ T8256] name failslab, interval 1, probability 0, space 0, times 0 [ 258.162814][ T8256] CPU: 1 UID: 0 PID: 8256 Comm: syz.2.651 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 258.162852][ T8256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 258.162867][ T8256] Call Trace: [ 258.162876][ T8256] [ 258.162885][ T8256] dump_stack_lvl+0x16c/0x1f0 [ 258.162929][ T8256] should_fail_ex+0x512/0x640 [ 258.162962][ T8256] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 258.162997][ T8256] should_failslab+0xc2/0x120 [ 258.163035][ T8256] __kmalloc_cache_noprof+0x6a/0x3e0 [ 258.163066][ T8256] ? fib6_net_init+0x24b/0xb00 [ 258.163102][ T8256] fib6_net_init+0x24b/0xb00 [ 258.163136][ T8256] ? __pfx_fib6_net_init+0x10/0x10 [ 258.163167][ T8256] ops_init+0x1df/0x5f0 [ 258.163209][ T8256] setup_net+0x21e/0x850 [ 258.163260][ T8256] ? __pfx_setup_net+0x10/0x10 [ 258.163297][ T8256] ? lockdep_init_map_type+0x5c/0x280 [ 258.163340][ T8256] ? __pfx_down_read_killable+0x10/0x10 [ 258.163370][ T8256] ? debug_mutex_init+0x37/0x70 [ 258.163402][ T8256] copy_net_ns+0x2a6/0x5f0 [ 258.163448][ T8256] create_new_namespaces+0x3ea/0xad0 [ 258.163489][ T8256] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 258.163525][ T8256] ksys_unshare+0x45b/0xa40 [ 258.163566][ T8256] ? __pfx_ksys_unshare+0x10/0x10 [ 258.163604][ T8256] ? xfd_validate_state+0x5d/0x180 [ 258.163635][ T8256] ? rcu_is_watching+0x12/0xc0 [ 258.163670][ T8256] __x64_sys_unshare+0x31/0x40 [ 258.163709][ T8256] do_syscall_64+0xcd/0x230 [ 258.163752][ T8256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.163780][ T8256] RIP: 0033:0x7f2cbcd8e169 [ 258.163801][ T8256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.163827][ T8256] RSP: 002b:00007f2cbdcc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 258.163854][ T8256] RAX: ffffffffffffffda RBX: 00007f2cbcfb5fa0 RCX: 00007f2cbcd8e169 [ 258.163871][ T8256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 258.163886][ T8256] RBP: 00007f2cbce10a68 R08: 0000000000000000 R09: 0000000000000000 [ 258.163901][ T8256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 258.163916][ T8256] R13: 0000000000000000 R14: 00007f2cbcfb5fa0 R15: 00007fffcd22d7d8 [ 258.163949][ T8256] [ 258.682912][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 259.004863][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 259.083994][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 259.090892][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 259.820708][ T8275] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 259.878054][ T8283] bridge0: port 3(team0) entered blocking state [ 259.884653][ T8283] bridge0: port 3(team0) entered disabled state [ 259.891078][ T8283] team0: entered allmulticast mode [ 259.896373][ T8283] team_slave_0: entered allmulticast mode [ 259.902216][ T8283] team_slave_1: entered allmulticast mode [ 259.908308][ T8275] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 259.914523][ T8283] team0: entered promiscuous mode [ 259.914570][ T8283] team_slave_0: entered promiscuous mode [ 259.914752][ T8283] team_slave_1: entered promiscuous mode [ 259.915586][ T8283] bridge0: port 3(team0) entered blocking state [ 259.937593][ T8283] bridge0: port 3(team0) entered forwarding state [ 259.975526][ T8275] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 259.981771][ T8275] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 260.298002][ T8297] ima: policy update failed [ 260.313480][ T30] audit: type=1802 audit(1745112789.578:2): pid=8297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.660" res=0 errno=0 [ 260.646013][ T8300] netlink: 28 bytes leftover after parsing attributes in process `syz.0.661'. [ 260.781127][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 260.789342][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.798586][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.963615][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 262.005040][ T8325] tipc: Started in network mode [ 262.009986][ T8325] tipc: Node identity ee00, cluster identity 4711 [ 262.042943][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 262.049064][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 262.055197][ T8325] tipc: Node number set to 60928 [ 262.405353][ T8334] FAULT_INJECTION: forcing a failure. [ 262.405353][ T8334] name failslab, interval 1, probability 0, space 0, times 0 [ 262.443219][ T8334] CPU: 1 UID: 0 PID: 8334 Comm: syz.2.671 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 262.443254][ T8334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 262.443270][ T8334] Call Trace: [ 262.443278][ T8334] [ 262.443288][ T8334] dump_stack_lvl+0x16c/0x1f0 [ 262.443331][ T8334] should_fail_ex+0x512/0x640 [ 262.443361][ T8334] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 262.443398][ T8334] should_failslab+0xc2/0x120 [ 262.443434][ T8334] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 262.443465][ T8334] ? copy_cgroup_ns+0xa4/0x6f0 [ 262.443492][ T8334] ? prepare_creds+0x2c/0x7d0 [ 262.443536][ T8334] prepare_creds+0x2c/0x7d0 [ 262.443580][ T8334] __do_sys_setns+0x4c2/0x1910 [ 262.443613][ T8334] ? fput+0x70/0xf0 [ 262.443646][ T8334] ? __pfx___do_sys_setns+0x10/0x10 [ 262.443675][ T8334] ? ksys_write+0x1b9/0x240 [ 262.443715][ T8334] do_syscall_64+0xcd/0x230 [ 262.443756][ T8334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.443783][ T8334] RIP: 0033:0x7f2cbcd8e169 [ 262.443803][ T8334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.443827][ T8334] RSP: 002b:00007f2cbdcc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000134 [ 262.443852][ T8334] RAX: ffffffffffffffda RBX: 00007f2cbcfb5fa0 RCX: 00007f2cbcd8e169 [ 262.443868][ T8334] RDX: 0000000000000000 RSI: 0000000010000000 RDI: 0000000000000003 [ 262.443884][ T8334] RBP: 00007f2cbdcc9090 R08: 0000000000000000 R09: 0000000000000000 [ 262.443899][ T8334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.443914][ T8334] R13: 0000000000000000 R14: 00007f2cbcfb5fa0 R15: 00007fffcd22d7d8 [ 262.443954][ T8334] [ 262.773354][ T8323] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 262.784292][ T8323] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 262.790434][ T8323] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 262.859012][ T8323] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 262.943275][ T8326] bridge0: port 3(team0) entered blocking state [ 263.053366][ T8326] bridge0: port 3(team0) entered disabled state [ 263.059800][ T8326] team0: entered allmulticast mode [ 263.097747][ T8326] team_slave_0: entered allmulticast mode [ 263.104597][ T8326] team_slave_1: entered allmulticast mode [ 263.135638][ T8326] team0: entered promiscuous mode [ 263.140709][ T8326] team_slave_0: entered promiscuous mode [ 263.160696][ T8326] team_slave_1: entered promiscuous mode [ 263.218164][ T8326] bridge0: port 3(team0) entered blocking state [ 263.224642][ T8326] bridge0: port 3(team0) entered forwarding state [ 263.361456][ T8344] netlink: 32 bytes leftover after parsing attributes in process `syz.2.674'. [ 264.360625][ T8345] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 264.380280][ T8354] netlink: 8 bytes leftover after parsing attributes in process `syz.2.676'. [ 264.462993][ T8345] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 264.503163][ T8345] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 264.587370][ T8345] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 265.496267][ T8362] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 265.502426][ T8362] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 265.541981][ T8362] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 265.550838][ T8362] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 265.890405][ T8366] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 265.922222][ T8378] netlink: 20 bytes leftover after parsing attributes in process `syz.3.684'. [ 265.953082][ T8366] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 265.959249][ T8366] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 266.058188][ T8366] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 266.521343][ T8373] FAULT_INJECTION: forcing a failure. [ 266.521343][ T8373] name failslab, interval 1, probability 0, space 0, times 0 [ 266.616543][ T8373] CPU: 0 UID: 0 PID: 8373 Comm: syz.1.683 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 266.616582][ T8373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 266.616598][ T8373] Call Trace: [ 266.616607][ T8373] [ 266.616617][ T8373] dump_stack_lvl+0x16c/0x1f0 [ 266.616670][ T8373] should_fail_ex+0x512/0x640 [ 266.616702][ T8373] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 266.616735][ T8373] should_failslab+0xc2/0x120 [ 266.616772][ T8373] __kmalloc_cache_noprof+0x6a/0x3e0 [ 266.616800][ T8373] ? proc_create_reg+0xe3/0x180 [ 266.616834][ T8373] ? ip6addrlbl_alloc+0x9a/0x2c0 [ 266.616883][ T8373] ip6addrlbl_alloc+0x9a/0x2c0 [ 266.616928][ T8373] ip6addrlbl_net_init+0x13d/0x400 [ 266.616977][ T8373] ? __pfx_ip6addrlbl_net_init+0x10/0x10 [ 266.617021][ T8373] ops_init+0x1df/0x5f0 [ 266.617064][ T8373] setup_net+0x21e/0x850 [ 266.617107][ T8373] ? __pfx_setup_net+0x10/0x10 [ 266.617143][ T8373] ? lockdep_init_map_type+0x5c/0x280 [ 266.617184][ T8373] ? __pfx_down_read_killable+0x10/0x10 [ 266.617214][ T8373] ? debug_mutex_init+0x37/0x70 [ 266.617246][ T8373] copy_net_ns+0x2a6/0x5f0 [ 266.617292][ T8373] create_new_namespaces+0x3ea/0xad0 [ 266.617334][ T8373] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 266.617370][ T8373] ksys_unshare+0x45b/0xa40 [ 266.617411][ T8373] ? __pfx_ksys_unshare+0x10/0x10 [ 266.617449][ T8373] ? xfd_validate_state+0x5d/0x180 [ 266.617480][ T8373] ? rcu_is_watching+0x12/0xc0 [ 266.617517][ T8373] __x64_sys_unshare+0x31/0x40 [ 266.617556][ T8373] do_syscall_64+0xcd/0x230 [ 266.617598][ T8373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.617624][ T8373] RIP: 0033:0x7f0aafd8e169 [ 266.617654][ T8373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.617681][ T8373] RSP: 002b:00007f0ab0cd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 266.617707][ T8373] RAX: ffffffffffffffda RBX: 00007f0aaffb5fa0 RCX: 00007f0aafd8e169 [ 266.617724][ T8373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 266.617739][ T8373] RBP: 00007f0aafe10a68 R08: 0000000000000000 R09: 0000000000000000 [ 266.617755][ T8373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 266.617770][ T8373] R13: 0000000000000000 R14: 00007f0aaffb5fa0 R15: 