last executing test programs: 9.152322113s ago: executing program 3 (id=2253): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(r0, &(0x7f0000000040)=@phonet={0x23, 0x9, 0x5, 0xdc}, 0x4b7cbea) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0xe0742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x80000001, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x3) madvise$auto(0x0, 0x2003f0, 0x15) getresgid$auto(0x0, &(0x7f0000000a40)=0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40, 0x0) setsockopt$auto(r1, 0x1, 0x10, &(0x7f0000000280)='\x00\x15\x8d\xca`\xbcgY\xd2w\xf6\xaedN\x00\x00\x00\x00\x04\x00\x00\x00*\xaaL\'\xab>q\x9e\xdd`\x84_\r\xc2\x17\xb1\xaf\xd2\f\xfd[Iy\xbb*$\xec\xca\x8b\xde\xdcV@\x04+\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xc3\xa2\x1a\xf1\xdf\x12\b?Q\xec*\b`\'\xfe\xcb\xe9\xc0\xf4\x119\xf6f\v\xf7\x13\xe6\xd8\xa2\xd3\xfd\xa7', 0xba) shmctl$auto_SHM_LOCK(0x1, 0xb, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x4000080) mmap$auto(0x0, 0x5, 0x4000000000df, 0x40eb1, 0x401, 0x9) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0xb4d3) write$auto(r0, 0x0, 0x7ff) write$auto(0x3, 0x0, 0xffd8) 8.511117012s ago: executing program 1 (id=2255): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip_vs_stats_percpu\x00', 0x20000, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0xfffffffffffffffd, 0x40009, 0xdf, 0x12, 0x7, 0x28000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x20000, 0x0) bpf$auto(0x5, 0x0, 0x8a) io_uring_setup$auto(0x6, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) uname$auto(0x0) mmap$auto(0x0, 0x440009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x2a, 0x2, 0x6) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000100)="c134c91d000d0f79fb183e1ada3482992f1863d5997623ddaf08e5efda0400000047c6222069") semctl$auto_SETVAL(0x7fff, 0xfffffffa, 0x10, 0x9) sendmsg$auto_IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x801) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10b402, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r2 = socket(0x2b, 0x1, 0x1) r3 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20000001) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0xc07e0000, 0x0, 0x4}, 0x400c000) socket(0x2b, 0x1, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x109402, 0x0) 6.65452329s ago: executing program 3 (id=2257): bpf$auto(0x10, &(0x7f0000001700)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x5, 0x2, 0xffffffffffffffff, @relative_id=0x10, 0x5}, 0x63a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, r0, 0x1400000, 0x5}, 0x6f4) r1 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/usb/usbmon/13t\x00', 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001500)='/sys/kernel/irq/5/actions\x00', 0x22040, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000180)=""/109, 0x6d) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bus/usb/036/001\x00', 0x292200, 0x0) readv$auto(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0x1}, 0x7) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/bus/usb/003/001\x00', 0x80801, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) getegid() close_range$auto(0x2, 0x8, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) setsockopt$auto(0xffffffffffffffff, 0x10000008, 0x8005, 0x0, 0x2) unshare$auto(0x40000080) mmap$auto(0x2, 0x4020009, 0x3, 0xeb1, 0x401, 0x4000008000) madvise$auto(0x80000001, 0x2, 0xffff) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) ioctl$auto_SOUND_OLD_MIXER_INFO(r3, 0x80304d65, &(0x7f0000000200)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) 6.447141568s ago: executing program 1 (id=2259): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto_proc_single_file_operations_base(0xffffffffffffffff, &(0x7f00000000c0)=""/41, 0x11) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) memfd_create$auto(0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) setitimer$auto(0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_REG(0xffffffffffffffff, 0x0, 0x40004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0xfffffdef) 4.879402939s ago: executing program 2 (id=2264): openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$auto(0x3, 0x541b, 0x10000000000402) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x3c, r1, 0x1b, 0x74bd26, 0x25dfdbf9, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x6, 0x0, 0x1, [@nested={0x4, 0x2001}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f17790485908286dd"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004040}, 0x44840) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) ioctl$auto_PPPIOCSMRRU(r2, 0x4004743b, &(0x7f0000000140)=0x2) r3 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000000040), 0x191000, 0x0) setsockopt$auto_SO_ATTACH_REUSEPORT_CBPF(r3, 0x7, 0x33, &(0x7f0000000080)='+v-)\x00', 0x3) 4.639568294s ago: executing program 2 (id=2265): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) set_mempolicy$auto(0x1, 0x0, 0x8) unshare$auto(0x40000080) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) semctl$auto_SEM_STAT_ANY(0x6, 0x5, 0x14, 0xfffffffffffffff9) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), r0) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010326bd7000fedbdf2501000000e41970005e47"], 0x14}, 0x1, 0x0, 0x0, 0x4005}, 0x28044004) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x10) read$auto(r0, 0x0, 0x9) 4.526996503s ago: executing program 0 (id=2266): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) set_mempolicy$auto(0x1, 0x0, 0x8) unshare$auto(0x40000080) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) semctl$auto_SEM_STAT_ANY(0x6, 0x5, 0x14, 0xfffffffffffffff9) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), r0) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010326bd7000fedbdf2501000000e41970005e47"], 0x14}, 0x1, 0x0, 0x0, 0x4005}, 0x28044004) sendmsg$auto_TIPC_NL_ADDR_LEGACY_GET(0xffffffffffffffff, 0x0, 0x100000c4) read$auto(r0, 0x0, 0x9) 4.081954117s ago: executing program 2 (id=2267): syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/projid_map\x00', 0x200, 0x0) mmap$auto(0x8004, 0xfffffffffffffff8, 0x7fffffff, 0x17, r0, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0xfffffffffffffffc, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8008000) socket(0xa, 0x801, 0x1) unshare$auto(0x40000080) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) write$auto(0xca, 0x0, 0x10) sendfile$auto(r1, r1, 0x0, 0x3) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000804}, 0x40000) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cpuacct.stat\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000380)=""/172, 0xac) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) 3.707985684s ago: executing program 1 (id=2268): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(r0, &(0x7f0000000040)=@phonet={0x23, 0x9, 0x5, 0xdc}, 0x4b7cbea) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0xe0742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x80000001, 0x580f, 0x112f4a03, 0x8000000008011, 0x3, 0x3) madvise$auto(0x0, 0x2003f0, 0x15) getresgid$auto(0x0, &(0x7f0000000a40)=0x2, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xe0002, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x40, 0x0) setsockopt$auto(r1, 0x1, 0x10, &(0x7f0000000280)='\x00\x15\x8d\xca`\xbcgY\xd2w\xf6\xaedN\x00\x00\x00\x00\x04\x00\x00\x00*\xaaL\'\xab>q\x9e\xdd`\x84_\r\xc2\x17\xb1\xaf\xd2\f\xfd[Iy\xbb*$\xec\xca\x8b\xde\xdcV@\x04+\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\xc3\xa2\x1a\xf1\xdf\x12\b?Q\xec*\b`\'\xfe\xcb\xe9\xc0\xf4\x119\xf6f\v\xf7\x13\xe6\xd8\xa2\xd3\xfd\xa7', 0xba) shmctl$auto_SHM_LOCK(0x1, 0xb, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x810}, 0x4000080) mmap$auto(0x0, 0x5, 0x4000000000df, 0x40eb1, 0x401, 0x9) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0xb4d3) write$auto(r0, 0x0, 0x7ff) write$auto(0x3, 0x0, 0xffd8) 3.681960932s ago: executing program 0 (id=2269): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth1_to_batadv/accept_ra_rt_info_min_plen\x00', 0x40100, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00W\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfded, 0x3) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000000)="42bf46", 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/hugepages-512kB/enabled\x00', 0x129302, 0x0) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7fff) init_module$auto(0x0, 0xfffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x8, 0x4, 0x1) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, 0x0) mlockall$auto(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x200000, 0x400008, 0xdf, 0x9b72, 0x2, 0xb57) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) shutdown$auto(0x200000003, 0x2) mremap$auto(0x4000, 0xfee0, 0x3fd3, 0x3, 0xfffff000) mmap$auto(0x200000000000000, 0xa, 0x8000000000000000, 0x55072a3e, 0x2, 0x44800000000000) mbind$auto(0x3, 0x100000004, 0x8, 0x0, 0x6, 0x2) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dri/renderD128\x00', 0x9ba4133ca0d05eca, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) 3.245506018s ago: executing program 3 (id=2270): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xec}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0xa, 0x0) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) fgetxattr$auto(r2, 0x0, 0x0, 0x7f) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) unshare$auto(0x40000080) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f00)={0x14, r4, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) r7 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0) r8 = openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/options/test_nop_accept\x00', 0x40000, 0x0) dup$auto(r8) ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r7, 0x40085507, &(0x7f0000000080)={0x1, 0x0, 0x9}) r9 = semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r5, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000fc0)={0x33c, r6, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x324, 0x1, 0x0, 0x1, [@nested={0x31f, 0x2f, 0x0, 0x1, [@typed={0x7d, 0x122, 0x0, 0x0, @binary="3ee6e53c4c07ea5d20478f32b73dab93bda17a38691d14cc7389d7c01028c43754a4fb5f8a12d6b77f0cde3683abeb97f5bc35d14655c93dec83474ae0e23bc53f9ad75829e2b91ff11ac72fef15a647d6cccb3152fc263d3ebc8588a7c6dfef87cbec3a9363e1a83299887f7475c25579dcaa6f4489de4978"}, @generic="2bcdd2591f4997f881", @nested={0x4, 0xf7}, @generic="2bb6aff7fd45", @nested={0x288, 0x126, 0x0, 0x1, [@typed={0x8, 0x123, 0x0, 0x0, @pid=r9}, @nested={0x96, 0x13, 0x0, 0x1, [@typed={0x8, 0x33, 0x0, 0x0, @ipv4=@multicast1}, @nested={0x4, 0x35}, @typed={0x8, 0x96, 0x0, 0x0, @fd=r5}, @nested={0x4, 0xe6}, @typed={0x8, 0x20, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @nested={0x4, 0xc}, @generic="0f9d32d5079945ea8a0cbbfc8e5b5525d7e700d590fa4fb163be94295eb78970aa03c852df55ae144d3878d262da8fe7b20303dd048578017a985e4b453fd5238d53f95e41baf72169f537cb8afadd1818d300546a8674b85db33b6cb8e32f0d1a914f4b19ae0331beba", @nested={0x4, 0x2e}]}, @generic="34ffd86410324c53d21c1e5e71647d80bcc4a7d8049c8b174ab4269dcbd30585966befea69c7694d5c07d4029f4ede2ad39ce9cbb64e4f5fc72c5be01b4bf8c64da0bc6ff9f6f22b2cd76c796348536cef4e98d87d9d79b8bf4c56fa711ed70705bfe691e6b5e21c6962732f", @typed={0xc, 0x7b, 0x0, 0x0, @u64=0x800}, @typed={0x8, 0xdf, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x2e}}, @nested={0x149, 0x8e, 0x0, 0x1, [@nested={0x4, 0x147}, @nested={0x4, 0x28}, @generic="bd6fb101464d18c26d462f7cc40384c8faefc4c11fd20df3bdecba20b6e0f9dff72c2e1c07912a62bdb2fc5add76ba15b437119b304ea69c543fba932fdaa8fd33929d2101975ad38b510edf06007ca7", @typed={0x8, 0x25, 0x0, 0x0, @fd=r5}, @typed={0x4, 0x50}, @generic="f87b9416806f64201a21270c0a3ff7b336f58a7b0b9018d9560bfbec945affd5dac9331511c6a463d7751882550b5a973531d670d3b1fabd9be47f231020225ee5c38bbc151f79175b29ad35f552640060228b90ef7e72a5eb3b7cfe4e604e302772050613d65a1983c85d091fbfd199cd7ac46da186efa6a0664282478ee3a362fc98609d7df18cfd5580a36e94eaaff631d7edc5e37b304de9cc2fa44fa1e7c01884a61f368712fb1ccebda65ea228e863f2ce24305412cee7907118a7134d26f019072232c5778fa5ae86c2ffefe2d0fa0cc82a3e32a2fbdd8841b26f3a0f2c"]}, @typed={0xc, 0xec, 0x0, 0x0, @u64}, @nested={0x9, 0x56, 0x0, 0x1, [@generic="382fc93a8d"]}]}]}]}]}, 0x33c}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex_waitv$auto(&(0x7f0000000000)={0xb, 0x1c380, 0x82}, 0x1, 0x0, 0x0, 0x623d) 2.854692433s ago: executing program 2 (id=2271): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto_proc_single_file_operations_base(0xffffffffffffffff, &(0x7f00000000c0)=""/41, 0x11) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) memfd_create$auto(0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) setitimer$auto(0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0001, 0x15) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0xfffffdef) 2.380560582s ago: executing program 0 (id=2272): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0xf, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xc1, 0x0) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x200008000) bpf$auto(0x5, 0x0, 0x201) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/usb/usbmon/21u\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x0, 0x9) read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) fchmodat$auto(0xffffffffffffffff, 0x0, 0x3) r1 = bpf$auto(0x0, 0x0, 0x6f3) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(0x5, 0x104000000000010e, 0x2, 0x0, 0x16) poll$auto(&(0x7f0000000280)={r1, 0xa, 0xe3f}, 0x3, 0x4) 2.041983934s ago: executing program 3 (id=2273): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/i915/parameters/mitigations\x00', 0x4c0000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) write$auto(0x800000000000c8, 0x0, 0x1a) mmap$auto(0x0, 0x9, 0x40, 0x32d4, 0x10000, 0xffffffffffffffff) mmap$auto(0x6, 0x2000c, 0x4000000000df, 0x98, r0, 0x8000) unshare$auto(0x40000080) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r2 = fcntl$auto(r1, 0x400, 0x1) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRESHEX=r3, @ANYRES16=r3, @ANYBLOB="010026bd7000fbdbdf250b0000000c00058008000100", @ANYRES32=0x0, @ANYBLOB="acfccd712239858af11cdb876e152e1dd119397609d7080a999e4f0469ef20358d12aeac7acf4b4a47ffc254b8a027c71acce0e11fe8c4db3626fa7c57dd708183b658fd39bf187b1f06ae77d4421b7244d4511cb8fac9a198b72376ffe406796cdc13ef18e896f549aebb3108c9971a6a29bea43b552474d6e8ecb9d370c770"], 0x20}}, 0x2000c880) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) ppoll$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)={0x9}, 0x8) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs\x00\x00', 0x200, 0x0) ioctl$auto(0x3, 0x89e0, 0x38) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9) fchown$auto(0xffffffffffffffff, 0xe5a, 0x5) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x0, 0x0) 1.992819514s ago: executing program 1 (id=2274): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) set_mempolicy$auto(0x1, 0x0, 0x8) unshare$auto(0x40000080) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), r0) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010326bd7000fedbdf2501000000e41970005e47"], 0x14}, 0x1, 0x0, 0x0, 0x4005}, 0x28044004) 1.376667833s ago: executing program 1 (id=2275): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/zoneinfo\x00', 0x10b402, 0x0) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0x1a3540, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) 1.241310123s ago: executing program 0 (id=2276): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netfilter/nf_log\x00', 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) unshare$auto(0x40000080) syz_clone3(0x0, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000040), 0x8300, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x5607, 0x7) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) close_range$auto(0x2, 0x8, 0x0) getsockopt$auto(r0, 0x0, 0x81, 0x0, &(0x7f00000000c0)=0x1c) 1.237485476s ago: executing program 1 (id=2277): openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto_proc_single_file_operations_base(0xffffffffffffffff, &(0x7f00000000c0)=""/41, 0x11) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) memfd_create$auto(0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8000003, 0x7) setitimer$auto(0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0001, 0x15) newfstatat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) write$auto(0x3, 0x0, 0xfffffdef) 1.049810675s ago: executing program 3 (id=2278): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) capget$auto(&(0x7f0000000000)={0x19980330}, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r2, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0xfffffff0, 0x20040011}, 0x20000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000500)={'gretap0\x00'}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x807, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xffffffffffffffff, 0x2, 0x0, 0x402000, 0x0, 0xe, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0x8, 0x20000, 0x8, 0x10000000000, 0xfbffffffffffffff, 0x400000000004, 0x2f, 0x0, 0x0, 0x1006, 0x400000000005b5, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x4, 0x4000003, 0xfffffffffffffffc, 0x2, 0x8, 0x10000000007, 0xc567]}, 0x1fa, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) sendmsg$auto_OVS_DP_CMD_GET(r0, 0x0, 0x4000024) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0x100082) 959.758839ms ago: executing program 2 (id=2279): socket(0x2, 0x3, 0x100) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, r0, 0x4000000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(0x3, 0xc048aec8, r0) mlockall$auto(0x7) r2 = socket(0x2, 0x2, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x4f1, 0x1) fanotify_mark$auto(0x0, 0x80, 0x4, 0x3, 0x0) r3 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1b, r2, 0x10000}, 0x10) mmap$auto(0x80000000000, 0x9, 0xe997, 0x8000000008011, r3, 0x8000) ioctl$auto_KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) setregid$auto(0x0, 0x3) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) wait4$auto(0x0, 0xfffffffffffffffc, 0x60000002, 0x0) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), r4) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x20, r5, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_NLA_EID_TABLE_ENTRY={0xc, 0x1, 'nl80211\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r6 = socket(0x2, 0x1, 