00007ffc6af00ee8 [ 266.617804][ T8373] [ 267.435972][ T8395] FAULT_INJECTION: forcing a failure. [ 267.435972][ T8395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.498269][ T8395] CPU: 0 UID: 0 PID: 8395 Comm: syz.0.688 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 267.498304][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 267.498319][ T8395] Call Trace: [ 267.498327][ T8395] [ 267.498336][ T8395] dump_stack_lvl+0x16c/0x1f0 [ 267.498378][ T8395] should_fail_ex+0x512/0x640 [ 267.498415][ T8395] _copy_to_user+0x32/0xd0 [ 267.498452][ T8395] simple_read_from_buffer+0xcb/0x170 [ 267.498496][ T8395] proc_fail_nth_read+0x197/0x270 [ 267.498537][ T8395] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 267.498586][ T8395] ? rw_verify_area+0xcf/0x680 [ 267.498626][ T8395] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 267.498667][ T8395] vfs_read+0x1de/0xc70 [ 267.498699][ T8395] ? __pfx___mutex_lock+0x10/0x10 [ 267.498736][ T8395] ? __pfx_vfs_read+0x10/0x10 [ 267.498773][ T8395] ? __fget_files+0x20e/0x3c0 [ 267.498809][ T8395] ksys_read+0x12a/0x240 [ 267.498836][ T8395] ? __pfx_ksys_read+0x10/0x10 [ 267.498860][ T8395] ? rcu_is_watching+0x12/0xc0 [ 267.498898][ T8395] do_syscall_64+0xcd/0x230 [ 267.498939][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.498965][ T8395] RIP: 0033:0x7f0f5b58cb7c [ 267.498986][ T8395] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 267.499011][ T8395] RSP: 002b:00007f0f5c473030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 267.499033][ T8395] RAX: ffffffffffffffda RBX: 00007f0f5b7b5fa0 RCX: 00007f0f5b58cb7c [ 267.499050][ T8395] RDX: 000000000000000f RSI: 00007f0f5c4730a0 RDI: 0000000000000004 [ 267.499065][ T8395] RBP: 00007f0f5c473090 R08: 0000000000000000 R09: 0000000000000000 [ 267.499079][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.499093][ T8395] R13: 0000000000000000 R14: 00007f0f5b7b5fa0 R15: 00007ffccb884478 [ 267.499124][ T8395] [ 267.931825][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout [ 267.962902][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 267.968945][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 268.135901][ T5853] Bluetooth: hci3: command 0x0c1a tx timeout [ 268.539150][ T8402] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 268.553660][ T8402] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 268.596766][ T8402] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 268.627873][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.0.694'. [ 268.661288][ T8402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 270.059832][ T8439] netlink: 338 bytes leftover after parsing attributes in process `syz.2.699'. [ 270.113780][ T8439] netlink: 338 bytes leftover after parsing attributes in process `syz.2.699'. [ 270.472926][ T8420] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 270.519857][ T8420] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 270.566751][ T8420] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 270.627019][ T8420] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 271.095914][ T8456] netlink: 20 bytes leftover after parsing attributes in process `syz.1.704'. [ 272.075536][ T8460] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 272.082424][ T8460] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 272.101190][ T8460] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 272.116333][ T8460] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 272.159135][ T8466] FAULT_INJECTION: forcing a failure. [ 272.159135][ T8466] name failslab, interval 1, probability 0, space 0, times 0 [ 272.192967][ T8466] CPU: 0 UID: 0 PID: 8466 Comm: syz.1.707 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 272.193002][ T8466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 272.193018][ T8466] Call Trace: [ 272.193027][ T8466] [ 272.193037][ T8466] dump_stack_lvl+0x16c/0x1f0 [ 272.193080][ T8466] should_fail_ex+0x512/0x640 [ 272.193110][ T8466] ? __kmalloc_noprof+0xbf/0x510 [ 272.193145][ T8466] ? __register_sysctl_table+0xea2/0x1900 [ 272.193177][ T8466] should_failslab+0xc2/0x120 [ 272.193211][ T8466] __kmalloc_noprof+0xd2/0x510 [ 272.193253][ T8466] ? __register_sysctl_table+0xe8e/0x1900 [ 272.193295][ T8466] __register_sysctl_table+0xea2/0x1900 [ 272.193337][ T8466] ? __pfx___register_sysctl_table+0x10/0x10 [ 272.193370][ T8466] ? is_module_address+0x69/0xf0 [ 272.193408][ T8466] ? register_net_sysctl_sz+0x228/0x3e0 [ 272.193460][ T8466] __addrconf_sysctl_register+0x1a2/0x360 [ 272.193499][ T8466] ? __pfx___addrconf_sysctl_register+0x10/0x10 [ 272.193539][ T8466] ? addrconf_init_net+0x1e9/0x8f0 [ 272.193573][ T8466] ? __asan_memcpy+0x3c/0x60 [ 272.193604][ T8466] addrconf_init_net+0x541/0x8f0 [ 272.193639][ T8466] ? __pfx_addrconf_init_net+0x10/0x10 [ 272.193671][ T8466] ops_init+0x1df/0x5f0 [ 272.193714][ T8466] setup_net+0x21e/0x850 [ 272.193757][ T8466] ? __pfx_setup_net+0x10/0x10 [ 272.193794][ T8466] ? lockdep_init_map_type+0x5c/0x280 [ 272.193835][ T8466] ? __pfx_down_read_killable+0x10/0x10 [ 272.193865][ T8466] ? debug_mutex_init+0x37/0x70 [ 272.193897][ T8466] copy_net_ns+0x2a6/0x5f0 [ 272.193943][ T8466] create_new_namespaces+0x3ea/0xad0 [ 272.193984][ T8466] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 