0x84) socketpair$auto(0x7, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) setsockopt$auto(r6, 0x84, 0x15, 0x0, 0x1) 572.061521ms ago: executing program 0 (id=2280): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) capget$auto(&(0x7f0000000000)={0x19980330}, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r2, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0xfffffffc, 0x20040011}, 0x20000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000500)={'gretap0\x00'}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x807, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x7, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xffffffffffffffff, 0x2, 0x0, 0x402000, 0x0, 0xe, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0x8, 0x20000, 0x8, 0x10000000000, 0xfbffffffffffffff, 0x400000000004, 0x2f, 0x0, 0x0, 0x1006, 0x400000000005b5, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x4, 0x4000003, 0xfffffffffffffffc, 0x2, 0x8, 0x10000000007, 0xc567]}, 0x1fa, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x2802, 0x0) sendmsg$auto_OVS_DP_CMD_GET(r0, 0x0, 0x4000024) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0x100082) 501.961346ms ago: executing program 3 (id=2281): setsockopt$auto(0xffffffffffffffff, 0x6, 0x19, 0x0, 0x56b) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) syz_clone(0x80000000, &(0x7f0000000000)="085a1056b6aa2f10d8ddee0633aea682a5ff", 0x12, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x2, 0xa) setsockopt$auto(r0, 0x104000000000010e, 0x1, 0x0, 0x16) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) prctl$auto_PR_SCHED_CORE_GET(0x40, 0x0, 0xffffffffffffffff, 0x3f2, 0x8) r3 = prctl$auto_PR_SVE_GET_VL(0x33, 0x8, 0xffffffffffffffff, 0x1, 0x3ff) r4 = socket(0x2, 0x3, 0xa) getsockopt$auto(r4, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) close_range$auto(r3, r4, 0x3) io_uring_setup$auto(0x3ff, 0x0) mmap$auto(0x0, 0x8, 0x329, 0x10011, 0x2, 0x8000) mprotect$auto(0x0, 0x5, 0x8) 212.868415ms ago: executing program 2 (id=2282): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xec}, 0x1, 0x0, 0x0, 0x4001}, 0x20000000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0xa, 0x0) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) fgetxattr$auto(r2, 0x0, 0x0, 0x7f) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) unshare$auto(0x40000080) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f00)={0x14, r4, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) r7 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0) r8 = openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/options/test_nop_accept\x00', 0x40000, 0x0) dup$auto(r8) ioctl$auto_USB_RAW_IOCTL_EP_WRITE(r7, 0x40085507, &(0x7f0000000080)={0x1, 0x0, 0x9}) r9 = semctl$auto_GETVAL(0x0, 0x1, 0xc, 0x10000) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r5, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000fc0)={0x33c, r6, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x324, 0x1, 0x0, 0x1, [@nested={0x31f, 0x2f, 0x0, 0x1, [@typed={0x7d, 0x122, 0x0, 0x0, @binary="3ee6e53c4c07ea5d20478f32b73dab93bda17a38691d14cc7389d7c01028c43754a4fb5f8a12d6b77f0cde3683abeb97f5bc35d14655c93dec83474ae0e23bc53f9ad75829e2b91ff11ac72fef15a647d6cccb3152fc263d3ebc8588a7c6dfef87cbec3a9363e1a83299887f7475c25579dcaa6f4489de4978"}, @generic="2bcdd2591f4997f881", @nested={0x4, 0xf7}, @generic="2bb6aff7fd45", @nested={0x288, 0x126, 0x0, 0x1, [@typed={0x8, 0x123, 0x0, 0x0, @pid=r9}, @nested={0x96, 0x13, 0x0, 0x1, [@typed={0x8, 0x33, 0x0, 0x0, @ipv4=@multicast1}, @nested={0x4, 0x35}, @typed={0x8, 0x96, 0x0, 0x0, @fd=r5}, @nested={0x4, 0xe6}, @typed={0x8, 0x20, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @nested={0x4, 0xc}, @generic="0f9d32d5079945ea8a0cbbfc8e5b5525d7e700d590fa4fb163be94295eb78970aa03c852df55ae144d3878d262da8fe7b20303dd048578017a985e4b453fd5238d53f95e41baf72169f537cb8afadd1818d300546a8674b85db33b6cb8e32f0d1a914f4b19ae0331beba", @nested={0x4, 0x2e}]}, @generic="34ffd86410324c53d21c1e5e71647d80bcc4a7d8049c8b174ab4269dcbd30585966befea69c7694d5c07d4029f4ede2ad39ce9cbb64e4f5fc72c5be01b4bf8c64da0bc6ff9f6f22b2cd76c796348536cef4e98d87d9d79b8bf4c56fa711ed70705bfe691e6b5e21c6962732f", @typed={0xc, 0x7b, 0x0, 0x0, @u64=0x800}, @typed={0x8, 0xdf, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x2e}}, @nested={0x149, 0x8e, 0x0, 0x1, [@nested={0x4, 0x147}, @nested={0x4, 0x28}, @generic="bd6fb101464d18c26d462f7cc40384c8faefc4c11fd20df3bdecba20b6e0f9dff72c2e1c07912a62bdb2fc5add76ba15b437119b304ea69c543fba932fdaa8fd33929d2101975ad38b510edf06007ca7", @typed={0x8, 0x25, 0x0, 0x0, @fd=r5}, @typed={0x4, 0x50}, @generic="f87b9416806f64201a21270c0a3ff7b336f58a7b0b9018d9560bfbec945affd5dac9331511c6a463d7751882550b5a973531d670d3b1fabd9be47f231020225ee5c38bbc151f79175b29ad35f552640060228b90ef7e72a5eb3b7cfe4e604e302772050613d65a1983c85d091fbfd199cd7ac46da186efa6a0664282478ee3a362fc98609d7df18cfd5580a36e94eaaff631d7edc5e37b304de9cc2fa44fa1e7c01884a61f368712fb1ccebda65ea228e863f2ce24305412cee7907118a7134d26f019072232c5778fa5ae86c2ffefe2d0fa0cc82a3e32a2fbdd8841b26f3a0f2c"]}, @typed={0xc, 0xec, 0x0, 0x0, @u64}, @nested={0x9, 0x56, 0x0, 0x1, [@generic="382fc93a8d"]}]}]}]}]}, 0x33c}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex_waitv$auto(&(0x7f0000000000)={0xb, 0x1c380, 0x82}, 0x1, 0x0, 0x0, 0x623d) 0s ago: executing program 0 (id=2283): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netfilter/nf_log\x00', 0x101000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/sg/version\x00', 0x8080, 0x0) unshare$auto(0x40000080) syz_clone3(0x0, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000040), 0x8300, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x5607, 0x7) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) close_range$auto(0x2, 0x8, 0x0) getsockopt$auto(r0, 0x0, 0x81, 0x0, &(0x7f00000000c0)=0x1c) kernel console output (not intermixed with test programs): #0 PREEMPT(full) [ 235.270925][ T8335] Tainted: [U]=USER [ 235.270935][ T8335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 235.270954][ T8335] Call Trace: [ 235.270964][ T8335] [ 235.270976][ T8335] dump_stack_lvl+0x16c/0x1f0 [ 235.271029][ T8335] should_fail_ex+0x512/0x640 [ 235.271077][ T8335] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 235.271126][ T8335] ? __pfx_vcpu_stat_get+0x10/0x10 [ 235.271165][ T8335] should_failslab+0xc2/0x120 [ 235.271196][ T8335] __kmalloc_cache_noprof+0x6a/0x3e0 [ 235.271239][ T8335] ? __debugfs_file_get+0x1fe/0x840 [ 235.271271][ T8335] ? simple_attr_open+0x57/0x1c0 [ 235.271319][ T8335] ? __pfx_vcpu_stat_get+0x10/0x10 [ 235.271358][ T8335] simple_attr_open+0x57/0x1c0 [ 235.271405][ T8335] ? __pfx_vcpu_stat_readonly_fops_open+0x10/0x10 [ 235.271447][ T8335] full_proxy_open_regular+0x1b6/0x360 [ 235.271488][ T8335] do_dentry_open+0x741/0x1c10 [ 235.271533][ T8335] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 235.271577][ T8335] vfs_open+0x82/0x3f0 [ 235.271615][ T8335] path_openat+0x1e5e/0x2d40 [ 235.271676][ T8335] ? __pfx_path_openat+0x10/0x10 [ 235.271734][ T8335] do_filp_open+0x20b/0x470 [ 235.271781][ T8335] ? __pfx_do_filp_open+0x10/0x10 [ 235.271858][ T8335] ? alloc_fd+0x471/0x7d0 [ 235.271915][ T8335] do_sys_openat2+0x11b/0x1d0 [ 235.271949][ T8335] ? __pfx_do_sys_openat2+0x10/0x10 [ 235.271999][ T8335] __x64_sys_openat+0x174/0x210 [ 235.272034][ T8335] ? __pfx___x64_sys_openat+0x10/0x10 [ 235.272076][ T8335] ? rcu_is_watching+0x12/0xc0 [ 235.272130][ T8335] do_syscall_64+0xcd/0x260 [ 235.272180][ T8335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.272213][ T8335] RIP: 0033:0x7fc72778d169 [ 235.272238][ T8335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.272268][ T8335] RSP: 002b:00007fc7286a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 235.272297][ T8335] RAX: ffffffffffffffda RBX: 00007fc7279a5fa0 RCX: 00007fc72778d169 [ 235.272317][ T8335] RDX: 0000000000000100 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 235.272338][ T8335] RBP: 00007fc72780e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 235.272357][ T8335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 235.272375][ T8335] R13: 0000000000000000 R14: 00007fc7279a5fa0 R15: 00007ffd445b2558 [ 235.272414][ T8335] [ 235.990291][ T8342] sctp: [Deprecated]: syz.2.585 (pid 8342) Use of struct sctp_assoc_value in delayed_ack socket option. [ 235.990291][ T8342] Use struct sctp_sack_info instead [ 237.649733][ T8378] FAULT_INJECTION: forcing a failure. [ 237.649733][ T8378] name fail_futex, interval 1, probability 0, space 0, times 0 [ 237.693297][ T8378] CPU: 0 UID: 0 PID: 8378 Comm: syz.3.598 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 237.693353][ T8378] Tainted: [U]=USER [ 237.693364][ T8378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 237.693383][ T8378] Call Trace: [ 237.693394][ T8378] [ 237.693406][ T8378] dump_stack_lvl+0x16c/0x1f0 [ 237.693459][ T8378] should_fail_ex+0x512/0x640 [ 237.693504][ T8378] get_futex_key+0x49e/0x1000 [ 237.693554][ T8378] ? __pfx_get_futex_key+0x10/0x10 [ 237.693618][ T8378] futex_wake+0xe7/0x4e0 [ 237.693652][ T8378] ? __pfx_futex_wake+0x10/0x10 [ 237.693686][ T8378] ? kmem_cache_free+0x2d4/0x4d0 [ 237.693733][ T8378] ? fd_install+0x225/0x750 [ 237.693777][ T8378] ? putname+0x154/0x1a0 [ 237.693815][ T8378] do_futex+0x1e3/0x350 [ 237.693860][ T8378] ? __pfx_do_futex+0x10/0x10 [ 237.693919][ T8378] __x64_sys_futex+0x1e0/0x4c0 [ 237.693969][ T8378] ? __x64_sys_openat+0x174/0x210 [ 237.694004][ T8378] ? __pfx___x64_sys_futex+0x10/0x10 [ 237.694053][ T8378] ? rcu_is_watching+0x12/0xc0 [ 237.694112][ T8378] do_syscall_64+0xcd/0x260 [ 237.694164][ T8378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.694197][ T8378] RIP: 0033:0x7f31f398d169 [ 237.694223][ T8378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.694254][ T8378] RSP: 002b:00007f31f47500e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 237.694284][ T8378] RAX: ffffffffffffffda RBX: 00007f31f3ba5fa8 RCX: 00007f31f398d169 [ 237.694305][ T8378] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f31f3ba5fac [ 237.694324][ T8378] RBP: 00007f31f3ba5fa0 R08: 00007f31f4751000 R09: 0000000000000000 [ 237.694343][ T8378] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f31f3ba5fac [ 237.694362][ T8378] R13: 0000000000000000 R14: 00007ffedff4b3b0 R15: 00007ffedff4b498 [ 237.694403][ T8378] [ 240.028729][ T8403] ======================================================= [ 240.028729][ T8403] WARNING: The mand mount option has been deprecated and [ 240.028729][ T8403] and is ignored by this kernel. Remove the mand [ 240.028729][ T8403] option from the mount to silence this warning. [ 240.028729][ T8403] ======================================================= [ 241.389010][ T8430] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 241.395213][ T8430] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 241.417891][ T8430] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 241.427324][ T8430] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 242.311851][ T8459] ubi0: attaching mtd0 [ 242.340293][ T8459] ubi0: scanning is finished [ 242.345168][ T8459] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 242.431152][ T8461] Invalid ELF header magic: != ELF [ 242.869478][ T8459] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 243.249483][ T8468] netlink: 28 bytes leftover after parsing attributes in process `syz.3.620'. [ 243.364771][ T8467] mmap: syz.3.620 (8467): VmData 37597184 exceed data ulimit 5. Update limits or use boot option ignore_rlimit_data. [ 243.427734][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout [ 243.433894][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout [ 243.434056][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 243.440349][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 243.614860][ T8480] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 244.472991][ T8494] HfR: entered promiscuous mode [ 245.028207][ T8500] sctp: [Deprecated]: syz.3.628 (pid 8500) Use of int in max_burst socket option deprecated. [ 245.028207][ T8500] Use struct sctp_assoc_value instead [ 245.678462][ T8520] FAULT_INJECTION: forcing a failure. [ 245.678462][ T8520] name failslab, interval 1, probability 0, space 0, times 0 [ 245.727862][ T8520] CPU: 1 UID: 0 PID: 8520 Comm: syz.2.632 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 245.727990][ T8520] Tainted: [U]=USER [ 245.728000][ T8520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 245.728043][ T8520] Call Trace: [ 245.728053][ T8520] [ 245.728072][ T8520] dump_stack_lvl+0x16c/0x1f0 [ 245.728171][ T8520] should_fail_ex+0x512/0x640 [ 245.728207][ T8520] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 245.728268][ T8520] ? __pfx_vcpu_stat_get+0x10/0x10 [ 245.728312][ T8520] should_failslab+0xc2/0x120 [ 245.728343][ T8520] __kmalloc_cache_noprof+0x6a/0x3e0 [ 245.728392][ T8520] ? __debugfs_file_get+0x1fe/0x840 [ 245.728436][ T8520] ? simple_attr_open+0x57/0x1c0 [ 245.728486][ T8520] ? __pfx_vcpu_stat_get+0x10/0x10 [ 245.728523][ T8520] simple_attr_open+0x57/0x1c0 [ 245.728571][ T8520] ? __pfx_vcpu_stat_readonly_fops_open+0x10/0x10 [ 245.728612][ T8520] full_proxy_open_regular+0x1b6/0x360 [ 245.728654][ T8520] do_dentry_open+0x741/0x1c10 [ 245.728702][ T8520] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 245.728761][ T8520] vfs_open+0x82/0x3f0 [ 245.728800][ T8520] path_openat+0x1e5e/0x2d40 [ 245.728863][ T8520] ? __pfx_path_openat+0x10/0x10 [ 245.728922][ T8520] do_filp_open+0x20b/0x470 [ 245.728971][ T8520] ? __pfx_do_filp_open+0x10/0x10 [ 245.729050][ T8520] ? alloc_fd+0x471/0x7d0 [ 245.729107][ T8520] do_sys_openat2+0x11b/0x1d0 [ 245.729141][ T8520] ? __pfx_do_sys_openat2+0x10/0x10 [ 245.729192][ T8520] __x64_sys_openat+0x174/0x210 [ 245.729229][ T8520] ? __pfx___x64_sys_openat+0x10/0x10 [ 245.729265][ T8520] ? rcu_is_watching+0x12/0xc0 [ 245.729317][ T8520] do_syscall_64+0xcd/0x260 [ 245.729367][ T8520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.729400][ T8520] RIP: 0033:0x7f60e938d169 [ 245.729434][ T8520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.729466][ T8520] RSP: 002b:00007f60ea1d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 245.729497][ T8520] RAX: ffffffffffffffda RBX: 00007f60e95a5fa0 RCX: 00007f60e938d169 [ 245.729519][ T8520] RDX: 0000000000000100 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 245.729540][ T8520] RBP: 00007f60e940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 245.729559][ T8520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 245.729577][ T8520] R13: 0000000000000000 R14: 00007f60e95a5fa0 R15: 00007ffda14e9878 [ 245.729617][ T8520] [ 246.285264][ T30] audit: type=1800 audit(6039032999.556:5): pid=8504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.629" name="SYSV0000000b" dev="tmpfs" ino=0 res=0 errno=0 [ 247.463497][ T8547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.637'. [ 247.860795][ T8549] ptrace attach of ""[8550] was attempted by "./syz-executor exec"[8549] [ 247.975599][ T8522] random: crng reseeded on system resumption [ 250.626112][ T8594] netlink: 12 bytes leftover after parsing attributes in process `syz.2.647'. [ 251.825534][ T5841] Bluetooth: hci1: Malformed LE Event: 0x1b [ 252.021133][ T8620] HSR: entered promiscuous mode [ 252.146345][ T8620] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 252.466748][ T5877] Process accounting resumed [ 252.534263][ T8626] vivid-003: ================= START STATUS ================= [ 252.577557][ T8626] vivid-003: Radio HW Seek Mode: Bounded [ 252.593447][ T8637] openvswitch: netlink: IP tunnel dst address not specified [ 252.615496][ T8626] vivid-003: Radio Programmable HW Seek: false [ 252.672724][ T8626] vivid-003: RDS Rx I/O Mode: Block I/O [ 252.697552][ T8626] vivid-003: Generate RBDS Instead of RDS: false [ 252.734019][ T8626] vivid-003: RDS Reception: true [ 252.771507][ T8626] vivid-003: RDS Program Type: 0 inactive [ 252.827904][ T8626] vivid-003: RDS PS Name: inactive [ 252.877244][ T8626] vivid-003: RDS Radio Text: inactive [ 252.895829][ T8626] vivid-003: RDS Traffic Announcement: false inactive [ 252.946450][ T8626] vivid-003: RDS Traffic Program: false inactive [ 252.968511][ T8626] vivid-003: RDS Music: false inactive [ 252.974288][ T8626] vivid-003: ================== END STATUS ================== [ 253.494350][ T8660] HfR: entered promiscuous mode [ 253.503593][ T8661] netlink: 28 bytes leftover after parsing attributes in process `syz.0.664'. [ 254.045528][ T8673] FAULT_INJECTION: forcing a failure. [ 254.045528][ T8673] name fail_futex, interval 1, probability 0, space 0, times 0 [ 254.089468][ T8673] CPU: 1 UID: 0 PID: 8673 Comm: syz.2.666 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 254.089525][ T8673] Tainted: [U]=USER [ 254.089536][ T8673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 254.089554][ T8673] Call Trace: [ 254.089563][ T8673] [ 254.089575][ T8673] dump_stack_lvl+0x16c/0x1f0 [ 254.089626][ T8673] should_fail_ex+0x512/0x640 [ 254.089669][ T8673] get_futex_key+0x49e/0x1000 [ 254.089720][ T8673] ? __pfx_get_futex_key+0x10/0x10 [ 254.089779][ T8673] futex_wake+0xe7/0x4e0 [ 254.089812][ T8673] ? __pfx_futex_wake+0x10/0x10 [ 254.089845][ T8673] ? kmem_cache_free+0x2d4/0x4d0 [ 254.089892][ T8673] ? fd_install+0x225/0x750 [ 254.089933][ T8673] ? putname+0x154/0x1a0 [ 254.089969][ T8673] do_futex+0x1e3/0x350 [ 254.090013][ T8673] ? __pfx_do_futex+0x10/0x10 [ 254.090070][ T8673] __x64_sys_futex+0x1e0/0x4c0 [ 254.090117][ T8673] ? __x64_sys_openat+0x174/0x210 [ 254.090152][ T8673] ? __pfx___x64_sys_futex+0x10/0x10 [ 254.090207][ T8673] ? rcu_is_watching+0x12/0xc0 [ 254.090259][ T8673] do_syscall_64+0xcd/0x260 [ 254.090308][ T8673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.090339][ T8673] RIP: 0033:0x7f60e938d169 [ 254.090365][ T8673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.090395][ T8673] RSP: 002b:00007f60ea1d30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 254.090425][ T8673] RAX: ffffffffffffffda RBX: 00007f60e95a5fa8 RCX: 00007f60e938d169 [ 254.090445][ T8673] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f60e95a5fac [ 254.090464][ T8673] RBP: 00007f60e95a5fa0 R08: 00007f60ea1d4000 R09: 0000000000000000 [ 254.090550][ T8673] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f60e95a5fac [ 254.090570][ T8673] R13: 0000000000000000 R14: 00007ffda14e9790 R15: 00007ffda14e9878 [ 254.090610][ T8673] [ 