272.194021][ T8466] ksys_unshare+0x45b/0xa40 [ 272.194062][ T8466] ? __pfx_ksys_unshare+0x10/0x10 [ 272.194100][ T8466] ? xfd_validate_state+0x5d/0x180 [ 272.194130][ T8466] ? rcu_is_watching+0x12/0xc0 [ 272.194166][ T8466] __x64_sys_unshare+0x31/0x40 [ 272.194205][ T8466] do_syscall_64+0xcd/0x230 [ 272.194268][ T8466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.194296][ T8466] RIP: 0033:0x7f0aafd8e169 [ 272.194317][ T8466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.194344][ T8466] RSP: 002b:00007f0ab0cd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 272.194369][ T8466] RAX: ffffffffffffffda RBX: 00007f0aaffb5fa0 RCX: 00007f0aafd8e169 [ 272.194386][ T8466] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 272.194401][ T8466] RBP: 00007f0aafe10a68 R08: 0000000000000000 R09: 0000000000000000 [ 272.194416][ T8466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.194430][ T8466] R13: 0000000000000000 R14: 00007f0aaffb5fa0 R15: 00007ffc6af00ee8 [ 272.194464][ T8466] [ 272.195838][ T8466] sysctl could not get directory: /net/ipv6/conf/default -12 [ 272.591764][ T8473] netlink: 338 bytes leftover after parsing attributes in process `syz.3.709'. [ 272.621924][ T8473] netlink: 338 bytes leftover after parsing attributes in process `syz.3.709'. [ 273.563017][ T8494] netlink: 20 bytes leftover after parsing attributes in process `syz.0.715'. [ 274.121745][ T8481] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 274.128241][ T8481] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 274.132857][ T5853] Bluetooth: hci3: command 0x0c1a tx timeout [ 274.135423][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 274.205422][ T8481] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 274.216600][ T8481] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 274.426097][ T8505] FAULT_INJECTION: forcing a failure. [ 274.426097][ T8505] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 274.466522][ T8505] CPU: 1 UID: 0 PID: 8505 Comm: syz.2.719 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 274.466556][ T8505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 274.466571][ T8505] Call Trace: [ 274.466579][ T8505] [ 274.466589][ T8505] dump_stack_lvl+0x16c/0x1f0 [ 274.466630][ T8505] should_fail_ex+0x512/0x640 [ 274.466667][ T8505] _copy_from_user+0x2e/0xd0 [ 274.466703][ T8505] ____sys_sendmsg+0x607/0xc70 [ 274.466732][ T8505] ? __pfx_____sys_sendmsg+0x10/0x10 [ 274.466763][ T8505] ? __pfx__kstrtoull+0x10/0x10 [ 274.466812][ T8505] ___sys_sendmsg+0x134/0x1d0 [ 274.466849][ T8505] ? __pfx____sys_sendmsg+0x10/0x10 [ 274.466902][ T8505] ? find_held_lock+0x2b/0x80 [ 274.466952][ T8505] __sys_sendmmsg+0x200/0x420 [ 274.466992][ T8505] ? __pfx___sys_sendmmsg+0x10/0x10 [ 274.467040][ T8505] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 274.467092][ T8505] ? fput+0x70/0xf0 [ 274.467124][ T8505] ? ksys_write+0x1b9/0x240 [ 274.467150][ T8505] ? __pfx_ksys_write+0x10/0x10 [ 274.467176][ T8505] ? rcu_is_watching+0x12/0xc0 [ 274.467208][ T8505] __x64_sys_sendmmsg+0x9c/0x100 [ 274.467242][ T8505] ? lockdep_hardirqs_on+0x7c/0x110 [ 274.467277][ T8505] do_syscall_64+0xcd/0x230 [ 274.467317][ T8505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.467349][ T8505] RIP: 0033:0x7f2cbcd8e169 [ 274.467369][ T8505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.467392][ T8505] RSP: 002b:00007f2cbdcc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 274.467416][ T8505] RAX: ffffffffffffffda RBX: 00007f2cbcfb5fa0 RCX: 00007f2cbcd8e169 [ 274.467433][ T8505] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 274.467448][ T8505] RBP: 00007f2cbdcc9090 R08: 0000000000000000 R09: 0000000000000000 [ 274.467462][ T8505] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 274.467477][ T8505] R13: 0000000000000000 R14: 00007f2cbcfb5fa0 R15: 00007fffcd22d7d8 [ 274.467510][ T8505] [ 275.402823][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 276.020410][ T8533] netlink: 20 bytes leftover after parsing attributes in process `syz.1.730'. [ 276.202929][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 276.283386][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 276.283851][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 276.608005][ T8534] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 276.640028][ T8534] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 276.713190][ T8534] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 276.719308][ T8534] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 277.182621][ T8545] netlink: 28 bytes leftover after parsing attributes in process `syz.0.731'. [ 277.262558][ T8543] netlink: 342 bytes leftover after parsing attributes in process `syz.2.733'. [ 278.297262][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 278.683175][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 278.766268][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 278.766286][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 279.106638][ T8582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.744'. [ 279.324205][ T8565] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 279.342950][ T8565] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 279.362961][ T8565] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 279.393076][ T8565] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 279.547864][ T8590] netlink: 4 bytes leftover after parsing attributes in process `syz.2.748'. [ 280.522893][ T5853] Bluetooth: hci0: command 0x0c1a tx timeout [ 280.893336][ T8609] netlink: 338 bytes leftover after parsing attributes in process `syz.1.754'. [ 280.941774][ T8611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.755'. [ 280.951509][ T8609] netlink: 338 bytes leftover after parsing attributes in process `syz.1.754'. [ 281.403082][ T5853] Bluetooth: hci3: command 0x0c1a tx timeout [ 281.403099][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 281.403139][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 283.908889][ T8643] netlink: 28 bytes leftover after parsing attributes in process `syz.2.765'. [ 285.392691][ T8664] FAULT_INJECTION: forcing a failure. [ 285.392691][ T8664] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 285.412829][ T8664] CPU: 1 UID: 0 PID: 8664 Comm: syz.2.773 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 285.412863][ T8664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 285.412878][ T8664] Call Trace: [ 285.412886][ T8664] [ 285.412896][ T8664] dump_stack_lvl+0x16c/0x1f0 [ 285.412937][ T8664] should_fail_ex+0x512/0x640 [ 285.412975][ T8664] _copy_from_user+0x2e/0xd0 [ 285.413011][ T8664] __sys_bpf+0x21d/0x4d80 [ 285.413057][ T8664] ? __pfx___sys_bpf+0x10/0x10 [ 285.413096][ T8664] ? vfs_write+0x316/0x1180 [ 285.413121][ T8664] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 285.413170][ T8664] ? __pfx_vfs_write+0x10/0x10 [ 285.413199][ T8664] ? do_sys_openat2+0x157/0x1d0 [ 285.413255][ T8664] ? ksys_write+0x1b9/0x240 [ 285.413301][ T8664] ? __pfx_ksys_write+0x10/0x10 [ 285.413345][ T8664] ? rcu_is_watching+0x12/0xc0 [ 285.413381][ T8664] __x64_sys_bpf+0x78/0xc0 [ 285.413425][ T8664] ? lockdep_hardirqs_on+0x7c/0x110 [ 285.413463][ T8664] do_syscall_64+0xcd/0x230 [ 285.413507][ T8664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.413535][ T8664] RIP: 0033:0x7f2cbcd8e169 [ 285.413557][ T8664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.413583][ T8664] RSP: 002b:00007f2cbdcc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 285.413608][ T8664] RAX: ffffffffffffffda RBX: 00007f2cbcfb5fa0 RCX: 00007f2cbcd8e169 [ 285.413626][ T8664] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 285.413642][ T8664] RBP: 00007f2cbdcc9090 R08: 0000000000000000 R09: 0000000000000000 [ 285.413658][ T8664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.413674][ T8664] R13: 0000000000000000 R14: 00007f2cbcfb5fa0 R15: 00007fffcd22d7d8 [ 285.413710][ T8664] [ 285.819900][ T8671] FAULT_INJECTION: forcing a failure. [ 285.819900][ T8671] name failslab, interval 1, probability 0, space 0, times 0 [ 285.879386][ T8671] CPU: 1 UID: 0 PID: 8671 Comm: syz.1.772 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 285.879421][ T8671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 285.879436][ T8671] Call Trace: [ 285.879445][ T8671] [ 285.879454][ T8671] dump_stack_lvl+0x16c/0x1f0 [ 285.879496][ T8671] should_fail_ex+0x512/0x640 [ 285.879527][ T8671] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 285.879564][ T8671] should_failslab+0xc2/0x120 [ 285.879598][ T8671] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 285.879631][ T8671] ? __alloc_skb+0x2b2/0x380 [ 285.879669][ T8671] __alloc_skb+0x2b2/0x380 [ 285.879701][ T8671] ? __pfx___alloc_skb+0x10/0x10 [ 285.879738][ T8671] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 285.879775][ T8671] ? __lock_acquire+0xaa4/0x1ba0 [ 285.879817][ T8671] netlink_alloc_large_skb+0x69/0x130 [ 285.879856][ T8671] netlink_sendmsg+0x6a1/0xdd0 [ 285.879901][ T8671] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.879952][ T8671] ____sys_sendmsg+0xa95/0xc70 [ 285.879979][ T8671] ? copy_msghdr_from_user+0x10a/0x160 [ 285.880014][ T8671] ? __pfx_____sys_sendmsg+0x10/0x10 [ 285.880055][ T8671] ___sys_sendmsg+0x134/0x1d0 [ 285.880093][ T8671] ? __pfx____sys_sendmsg+0x10/0x10 [ 285.880170][ T8671] __sys_sendmsg+0x16d/0x220 [ 285.880205][ T8671] ? __pfx___sys_sendmsg+0x10/0x10 [ 285.880264][ T8671] ? rcu_is_watching+0x12/0xc0 [ 285.880301][ T8671] do_syscall_64+0xcd/0x230 [ 285.880342][ T8671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.880368][ T8671] RIP: 0033:0x7f0aafd8e169 [ 285.880387][ T8671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.880411][ T8671] RSP: 002b:00007f0ab0cd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.880435][ T8671] RAX: ffffffffffffffda RBX: 00007f0aaffb5fa0 RCX: 00007f0aafd8e169 [ 285.880450][ T8671] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000003 [ 285.880464][ T8671] RBP: 00007f0ab0cd6090 R08: 0000000000000000 R09: 0000000000000000 [ 285.880478][ T8671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.880492][ T8671] R13: 0000000000000000 R14: 00007f0aaffb5fa0 R15: 00007ffc6af00ee8 [ 285.880524][ T8671] [ 286.707236][ T8685] netlink: 338 bytes leftover after parsing attributes in process `syz.1.779'. [ 286.755076][ T8685] netlink: 338 bytes leftover after parsing attributes in process `syz.1.779'. [ 286.775153][ T8687] netlink: 28 bytes leftover after parsing attributes in process `syz.3.776'. [ 286.867027][ T8688] netlink: 'syz.1.779': attribute type 19 has an invalid length. [ 286.878752][ T8691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.781'. [ 286.979535][ T8688] netlink: 114 bytes leftover after parsing attributes in process `syz.1.779'. [ 288.602246][ T8701] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 288.609513][ T8701] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 288.624722][ T8701] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 288.641075][ T8701] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 289.819039][ T8721] netlink: 28 bytes leftover after parsing attributes in process `syz.3.791'. [ 290.043012][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 290.579257][ T8734] netlink: 32 bytes leftover after parsing attributes in process `syz.3.795'. [ 290.682983][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 290.687940][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout [ 290.689026][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 292.116005][ T8753] sctp: failed to load transform for md5: -4 [ 292.600096][ T8471] syz.0.702 (8471) used greatest stack depth: 21016 bytes left [ 292.644442][ T8770] netlink: 28 bytes leftover after parsing attributes in process `syz.2.807'. [ 293.399870][ T8431] syz.0.696 (8431) used greatest stack depth: 19976 bytes left [ 293.784717][ T8793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.815'. [ 294.025679][ T8781] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 294.050211][ T8781] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 294.070969][ T8781] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 294.093315][ T8781] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 294.522308][ T8806] netlink: 28 bytes leftover after parsing attributes in process `syz.2.819'. [ 295.428140][ T8815] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[8815] [ 295.563084][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 296.052850][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 296.124609][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 296.130690][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 297.029042][ T8832] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 297.077887][ T8832] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 297.104951][ T8832] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 297.111174][ T8832] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 297.950718][ T8869] bridge0: port 4(vlan1) entered blocking state [ 297.959719][ T8869] bridge0: port 4(vlan1) entered disabled state [ 297.970185][ T8869] vlan1: entered allmulticast mode [ 297.977499][ T8869] veth0_vlan: entered allmulticast mode [ 297.988866][ T8869] vlan1: entered promiscuous mode [ 297.995514][ T8869] bridge0: port 4(vlan1) entered blocking state [ 298.001918][ T8869] bridge0: port 4(vlan1) entered forwarding state [ 298.522882][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 299.076701][ T8851] bridge0: port 3(team0) entered blocking state [ 299.090830][ T8851] bridge0: port 3(team0) entered disabled state [ 299.092874][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout [ 299.161194][ T8851] team0: entered allmulticast mode [ 299.173778][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 299.179964][ T5853] Bluetooth: hci2: command 0x0c1a tx timeout [ 299.214999][ T8851] team_slave_0: entered allmulticast mode [ 299.232989][ T8851] team_slave_1: entered allmulticast mode [ 299.271195][ T8851] team0: entered promiscuous mode [ 299.285278][ T8851] team_slave_0: entered promiscuous mode [ 299.314620][ T8851] team_slave_1: entered promiscuous mode [ 299.353606][ T8851] bridge0: port 3(team0) entered blocking state [ 299.360012][ T8851] bridge0: port 3(team0) entered forwarding state [ 299.430211][ T8890] netlink: 'syz.3.842': attribute type 19 has an invalid length. [ 299.468106][ T8890] netlink: 114 bytes leftover after parsing attributes in process `syz.3.842'. [ 299.531357][ T8875] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[8875] [ 300.308852][ T8914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.850'. [ 300.453509][ T8918] netlink: 'syz.1.852': attribute type 19 has an invalid length. [ 300.485347][ T8918] netlink: 114 bytes leftover after parsing attributes in process `syz.1.852'. [ 301.104972][ T8916] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 301.111679][ T8916] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 301.117879][ T8916] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 301.125222][ T8916] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 302.230443][ T8960] netlink: 28 bytes leftover after parsing attributes in process `syz.1.865'. [ 302.415682][ T8964] netlink: 28 bytes leftover after parsing attributes in process `syz.2.862'. [ 302.602905][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout [ 303.162990][ T5152] Bluetooth: hci3: command 0x0c1a tx timeout [ 303.169136][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 303.175170][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout [ 303.430408][ T8982] netlink: 28 bytes leftover after parsing attributes in process `syz.0.869'. [ 304.593007][ T9009] [ 304.595376][ T9009] ====================================================== [ 304.602404][ T9009] WARNING: possible circular locking dependency detected [ 304.609432][ T9009] 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 Not tainted [ 304.616571][ T9009] ------------------------------------------------------ [ 304.623601][ T9009] syz.1.878/9009 is trying to acquire lock: [ 304.629498][ T9009] ffff888142f51958 (&q->elevator_lock){+.