254.285972][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.342791][ T8678] FAULT_INJECTION: forcing a failure. [ 254.342791][ T8678] name fail_futex, interval 1, probability 0, space 0, times 0 [ 254.396028][ T8678] CPU: 0 UID: 0 PID: 8678 Comm: syz.1.669 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 254.396081][ T8678] Tainted: [U]=USER [ 254.396092][ T8678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 254.396111][ T8678] Call Trace: [ 254.396121][ T8678] [ 254.396134][ T8678] dump_stack_lvl+0x16c/0x1f0 [ 254.396185][ T8678] should_fail_ex+0x512/0x640 [ 254.396228][ T8678] get_futex_key+0x49e/0x1000 [ 254.396278][ T8678] ? __pfx_get_futex_key+0x10/0x10 [ 254.396336][ T8678] futex_wake+0xe7/0x4e0 [ 254.396371][ T8678] ? __pfx_futex_wake+0x10/0x10 [ 254.396405][ T8678] ? kmem_cache_free+0x2d4/0x4d0 [ 254.396452][ T8678] ? fd_install+0x225/0x750 [ 254.396495][ T8678] ? putname+0x154/0x1a0 [ 254.396533][ T8678] do_futex+0x1e3/0x350 [ 254.396579][ T8678] ? __pfx_do_futex+0x10/0x10 [ 254.396636][ T8678] __x64_sys_futex+0x1e0/0x4c0 [ 254.396696][ T8678] ? __x64_sys_openat+0x174/0x210 [ 254.396732][ T8678] ? __pfx___x64_sys_futex+0x10/0x10 [ 254.396780][ T8678] ? rcu_is_watching+0x12/0xc0 [ 254.396827][ T8678] do_syscall_64+0xcd/0x260 [ 254.396876][ T8678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.396908][ T8678] RIP: 0033:0x7fc72778d169 [ 254.396932][ T8678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.396963][ T8678] RSP: 002b:00007fc7286a50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 254.396994][ T8678] RAX: ffffffffffffffda RBX: 00007fc7279a5fa8 RCX: 00007fc72778d169 [ 254.397015][ T8678] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc7279a5fac [ 254.397035][ T8678] RBP: 00007fc7279a5fa0 R08: 00007fc7286a6000 R09: 0000000000000000 [ 254.397054][ T8678] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fc7279a5fac [ 254.397072][ T8678] R13: 0000000000000000 R14: 00007ffd445b2470 R15: 00007ffd445b2558 [ 254.397112][ T8678] [ 255.010607][ T8685] netlink: 330 bytes leftover after parsing attributes in process `syz.2.672'. [ 255.914564][ T8709] openvswitch: HfR: Dropping previously announced user features [ 256.149540][ T8719] FAULT_INJECTION: forcing a failure. [ 256.149540][ T8719] name fail_futex, interval 1, probability 0, space 0, times 0 [ 256.189267][ T8719] CPU: 1 UID: 0 PID: 8719 Comm: syz.0.680 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 256.189321][ T8719] Tainted: [U]=USER [ 256.189331][ T8719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 256.189349][ T8719] Call Trace: [ 256.189359][ T8719] [ 256.189379][ T8719] dump_stack_lvl+0x16c/0x1f0 [ 256.189430][ T8719] should_fail_ex+0x512/0x640 [ 256.189473][ T8719] get_futex_key+0x49e/0x1000 [ 256.189524][ T8719] ? __pfx_get_futex_key+0x10/0x10 [ 256.189580][ T8719] futex_wake+0xe7/0x4e0 [ 256.189615][ T8719] ? __pfx_futex_wake+0x10/0x10 [ 256.189651][ T8719] ? kmem_cache_free+0x2d4/0x4d0 [ 256.189697][ T8719] ? fd_install+0x225/0x750 [ 256.189740][ T8719] ? putname+0x154/0x1a0 [ 256.189778][ T8719] do_futex+0x1e3/0x350 [ 256.189824][ T8719] ? __pfx_do_futex+0x10/0x10 [ 256.189882][ T8719] __x64_sys_futex+0x1e0/0x4c0 [ 256.189930][ T8719] ? __x64_sys_openat+0x174/0x210 [ 256.189965][ T8719] ? __pfx___x64_sys_futex+0x10/0x10 [ 256.190013][ T8719] ? rcu_is_watching+0x12/0xc0 [ 256.190064][ T8719] do_syscall_64+0xcd/0x260 [ 256.190115][ T8719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.190147][ T8719] RIP: 0033:0x7ffb4238d169 [ 256.190172][ T8719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.190203][ T8719] RSP: 002b:00007ffb431fe0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 256.190233][ T8719] RAX: ffffffffffffffda RBX: 00007ffb425a5fa8 RCX: 00007ffb4238d169 [ 256.190254][ T8719] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffb425a5fac [ 256.190273][ T8719] RBP: 00007ffb425a5fa0 R08: 00007ffb431ff000 R09: 0000000000000000 [ 256.190292][ T8719] R10: 0000000000000004 R11: 0000000000000246 R12: 00007ffb425a5fac [ 256.190310][ T8719] R13: 0000000000000000 R14: 00007ffe05d7dc20 R15: 00007ffe05d7dd08 [ 256.190350][ T8719] [ 257.156111][ T8754] netlink: 'syz.3.689': attribute type 1 has an invalid length. [ 257.354040][ T8751] sp0: Synchronizing with TNC [ 257.629147][ T8762] Invalid ELF header magic: != ELF [ 257.675824][ T8766] HfR: entered promiscuous mode [ 258.298295][ T8775] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 258.303870][ T8777] nfs: Unknown parameter 'w`_I+; HY Lu>>uh*C<+ ' [ 258.370581][ T8764] netlink: 28 bytes leftover after parsing attributes in process `syz.0.691'. [ 258.463510][ T8764] geneve1: entered allmulticast mode [ 258.526643][ T8784] input: f as /devices/virtual/input/input42 [ 259.924499][ T8809] openvswitch: HfR: Dropping previously announced user features [ 259.937994][ T8812] zero sized request [ 260.773761][ T8823] netlink: 28 bytes leftover after parsing attributes in process `syz.1.707'. [ 260.959116][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.965675][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.262219][ T8861] syz.3.716 uses obsolete (PF_INET,SOCK_PACKET) [ 262.786267][ T8868] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 262.806755][ T8868] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 262.816165][ T8868] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 262.824668][ T8868] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 263.077021][ T8880] netlink: 342 bytes leftover after parsing attributes in process `syz.1.721'. [ 263.097326][ T8883] netlink: 342 bytes leftover after parsing attributes in process `syz.1.721'. [ 264.797600][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout [ 264.878211][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout [ 264.884319][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout [ 264.893178][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 265.502514][ T8935] HfR: entered promiscuous mode [ 267.535280][ T8985] openvswitch: HfR: Dropping previously announced user features [ 267.749394][ T8995] netlink: 'syz.0.749': attribute type 1 has an invalid length. [ 269.122088][ T9023] ovs9: entered promiscuous mode [ 269.684493][ T9033] Invalid ELF header magic: != ELF [ 270.795159][ T9061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.762'. [ 271.028510][ T9033] netlink: 28 bytes leftover after parsing attributes in process `syz.2.758'. [ 271.281229][ T9033] geneve1: entered allmulticast mode [ 272.327412][ T9088] openvswitch: HfR: Dropping previously announced user features [ 272.752572][ T9103] netlink: set zone limit has 8 unknown bytes [ 273.394378][ T9123] overlayfs: "check_copy_up" module option is obsolete [ 274.331278][ T9133] openvswitch: HfR: Dropping previously announced user features [ 278.681667][ T9225] input: f as /devices/virtual/input/input45 [ 279.861364][ T5846] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 279.861691][ T5846] Bluetooth: hci1: connection err: -111 [ 280.504425][ T9256] svc: failed to register nfsdv3 RPC service (errno 111). [ 280.532515][ T9256] svc: failed to register nfsaclv3 RPC service (errno 111). [ 280.711430][ T9261] FAULT_INJECTION: forcing a failure. [ 280.711430][ T9261] name fail_futex, interval 1, probability 0, space 0, times 0 [ 280.745858][ T9261] CPU: 0 UID: 0 PID: 9261 Comm: syz.0.814 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 280.745913][ T9261] Tainted: [U]=USER [ 280.745924][ T9261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 280.745943][ T9261] Call Trace: [ 280.745953][ T9261] [ 280.745966][ T9261] dump_stack_lvl+0x16c/0x1f0 [ 280.746020][ T9261] should_fail_ex+0x512/0x640 [ 280.746064][ T9261] get_futex_key+0x49e/0x1000 [ 280.746114][ T9261] ? __pfx_get_futex_key+0x10/0x10 [ 280.746156][ T9261] ? stack_trace_save+0x8e/0xc0 [ 280.746199][ T9261] ? __pfx_stack_trace_save+0x10/0x10 [ 280.746242][ T9261] ? stack_depot_save_flags+0x28/0xa50 [ 280.746281][ T9261] ? __lock_acquire+0xaa4/0x1ba0 [ 280.746317][ T9261] futex_wait_setup+0x78/0x290 [ 280.746347][ T9261] ? kasan_save_free_info+0x3b/0x60 [ 280.746388][ T9261] ? __x64_sys_openat+0x174/0x210 [ 280.746429][ T9261] __futex_wait+0x266/0x3c0 [ 280.746463][ T9261] ? __pfx___futex_wait+0x10/0x10 [ 280.746504][ T9261] ? __pfx_futex_wake_mark+0x10/0x10 [ 280.746562][ T9261] futex_wait+0xe8/0x380 [ 280.746594][ T9261] ? __pfx_futex_wait+0x10/0x10 [ 280.746632][ T9261] ? kmem_cache_free+0x2d4/0x4d0 [ 280.746678][ T9261] ? find_held_lock+0x2b/0x80 [ 280.746718][ T9261] ? putname+0x154/0x1a0 [ 280.746748][ T9261] ? do_sys_openat2+0x1b0/0x1d0 [ 280.746787][ T9261] do_futex+0x229/0x350 [ 280.746833][ T9261] ? __pfx_do_futex+0x10/0x10 [ 280.746890][ T9261] __x64_sys_futex+0x1e0/0x4c0 [ 280.746938][ T9261] ? __x64_sys_openat+0x174/0x210 [ 280.746972][ T9261] ? __pfx___x64_sys_futex+0x10/0x10 [ 280.747021][ T9261] ? rcu_is_watching+0x12/0xc0 [ 280.747072][ T9261] do_syscall_64+0xcd/0x260 [ 280.747123][ T9261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.747156][ T9261] RIP: 0033:0x7ffb4238d169 [ 280.747182][ T9261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.747214][ T9261] RSP: 002b:00007ffb431fe0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 280.747244][ T9261] RAX: ffffffffffffffda RBX: 00007ffb425a5fa8 RCX: 00007ffb4238d169 [ 280.747265][ T9261] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ffb425a5fa8 [ 280.747285][ T9261] RBP: 00007ffb425a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 280.747304][ T9261] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb425a5fac [ 280.747324][ T9261] R13: 0000000000000000 R14: 00007ffe05d7dc20 R15: 00007ffe05d7dd08 [ 280.747364][ T9261] [ 281.402479][ T9268] FAULT_INJECTION: forcing a failure. [ 281.402479][ T9268] name failslab, interval 1, probability 0, space 0, times 0 [ 281.418693][ T9268] CPU: 0 UID: 0 PID: 9268 Comm: syz.2.816 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 281.418746][ T9268] Tainted: [U]=USER [ 281.418757][ T9268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 281.418777][ T9268] Call Trace: [ 281.418788][ T9268] [ 281.418801][ T9268] dump_stack_lvl+0x16c/0x1f0 [ 281.418856][ T9268] should_fail_ex+0x512/0x640 [ 281.418893][ T9268] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 281.418952][ T9268] should_failslab+0xc2/0x120 [ 281.418985][ T9268] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 281.419037][ T9268] ? shmem_alloc_inode+0x25/0x50 [ 281.419080][ T9268] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 281.419115][ T9268] shmem_alloc_inode+0x25/0x50 [ 281.419151][ T9268] alloc_inode+0x61/0x240 [ 281.419190][ T9268] new_inode+0x22/0x1c0 [ 281.419223][ T9268] ? trace_cap_capable+0x18d/0x200 [ 281.419259][ T9268] shmem_get_inode+0x19a/0xfb0 [ 281.419302][ T9268] ? __vm_enough_memory+0x184/0x3f0 [ 281.419342][ T9268] __shmem_file_setup+0x16f/0x300 [ 281.419395][ T9268] shmem_zero_setup+0x93/0x1a0 [ 281.419429][ T9268] __mmap_region+0x2036/0x27c0 [ 281.419485][ T9268] ? __pfx___mmap_region+0x10/0x10 [ 281.419535][ T9268] ? finish_task_switch.isra.0+0x221/0xc10 [ 281.419596][ T9268] ? __schedule+0x1186/0x5de0 [ 281.419636][ T9268] ? kvm_sched_clock_read+0x11/0x20 [ 281.419679][ T9268] ? sched_clock+0x38/0x60 [ 281.419776][ T9268] ? trace_cap_capable+0x18d/0x200 [ 281.419812][ T9268] ? cap_capable+0xb3/0x250 [ 281.419851][ T9268] mmap_region+0x1ab/0x3f0 [ 281.419911][ T9268] do_mmap+0xd8e/0x11b0 [ 281.419959][ T9268] ? __pfx_do_mmap+0x10/0x10 [ 281.420000][ T9268] ? __pfx_down_write_killable+0x10/0x10 [ 281.420052][ T9268] ? kmem_cache_free+0x2d4/0x4d0 [ 281.420107][ T9268] vm_mmap_pgoff+0x281/0x450 [ 281.420153][ T9268] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 281.420203][ T9268] ? __x64_sys_futex+0x1e0/0x4c0 [ 281.420247][ T9268] ? __x64_sys_futex+0x1e9/0x4c0 [ 281.420300][ T9268] ksys_mmap_pgoff+0x7d/0x5c0 [ 281.420339][ T9268] ? rcu_is_watching+0x12/0xc0 [ 281.420383][ T9268] __x64_sys_mmap+0x125/0x190 [ 281.420426][ T9268] do_syscall_64+0xcd/0x260 [ 281.420476][ T9268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.420509][ T9268] RIP: 0033:0x7f60e938d169 [ 281.420535][ T9268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.420581][ T9268] RSP: 002b:00007f60ea1d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 281.420614][ T9268] RAX: ffffffffffffffda RBX: 00007f60e95a5fa0 RCX: 00007f60e938d169 [ 281.420636][ T9268] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 281.420655][ T9268] RBP: 00007f60e940e2a0 R08: 0000000000000401 R09: 0000000000008000 [ 281.420674][ T9268] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 281.420694][ T9268] R13: 0000000000000000 R14: 00007f60e95a5fa0 R15: 00007ffda14e9878 [ 281.420736][ T9268] [ 282.401219][ T9284] Invalid ELF header magic: != ELF [ 282.438799][ T9288] FAULT_INJECTION: forcing a failure. [ 282.438799][ T9288] name fail_futex, interval 1, probability 0, space 0, times 0 [ 282.452980][ T9288] CPU: 0 UID: 0 PID: 9288 Comm: syz.3.824 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 282.453033][ T9288] Tainted: [U]=USER [ 282.453044][ T9288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 282.453063][ T9288] Call Trace: [ 282.453074][ T9288] [ 282.453086][ T9288] dump_stack_lvl+0x16c/0x1f0 [ 282.453155][ T9288] should_fail_ex+0x512/0x640 [ 282.453199][ T9288] get_futex_key+0x49e/0x1000 [ 282.453247][ T9288] ? __pfx_get_futex_key+0x10/0x10 [ 282.453288][ T9288] ? stack_trace_save+0x8e/0xc0 [ 282.453332][ T9288] ? __pfx_stack_trace_save+0x10/0x10 [ 282.453374][ T9288] ? stack_depot_save_flags+0x28/0xa50 [ 282.453413][ T9288] ? __lock_acquire+0xaa4/0x1ba0 [ 282.453449][ T9288] futex_wait_setup+0x78/0x290 [ 282.453480][ T9288] ? kasan_save_free_info+0x3b/0x60 [ 282.453522][ T9288] ? __x64_sys_openat+0x174/0x210 [ 282.453561][ T9288] __futex_wait+0x266/0x3c0 [ 282.453595][ T9288] ? __pfx___futex_wait+0x10/0x10 [ 282.453634][ T9288] ? __pfx_futex_wake_mark+0x10/0x10 [ 282.453683][ T9288] futex_wait+0xe8/0x380 [ 282.453714][ T9288] ? __pfx_futex_wait+0x10/0x10 [ 282.453754][ T9288] ? kmem_cache_free+0x2d4/0x4d0 [ 282.453800][ T9288] ? find_held_lock+0x2b/0x80 [ 282.453837][ T9288] ? putname+0x154/0x1a0 [ 282.453866][ T9288] ? do_sys_openat2+0x1b0/0x1d0 [ 282.453903][ T9288] do_futex+0x229/0x350 [ 282.453948][ T9288] ? __pfx_do_futex+0x10/0x10 [ 282.454004][ T9288] __x64_sys_futex+0x1e0/0x4c0 [ 282.454053][ T9288] ? __x64_sys_openat+0x174/0x210 [ 282.454088][ T9288] ? __pfx___x64_sys_futex+0x10/0x10 [ 282.454147][ T9288] ? rcu_is_watching+0x12/0xc0 [ 282.454200][ T9288] do_syscall_64+0xcd/0x260 [ 282.454251][ T9288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.454284][ T9288] RIP: 0033:0x7f31f398d169 [ 282.454310][ T9288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.454339][ T9288] RSP: 002b:00007f31f47500e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 282.454370][ T9288] RAX: ffffffffffffffda RBX: 00007f31f3ba5fa8 RCX: 00007f31f398d169 [ 282.454391][ T9288] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f31f3ba5fa8 [ 282.454410][ T9288] RBP: 00007f31f3ba5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 282.454429][ T9288] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f31f3ba5fac [ 282.454448][ T9288] R13: 0000000000000000 R14: 00007ffedff4b3b0 R15: 00007ffedff4b498 [ 282.454488][ T9288] [ 283.930116][ T9311] mkiss: ax0: crc mode is auto. [ 283.979779][ T5877] smpboot: CPU 1 is now offline [ 285.074491][ T9322] netlink: 20 bytes leftover after parsing attributes in process `syz.3.832'. [ 286.141381][ T9337] openvswitch: HfR: Dropping previously announced user features [ 286.304803][ T9340] FAULT_INJECTION: forcing a failure. [ 286.304803][ T9340] name fail_futex, interval 1, probability 0, space 0, times 0 [ 286.401167][ T9340] CPU: 0 UID: 0 PID: 9340 Comm: syz.0.835 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 286.401206][ T9340] Tainted: [U]=USER [ 286.401214][ T9340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 286.401229][ T9340] Call Trace: [ 286.401236][ T9340] [ 286.401245][ T9340] dump_stack_lvl+0x16c/0x1f0 [ 286.401284][ T9340] should_fail_ex+0x512/0x640 [ 286.401316][ T9340] get_futex_key+0x49e/0x1000 [ 286.401352][ T9340] ? __pfx_get_futex_key+0x10/0x10 [ 286.401382][ T9340] ? stack_trace_save+0x8e/0xc0 [ 286.401414][ T9340] ? __pfx_stack_trace_save+0x10/0x10 [ 286.401446][ T9340] ? stack_depot_save_flags+0x28/0xa50 [ 286.401475][ T9340] ? __lock_acquire+0xaa4/0x1ba0 [ 286.401501][ T9340] futex_wait_setup+0x78/0x290 [ 286.401523][ T9340] ? kasan_save_free_info+0x3b/0x60 [ 286.401554][ T9340] ? __x64_sys_openat+0x174/0x210 [ 286.401582][ T9340] __futex_wait+0x266/0x3c0 [ 286.401607][ T9340] ? __pfx___futex_wait+0x10/0x10 [ 286.401636][ T9340] ? __pfx_futex_wake_mark+0x10/0x10 [ 286.401671][ T9340] futex_wait+0xe8/0x380 [ 286.401693][ T9340] ? __pfx_futex_wait+0x10/0x10 [ 286.401722][ T9340] ? kmem_cache_free+0x2d4/0x4d0 [ 286.401756][ T9340] ? find_held_lock+0x2b/0x80 [ 286.401784][ T9340] ? putname+0x154/0x1a0 [ 286.401806][ T9340] ? do_sys_openat2+0x1b0/0x1d0 [ 286.401834][ T9340] do_futex+0x229/0x350 [ 286.401868][ T9340] ? __pfx_do_futex+0x10/0x10 [ 286.401920][ T9340] __x64_sys_futex+0x1e0/0x4c0 [ 286.401956][ T9340] ? __x64_sys_openat+0x174/0x210 [ 286.401982][ T9340] ? __pfx___x64_sys_futex+0x10/0x10 [ 286.402019][ T9340] ? rcu_is_watching+0x12/0xc0 [ 286.402057][ T9340] do_syscall_64+0xcd/0x260 [ 286.402093][ T9340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.402117][ T9340] RIP: 0033:0x7ffb4238d169 [ 286.402135][ T9340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.402158][ T9340] RSP: 002b:00007ffb431fe0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 286.402180][ T9340] RAX: ffffffffffffffda RBX: 00007ffb425a5fa8 RCX: 00007ffb4238d169 [ 286.402196][ T9340] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ffb425a5fa8 [ 286.402211][ T9340] RBP: 00007ffb425a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 286.402226][ T9340] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb425a5fac [ 286.402240][ T9340] R13: 0000000000000000 R14: 00007ffe05d7dc20 R15: 00007ffe05d7dd08 [ 286.402269][ T9340] [ 288.962669][ T9369] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79004 [ 289.011584][ T9369] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 289.085162][ T9369] memcg:ffff888027503301 [ 289.150357][ T9369] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 289.295572][ T9369] page_type: f5(slab) [ 289.305731][ T9369] raw: 00fff00000000040 ffff8881404088c0 ffffea0001e4f100 dead000000000003 [ 289.403129][ T9369] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888027503301 [ 289.460394][ T9369] head: 00fff00000000040 ffff8881404088c0 ffffea0001e4f100 dead000000000003 [ 289.546730][ T9369] head: 0000000000000000 00000000000c000c 00000000f5000000 ffff888027503301 [ 289.624258][ T9369] head: 00fff00000000002 ffffea0001e40101 00000000ffffffff 00000000ffffffff [ 289.679968][ T9366] FAULT_INJECTION: forcing a failure. [ 289.679968][ T9366] name failslab, interval 1, probability 0, space 0, times 0 [ 289.738794][ T9369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 289.758765][ T9366] CPU: 0 UID: 0 PID: 9366 Comm: syz.1.843 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 289.758805][ T9366] Tainted: [U]=USER [ 289.758813][ T9366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 289.758828][ T9366] Call Trace: [ 289.758843][ T9366] [ 289.758852][ T9366] dump_stack_lvl+0x16c/0x1f0 [ 289.758890][ T9366] should_fail_ex+0x512/0x640 [ 289.758919][ T9366] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 289.758958][ T9366] should_failslab+0xc2/0x120 [ 289.758980][ T9366] __kmalloc_cache_node_noprof+0x6d/0x420 [ 289.759016][ T9366] ? __get_vm_area_node+0x101/0x300 [ 289.759049][ T9366] __get_vm_area_node+0x101/0x300 [ 289.759082][ T9366] __vmalloc_node_range_noprof+0x277/0x1540 [ 289.759115][ T9366] ? kernel_clone+0xfc/0x960 [ 289.759149][ T9366] ? __mod_memcg_lruvec_state+0x533/0x760 [ 289.759180][ T9366] ? find_held_lock+0x2b/0x80 [ 289.759213][ T9366] ? rcu_is_watching+0x12/0xc0 [ 289.759243][ T9366] ? kernel_clone+0xfc/0x960 [ 289.759283][ T9366] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 289.759314][ T9366] ? __memcg_slab_post_alloc_hook+0x4d0/0x940 [ 289.759345][ T9366] ? rcu_is_watching+0x12/0xc0 [ 289.759376][ T9366] ? kernel_clone+0xfc/0x960 [ 289.759410][ T9366] __vmalloc_node_noprof+0x74/0xa0 [ 289.759441][ T9366] ? kernel_clone+0xfc/0x960 [ 289.759477][ T9366] copy_process+0x2ead/0x91a0 [ 289.759510][ T9366] ? find_held_lock+0x2b/0x80 [ 289.759541][ T9366] ? schedule+0x2d7/0x3a0 [ 289.759572][ T9366] ? futex_wait_queue+0x24/0x220 [ 289.759595][ T9366] ? schedule+0xf1/0x3a0 [ 289.759624][ T9366] ? futex_wait_queue+0x14c/0x220 [ 289.759652][ T9366] ? __pfx_copy_process+0x10/0x10 [ 289.759685][ T9366] ? __pfx___futex_wait+0x10/0x10 [ 289.759709][ T9366] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 289.759746][ T9366] ? __pfx_futex_wake_mark+0x10/0x10 [ 289.759784][ T9366] kernel_clone+0xfc/0x960 [ 289.759821][ T9366] ? __pfx_kernel_clone+0x10/0x10 [ 289.759880][ T9366] __do_sys_clone+0xce/0x120 [ 289.759914][ T9366] ? __pfx___do_sys_clone+0x10/0x10 [ 289.759964][ T9366] ? rcu_is_watching+0x12/0xc0 [ 289.760001][ T9366] do_syscall_64+0xcd/0x260 [ 289.760039][ T9366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 289.760062][ T9366] RIP: 0033:0x7fc72778d169 [ 289.760081][ T9366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 289.760105][ T9366] RSP: 002b:00007fc7286a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 289.760128][ T9366] RAX: ffffffffffffffda RBX: 00007fc7279a5fa0 RCX: 00007fc72778d169 [ 289.760144][ T9366] RDX: 0000000000000000 RSI: 0000000000000900 RDI: 0000000000000006 [ 289.760158][ T9366] RBP: 00007fc72780e2a0 R08: 0000000000000401 R09: 0000000000000000 [ 289.760173][ T9366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 289.760187][ T9366] R13: 0000000000000000 R14: 00007fc7279a5fa0 R15: 00007ffd445b2558 [ 289.760215][ T9366] [ 289.760376][ T9366] syz.1.843: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 290.147397][ T9369] page dumped because: unmovable page [ 290.231832][ T9369] page_owner tracks the page as allocated [ 290.262081][ T9369] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5781, tgid 5781 (dhcpcd-run-hook), ts 81899918554, free_ts 35752233122 [ 290.334746][ T9369] post_alloc_hook+0x181/0x1b0 [ 290.351251][ T9369] get_page_from_freelist+0x1193/0x39b0 [ 290.356967][ T9369] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 290.398147][ T9369] alloc_pages_mpol+0x1fb/0x550 [ 290.403058][ T9369] new_slab+0x23c/0x330 [ 290.449872][ T9369] ___slab_alloc+0xd9c/0x1940 [ 290.460226][ T9369] __slab_alloc.constprop.0+0x56/0xb0 [ 290.482395][ T9369] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 290.502601][ T9369] alloc_inode+0xc3/0x240 [ 290.506996][ T9369] create_pipe_files+0x4c/0x930 [ 290.537542][ T9369] do_pipe2+0xaf/0x1c0 [ 290.547808][ T9369] __x64_sys_pipe2+0x54/0x80 [ 290.552466][ T9369] do_syscall_64+0xcd/0x260 [ 290.557011][ T9369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.611225][ T9369] page last free pid 1 tgid 1 stack trace: [ 290.629298][ T9369] __free_frozen_pages+0x69d/0xff0 [ 290.647555][ T9369] free_contig_range+0x135/0x3f0 [ 290.657571][ T9369] destroy_args+0x66f/0x830 [ 290.672886][ T9369] debug_vm_pgtable+0x130e/0x2d50 [ 290.697626][ T9369] do_one_initcall+0x120/0x6e0 [ 290.712648][ T9369] kernel_init_freeable+0x5c2/0x900 [ 290.749476][ T9369] kernel_init+0x1c/0x2b0 [ 290.753861][ T9369] ret_from_fork+0x45/0x80 [ 290.767650][ T9369] ret_from_fork_asm+0x1a/0x30 [ 291.126839][ T9366] ,cpuset=/,mems_allowed=0-1 [ 291.148110][ T9366] CPU: 0 UID: 0 PID: 9366 Comm: syz.1.843 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 291.148150][ T9366] Tainted: [U]=USER [ 291.148157][ T9366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 291.148172][ T9366] Call Trace: [ 291.148179][ T9366] [ 291.148187][ T9366] dump_stack_lvl+0x16c/0x1f0 [ 291.148226][ T9366] warn_alloc+0x248/0x3a0 [ 291.148264][ T9366] ? __pfx_warn_alloc+0x10/0x10 [ 291.148300][ T9366] ? rcu_is_watching+0x12/0xc0 [ 291.148330][ T9366] ? trace_kmalloc+0x2b/0xd0 [ 291.148353][ T9366] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 291.148392][ T9366] ? __kasan_kmalloc+0x8a/0xb0 [ 291.148428][ T9366] ? __get_vm_area_node+0x1e5/0x300 [ 291.148464][ T9366] __vmalloc_node_range_noprof+0xd31/0x1540 [ 291.148503][ T9366] ? __mod_memcg_lruvec_state+0x533/0x760 [ 291.148535][ T9366] ? find_held_lock+0x2b/0x80 [ 291.148568][ T9366] ? rcu_is_watching+0x12/0xc0 [ 291.148597][ T9366] ? kernel_clone+0xfc/0x960 [ 291.148639][ T9366] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 291.148670][ T9366] ? __memcg_slab_post_alloc_hook+0x4d0/0x940 [ 291.148700][ T9366] ? rcu_is_watching+0x12/0xc0 [ 291.148731][ T9366] ? kernel_clone+0xfc/0x960 [ 291.148764][ T9366] __vmalloc_node_noprof+0x74/0xa0 [ 291.148796][ T9366] ? kernel_clone+0xfc/0x960 [ 291.148832][ T9366] copy_process+0x2ead/0x91a0 [ 291.148865][ T9366] ? find_held_lock+0x2b/0x80 [ 291.148895][ T9366] ? schedule+0x2d7/0x3a0 [ 291.148927][ T9366] ? futex_wait_queue+0x24/0x220 [ 291.148949][ T9366] ? schedule+0xf1/0x3a0 [ 291.148979][ T9366] ? futex_wait_queue+0x14c/0x220 [ 291.149006][ T9366] ? __pfx_copy_process+0x10/0x10 [ 291.149040][ T9366] ? __pfx___futex_wait+0x10/0x10 [ 291.149061][ T9366] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 291.149097][ T9366] ? __pfx_futex_wake_mark+0x10/0x10 [ 291.149138][ T9366] kernel_clone+0xfc/0x960 [ 291.149175][ T9366] ? __pfx_kernel_clone+0x10/0x10 [ 291.149226][ T9366] __do_sys_clone+0xce/0x120 [ 291.149261][ T9366] ? __pfx___do_sys_clone+0x10/0x10 [ 291.149311][ T9366] ? rcu_is_watching+0x12/0xc0 [ 291.149348][ T9366] do_syscall_64+0xcd/0x260 [ 291.149385][ T9366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.149409][ T9366] RIP: 0033:0x7fc72778d169 [ 291.149426][ T9366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.149450][ T9366] RSP: 002b:00007fc7286a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 291.149471][ T9366] RAX: ffffffffffffffda RBX: 00007fc7279a5fa0 RCX: 00007fc72778d169 [ 291.149493][ T9366] RDX: 0000000000000000 RSI: 0000000000000900 RDI: 0000000000000006 [ 291.149507][ T9366] RBP: 00007fc72780e2a0 R08: 0000000000000401 R09: 0000000000000000 [ 291.149522][ T9366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 291.149536][ T9366] R13: 0000000000000000 R14: 00007fc7279a5fa0 R15: 00007ffd445b2558 [ 291.149564][ T9366] [ 291.516853][ T9366] Mem-Info: [ 291.520108][ T9366] active_anon:32059 inactive_anon:6 isolated_anon:0 [ 291.520108][ T9366] active_file:18241 inactive_file:40112 isolated_file:0 [ 291.520108][ T9366] unevictable:768 dirty:1603 writeback:0 [ 291.520108][ T9366] slab_reclaimable:10985 slab_unreclaimable:98989 [ 291.520108][ T9366] mapped:38299 shmem:19993 pagetables:1022 [ 291.520108][ T9366] sec_pagetables:0 bounce:0 [ 291.520108][ T9366] kernel_misc_reclaimable:0 [ 291.520108][ T9366] free:1303559 free_pcp:2185 free_cma:0 [ 291.566854][ T9366] Node 0 active_anon:128236kB inactive_anon:24kB active_file:65420kB inactive_file:160368kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:152816kB dirty:6216kB writeback:0kB shmem:78436kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11184kB pagetables:4088kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 291.601897][ T9366] Node 1 active_anon:0kB inactive_anon:0kB active_file:7544kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:380kB dirty:196kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 291.633865][ T9366] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 291.662141][ T9366] lowmem_reserve[]: 0 2482 2483 2483 2483 [ 291.668827][ T9366] Node 0 DMA32 free:1306512kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:128192kB inactive_anon:24kB active_file:65420kB inactive_file:158788kB unevictable:1536kB writepending:6216kB present:3129332kB managed:2541688kB mlocked:0kB bounce:0kB free_pcp:1560kB local_pcp:1560kB free_cma:0kB [ 291.699603][ T9366] lowmem_reserve[]: 0 0 1 1 1 [ 291.704341][ T9366] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1580kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 291.731690][ T9366] lowmem_reserve[]: 0 0 0 0 0 [ 291.736430][ T9366] Node 1 Normal free:3892352kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:7544kB inactive_file:80kB unevictable:1536kB writepending:196kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:7128kB local_pcp:7128kB free_cma:0kB [ 291.827554][ T9366] lowmem_reserve[]: 0 0 0 0 0 [ 291.837519][ T9366] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 291.877849][ T9366] Node 0 DMA32: 293*4kB (UM) 134*8kB (UM) 15*16kB (UME) 110*32kB (UME) 277*64kB (UME) 320*128kB (ME) 181*256kB (UM) 86*512kB (UME) 33*1024kB (UM) 11*2048kB (ME) 266*4096kB (M) = 1300916kB [ 291.947559][ T9366] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 292.006913][ T9366] Node 1 Normal: 250*4kB (UME) 63*8kB (UME) 70*16kB (UME) 228*32kB (UME) 127*64kB (UME) 38*128kB (UME) 19*256kB (UME) 16*512kB (UME) 8*1024kB (UME) 13*2048kB (UME) 933*4096kB (M) = 3892352kB [ 292.088264][ T9366] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 292.123662][ T9366] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 292.146104][ T9366] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 292.177887][ T9366] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 292.205270][ T9366] 80223 total pagecache pages [ 292.210943][ T9366] 87 pages in swap cache [ 292.215283][ T9366] Free swap = 124068kB [ 292.247577][ T9366] Total swap = 124996kB [ 292.263293][ T9366] 2097051 pages RAM [ 292.267186][ T9366] 0 pages HighMem/MovableOnly [ 292.290628][ T9366] 429587 pages reserved [ 292.305075][ T9366] 0 pages cma reserved [ 294.252932][ T9422] FAULT_INJECTION: forcing a failure. [ 294.252932][ T9422] name fail_futex, interval 1, probability 0, space 0, times 0 [ 294.347606][ T9422] CPU: 0 UID: 0 PID: 9422 Comm: syz.0.853 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 294.347647][ T9422] Tainted: [U]=USER [ 294.347656][ T9422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 294.347670][ T9422] Call Trace: [ 294.347677][ T9422] [ 294.347686][ T9422] dump_stack_lvl+0x16c/0x1f0 [ 294.347726][ T9422] should_fail_ex+0x512/0x640 [ 294.347758][ T9422] get_futex_key+0x49e/0x1000 [ 294.347795][ T9422] ? __pfx_get_futex_key+0x10/0x10 [ 294.347839][ T9422] futex_wake+0xe7/0x4e0 [ 294.347864][ T9422] ? __pfx_futex_wake+0x10/0x10 [ 294.347890][ T9422] ? kmem_cache_free+0x2d4/0x4d0 [ 294.347925][ T9422] ? fd_install+0x225/0x750 [ 294.347958][ T9422] ? putname+0x154/0x1a0 [ 294.347985][ T9422] do_futex+0x1e3/0x350 [ 294.348021][ T9422] ? __pfx_do_futex+0x10/0x10 [ 294.348063][ T9422] __x64_sys_futex+0x1e0/0x4c0 [ 294.348101][ T9422] ? __x64_sys_openat+0x174/0x210 [ 294.348137][ T9422] ? __pfx___x64_sys_futex+0x10/0x10 [ 294.348176][ T9422] ? rcu_is_watching+0x12/0xc0 [ 294.348214][ T9422] do_syscall_64+0xcd/0x260 [ 294.348259][ T9422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.348283][ T9422] RIP: 0033:0x7ffb4238d169 [ 294.348302][ T9422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.348326][ T9422] RSP: 002b:00007ffb431fe0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 294.348349][ T9422] RAX: ffffffffffffffda RBX: 00007ffb425a5fa8 RCX: 00007ffb4238d169 [ 294.348366][ T9422] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffb425a5fac [ 294.348380][ T9422] RBP: 00007ffb425a5fa0 R08: 00007ffb431ff000 R09: 0000000000000000 [ 294.348396][ T9422] R10: 0000000000000004 R11: 0000000000000246 R12: 00007ffb425a5fac [ 294.348410][ T9422] R13: 0000000000000000 R14: 00007ffe05d7dc20 R15: 00007ffe05d7dd08 [ 294.348439][ T9422] [ 298.642324][ T9481] openvswitch: HfR: Dropping previously announced user features [ 298.691312][ T9481] netlink: 12 bytes leftover after parsing attributes in process `syz.3.864'. [ 298.759703][ T9481] HfR: left promiscuous mode [ 300.538599][ T9495] netlink: 330 bytes leftover after parsing attributes in process `syz.2.868'. [ 302.710613][ T9530] HfR: entered promiscuous mode [ 303.620202][ T9538] openvswitch: HfR: Dropping previously announced user features [ 303.698657][ T9538] netlink: 12 bytes leftover after parsing attributes in process `syz.3.877'. [ 303.744356][ T9538] HfR: left promiscuous mode [ 303.911104][ T9540] netlink: 12 bytes leftover after parsing attributes in process `syz.1.876'. [ 303.976187][ T9536] openvswitch: HfR: Dropping previously announced user features [ 304.060670][ T9540] HfR: left promiscuous mode [ 305.896399][ T9567] GUP no longer grows the stack in syz.2.880 (9567): 14000-401000 (4000) [ 306.025687][ T9567] CPU: 0 UID: 0 PID: 9567 Comm: syz.2.880 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 306.025728][ T9567] Tainted: [U]=USER [ 306.025735][ T9567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 306.025749][ T9567] Call Trace: [ 306.025757][ T9567] [ 306.025766][ T9567] dump_stack_lvl+0x16c/0x1f0 [ 306.025805][ T9567] gup_vma_lookup+0x1d2/0x220 [ 306.025834][ T9567] __get_user_pages+0x234/0x36f0 [ 306.025874][ T9567] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 306.025897][ T9567] ? look_up_lock_class+0x59/0x150 [ 306.025930][ T9567] ? __pfx___get_user_pages+0x10/0x10 [ 306.025960][ T9567] ? process_vm_rw+0x2ff/0x360 [ 306.025980][ T9567] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 306.026001][ T9567] ? do_syscall_64+0xcd/0x260 [ 306.026044][ T9567] __gup_longterm_locked+0x20d/0x1850 [ 306.026085][ T9567] ? __pfx___gup_longterm_locked+0x10/0x10 [ 306.026131][ T9567] pin_user_pages_remote+0xed/0x140 [ 306.026164][ T9567] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 306.026195][ T9567] ? mm_access+0x22d/0x2e0 [ 306.026244][ T9567] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 306.026274][ T9567] ? futex_wait_queue+0x14c/0x220 [ 306.026295][ T9567] ? futex_unqueue+0xba/0x140 [ 306.026334][ T9567] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 306.026362][ T9567] ? iovec_from_user+0xbb/0x140 [ 306.026406][ T9567] ? iovec_from_user+0xbb/0x140 [ 306.026440][ T9567] process_vm_rw+0x2ff/0x360 [ 306.026465][ T9567] ? __pfx_process_vm_rw+0x10/0x10 [ 306.026495][ T9567] ? __might_fault+0x13b/0x190 [ 306.026556][ T9567] ? xfd_validate_state+0x5d/0x180 [ 306.026589][ T9567] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 306.026613][ T9567] ? do_syscall_64+0x91/0x260 [ 306.026647][ T9567] ? lockdep_hardirqs_on+0x7c/0x110 [ 306.026679][ T9567] do_syscall_64+0xcd/0x260 [ 306.026721][ T9567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.026745][ T9567] RIP: 0033:0x7f60e938d169 [ 306.026763][ T9567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.026787][ T9567] RSP: 002b:00007f60ea1b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 306.026809][ T9567] RAX: ffffffffffffffda RBX: 00007f60e95a6080 RCX: 00007f60e938d169 [ 306.026825][ T9567] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 000000000000030c [ 306.026840][ T9567] RBP: 00007f60e940e2a0 R08: 0000000000000003 R09: 0000000000000000 [ 306.026854][ T9567] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 306.026869][ T9567] R13: 0000000000000000 R14: 00007f60e95a6080 R15: 00007ffda14e9878 [ 306.026899][ T9567] [ 306.863847][ T9587] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.023550][ T9591] openvswitch: HfR: Dropping previously announced user features [ 307.071218][ T9591] netlink: 12 bytes leftover after parsing attributes in process `syz.2.888'. [ 307.150298][ T9591] HfR: left promiscuous mode [ 308.864053][ T9635] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input46 [ 308.896423][ T9633] ovs_: entered promiscuous mode [ 309.633253][ T9648] input: f as /devices/virtual/input/input47 [ 310.651928][ T5846] Bluetooth: hci0: unexpected event 0x1d length: 1 < 5 [ 312.555164][ T9687] netlink: 28 bytes leftover after parsing attributes in process `syz.2.911'. [ 313.097188][ T9700] HfR: entered promiscuous mode [ 313.178532][ T9700] netlink: 12 bytes leftover after parsing attributes in process `syz.2.914'. [ 313.237709][ T9700] HfR: left promiscuous mode [ 314.169434][ T9717] HfR: entered promiscuous mode [ 315.184475][ T9735] netlink: 28 bytes leftover after parsing attributes in process `syz.3.924'. [ 316.340680][ T9752] HfR: entered promiscuous mode [ 316.382020][ T9752] netlink: 12 bytes leftover after parsing attributes in process `syz.1.929'. [ 316.443599][ T9752] HfR: left promiscuous mode [ 316.932096][ T9755] netlink: 28 bytes leftover after parsing attributes in process `syz.3.928'. [ 320.100789][ T9798] Invalid ELF header magic: != ELF [ 321.908381][ T9828] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input48 [ 322.393874][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.401615][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.776744][ T9857] Invalid ELF header magic: != ELF [ 324.203386][ T9866] netlink: 28 bytes leftover after parsing attributes in process `syz.3.957'. [ 325.079146][ T9875] HfR: entered promiscuous mode [ 326.142722][ T9897] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input49 [ 327.304974][ T9915] Invalid ELF header magic: != ELF [ 327.322321][ T9922] netlink: 28 bytes leftover after parsing attributes in process `syz.1.969'. [ 327.747372][ T9928] HfR: entered promiscuous mode [ 327.820061][ T9928] netlink: 12 bytes leftover after parsing attributes in process `syz.1.971'. [ 327.877207][ T9928] HfR: left promiscuous mode [ 327.951104][ T9930] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 329.651525][ T9957] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50 [ 331.375907][ T9986] FAULT_INJECTION: forcing a failure. [ 331.375907][ T9986] name fail_futex, interval 1, probability 0, space 0, times 0 [ 331.412321][ T9984] openvswitch: HfR: Dropping previously announced user features [ 331.430045][ T9986] CPU: 0 UID: 0 PID: 9986 Comm: syz.0.986 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 331.430084][ T9986] Tainted: [U]=USER [ 331.430098][ T9986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 331.430113][ T9986] Call Trace: [ 331.430120][ T9986] [ 331.430128][ T9986] dump_stack_lvl+0x16c/0x1f0 [ 331.430167][ T9986] should_fail_ex+0x512/0x640 [ 331.430201][ T9986] get_futex_key+0x49e/0x1000 [ 331.430239][ T9986] ? __pfx_get_futex_key+0x10/0x10 [ 331.430281][ T9986] futex_wake+0xe7/0x4e0 [ 331.430306][ T9986] ? __pfx_futex_wake+0x10/0x10 [ 331.430334][ T9986] ? kmem_cache_free+0x2d4/0x4d0 [ 331.430368][ T9986] ? fd_install+0x225/0x750 [ 331.430403][ T9986] ? putname+0x154/0x1a0 [ 331.430435][ T9986] do_futex+0x1e3/0x350 [ 331.430472][ T9986] ? __pfx_do_futex+0x10/0x10 [ 331.430514][ T9986] __x64_sys_futex+0x1e0/0x4c0 [ 331.430550][ T9986] ? __x64_sys_openat+0x174/0x210 [ 331.430576][ T9986] ? __pfx___x64_sys_futex+0x10/0x10 [ 331.430612][ T9986] ? rcu_is_watching+0x12/0xc0 [ 331.430649][ T9986] do_syscall_64+0xcd/0x260 [ 331.430686][ T9986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.430710][ T9986] RIP: 0033:0x7ffb4238d169 [ 331.430728][ T9986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.430751][ T9986] RSP: 002b:00007ffb431fe0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 331.430773][ T9986] RAX: ffffffffffffffda RBX: 00007ffb425a5fa8 RCX: 00007ffb4238d169 [ 331.430788][ T9986] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ffb425a5fac [ 331.430803][ T9986] RBP: 00007ffb425a5fa0 R08: 00007ffb431ff000 R09: 0000000000000000 [ 331.430818][ T9986] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffb425a5fac [ 331.430833][ T9986] R13: 0000000000000000 R14: 00007ffe05d7dc20 R15: 00007ffe05d7dd08 [ 331.430862][ T9986] [ 333.267780][T10004] could not allocate digest TFM handle [ 333.287172][T10006] could not allocate digest TFM handle [ 333.919461][ T5846] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 334.226267][T10025] FAULT_INJECTION: forcing a failure. [ 334.226267][T10025] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 334.635951][T10025] CPU: 0 UID: 0 PID: 10025 Comm: syz.0.996 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 334.635989][T10025] Tainted: [U]=USER [ 334.635996][T10025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 334.636009][T10025] Call Trace: [ 334.636016][T10025] [ 334.636024][T10025] dump_stack_lvl+0x16c/0x1f0 [ 334.636062][T10025] should_fail_ex+0x512/0x640 [ 334.636094][T10025] _copy_to_user+0x32/0xd0 [ 334.636126][T10025] simple_read_from_buffer+0xcb/0x170 [ 334.636160][T10025] proc_fail_nth_read+0x197/0x270 [ 334.636193][T10025] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 334.636228][T10025] ? rw_verify_area+0xcf/0x680 [ 334.636255][T10025] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 334.636288][T10025] vfs_read+0x1de/0xc70 [ 334.636323][T10025] ? __pfx___mutex_lock+0x10/0x10 [ 334.636357][T10025] ? __pfx_vfs_read+0x10/0x10 [ 334.636396][T10025] ? __fget_files+0x20e/0x3c0 [ 334.636438][T10025] ksys_read+0x12a/0x240 [ 334.636470][T10025] ? __pfx_ksys_read+0x10/0x10 [ 334.636500][T10025] ? madvise_unlock+0xf6/0x190 [ 334.636530][T10025] do_syscall_64+0xcd/0x260 [ 334.636567][T10025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.636590][T10025] RIP: 0033:0x7ffb4238bb7c [ 334.636608][T10025] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 334.636631][T10025] RSP: 002b:00007ffb431fe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 334.636652][T10025] RAX: ffffffffffffffda RBX: 00007ffb425a5fa0 RCX: 00007ffb4238bb7c [ 334.636668][T10025] RDX: 000000000000000f RSI: 00007ffb431fe0a0 RDI: 0000000000000004 [ 334.636682][T10025] RBP: 00007ffb431fe090 R08: 0000000000000000 R09: 0000000000000000 [ 334.636696][T10025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.636710][T10025] R13: 0000000000000000 R14: 00007ffb425a5fa0 R15: 00007ffe05d7dd08 [ 334.636739][T10025] [ 335.587691][T10038] openvswitch: HfR: Dropping previously announced user features [ 338.385530][T10069] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1003'. [ 342.640180][T10096] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1012'. [ 344.336069][T10114] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input53 [ 344.443017][T10109] ip_vti0: entered allmulticast mode [ 344.510115][T10115] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input54 [ 344.558799][T10117] FAULT_INJECTION: forcing a failure. [ 344.558799][T10117] name failslab, interval 1, probability 0, space 0, times 0 [ 344.652300][T10117] CPU: 0 UID: 0 PID: 10117 Comm: syz.2.1017 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 344.652340][T10117] Tainted: [U]=USER [ 344.652348][T10117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 344.652362][T10117] Call Trace: [ 344.652370][T10117] [ 344.652379][T10117] dump_stack_lvl+0x16c/0x1f0 [ 344.652418][T10117] should_fail_ex+0x512/0x640 [ 344.652445][T10117] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 344.652489][T10117] should_failslab+0xc2/0x120 [ 344.652512][T10117] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 344.652552][T10117] ? __pfx_proc_create_net_data+0x10/0x10 [ 344.652579][T10117] ? nf_log_net_init+0x9f/0x450 [ 344.652609][T10117] ? __pfx___register_sysctl_table+0x10/0x10 [ 344.652637][T10117] ? __pfx_nf_log_net_init+0x10/0x10 [ 344.652668][T10117] kmemdup_noprof+0x29/0x60 [ 344.652691][T10117] nf_log_net_init+0x9f/0x450 [ 344.652723][T10117] ? __pfx_nf_log_net_init+0x10/0x10 [ 344.652753][T10117] ops_init+0x1df/0x5f0 [ 344.652789][T10117] setup_net+0x21e/0x850 [ 344.652826][T10117] ? __pfx_setup_net+0x10/0x10 [ 344.652857][T10117] ? lockdep_init_map_type+0x5c/0x280 [ 344.652881][T10117] ? __pfx_down_read_killable+0x10/0x10 [ 344.652924][T10117] ? debug_mutex_init+0x37/0x70 [ 344.652957][T10117] copy_net_ns+0x2a6/0x5f0 [ 344.652996][T10117] create_new_namespaces+0x3ea/0xad0 [ 344.653037][T10117] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 344.653075][T10117] ksys_unshare+0x45b/0xa40 [ 344.653113][T10117] ? __pfx_ksys_unshare+0x10/0x10 [ 344.653152][T10117] ? xfd_validate_state+0x5d/0x180 [ 344.653187][T10117] ? rcu_is_watching+0x12/0xc0 [ 344.653224][T10117] __x64_sys_unshare+0x31/0x40 [ 344.653267][T10117] do_syscall_64+0xcd/0x260 [ 344.653304][T10117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.653328][T10117] RIP: 0033:0x7f60e938d169 [ 344.653346][T10117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.653370][T10117] RSP: 002b:00007f60ea1d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 344.653393][T10117] RAX: ffffffffffffffda RBX: 00007f60e95a5fa0 RCX: 00007f60e938d169 [ 344.653409][T10117] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 344.653424][T10117] RBP: 00007f60e940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 344.653438][T10117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 344.653453][T10117] R13: 0000000000000000 R14: 00007f60e95a5fa0 R15: 00007ffda14e9878 [ 344.653482][T10117] [ 345.209511][T10118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1016'. [ 350.139406][T10190] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input55 [ 350.614959][T10206] input: f as /devices/virtual/input/input56 [ 350.632433][T10190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1032'. [ 350.803815][ T6037] udevd[6037]: setting owner of /dev/input/event2 to uid=0, gid=104 failed: No such file or directory [ 350.938893][T10197] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 1 out of range (51000000..2150000000) [ 351.396365][T10215] Invalid ELF header magic: != ELF [ 354.651609][T10262] Invalid ELF header magic: != ELF [ 355.317294][T10275] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input57 [ 355.571352][T10284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1052'. [ 357.162477][T10310] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1059'. [ 357.875427][T10318] input: f as /devices/virtual/input/input58 [ 358.063235][T10324] openvswitch: HfR: Dropping previously announced user features [ 359.555595][T10350] Invalid ELF header magic: != ELF [ 360.963095][T10372] input: f as /devices/virtual/input/input59 [ 363.342338][T10406] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input60 [ 363.569713][T10409] Invalid ELF header magic: != ELF [ 363.781283][T10412] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1083'. [ 364.697637][T10423] input: f as /devices/virtual/input/input61 [ 367.293191][T10467] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1096'. [ 367.333927][T10465] Invalid ELF header magic: != ELF [ 367.734264][T10473] HfR: entered promiscuous mode [ 368.806214][T10487] input: f as /devices/virtual/input/input62 [ 370.320368][T10513] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input63 [ 370.578175][T10514] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1108'. [ 371.690634][T10529] Invalid ELF header magic: != ELF [ 372.921390][T10554] input: f as /devices/virtual/input/input64 [ 376.340004][T10590] Invalid ELF header magic: != ELF [ 377.846867][T10611] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1133'. [ 378.021223][T10616] input: f as /devices/virtual/input/input65 [ 379.142029][T10633] openvswitch: HfR: Dropping previously announced user features [ 379.213441][T10636] usbip-vudc usbip-vudc.0: gadget not bound [ 379.483514][T10640] Invalid ELF header magic: != ELF [ 380.821913][T10659] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input66 [ 381.520017][T10671] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1146'. [ 382.043512][T10677] input: f as /devices/virtual/input/input67 [ 382.970016][T10689] Invalid ELF header magic: != ELF [ 383.835707][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.842297][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.185428][T10730] input: f as /devices/virtual/input/input68 [ 386.800281][T10742] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1165'. [ 387.021288][T10744] Invalid ELF header magic: != ELF [ 388.151189][T10769] FAULT_INJECTION: forcing a failure. [ 388.151189][T10769] name fail_futex, interval 1, probability 0, space 0, times 0 [ 388.196638][T10769] CPU: 0 UID: 0 PID: 10769 Comm: syz.1.1171 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 388.196676][T10769] Tainted: [U]=USER [ 388.196683][T10769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 388.196696][T10769] Call Trace: [ 388.196703][T10769] [ 388.196712][T10769] dump_stack_lvl+0x16c/0x1f0 [ 388.196750][T10769] should_fail_ex+0x512/0x640 [ 388.196781][T10769] get_futex_key+0x49e/0x1000 [ 388.196816][T10769] ? __pfx_get_futex_key+0x10/0x10 [ 388.196858][T10769] futex_wake+0xe7/0x4e0 [ 388.196882][T10769] ? __pfx_futex_wake+0x10/0x10 [ 388.196906][T10769] ? kmem_cache_free+0x2d4/0x4d0 [ 388.196940][T10769] ? fd_install+0x225/0x750 [ 388.196971][T10769] ? putname+0x154/0x1a0 [ 388.196998][T10769] do_futex+0x1e3/0x350 [ 388.197032][T10769] ? __pfx_do_futex+0x10/0x10 [ 388.197072][T10769] __x64_sys_futex+0x1e0/0x4c0 [ 388.197110][T10769] ? __pfx___x64_sys_futex+0x10/0x10 [ 388.197145][T10769] ? rcu_is_watching+0x12/0xc0 [ 388.197182][T10769] do_syscall_64+0xcd/0x260 [ 388.197218][T10769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.197241][T10769] RIP: 0033:0x7fc72778d169 [ 388.197259][T10769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.197282][T10769] RSP: 002b:00007fc7286a50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 388.197303][T10769] RAX: ffffffffffffffda RBX: 00007fc7279a5fa8 RCX: 00007fc72778d169 [ 388.197319][T10769] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc7279a5fac [ 388.197333][T10769] RBP: 00007fc7279a5fa0 R08: 00007fc7286a6000 R09: 0000000000000000 [ 388.197348][T10769] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fc7279a5fac [ 388.197362][T10769] R13: 0000000000000000 R14: 00007ffd445b2470 R15: 00007ffd445b2558 [ 388.197391][T10769] [ 390.541129][T10783] openvswitch: HfR: Dropping previously announced user features [ 390.724691][T10788] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1177'. [ 390.781052][T10790] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1177'. [ 390.835352][T10788] netlink: 210 bytes leftover after parsing attributes in process `syz.1.1177'. [ 390.959869][T10794] input: f as /devices/virtual/input/input69 [ 391.335543][T10801] Invalid ELF header magic: != ELF [ 391.748116][T10797] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 391.785056][T10797] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 391.815299][T10797] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 391.854756][T10797] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 393.878095][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout [ 393.884142][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout [ 393.897747][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 394.077081][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout [ 394.451606][T10832] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input70 [ 394.738250][T10836] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1187'. [ 395.167611][T10849] input: f as /devices/virtual/input/input71 [ 396.130368][T10856] Invalid ELF header magic: != ELF [ 397.805359][T10887] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1201'. [ 398.384342][T10902] warning: `syz.1.1203' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 398.665328][T10908] input: f as /devices/virtual/input/input72 [ 398.691880][T10889] ima: policy update failed [ 398.738610][ T30] audit: type=1802 audit(6039033163.026:6): pid=10889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1202" res=0 errno=0 [ 398.986349][T10911] Invalid ELF header magic: != ELF [ 399.509956][T10917] openvswitch: HfR: Dropping previously announced user features [ 401.537373][T10951] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input73 [ 402.277608][T10955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1216'. [ 402.437660][T10968] input: f as /devices/virtual/input/input74 [ 402.929170][T10980] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1223'. [ 402.973031][T10978] Invalid ELF header magic: != ELF [ 404.910651][T11017] FAULT_INJECTION: forcing a failure. [ 404.910651][T11017] name failslab, interval 1, probability 0, space 0, times 0 [ 404.978284][T11017] CPU: 0 UID: 0 PID: 11017 Comm: syz.2.1230 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 404.978321][T11017] Tainted: [U]=USER [ 404.978328][T11017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 404.978341][T11017] Call Trace: [ 404.978347][T11017] [ 404.978356][T11017] dump_stack_lvl+0x16c/0x1f0 [ 404.978393][T11017] should_fail_ex+0x512/0x640 [ 404.978419][T11017] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 404.978459][T11017] should_failslab+0xc2/0x120 [ 404.978480][T11017] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 404.978516][T11017] ? getname_flags.part.0+0x48/0x540 [ 404.978543][T11017] ? 0xffffffff81000000 [ 404.978561][T11017] ? 0xffffffff81000000 [ 404.978575][T11017] getname_flags.part.0+0x48/0x540 [ 404.978601][T11017] ? 0xffffffff81000000 [ 404.978616][T11017] ? 0xffffffff81000000 [ 404.978632][T11017] getname_flags+0x93/0xf0 [ 404.978666][T11017] __x64_sys_unlinkat+0xe4/0x130 [ 404.978704][T11017] do_syscall_64+0xcd/0x260 [ 404.978740][T11017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.978763][T11017] RIP: 0033:0x7f60e938d169 [ 404.978780][T11017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.978803][T11017] RSP: 002b:00007f60ea1d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 404.978824][T11017] RAX: ffffffffffffffda RBX: 00007f60e95a5fa0 RCX: 00007f60e938d169 [ 404.978840][T11017] RDX: 0000000000000200 RSI: ffffffff81000000 RDI: 00000000000001ff [ 404.978854][T11017] RBP: 00007f60ea1d3090 R08: 0000000000000000 R09: 0000000000000000 [ 404.978869][T11017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 404.978882][T11017] R13: 0000000000000000 R14: 00007f60e95a5fa0 R15: 00007ffda14e9878 [ 404.978906][T11017] ? 0xffffffff81000000 [ 404.978925][T11017] [ 405.870438][T11035] input: f as /devices/virtual/input/input75 [ 406.061462][T11036] Invalid ELF header magic: != ELF [ 407.464083][T11059] openvswitch: HfR: Dropping previously announced user features [ 408.568930][T11083] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input76 [ 409.561279][T11099] input: f as /devices/virtual/input/input77 [ 410.016173][T11105] Invalid ELF header magic: != ELF [ 410.990791][T11122] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1258'. [ 411.015069][T11124] FAULT_INJECTION: forcing a failure. [ 411.015069][T11124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 411.074831][T11124] CPU: 0 UID: 0 PID: 11124 Comm: syz.3.1259 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 411.074868][T11124] Tainted: [U]=USER [ 411.074875][T11124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 411.074889][T11124] Call Trace: [ 411.074897][T11124] [ 411.074906][T11124] dump_stack_lvl+0x16c/0x1f0 [ 411.074943][T11124] should_fail_ex+0x512/0x640 [ 411.074971][T11124] ? 0xffffffff81000000 [ 411.074989][T11124] strncpy_from_user+0x3b/0x2e0 [ 411.075013][T11124] ? 0xffffffff81000000 [ 411.075030][T11124] getname_flags.part.0+0x8b/0x540 [ 411.075057][T11124] ? 0xffffffff81000000 [ 411.075072][T11124] ? 0xffffffff81000000 [ 411.075088][T11124] getname_flags+0x93/0xf0 [ 411.075120][T11124] __x64_sys_unlinkat+0xe4/0x130 [ 411.075158][T11124] do_syscall_64+0xcd/0x260 [ 411.075194][T11124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.075217][T11124] RIP: 0033:0x7f31f398d169 [ 411.075234][T11124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.075256][T11124] RSP: 002b:00007f31f4750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 411.075278][T11124] RAX: ffffffffffffffda RBX: 00007f31f3ba5fa0 RCX: 00007f31f398d169 [ 411.075293][T11124] RDX: 0000000000000200 RSI: ffffffff81000000 RDI: 00000000000001ff [ 411.075313][T11124] RBP: 00007f31f4750090 R08: 0000000000000000 R09: 0000000000000000 [ 411.075327][T11124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.075341][T11124] R13: 0000000000000000 R14: 00007f31f3ba5fa0 R15: 00007ffedff4b498 [ 411.075364][T11124] ? 0xffffffff81000000 [ 411.075383][T11124] [ 412.350554][T11148] input: f as /devices/virtual/input/input78 [ 412.963283][T11160] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1269'. [ 413.022274][T11160] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1269'. [ 413.308266][T11158] Invalid ELF header magic: != ELF [ 414.440003][T11184] openvswitch: HfR: Dropping previously announced user features [ 415.381607][T11206] input: f as /devices/virtual/input/input79 [ 416.131000][T11214] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input80 [ 417.328680][T11227] Invalid ELF header magic: != ELF [ 417.666419][T11244] FAULT_INJECTION: forcing a failure. [ 417.666419][T11244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.723961][T11244] CPU: 0 UID: 0 PID: 11244 Comm: syz.0.1290 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 417.723999][T11244] Tainted: [U]=USER [ 417.724006][T11244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 417.724020][T11244] Call Trace: [ 417.724027][T11244] [ 417.724035][T11244] dump_stack_lvl+0x16c/0x1f0 [ 417.724072][T11244] should_fail_ex+0x512/0x640 [ 417.724104][T11244] _copy_to_user+0x32/0xd0 [ 417.724136][T11244] simple_read_from_buffer+0xcb/0x170 [ 417.724170][T11244] proc_fail_nth_read+0x197/0x270 [ 417.724203][T11244] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 417.724237][T11244] ? rw_verify_area+0xcf/0x680 [ 417.724264][T11244] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 417.724297][T11244] vfs_read+0x1de/0xc70 [ 417.724331][T11244] ? __pfx___mutex_lock+0x10/0x10 [ 417.724365][T11244] ? __pfx_vfs_read+0x10/0x10 [ 417.724405][T11244] ? __fget_files+0x20e/0x3c0 [ 417.724446][T11244] ksys_read+0x12a/0x240 [ 417.724478][T11244] ? __pfx_ksys_read+0x10/0x10 [ 417.724518][T11244] do_syscall_64+0xcd/0x260 [ 417.724557][T11244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.724580][T11244] RIP: 0033:0x7ffb4238bb7c [ 417.724598][T11244] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 417.724620][T11244] RSP: 002b:00007ffb431fe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 417.724642][T11244] RAX: ffffffffffffffda RBX: 00007ffb425a5fa0 RCX: 00007ffb4238bb7c [ 417.724657][T11244] RDX: 000000000000000f RSI: 00007ffb431fe0a0 RDI: 0000000000000003 [ 417.724671][T11244] RBP: 00007ffb431fe090 R08: 0000000000000000 R09: 0000000000000000 [ 417.724686][T11244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 417.724700][T11244] R13: 0000000000000000 R14: 00007ffb425a5fa0 R15: 00007ffe05d7dd08 [ 417.724729][T11244] [ 419.091363][T11260] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1294'. [ 419.159979][T11262] input: f as /devices/virtual/input/input81 [ 421.203418][T11284] Invalid ELF header magic: != ELF [ 421.772329][T11313] openvswitch: HfR: Dropping previously announced user features [ 423.008340][T11339] input: f as /devices/virtual/input/input82 [ 423.879721][T11352] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input83 [ 425.107130][T11367] Invalid ELF header magic: != ELF [ 426.171673][T11394] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1326'. [ 427.551084][T11417] input: f as /devices/virtual/input/input84 [ 427.602926][T11415] Invalid ELF header magic: != ELF [ 429.067216][T11440] openvswitch: HfR: Dropping previously announced user features [ 429.095681][T11436] mkiss: ax0: crc mode is auto. [ 430.723111][T11463] Invalid ELF header magic: != ELF [ 431.217969][T11480] input: f as /devices/virtual/input/input85 [ 431.507160][T11487] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input86 [ 431.714606][T11488] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input87 [ 433.096894][T11506] Invalid input. Must be >= 4608 [ 433.323576][T11512] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1353'. [ 434.153348][T11525] Invalid ELF header magic: != ELF [ 434.642021][T11543] input: f as /devices/virtual/input/input88 [ 436.277321][T11562] openvswitch: HfR: Dropping previously announced user features [ 436.887347][T11578] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input89 [ 437.030050][T11579] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input90 [ 437.225195][T11580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1369'. [ 438.231965][T11587] Invalid ELF header magic: != ELF [ 438.334537][T11598] input: f as /devices/virtual/input/input91 [ 439.638287][T11626] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1380'. [ 441.196671][T11648] Invalid ELF header magic: != ELF [ 441.539905][T11658] input: f as /devices/virtual/input/input92 [ 442.058843][T11668] openvswitch: HfR: Dropping previously announced user features [ 442.100901][T11664] FAULT_INJECTION: forcing a failure. [ 442.100901][T11664] name fail_futex, interval 1, probability 0, space 0, times 0 [ 442.169054][T11664] CPU: 0 UID: 0 PID: 11664 Comm: syz.1.1390 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 442.169098][T11664] Tainted: [U]=USER [ 442.169107][T11664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 442.169123][T11664] Call Trace: [ 442.169131][T11664] [ 442.169141][T11664] dump_stack_lvl+0x16c/0x1f0 [ 442.169183][T11664] should_fail_ex+0x512/0x640 [ 442.169221][T11664] get_futex_key+0xabc/0x1000 [ 442.169263][T11664] ? __pfx_get_futex_key+0x10/0x10 [ 442.169315][T11664] futex_wake+0xe7/0x4e0 [ 442.169338][T11664] ? rcu_is_watching+0x12/0xc0 [ 442.169376][T11664] ? __pfx_futex_wake+0x10/0x10 [ 442.169421][T11664] do_futex+0x1e3/0x350 [ 442.169460][T11664] ? __pfx_do_futex+0x10/0x10 [ 442.169494][T11664] ? __might_fault+0xe3/0x190 [ 442.169546][T11664] mm_release+0x24e/0x300 [ 442.169583][T11664] do_exit+0x898/0x2c30 [ 442.169604][T11664] ? __pfx_futex_wake_mark+0x10/0x10 [ 442.169638][T11664] ? __pfx_do_exit+0x10/0x10 [ 442.169661][T11664] ? do_raw_spin_lock+0x12c/0x2b0 [ 442.169690][T11664] ? find_held_lock+0x2b/0x80 [ 442.169731][T11664] do_group_exit+0xd3/0x2a0 [ 442.169759][T11664] get_signal+0x2673/0x26d0 [ 442.169799][T11664] ? kmem_cache_free+0x2d4/0x4d0 [ 442.169832][T11664] ? fd_install+0x225/0x750 [ 442.169869][T11664] ? __pfx_get_signal+0x10/0x10 [ 442.169899][T11664] ? do_futex+0x122/0x350 [ 442.169933][T11664] ? __pfx_do_futex+0x10/0x10 [ 442.169968][T11664] arch_do_signal_or_restart+0x8f/0x7d0 [ 442.170010][T11664] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 442.170055][T11664] ? rcu_is_watching+0x12/0xc0 [ 442.170088][T11664] syscall_exit_to_user_mode+0x150/0x2a0 [ 442.170125][T11664] do_syscall_64+0xda/0x260 [ 442.170160][T11664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.170183][T11664] RIP: 0033:0x7fc72778d169 [ 442.170201][T11664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.170224][T11664] RSP: 002b:00007fc7286630e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 442.170245][T11664] RAX: fffffffffffffe00 RBX: 00007fc7279a6168 RCX: 00007fc72778d169 [ 442.170261][T11664] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc7279a6168 [ 442.170275][T11664] RBP: 00007fc7279a6160 R08: 0000000000000000 R09: 0000000000000000 [ 442.170289][T11664] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc7279a616c [ 442.170304][T11664] R13: 0000000000000000 R14: 00007ffd445b2470 R15: 00007ffd445b2558 [ 442.170332][T11664] [ 443.985460][T11697] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input93 [ 444.298911][T11704] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1399'. [ 445.250071][T11712] Invalid ELF header magic: != ELF [ 445.282641][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.294938][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.372262][T11720] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1403'. [ 445.413962][T11720] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.586382][T11720] bridge_slave_1 (unregistering): left allmulticast mode [ 445.617754][T11720] bridge_slave_1 (unregistering): left promiscuous mode [ 445.644306][T11720] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.822316][T11728] input: f as /devices/virtual/input/input94 [ 446.295572][T11734] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1406'. [ 448.362784][T11772] openvswitch: HfR: Dropping previously announced user features [ 449.684580][T11792] input: f as /devices/virtual/input/input95 [ 449.706189][T11793] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input96 [ 450.014325][T11803] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1422'. [ 452.902083][T11848] input: f as /devices/virtual/input/input97 [ 454.763793][T11871] openvswitch: HfR: Dropping previously announced user features [ 455.126401][T11876] netlink: 'syz.0.1442': attribute type 1 has an invalid length. [ 455.734359][T11885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1446'. [ 455.831572][T11890] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input98 [ 456.134934][T11899] input: f as /devices/virtual/input/input99 [ 456.297978][T11901] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1445'. [ 458.853064][T11939] Invalid ELF header magic: != ELF [ 459.174066][T11950] input: f as /devices/virtual/input/input100 [ 461.764941][T11989] openvswitch: HfR: Dropping previously announced user features [ 462.207611][T11992] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input101 [ 462.546783][T11993] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1469'. [ 462.851771][T12001] Invalid ELF header magic: != ELF [ 463.516990][T12012] input: f as /devices/virtual/input/input102 [ 466.393666][T12062] Invalid ELF header magic: != ELF [ 467.056970][T12072] input: f as /devices/virtual/input/input103 [ 467.735708][T12083] openvswitch: HfR: Dropping previously announced user features [ 469.061160][T12099] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input104 [ 469.633704][T12107] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1493'. [ 470.297251][T12121] Invalid ELF header magic: != ELF [ 471.073335][T12135] input: f as /devices/virtual/input/input105 [ 473.303641][T12164] Invalid ELF header magic: != ELF [ 473.330938][T12166] openvswitch: HfR: Dropping previously announced user features [ 474.723472][T12184] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input106 [ 475.062331][T12188] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1515'. [ 475.471605][T12201] input: f as /devices/virtual/input/input107 [ 476.023623][T12212] FAULT_INJECTION: forcing a failure. [ 476.023623][T12212] name failslab, interval 1, probability 0, space 0, times 0 [ 476.157645][T12212] CPU: 0 UID: 0 PID: 12212 Comm: syz.0.1521 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 476.157691][T12212] Tainted: [U]=USER [ 476.157699][T12212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 476.157714][T12212] Call Trace: [ 476.157721][T12212] [ 476.157731][T12212] dump_stack_lvl+0x16c/0x1f0 [ 476.157770][T12212] should_fail_ex+0x512/0x640 [ 476.157797][T12212] ? __kmalloc_noprof+0xbf/0x510 [ 476.157836][T12212] ? handler_new_ref+0x1b0/0xc60 [ 476.157857][T12212] should_failslab+0xc2/0x120 [ 476.157880][T12212] __kmalloc_noprof+0xd2/0x510 [ 476.157914][T12212] ? __asan_memcpy+0x3c/0x60 [ 476.157951][T12212] handler_new_ref+0x1b0/0xc60 [ 476.157981][T12212] v4l2_ctrl_new+0x1963/0x2180 [ 476.158015][T12212] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 476.158044][T12212] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 476.158069][T12212] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 476.158098][T12212] v4l2_ctrl_new_custom+0x413/0xaa0 [ 476.158140][T12212] ? __pfx_v4l2_ctrl_new_custom+0x10/0x10 [ 476.158170][T12212] ? trace_kmalloc+0x2b/0xd0 [ 476.158203][T12212] ? media_request_object_init+0x100/0x180 [ 476.158242][T12212] vicodec_open+0xc4f/0xf90 [ 476.158283][T12212] v4l2_open+0x222/0x490 [ 476.158318][T12212] ? __pfx_v4l2_open+0x10/0x10 [ 476.158361][T12212] chrdev_open+0x231/0x6a0 [ 476.158398][T12212] ? __pfx_apparmor_file_open+0x10/0x10 [ 476.158429][T12212] ? __pfx_chrdev_open+0x10/0x10 [ 476.158469][T12212] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 476.158509][T12212] do_dentry_open+0x741/0x1c10 [ 476.158545][T12212] ? __pfx_chrdev_open+0x10/0x10 [ 476.158588][T12212] vfs_open+0x82/0x3f0 [ 476.158616][T12212] path_openat+0x1e5e/0x2d40 [ 476.158662][T12212] ? __pfx_path_openat+0x10/0x10 [ 476.158705][T12212] do_filp_open+0x20b/0x470 [ 476.158741][T12212] ? __pfx_do_filp_open+0x10/0x10 [ 476.158798][T12212] ? alloc_fd+0x471/0x7d0 [ 476.158840][T12212] do_sys_openat2+0x11b/0x1d0 [ 476.158865][T12212] ? __pfx_do_sys_openat2+0x10/0x10 [ 476.158902][T12212] __x64_sys_openat+0x174/0x210 [ 476.158927][T12212] ? __pfx___x64_sys_openat+0x10/0x10 [ 476.158955][T12212] ? rcu_is_watching+0x12/0xc0 [ 476.158993][T12212] do_syscall_64+0xcd/0x260 [ 476.159031][T12212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.159055][T12212] RIP: 0033:0x7ffb4238d169 [ 476.159074][T12212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.159097][T12212] RSP: 002b:00007ffb431dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 476.159120][T12212] RAX: ffffffffffffffda RBX: 00007ffb425a6080 RCX: 00007ffb4238d169 [ 476.159135][T12212] RDX: 00000000001ab442 RSI: 0000200000000340 RDI: ffffffffffffff9c [ 476.159151][T12212] RBP: 00007ffb4240e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 476.159165][T12212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 476.159179][T12212] R13: 0000000000000000 R14: 00007ffb425a6080 R15: 00007ffe05d7dd08 [ 476.159209][T12212] [ 477.674158][T12221] Invalid ELF header magic: != ELF [ 478.497715][T12232] Device name cannot be null; rc = [-22] [ 479.749915][T12257] input: f as /devices/virtual/input/input108 [ 480.948150][T12249] netlink: 86 bytes leftover after parsing attributes in process `syz.1.1531'. [ 481.961700][T12280] openvswitch: HfR: Dropping previously announced user features [ 482.544025][T12284] Invalid ELF header magic: != ELF [ 482.907681][T12295] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input109 [ 483.230622][T12299] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1543'. [ 483.300757][T12303] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 483.677576][T12307] input: f as /devices/virtual/input/input110 [ 487.398785][T12361] input: f as /devices/virtual/input/input111 [ 487.960041][T12371] Invalid ELF header magic: != ELF [ 488.947097][T12392] openvswitch: HfR: Dropping previously announced user features [ 489.171326][T12396] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input112 [ 489.525710][T12404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1566'. [ 490.179630][ T5846] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 492.942681][T12437] input: f as /devices/virtual/input/input113 [ 493.442570][T12441] Invalid ELF header magic: != ELF [ 495.529168][T12465] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 495.563292][T12465] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 495.608643][T12465] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 495.645672][T12465] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 496.147256][T12477] input: f as /devices/virtual/input/input114 [ 496.591644][T12485] Invalid ELF header magic: != ELF [ 497.410085][T12497] openvswitch: HfR: Dropping previously announced user features [ 497.589935][ T5846] Bluetooth: hci1: command 0x0c1a tx timeout [ 497.595995][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 497.673568][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout [ 497.679821][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 497.867616][T12504] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input115 [ 498.232756][T12509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1592'. [ 498.877813][ T5846] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 501.009463][T12539] Invalid ELF header magic: != ELF [ 501.130489][T12548] input: f as /devices/virtual/input/input116 [ 502.556889][T12567] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in; [ 502.556889][T12567] program syz.1.1606 not setting count and/or reply_len properly [ 502.652588][T12566] sp0: Synchronizing with TNC [ 504.385487][T12605] Invalid ELF header magic: != ELF [ 504.522446][T12607] openvswitch: HfR: Dropping previously announced user features [ 505.862336][T12625] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input117 [ 505.873753][T12626] input: f as /devices/virtual/input/input118 [ 506.193968][T12635] batman_adv: Routing algorithm '' is not supported [ 506.231229][T12625] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1621'. [ 506.711658][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.718251][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.051146][T12655] Invalid ELF header magic: != ELF [ 509.588183][T12689] input: f as /devices/virtual/input/input119 [ 510.931167][T12709] Invalid ELF header magic: != ELF [ 511.199542][T12725] openvswitch: HfR: Dropping previously announced user features [ 511.849888][T12739] input: f as /devices/virtual/input/input120 [ 511.974361][T12742] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input121 [ 513.405153][T12769] Invalid ELF header magic: != ELF [ 515.187574][T12800] input: f as /devices/virtual/input/input122 [ 516.571336][T12821] Invalid ELF header magic: != ELF [ 517.221890][T12832] openvswitch: HfR: Dropping previously announced user features [ 517.437300][T12836] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input123 [ 517.691122][T12838] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1670'. [ 518.345520][T12852] input: f as /devices/virtual/input/input124 [ 520.134484][T12875] Invalid ELF header magic: != ELF [ 521.557550][T12899] input: f as /devices/virtual/input/input125 [ 524.141647][T12929] Invalid ELF header magic: != ELF [ 524.354442][T12940] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input126 [ 525.270664][T12956] openvswitch: HfR: Dropping previously announced user features [ 525.676865][T12971] input: f as /devices/virtual/input/input127 [ 527.389495][T12996] Invalid ELF header magic: != ELF [ 530.200455][T13040] input: f as /devices/virtual/input/input128 [ 530.994743][T13046] Invalid ELF header magic: != ELF [ 533.610920][T13078] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input129 [ 535.119151][T13099] input: f as /devices/virtual/input/input130 [ 536.844706][T13113] Invalid ELF header magic: != ELF [ 536.906511][T13116] openvswitch: HfR: Dropping previously announced user features [ 538.927322][T13150] input: f as /devices/virtual/input/input131 [ 540.695741][T13167] Invalid ELF header magic: != ELF [ 541.261987][T13173] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1751'. [ 543.658273][T13212] input: f as /devices/virtual/input/input132 [ 545.077821][T13231] openvswitch: HfR: Dropping previously announced user features [ 545.137813][T13231] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1766'. [ 545.201601][T13231] HfR: left promiscuous mode [ 545.766972][T13238] Invalid ELF header magic: != ELF [ 547.366979][T13262] input: f as /devices/virtual/input/input133 [ 547.999573][T13268] openvswitch: HfR: Dropping previously announced user features [ 549.958259][T13287] Invalid ELF header magic: != ELF [ 551.662022][T13304] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1782'. [ 553.428781][T13335] Invalid ELF header magic: != ELF [ 554.364824][T13346] input: f as /devices/virtual/input/input134 [ 554.755240][T13351] input: f as /devices/virtual/input/input135 [ 556.007054][T13366] input: f as /devices/virtual/input/input136 [ 556.466476][T13369] openvswitch: HfR: Dropping previously announced user features [ 557.567615][T13379] input: f as /devices/virtual/input/input137 [ 558.015441][T13380] Invalid ELF header magic: != ELF [ 558.546433][T13384] Invalid ELF header magic: != ELF [ 559.153793][T13392] input: f as /devices/virtual/input/input138 [ 559.891302][T13402] input: f as /devices/virtual/input/input139 [ 560.697619][T13410] input: f as /devices/virtual/input/input140 [ 562.712870][T13426] Invalid ELF header magic: != ELF [ 562.750860][T13427] Invalid ELF header magic: != ELF [ 564.148429][T13436] input: f as /devices/virtual/input/input141 [ 566.285373][T13454] usbip-vudc usbip-vudc.0: gadget not bound [ 566.342572][T13455] ip_vti0: entered allmulticast mode [ 568.157777][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.177513][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.527531][T13498] input: f as /devices/virtual/input/input142 [ 570.607872][T13501] input: f as /devices/virtual/input/input143 [ 571.828165][T13509] input: f as /devices/virtual/input/input144 [ 573.660862][T13525] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input145 [ 574.029090][T13529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1833'. [ 574.112792][T13520] Invalid ELF header magic: != ELF [ 576.493299][T13557] input: f as /devices/virtual/input/input146 [ 578.907723][T13577] input: f as /devices/virtual/input/input147 [ 583.802904][T13630] FAULT_INJECTION: forcing a failure. [ 583.802904][T13630] name failslab, interval 1, probability 0, space 0, times 0 [ 583.940539][T13630] CPU: 0 UID: 0 PID: 13630 Comm: syz.3.1851 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 583.940576][T13630] Tainted: [U]=USER [ 583.940583][T13630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 583.940596][T13630] Call Trace: [ 583.940604][T13630] [ 583.940612][T13630] dump_stack_lvl+0x16c/0x1f0 [ 583.940651][T13630] should_fail_ex+0x512/0x640 [ 583.940678][T13630] ? __kvmalloc_node_noprof+0x122/0x600 [ 583.940715][T13630] should_failslab+0xc2/0x120 [ 583.940737][T13630] __kvmalloc_node_noprof+0x135/0x600 [ 583.940773][T13630] ? seq_read_iter+0x826/0x12c0 [ 583.940810][T13630] ? seq_read_iter+0x826/0x12c0 [ 583.940839][T13630] seq_read_iter+0x826/0x12c0 [ 583.940871][T13630] ? __mutex_trylock_common+0xe9/0x250 [ 583.940903][T13630] kernfs_fop_read_iter+0x40f/0x5a0 [ 583.940932][T13630] ? rw_verify_area+0xcf/0x680 [ 583.940964][T13630] vfs_read+0x8c8/0xc70 [ 583.940998][T13630] ? __pfx___mutex_lock+0x10/0x10 [ 583.941033][T13630] ? __pfx_vfs_read+0x10/0x10 [ 583.941095][T13630] ksys_read+0x12a/0x240 [ 583.941132][T13630] ? __pfx_ksys_read+0x10/0x10 [ 583.941160][T13630] ? rcu_is_watching+0x12/0xc0 [ 583.941197][T13630] do_syscall_64+0xcd/0x260 [ 583.941232][T13630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.941254][T13630] RIP: 0033:0x7f31f398d169 [ 583.941271][T13630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.941293][T13630] RSP: 002b:00007f31f472f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 583.941314][T13630] RAX: ffffffffffffffda RBX: 00007f31f3ba6080 RCX: 00007f31f398d169 [ 583.941329][T13630] RDX: 0000000000001000 RSI: 0000200000000700 RDI: 0000000000000004 [ 583.941343][T13630] RBP: 00007f31f472f090 R08: 0000000000000000 R09: 0000000000000000 [ 583.941356][T13630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 583.941389][T13630] R13: 0000000000000000 R14: 00007f31f3ba6080 R15: 00007ffedff4b498 [ 583.941418][T13630] [ 585.771935][T13646] Invalid ELF header magic: != ELF [ 586.111661][T13652] input: f as /devices/virtual/input/input148 [ 586.150713][T13650] Invalid ELF header magic: != ELF [ 588.302398][T13677] HfR: entered promiscuous mode [ 591.775069][T13708] Invalid ELF header magic: != ELF [ 593.052693][T13720] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 594.264187][T13717] kexec: Could not allocate control_code_buffer [ 594.570947][T13734] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input149 [ 596.135196][T13766] Invalid ELF header magic: != ELF [ 597.324483][T13787] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input150 [ 599.582471][T13833] Invalid ELF header magic: != ELF [ 600.811002][T13849] openvswitch: HfR: Dropping previously announced user features [ 603.054733][T13887] Invalid ELF header magic: != ELF [ 603.921496][T13905] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 604.112351][T13910] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input151 [ 607.408180][T13942] : renamed from veth0_to_bond (while UP) [ 608.675457][ T30] audit: type=1800 audit(6039033414.958:7): pid=13956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1919" name="dbroot" dev="configfs" ino=45501 res=0 errno=0 [ 609.852920][T13971] Invalid ELF header magic: != ELF [ 610.518391][T13987] random: crng reseeded on system resumption [ 612.273122][T14012] Invalid ELF header magic: != ELF [ 612.399997][T13987] syz.2.1926 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 612.580858][T13998] Unrecognized hibernate image header format! [ 612.608925][T13998] PM: hibernation: Image mismatch: architecture specific data [ 613.170107][T14020] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input152 [ 614.678030][T14045] random: crng reseeded on system resumption [ 615.423226][T14054] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1938'. [ 615.706658][T14047] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 615.708706][T14049] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 616.261150][T14052] Unrecognized hibernate image header format! [ 616.348537][T14052] PM: hibernation: Image mismatch: architecture specific data [ 616.931778][T14079] openvswitch: HfR: Dropping previously announced user features [ 616.999561][ T5846] Bluetooth: hci1: ISO packet too small [ 622.172594][ T5846] Bluetooth: hci3: ISO packet too small [ 622.889095][T14156] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input153 [ 626.231496][T14189] Invalid ELF header magic: != ELF [ 626.332729][T14196] input: f as /devices/virtual/input/input154 [ 627.643433][T14211] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input155 [ 629.601507][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.608714][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.010557][T14269] input: f as /devices/virtual/input/input156 [ 635.397519][T14305] input: f as /devices/virtual/input/input157 [ 638.887622][T14330] netlink: 'syz.2.1990': attribute type 1 has an invalid length. [ 639.606214][T14337] input: f as /devices/virtual/input/input158 [ 642.227662][T14361] openvswitch: HfR: Dropping previously announced user features [ 642.668638][T14371] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input159 [ 643.931716][T14394] netlink: 'syz.0.2002': attribute type 1 has an invalid length. [ 647.668639][T14440] FAULT_INJECTION: forcing a failure. [ 647.668639][T14440] name failslab, interval 1, probability 0, space 0, times 0 [ 647.777022][T14440] CPU: 0 UID: 0 PID: 14440 Comm: syz.2.2010 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 647.777061][T14440] Tainted: [U]=USER [ 647.777069][T14440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 647.777083][T14440] Call Trace: [ 647.777090][T14440] [ 647.777099][T14440] dump_stack_lvl+0x16c/0x1f0 [ 647.777138][T14440] should_fail_ex+0x512/0x640 [ 647.777164][T14440] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 647.777204][T14440] should_failslab+0xc2/0x120 [ 647.777225][T14440] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 647.777259][T14440] ? __proc_create+0xc3/0x8c0 [ 647.777287][T14440] ? __proc_create+0x2ce/0x8c0 [ 647.777314][T14440] __proc_create+0x2ce/0x8c0 [ 647.777339][T14440] ? __pfx___proc_create+0x10/0x10 [ 647.777368][T14440] ? _raw_write_unlock+0x28/0x50 [ 647.777399][T14440] ? proc_register+0x314/0x5f0 [ 647.777427][T14440] proc_create_reg+0x7d/0x180 [ 647.777455][T14440] proc_create_seq_private+0x8e/0x1d0 [ 647.777483][T14440] ? __pfx_proc_create_seq_private+0x10/0x10 [ 647.777511][T14440] ? __pfx_uevent_net_rcv+0x10/0x10 [ 647.777538][T14440] ? __pfx_dev_proc_net_init+0x10/0x10 [ 647.777563][T14440] dev_proc_net_init+0xa8/0x220 [ 647.777587][T14440] ops_init+0x1df/0x5f0 [ 647.777622][T14440] setup_net+0x21e/0x850 [ 647.777657][T14440] ? __pfx_setup_net+0x10/0x10 [ 647.777687][T14440] ? lockdep_init_map_type+0x5c/0x280 [ 647.777710][T14440] ? __pfx_down_read_killable+0x10/0x10 [ 647.777751][T14440] ? debug_mutex_init+0x37/0x70 [ 647.777783][T14440] copy_net_ns+0x2a6/0x5f0 [ 647.777820][T14440] create_new_namespaces+0x3ea/0xad0 [ 647.777860][T14440] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 647.777897][T14440] ksys_unshare+0x45b/0xa40 [ 647.777943][T14440] ? __pfx_ksys_unshare+0x10/0x10 [ 647.777978][T14440] ? xfd_validate_state+0x5d/0x180 [ 647.778006][T14440] ? rcu_is_watching+0x12/0xc0 [ 647.778041][T14440] __x64_sys_unshare+0x31/0x40 [ 647.778077][T14440] do_syscall_64+0xcd/0x260 [ 647.778113][T14440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.778135][T14440] RIP: 0033:0x7f60e938d169 [ 647.778153][T14440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.778175][T14440] RSP: 002b:00007f60ea1d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 647.778197][T14440] RAX: ffffffffffffffda RBX: 00007f60e95a5fa0 RCX: 00007f60e938d169 [ 647.778212][T14440] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 647.778227][T14440] RBP: 00007f60e940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 647.778241][T14440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 647.778254][T14440] R13: 0000000000000000 R14: 00007f60e95a5fa0 R15: 00007ffda14e9878 [ 647.778302][T14440] [ 648.515570][T14446] random: crng reseeded on system resumption [ 649.524853][T14459] FAULT_INJECTION: forcing a failure. [ 649.524853][T14459] name fail_futex, interval 1, probability 0, space 0, times 0 [ 649.610852][T14459] CPU: 0 UID: 0 PID: 14459 Comm: syz.2.2010 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 649.610891][T14459] Tainted: [U]=USER [ 649.610898][T14459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 649.610912][T14459] Call Trace: [ 649.610920][T14459] [ 649.610929][T14459] dump_stack_lvl+0x16c/0x1f0 [ 649.610969][T14459] should_fail_ex+0x512/0x640 [ 649.611000][T14459] get_futex_key+0x49e/0x1000 [ 649.611037][T14459] ? __pfx_get_futex_key+0x10/0x10 [ 649.611068][T14459] ? kfree+0x252/0x4d0 [ 649.611106][T14459] futex_wake+0xe7/0x4e0 [ 649.611144][T14459] ? __pfx_futex_wake+0x10/0x10 [ 649.611166][T14459] ? __pfx_vfs_writev+0x10/0x10 [ 649.611199][T14459] ? do_writev+0x218/0x330 [ 649.611232][T14459] do_futex+0x1e3/0x350 [ 649.611265][T14459] ? __pfx_do_futex+0x10/0x10 [ 649.611296][T14459] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 649.611339][T14459] __x64_sys_futex+0x1e0/0x4c0 [ 649.611373][T14459] ? fput+0x70/0xf0 [ 649.611394][T14459] ? __pfx___x64_sys_futex+0x10/0x10 [ 649.611427][T14459] ? __pfx_do_writev+0x10/0x10 [ 649.611455][T14459] ? rcu_is_watching+0x12/0xc0 [ 649.611491][T14459] do_syscall_64+0xcd/0x260 [ 649.611526][T14459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.611549][T14459] RIP: 0033:0x7f60e938d169 [ 649.611567][T14459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 649.611590][T14459] RSP: 002b:00007f60ea1910e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 649.611611][T14459] RAX: ffffffffffffffda RBX: 00007f60e95a6168 RCX: 00007f60e938d169 [ 649.611626][T14459] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f60e95a616c [ 649.611641][T14459] RBP: 00007f60e95a6160 R08: 00007f60ea1d4000 R09: 0000000000000000 [ 649.611656][T14459] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f60e95a616c [ 649.611670][T14459] R13: 0000000000000000 R14: 00007ffda14e9790 R15: 00007ffda14e9878 [ 649.611698][T14459] [ 650.767608][T14468] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input160 [ 650.864808][T14470] input: f as /devices/virtual/input/input161 [ 651.176730][T14476] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2015'. [ 651.266330][T14480] Invalid ELF header magic: != ELF [ 652.342630][T14484] openvswitch: HfR: Dropping previously announced user features [ 653.153412][T14492] Invalid ELF header magic: != ELF [ 655.848750][T14527] openvswitch: HfR: Dropping previously announced user features [ 656.340794][T14529] FAULT_INJECTION: forcing a failure. [ 656.340794][T14529] name failslab, interval 1, probability 0, space 0, times 0 [ 656.611006][T14529] CPU: 0 UID: 0 PID: 14529 Comm: syz.3.2029 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 656.611045][T14529] Tainted: [U]=USER [ 656.611054][T14529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 656.611067][T14529] Call Trace: [ 656.611075][T14529] [ 656.611084][T14529] dump_stack_lvl+0x16c/0x1f0 [ 656.611123][T14529] should_fail_ex+0x512/0x640 [ 656.611151][T14529] ? __kmalloc_noprof+0xbf/0x510 [ 656.611210][T14529] ? ops_init+0x77/0x5f0 [ 656.611240][T14529] should_failslab+0xc2/0x120 [ 656.611261][T14529] __kmalloc_noprof+0xd2/0x510 [ 656.611296][T14529] ? __raw_spin_lock_init+0x3a/0x110 [ 656.611326][T14529] ops_init+0x77/0x5f0 [ 656.611361][T14529] setup_net+0x21e/0x850 [ 656.611396][T14529] ? __pfx_setup_net+0x10/0x10 [ 656.611426][T14529] ? lockdep_init_map_type+0x5c/0x280 [ 656.611448][T14529] ? __pfx_down_read_killable+0x10/0x10 [ 656.611490][T14529] ? debug_mutex_init+0x37/0x70 [ 656.611522][T14529] copy_net_ns+0x2a6/0x5f0 [ 656.611560][T14529] create_new_namespaces+0x3ea/0xad0 [ 656.611601][T14529] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 656.611637][T14529] ksys_unshare+0x45b/0xa40 [ 656.611674][T14529] ? __pfx_ksys_unshare+0x10/0x10 [ 656.611708][T14529] ? xfd_validate_state+0x5d/0x180 [ 656.611735][T14529] ? rcu_is_watching+0x12/0xc0 [ 656.611770][T14529] __x64_sys_unshare+0x31/0x40 [ 656.611805][T14529] do_syscall_64+0xcd/0x260 [ 656.611841][T14529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.611864][T14529] RIP: 0033:0x7f31f398d169 [ 656.611881][T14529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.611904][T14529] RSP: 002b:00007f31f4750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 656.611925][T14529] RAX: ffffffffffffffda RBX: 00007f31f3ba5fa0 RCX: 00007f31f398d169 [ 656.611941][T14529] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 656.611955][T14529] RBP: 00007f31f3a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 656.611968][T14529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.611986][T14529] R13: 0000000000000000 R14: 00007f31f3ba5fa0 R15: 00007ffedff4b498 [ 656.612014][T14529] [ 658.897378][ T30] audit: type=1806 audit(6039062893.180:8): xattr="" res=-22 [ 660.477606][T14580] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input163 [ 660.793873][T14585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2042'. syzkaller syzkaller login: [ 661.481671][T14600] openvswitch: HfR: Dropping previously announced user features [ 662.061892][T14613] input: f as /devices/virtual/input/input164 [ 662.355155][T14617] sd 0:0:1:0: PR command failed: 1026 [ 662.387259][T14617] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 662.431389][T14617] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 665.150910][T14636] Invalid ELF header magic: != ELF [ 666.591886][T14650] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input165 [ 666.778258][T14648] openvswitch: HfR: Dropping previously announced user features [ 666.917731][T14655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2057'. [ 668.273695][T14681] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 669.195167][T14694] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2066'. [ 669.527907][T14700] random: crng reseeded on system resumption [ 669.788488][T14694] bond0: (slave bond_slave_0): Releasing backup interface [ 670.559525][T14711] smpboot: Booting Node 0 Processor 1 APIC 0x1 [ 670.955123][T14726] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input167 [ 671.213090][T14731] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2072'. [ 671.232725][T14713] Unrecognized hibernate image header format! [ 671.283075][T14713] PM: hibernation: Image mismatch: architecture specific data [ 673.134390][T14756] could not allocate digest TFM handle [ 675.225399][T14788] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2084'. [ 675.244936][T14788] bridge_slave_1: left allmulticast mode [ 675.254877][T14788] bridge_slave_1: left promiscuous mode [ 675.268712][T14788] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.288869][T14788] bridge_slave_0: left allmulticast mode [ 675.295365][T14788] bridge_slave_0: left promiscuous mode [ 675.304325][T14788] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.347632][T14791] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input168 [ 675.610689][T14793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2085'. [ 675.857827][T14803] Invalid ELF header magic: != ELF [ 676.295410][T14810] Invalid ELF header magic: != ELF [ 677.103698][T14826] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2093'. [ 677.819285][T14838] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input169 [ 678.266774][T14845] Invalid ELF header magic: != ELF [ 679.215757][T14861] random: crng reseeded on system resumption [ 681.078607][T14893] Unrecognized hibernate image header format! [ 681.097417][T14893] PM: hibernation: Image mismatch: architecture specific data [ 681.156658][T14896] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2109'. [ 681.654961][T14901] Invalid ELF header magic: != ELF [ 682.227717][T14911] input: f as /devices/virtual/input/input170 [ 682.549982][T14916] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input171 [ 682.872859][T14918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2113'. [ 684.613719][T14959] random: crng reseeded on system resumption [ 684.631776][T14957] openvswitch: HfR: Dropping previously announced user features [ 686.055219][T14975] can: request_module (can-proto-4) failed. [ 686.397615][T14984] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2127'. [ 686.922459][T14995] Invalid ELF header magic: != ELF [ 688.088969][T15022] random: crng reseeded on system resumption [ 688.406326][T15026] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input172 [ 688.631960][T15030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2139'. [ 688.708534][T15027] could not allocate digest TFM handle [ 689.396887][T15044] bridge0: port 2(veth0_to_bridge) entered blocking state [ 689.485025][T15046] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2143'. [ 689.500979][T15044] bridge0: port 2(veth0_to_bridge) entered disabled state [ 689.551436][T15044] veth0_to_bridge: entered allmulticast mode [ 689.606037][T15044] veth0_to_bridge: entered promiscuous mode [ 689.647873][T15044] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 689.680491][T15044] bridge0: port 2(veth0_to_bridge) entered blocking state [ 689.688858][T15044] bridge0: port 2(veth0_to_bridge) entered forwarding state [ 689.793268][T15051] openvswitch: netlink: Multiple metadata blocks provided [ 690.385308][T15066] Invalid ELF header magic: != ELF [ 690.527161][T15029] Unrecognized hibernate image header format! [ 690.579993][T15029] PM: hibernation: Image mismatch: architecture specific data [ 691.047953][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.054375][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.413982][T15085] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input173 [ 691.740438][T15086] openvswitch: HfR: Dropping previously announced user features [ 691.764403][T15085] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2152'. [ 692.285703][T15099] openvswitch: netlink: Key type 83 is out of range max 32 [ 692.826379][T15114] Invalid ELF header magic: != ELF [ 693.051798][T15125] random: crng reseeded on system resumption [ 694.408017][T15138] Invalid ELF header magic: != ELF [ 694.644447][T15130] Unrecognized hibernate image header format! [ 694.667446][T15130] PM: hibernation: Image mismatch: architecture specific data [ 695.329661][T15148] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input174 [ 695.398540][T15152] openvswitch: HfR: Dropping previously announced user features [ 695.559574][T15153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2166'. [ 696.459577][T15172] openvswitch: netlink: Message has 4 unknown bytes. [ 696.677204][T15178] Invalid ELF header magic: != ELF [ 697.838482][T15201] input: f as /devices/virtual/input/input175 [ 698.026444][T15203] openvswitch: HfR: Dropping previously announced user features [ 699.317052][T15227] Invalid ELF header magic: != ELF [ 700.602347][T15244] could not allocate digest TFM handle [ 702.828730][T15274] openvswitch: HfR: Dropping previously announced user features [ 703.239065][T15281] bridge0: port 3(veth0_to_bridge) entered blocking state [ 703.320994][T15281] bridge0: port 3(veth0_to_bridge) entered disabled state [ 703.390697][T15281] veth0_to_bridge: entered allmulticast mode [ 703.445911][T15281] veth0_to_bridge: entered promiscuous mode [ 703.494000][T15287] random: crng reseeded on system resumption [ 703.499223][T15281] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 703.511720][T15283] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input176 [ 703.570213][T15281] bridge0: port 3(veth0_to_bridge) entered blocking state [ 703.577559][T15281] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 703.913234][T15295] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2195'. [ 705.595950][T15288] Unrecognized hibernate image header format! [ 705.615082][T15288] PM: hibernation: Image mismatch: architecture specific data [ 707.326460][T15320] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[15320] [ 710.913329][T15387] random: crng reseeded on system resumption [ 711.933494][T15391] Unrecognized hibernate image header format! [ 711.987308][T15391] PM: hibernation: Image mismatch: architecture specific data [ 712.127037][T15403] input: f as /devices/virtual/input/input177 [ 712.655282][T15413] openvswitch: HfR: Dropping previously announced user features [ 713.304465][T15421] openvswitch: HfR: Dropping previously announced user features [ 713.726254][T15430] random: crng reseeded on system resumption [ 715.301824][T15455] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input178 [ 715.622398][T15460] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2230'. [ 716.114379][T15469] Unrecognized hibernate image header format! [ 716.120666][T15469] PM: hibernation: Image mismatch: architecture specific data [ 718.526986][T15496] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input179 [ 718.841738][T15503] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2237'. [ 719.258493][T15511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2241'. [ 719.645504][ T5846] Bluetooth: hci0: unexpected event 0x1d length: 1 < 5 [ 719.664163][T15516] FAULT_INJECTION: forcing a failure. [ 719.664163][T15516] name failslab, interval 1, probability 0, space 0, times 0 [ 719.712576][T15516] CPU: 0 UID: 0 PID: 15516 Comm: syz.1.2243 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 719.712630][T15516] Tainted: [U]=USER [ 719.712641][T15516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 719.712661][T15516] Call Trace: [ 719.712670][T15516] [ 719.712683][T15516] dump_stack_lvl+0x16c/0x1f0 [ 719.712738][T15516] should_fail_ex+0x512/0x640 [ 719.712774][T15516] ? __kmalloc_noprof+0xbf/0x510 [ 719.712826][T15516] ? __register_sysctl_table+0xb3/0x1900 [ 719.712861][T15516] should_failslab+0xc2/0x120 [ 719.712892][T15516] __kmalloc_noprof+0xd2/0x510 [ 719.712951][T15516] __register_sysctl_table+0xb3/0x1900 [ 719.712987][T15516] ? is_module_address+0x5f/0xf0 [ 719.713026][T15516] ? __pfx___register_sysctl_table+0x10/0x10 [ 719.713071][T15516] ? is_module_address+0x69/0xf0 [ 719.713102][T15516] ? register_net_sysctl_sz+0x228/0x3e0 [ 719.713157][T15516] ? __asan_memcpy+0x3c/0x60 [ 719.713201][T15516] ? __pfx_nf_lwtunnel_net_init+0x10/0x10 [ 719.713248][T15516] nf_lwtunnel_net_init+0x60/0xf0 [ 719.713294][T15516] ops_init+0x1df/0x5f0 [ 719.713345][T15516] setup_net+0x21e/0x850 [ 719.713394][T15516] ? __pfx_setup_net+0x10/0x10 [ 719.713437][T15516] ? lockdep_init_map_type+0x5c/0x280 [ 719.713480][T15516] ? __pfx_down_read_killable+0x10/0x10 [ 719.713535][T15516] ? debug_mutex_init+0x37/0x70 [ 719.713578][T15516] copy_net_ns+0x2a6/0x5f0 [ 719.713629][T15516] create_new_namespaces+0x3ea/0xad0 [ 719.713682][T15516] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 719.713731][T15516] ksys_unshare+0x45b/0xa40 [ 719.713780][T15516] ? __pfx_ksys_unshare+0x10/0x10 [ 719.713825][T15516] ? xfd_validate_state+0x5d/0x180 [ 719.713862][T15516] ? rcu_is_watching+0x12/0xc0 [ 719.713909][T15516] __x64_sys_unshare+0x31/0x40 [ 719.713958][T15516] do_syscall_64+0xcd/0x260 [ 719.714012][T15516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.714052][T15516] RIP: 0033:0x7fc72778d169 [ 719.714078][T15516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 719.714110][T15516] RSP: 002b:00007fc7286a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 719.714140][T15516] RAX: ffffffffffffffda RBX: 00007fc7279a5fa0 RCX: 00007fc72778d169 [ 719.714160][T15516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 719.714178][T15516] RBP: 00007fc72780e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 719.714196][T15516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 719.714214][T15516] R13: 0000000000000000 R14: 00007fc7279a5fa0 R15: 00007ffd445b2558 [ 719.714253][T15516] [ 720.381299][T15524] input: f as /devices/virtual/input/input180 [ 721.991838][T15546] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input181 [ 722.186176][T15548] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2251'. [ 724.852279][T15589] FAULT_INJECTION: forcing a failure. [ 724.852279][T15589] name failslab, interval 1, probability 0, space 0, times 0 [ 724.885347][T15589] CPU: 1 UID: 0 PID: 15589 Comm: syz.2.2258 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 724.885400][T15589] Tainted: [U]=USER [ 724.885411][T15589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 724.885430][T15589] Call Trace: [ 724.885440][T15589] [ 724.885452][T15589] dump_stack_lvl+0x16c/0x1f0 [ 724.885505][T15589] should_fail_ex+0x512/0x640 [ 724.885541][T15589] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 724.885595][T15589] should_failslab+0xc2/0x120 [ 724.885625][T15589] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 724.885681][T15589] ? get_tree_nodev+0x86/0x190 [ 724.885719][T15589] ? alloc_vfsmnt+0x23/0x6f0 [ 724.885756][T15589] alloc_vfsmnt+0x23/0x6f0 [ 724.885792][T15589] vfs_create_mount+0x93/0x500 [ 724.885837][T15589] fc_mount+0x9a/0xc0 [ 724.885881][T15589] mq_init_ns+0x426/0x620 [ 724.885919][T15589] copy_ipcs+0x383/0x610 [ 724.885948][T15589] ? copy_utsname+0xab/0x470 [ 724.885980][T15589] create_new_namespaces+0x20a/0xad0 [ 724.886027][T15589] ? security_capable+0x7e/0x260 [ 724.886062][T15589] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 724.886111][T15589] ksys_unshare+0x45b/0xa40 [ 724.886161][T15589] ? __pfx_ksys_unshare+0x10/0x10 [ 724.886206][T15589] ? xfd_validate_state+0x5d/0x180 [ 724.886243][T15589] ? rcu_is_watching+0x12/0xc0 [ 724.886290][T15589] __x64_sys_unshare+0x31/0x40 [ 724.886339][T15589] do_syscall_64+0xcd/0x260 [ 724.886387][T15589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 724.886418][T15589] RIP: 0033:0x7f60e938d169 [ 724.886444][T15589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 724.886475][T15589] RSP: 002b:00007f60ea1d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 724.886504][T15589] RAX: ffffffffffffffda RBX: 00007f60e95a5fa0 RCX: 00007f60e938d169 [ 724.886525][T15589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 724.886543][T15589] RBP: 00007f60e940e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 724.886561][T15589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 724.886578][T15589] R13: 0000000000000000 R14: 00007f60e95a5fa0 R15: 00007ffda14e9878 [ 724.886618][T15589] [ 725.243903][T15589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2258'. [ 725.372597][T15593] random: crng reseeded on system resumption [ 727.050523][T15602] Unrecognized hibernate image header format! [ 727.056824][T15602] PM: hibernation: Image mismatch: architecture specific data [ 727.852787][T15630] Invalid ELF header magic: != ELF [ 728.358274][T15643] netlink: zone id is out of range [ 728.363540][T15643] netlink: zone id is out of range [ 728.368828][T15643] netlink: zone id is out of range [ 728.373968][T15643] netlink: zone id is out of range [ 728.458428][T15643] netlink: zone id is out of range [ 728.473784][T15643] netlink: zone id is out of range [ 728.517464][T15643] netlink: zone id is out of range [ 728.557453][T15643] netlink: zone id is out of range [ 728.566056][T15643] netlink: zone id is out of range [ 728.614684][T15647] random: crng reseeded on system resumption [ 728.657044][T15643] netlink: zone id is out of range [ 729.961730][T15653] Unrecognized hibernate image header format! [ 729.989137][T15653] PM: hibernation: Image mismatch: architecture specific data [ 730.402304][T15678] openvswitch: HfR: Dropping previously announced user features [ 730.805549][T15677] Invalid ELF header magic: != ELF [ 730.898513][T15687] openvswitch: HfR: Dropping previously announced user features [ 731.361757][T15690] [ 731.364245][T15690] ====================================================== [ 731.371292][T15690] WARNING: possible circular locking dependency detected [ 731.378345][T15690] 6.15.0-rc1-syzkaller #0 Tainted: G U [ 731.385391][T15690] ------------------------------------------------------ [ 731.392434][T15690] syz.3.2281/15690 is trying to acquire lock: [ 731.398531][T15690] ffff8880233745d8 (sk_lock-AF_INET){+.+.}-{0:0}, at: sockopt_lock_sock+0x54/0x70 [ 731.407925][T15690] [ 731.407925][T15690] but task is already holding lock: [ 731.415312][T15690] ffffffff9012d9a8 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_getsockopt+0x1843/0x2220 [ 731.424432][T15690] [ 731.424432][T15690] which lock already depends on the new lock. [ 731.424432][T15690] [ 731.434864][T15690] [ 731.434864][T15690] the existing dependency chain (in reverse order) is: [ 731.443928][T15690] [ 731.443928][T15690] -> #1 (rtnl_mutex){+.+.}-{4:4}: [ 731.451197][T15690] __mutex_lock+0x199/0xb90 [ 731.456282][T15690] smc_vlan_by_tcpsk+0x251/0x620 [ 731.461791][T15690] __smc_connect+0x44b/0x4880 [ 731.467034][T15690] smc_connect_work+0x54c/0xae0 [ 731.472453][T15690] process_one_work+0x9cc/0x1b70 [ 731.477955][T15690] worker_thread+0x6c8/0xf10 [ 731.483110][T15690] kthread+0x3c2/0x780 [ 731.487741][T15690] ret_from_fork+0x45/0x80 [ 731.492724][T15690] ret_from_fork_asm+0x1a/0x30 [ 731.498078][T15690] [ 731.498078][T15690] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 731.505780][T15690] __lock_acquire+0x1173/0x1ba0 [ 731.511193][T15690] lock_acquire+0x179/0x350 [ 731.516259][T15690] lock_sock_nested+0x41/0xf0 [ 731.521519][T15690] sockopt_lock_sock+0x54/0x70 [ 731.526945][T15690] do_ip_getsockopt+0x13e4/0x2220 [ 731.532537][T15690] ip_getsockopt+0x9b/0x1e0 [ 731.537607][T15690] raw_getsockopt+0x4d/0x1f0 [ 731.542759][T15690] do_sock_getsockopt+0x3fc/0x800 [ 731.548372][T15690] __sys_getsockopt+0x12f/0x260 [ 731.553799][T15690] __x64_sys_getsockopt+0xbd/0x160 [ 731.559483][T15690] do_syscall_64+0xcd/0x260 [ 731.564657][T15690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.571117][T15690] [ 731.571117][T15690] other info that might help us debug this: [ 731.571117][T15690] [ 731.581370][T15690] Possible unsafe locking scenario: [ 731.581370][T15690] [ 731.588851][T15690] CPU0 CPU1 [ 731.594246][T15690] ---- ---- [ 731.599638][T15690] lock(rtnl_mutex); [ 731.603665][T15690] lock(sk_lock-AF_INET); [ 731.610821][T15690] lock(rtnl_mutex); [ 731.617373][T15690] lock(sk_lock-AF_INET); [ 731.621847][T15690] [ 731.621847][T15690] *** DEADLOCK *** [ 731.621847][T15690] [ 731.630026][T15690] 1 lock held by syz.3.2281/15690: [ 731.635171][T15690] #0: ffffffff9012d9a8 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_getsockopt+0x1843/0x2220 [ 731.644729][T15690] [ 731.644729][T15690] stack backtrace: [ 731.650650][T15690] CPU: 1 UID: 0 PID: 15690 Comm: syz.3.2281 Tainted: G U 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 731.650698][T15690] Tainted: [U]=USER [ 731.650708][T15690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 731.650727][T15690] Call Trace: [ 731.650736][T15690] [ 731.650747][T15690] dump_stack_lvl+0x116/0x1f0 [ 731.650795][T15690] print_circular_bug+0x275/0x350 [ 731.650846][T15690] check_noncircular+0x14c/0x170 [ 731.650900][T15690] __lock_acquire+0x1173/0x1ba0 [ 731.650931][T15690] ? do_ip_getsockopt+0x1843/0x2220 [ 731.650965][T15690] lock_acquire+0x179/0x350 [ 731.650992][T15690] ? sockopt_lock_sock+0x54/0x70 [ 731.651039][T15690] lock_sock_nested+0x41/0xf0 [ 731.651097][T15690] ? sockopt_lock_sock+0x54/0x70 [ 731.651137][T15690] sockopt_lock_sock+0x54/0x70 [ 731.651174][T15690] do_ip_getsockopt+0x13e4/0x2220 [ 731.651206][T15690] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 731.651235][T15690] ? schedule+0x2d7/0x3a0 [ 731.651275][T15690] ? schedule+0xf1/0x3a0 [ 731.651311][T15690] ? futex_wait_queue+0x14c/0x220 [ 731.651339][T15690] ? futex_unqueue+0xba/0x140 [ 731.651382][T15690] ? __futex_wait+0x323/0x3c0 [ 731.651411][T15690] ? __pfx___futex_wait+0x10/0x10 [ 731.651446][T15690] ? __lock_acquire+0xaa4/0x1ba0 [ 731.651475][T15690] ? __pfx___might_resched+0x10/0x10 [ 731.651522][T15690] ip_getsockopt+0x9b/0x1e0 [ 731.651552][T15690] ? __pfx_ip_getsockopt+0x10/0x10 [ 731.651580][T15690] ? __might_fault+0xe3/0x190 [ 731.651624][T15690] ? __might_fault+0x13b/0x190 [ 731.651674][T15690] raw_getsockopt+0x4d/0x1f0 [ 731.651701][T15690] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 731.651749][T15690] do_sock_getsockopt+0x3fc/0x800 [ 731.651799][T15690] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 731.651844][T15690] ? __fget_files+0x204/0x3c0 [ 731.651897][T15690] __sys_getsockopt+0x12f/0x260 [ 731.651938][T15690] __x64_sys_getsockopt+0xbd/0x160 [ 731.651974][T15690] ? do_syscall_64+0x91/0x260 [ 731.652016][T15690] ? lockdep_hardirqs_on+0x7c/0x110 [ 731.652064][T15690] do_syscall_64+0xcd/0x260 [ 731.652111][T15690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.652142][T15690] RIP: 0033:0x7f31f398d169 [ 731.652165][T15690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 731.652195][T15690] RSP: 002b:00007f31f4750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 731.652225][T15690] RAX: ffffffffffffffda RBX: 00007f31f3ba5fa0 RCX: 00007f31f398d169 [ 731.652245][T15690] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000008 [ 731.652262][T15690] RBP: 00007f31f3a0e2a0 R08: 0000200000000040 R09: 0000000000000000 [ 731.652299][T15690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.652319][T15690] R13: 0000000000000000 R14: 00007f31f3ba5fa0 R15: 00007ffedff4b498 [ 731.652349][T15690]