+.}-{4:4}, at: queue_wb_lat_store+0x187/0x3d0 [ 304.639191][ T9009] [ 304.639191][ T9009] but task is already holding lock: [ 304.646574][ T9009] ffff888142f51428 (&q->q_usage_counter(io)#20){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 304.657850][ T9009] [ 304.657850][ T9009] which lock already depends on the new lock. [ 304.657850][ T9009] [ 304.668263][ T9009] [ 304.668263][ T9009] the existing dependency chain (in reverse order) is: [ 304.677287][ T9009] [ 304.677287][ T9009] -> #2 (&q->q_usage_counter(io)#20){++++}-{0:0}: [ 304.685933][ T9009] blk_alloc_queue+0x619/0x760 [ 304.691239][ T9009] blk_mq_alloc_queue+0x179/0x290 [ 304.696842][ T9009] __blk_mq_alloc_disk+0x29/0x120 [ 304.702415][ T9009] loop_add+0x496/0xb70 [ 304.707122][ T9009] loop_init+0x164/0x270 [ 304.711929][ T9009] do_one_initcall+0x120/0x6e0 [ 304.717255][ T9009] kernel_init_freeable+0x5c2/0x900 [ 304.723020][ T9009] kernel_init+0x1c/0x2b0 [ 304.727894][ T9009] ret_from_fork+0x45/0x80 [ 304.732861][ T9009] ret_from_fork_asm+0x1a/0x30 [ 304.738195][ T9009] [ 304.738195][ T9009] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 304.745437][ T9009] fs_reclaim_acquire+0x102/0x150 [ 304.751022][ T9009] kmem_cache_alloc_noprof+0x53/0x3b0 [ 304.756937][ T9009] __kernfs_new_node+0xd2/0x8a0 [ 304.762313][ T9009] kernfs_new_node+0x13c/0x1e0 [ 304.767622][ T9009] kernfs_create_dir_ns+0x4c/0x1a0 [ 304.773262][ T9009] sysfs_create_dir_ns+0x13a/0x2b0 [ 304.778895][ T9009] kobject_add_internal+0x2c4/0x9b0 [ 304.784646][ T9009] kobject_add+0x16e/0x240 [ 304.789586][ T9009] elv_register_queue+0xd3/0x2a0 [ 304.795045][ T9009] blk_register_queue+0x3c4/0x560 [ 304.800599][ T9009] add_disk_fwnode+0x911/0x13a0 [ 304.805976][ T9009] nbd_dev_add+0x78e/0xbb0 [ 304.810926][ T9009] nbd_init+0x181/0x320 [ 304.815610][ T9009] do_one_initcall+0x120/0x6e0 [ 304.820922][ T9009] kernel_init_freeable+0x5c2/0x900 [ 304.826653][ T9009] kernel_init+0x1c/0x2b0 [ 304.831503][ T9009] ret_from_fork+0x45/0x80 [ 304.836458][ T9009] ret_from_fork_asm+0x1a/0x30 [ 304.841757][ T9009] [ 304.841757][ T9009] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 304.849586][ T9009] __lock_acquire+0x1173/0x1ba0 [ 304.854970][ T9009] lock_acquire+0x179/0x350 [ 304.860008][ T9009] __mutex_lock+0x199/0xb90 [ 304.865044][ T9009] queue_wb_lat_store+0x187/0x3d0 [ 304.870595][ T9009] queue_attr_store+0x270/0x310 [ 304.875978][ T9009] sysfs_kf_write+0xef/0x150 [ 304.881101][ T9009] kernfs_fop_write_iter+0x351/0x510 [ 304.886939][ T9009] vfs_write+0x5ba/0x1180 [ 304.891803][ T9009] ksys_write+0x12a/0x240 [ 304.896654][ T9009] do_syscall_64+0xcd/0x230 [ 304.901709][ T9009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.908144][ T9009] [ 304.908144][ T9009] other info that might help us debug this: [ 304.908144][ T9009] [ 304.918412][ T9009] Chain exists of: [ 304.918412][ T9009] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#20 [ 304.918412][ T9009] [ 304.932190][ T9009] Possible unsafe locking scenario: [ 304.932190][ T9009] [ 304.939660][ T9009] CPU0 CPU1 [ 304.945021][ T9009] ---- ---- [ 304.950390][ T9009] lock(&q->q_usage_counter(io)#20); [ 304.955771][ T9009] lock(fs_reclaim); [ 304.962276][ T9009] lock(&q->q_usage_counter(io)#20); [ 304.970183][ T9009] lock(&q->elevator_lock); [ 304.974785][ T9009] [ 304.974785][ T9009] *** DEADLOCK *** [ 304.974785][ T9009] [ 304.982932][ T9009] 6 locks held by syz.1.878/9009: [ 304.987951][ T9009] #0: ffff888033a3d278 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 304.997025][ T9009] #1: ffff888034a7e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 305.006016][ T9009] #2: ffff888034072488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 305.015784][ T9009] #3: ffff888024f330f8 (kn->active#86){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 305.025841][ T9009] #4: ffff888142f51428 (&q->q_usage_counter(io)#20){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 305.037529][ T9009] #5: ffff888142f51460 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 305.049488][ T9009] [ 305.049488][ T9009] stack backtrace: [ 305.055387][ T9009] CPU: 1 UID: 0 PID: 9009 Comm: syz.1.878 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 305.055416][ T9009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 305.055430][ T9009] Call Trace: [ 305.055438][ T9009] [ 305.055447][ T9009] dump_stack_lvl+0x116/0x1f0 [ 305.055481][ T9009] print_circular_bug+0x275/0x350 [ 305.055512][ T9009] check_noncircular+0x14c/0x170 [ 305.055546][ T9009] __lock_acquire+0x1173/0x1ba0 [ 305.055583][ T9009] lock_acquire+0x179/0x350 [ 305.055612][ T9009] ? queue_wb_lat_store+0x187/0x3d0 [ 305.055643][ T9009] ? __pfx___might_resched+0x10/0x10 [ 305.055670][ T9009] ? do_raw_spin_lock+0x12c/0x2b0 [ 305.055691][ T9009] __mutex_lock+0x199/0xb90 [ 305.055724][ T9009] ? queue_wb_lat_store+0x187/0x3d0 [ 305.055754][ T9009] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 305.055784][ T9009] ? queue_wb_lat_store+0x187/0x3d0 [ 305.055812][ T9009] ? lockdep_hardirqs_on+0x7c/0x110 [ 305.055843][ T9009] ? __pfx___mutex_lock+0x10/0x10 [ 305.055880][ T9009] ? __pfx_autoremove_wake_function+0x10/0x10 [ 305.055918][ T9009] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 305.055949][ T9009] ? queue_wb_lat_store+0x187/0x3d0 [ 305.055977][ T9009] queue_wb_lat_store+0x187/0x3d0 [ 305.056007][ T9009] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 305.056039][ T9009] ? __mutex_trylock_common+0xe9/0x250 [ 305.056071][ T9009] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 305.056101][ T9009] queue_attr_store+0x270/0x310 [ 305.056131][ T9009] ? __pfx_queue_attr_store+0x10/0x10 [ 305.056168][ T9009] ? find_held_lock+0x2b/0x80 [ 305.056191][ T9009] ? sysfs_file_kobj+0xe4/0x290 [ 305.056226][ T9009] ? __pfx_queue_attr_store+0x10/0x10 [ 305.056255][ T9009] sysfs_kf_write+0xef/0x150 [ 305.056290][ T9009] kernfs_fop_write_iter+0x351/0x510 [ 305.056320][ T9009] ? __pfx_sysfs_kf_write+0x10/0x10 [ 305.056355][ T9009] vfs_write+0x5ba/0x1180 [ 305.056377][ T9009] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 305.056409][ T9009] ? __pfx___mutex_lock+0x10/0x10 [ 305.056441][ T9009] ? __pfx_vfs_write+0x10/0x10 [ 305.056473][ T9009] ksys_write+0x12a/0x240 [ 305.056495][ T9009] ? __pfx_ksys_write+0x10/0x10 [ 305.056522][ T9009] do_syscall_64+0xcd/0x230 [ 305.056556][ T9009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.056579][ T9009] RIP: 0033:0x7f0aafd8e169 [ 305.056596][ T9009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.056619][ T9009] RSP: 002b:00007f0ab0cd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 305.056639][ T9009] RAX: ffffffffffffffda RBX: 00007f0aaffb5fa0 RCX: 00007f0aafd8e169 [ 305.056654][ T9009] RDX: 0000000000000081 RSI: 0000200000000180 RDI: 0000000000000003 [ 305.056668][ T9009] RBP: 00007f0ab0cd6090 R08: 0000000000000000 R09: 0000000000000000 [ 305.056681][ T9009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.056695][ T9009] R13: 0000000000000000 R14: 00007f0aaffb5fa0 R15: 00007ffc6af00ee8 [ 305.056716][ T9009] [ 305.412820][ T9009] FAULT_INJECTION: forcing a failure. [ 305.412820][ T9009] name failslab, interval 1, probability 0, space 0, times 0 [ 305.426799][ T9009] CPU: 0 UID: 0 PID: 9009 Comm: syz.1.878 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 305.426835][ T9009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 305.426851][ T9009] Call Trace: [ 305.426858][ T9009] [ 305.426872][ T9009] dump_stack_lvl+0x16c/0x1f0 [ 305.426912][ T9009] should_fail_ex+0x512/0x640 [ 305.426944][ T9009] should_failslab+0xc2/0x120 [ 305.426979][ T9009] __kmalloc_cache_noprof+0x6a/0x3e0 [ 305.427007][ T9009] ? wbt_init+0x80/0x540 [ 305.427044][ T9009] wbt_init+0x80/0x540 [ 305.427081][ T9009] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 305.427116][ T9009] queue_wb_lat_store+0x35e/0x3d0 [ 305.427152][ T9009] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 305.427188][ T9009] ? __mutex_trylock_common+0xe9/0x250 [ 305.427227][ T9009] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 305.427261][ T9009] queue_attr_store+0x270/0x310 [ 305.427296][ T9009] ? __pfx_queue_attr_store+0x10/0x10 [ 305.427338][ T9009] ? find_held_lock+0x2b/0x80 [ 305.427365][ T9009] ? sysfs_file_kobj+0xe4/0x290 [ 305.427406][ T9009] ? __pfx_queue_attr_store+0x10/0x10 [ 305.427439][ T9009] sysfs_kf_write+0xef/0x150 [ 305.427478][ T9009] kernfs_fop_write_iter+0x351/0x510 [ 305.427512][ T9009] ? __pfx_sysfs_kf_write+0x10/0x10 [ 305.427553][ T9009] vfs_write+0x5ba/0x1180 [ 305.427580][ T9009] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 305.427616][ T9009] ? __pfx___mutex_lock+0x10/0x10 [ 305.427655][ T9009] ? __pfx_vfs_write+0x10/0x10 [ 305.427691][ T9009] ksys_write+0x12a/0x240 [ 305.427718][ T9009] ? __pfx_ksys_write+0x10/0x10 [ 305.427750][ T9009] do_syscall_64+0xcd/0x230 [ 305.427792][ T9009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.427819][ T9009] RIP: 0033:0x7f0aafd8e169 [ 305.427838][ T9009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.427869][ T9009] RSP: 002b:00007f0ab0cd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 305.427893][ T9009] RAX: ffffffffffffffda RBX: 00007f0aaffb5fa0 RCX: 00007f0aafd8e169 [ 305.427911][ T9009] RDX: 0000000000000081 RSI: 0000200000000180 RDI: 0000000000000003 [ 305.427928][ T9009] RBP: 00007f0ab0cd6090 R08: 0000000000000000 R09: 0000000000000000 [ 305.427943][ T9009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.427959][ T9009] R13: 0000000000000000 R14: 00007f0aaffb5fa0 R15: 00007ffc6af00ee8 [ 305.427983][ T9009] [ 305.872779][ T9000] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 305.878975][ T9000] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 305.887986][ T9000] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 305.898297][ T9000] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 306.602859][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 307.962885][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout [ 307.962936][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 307.968995][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout