last executing test programs: 9m10.633716981s ago: executing program 3 (id=1236): openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000200)={0x4080, 0x149, 0x3a}, 0x18) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r0 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8953, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getpgrp(0x0) 9m10.144074964s ago: executing program 3 (id=1240): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x80801, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x1000) brk$auto(0x7fffffffefff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0x1d, 0x2, 0x6) r1 = open(0x0, 0x22240, 0x154) bpf$auto(0x0, &(0x7f0000000400)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) r2 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0xffffffffffffffff, r2, 0x9, 0x8000000000000007) waitid$auto(0x7af6, r1, &(0x7f00000000c0)={@siginfo_0_0={0x6b, 0x7, 0x15, @_timer={r2, 0x5, @sival_ptr=&(0x7f0000000080)="5d2125bbf0316c1010f9cb41bc4b4f419c1559ecb3dd871cb9d244bfbf7ccbbd5dc923b29af40b77694402e488fcc55648c50bb2bcce97", 0x4}}}, 0x4, &(0x7f0000000140)={{0x7ff, 0x9}, {0x7, 0x1ff}, 0x1, 0x84a0, 0x80, 0x8000000000000001, 0x6, 0x6, 0x4, 0x3ff, 0x8, 0x9, 0x3, 0x1, 0x8, 0x6}) 9m10.062209561s ago: executing program 3 (id=1241): adjtimex$auto(&(0x7f00000004c0)={0x7fffffff, 0x0, 0x7d, 0xfffffffffffffffd, 0xd4, 0x4, 0x4, 0x0, 0x1, 0x368e, 0x5, {0xc, 0x10000}, 0x5, 0xf, 0xfffffffffffffffd, 0xd, 0x0, 0x80000004, 0x10081, 0xffffffffffff628e, 0x4, 0x0, 0x800}) 9m9.935536151s ago: executing program 3 (id=1242): mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/vivid/parameters/vid_cap_nr\x00', 0x48040, 0x0) syslog$auto(0x4, &(0x7f0000000040)='..\x00', 0x7) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/26, 0x1a) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0xa0241, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mlockall$auto(0x8000000000000001) mprotect$auto(0x1ffff000, 0x0, 0xfffffffffffffffc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x0, 0x80000001) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x7fffffffffffffff, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) getitimer$auto(0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mprotect$auto(0x1ffff000, 0x8007, 0x6) socketpair$auto(0x1e, 0x5, 0xc1, 0x0) statx$auto(0xffffffffffffff9c, 0x0, 0x0, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) msgrcv$auto(0x0, 0x0, 0x4, 0x8000000000000000, 0xb5) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9) 9m7.347292959s ago: executing program 3 (id=1255): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB="2f212abd7800fddbdf2521000000f5009c0003ceb1763d93d1f6e365ca67a4206962cde3805651fc6f1e3df8b8d064d9ee325d0d24c32525120f6f4921ebe935eb52554bda9f71b86113b629bcf7e67c065cb8d77366f939b126eb1e062494cd3598151209d151712eb5f2a39a01b020a4f157df90f9e1c258302d4a906b31e1118aedd4a794b4f8c08c6a3361e057a8438d9c383b442b9a18345df7f85de1ee69bdbef83571240f08f31786bd9f26974cb6fc42b9519b64ab4baaeed43ae272daa1b80aea44c8bf92acf95f7c812cd8da555911f463ae5157d79abdf0917247fe095101"], 0xffffffffffffff13}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/amidi2\x00', 0x1, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/neigh/veth1_macvtap/app_solicit\x00', 0x4040, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) mkdir$auto(&(0x7f0000000080)='./file0\x00', 0xfffe) mkdir$auto(&(0x7f0000000140)='./file1\x00', 0x9) rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file1\x00') sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f0000000040)={0x0, 0x4f, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000801}, 0x4048010) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x6, 0x9, 0x40, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x400000000010, 0x6, 0x0, 0x3, 0x9, 0xffffffff80000000, 0x9, 0x7, 0x200000100103}) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) ioperm$auto(0x7, 0x71, 0x863) iopl$auto(0x401) ioperm$auto(0x5, 0x3432, 0x0) mmap$auto(0xa55e, 0xc5, 0xdf, 0x100000000ebd, 0x401, 0x2bd) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x1a9382, 0x0) write$auto(r0, 0x0, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/vivid/parameters/vid_cap_nr\x00', 0x48040, 0x0) pwrite64$auto(0xc8, &(0x7f0000000180)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8e\x1cJ\x99\x00\a/\x00\x03\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\xff^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00!\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00v\xd9\xe5H.-\x14\xee\xbc\xae\xe1\x85\xb2b\xd42\x89\x05e\x03z\xe6q\xcd\x91\tM\xd2\x90\xc91\xd9\x86\xe4\x8e\x0fI\xf0b2\nfa\xb8\x1a\xdb\xaa0P\xca\xb2W\xe3\x14\xb9Cx\x0e4\xc9\xb4\xdc4\xe3\x8f\x1c\xa5\x89\x8d\x84V\x97dg \x9f\xcd\x8fA\x16\x01\xc5.\x7fG\x86L\xa4\xd6h\xea\x11x\xce\x96t\xc7~# )\x8c6\x06\xd7\xfcu\x8c{t\xa5\x92JW\x8b\xb3Oj%\xb5H\x91F\x1b\x01\xef\x0e\xc5\xac\xcfK\xd5\x98\xce\xd6?\t\xa8\xb7\xce\x87\xdb\xb0\xaa\x8al8qF\re\xa7\xda\x1f\x9ad\b!\xddBD\xd9', 0x3d, 0x7a) r2 = socket(0x11, 0x3, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0x36}, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x100) msgrcv$auto(0x0, 0x0, 0x1000, 0x8000000000000000, 0xb5) setsockopt$auto(0xffffffffffffffff, 0x29, 0x12, &(0x7f0000000080)='\x15!\xa8^J/\xddCx\x14!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x01\x00t\xde\x14\xe4\xa5\xfe\xb5', 0x8) tkill$auto(0x80000000000001, 0x7) 9m6.93630984s ago: executing program 3 (id=1259): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd12\x00', 0x88001, 0x0) socket(0x15, 0x5, 0x0) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0xa, 0x801, 0x100) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_full_fops_mem(0xffffffffffffff9c, 0x0, 0x101000, 0x0) clone$auto(0x20003b46, 0x4, 0x0, 0x0, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x4000000) 9m6.651301596s ago: executing program 32 (id=1259): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd12\x00', 0x88001, 0x0) socket(0x15, 0x5, 0x0) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0xa, 0x801, 0x100) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_full_fops_mem(0xffffffffffffff9c, 0x0, 0x101000, 0x0) clone$auto(0x20003b46, 0x4, 0x0, 0x0, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x4000000) 3.936736685s ago: executing program 4 (id=4161): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0xa0202, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fffe000) (fail_nth: 2) 3.504070207s ago: executing program 4 (id=4163): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) (async) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) (async) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) (async) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x30, 0xf1, 0xb0, @raw=0xfffff034}}) open(&(0x7f0000000100)='./file0\x00', 0x2f0e01, 0x20) (async) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x1, 0x0) 3.365622588s ago: executing program 4 (id=4164): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fanotify_init$auto(0x1, 0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b74, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) modify_ldt$auto(0x2, 0x0, 0x80) timerfd_create$auto(0x5, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) poll$auto(&(0x7f0000000000)={r1, 0x1ff, 0x2f4}, 0x4, 0x7) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0xa, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x400002, 0x3, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x200000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x400000000004, 0x7, 0x3, 0xeb1, 0x0, 0x8000) setuid$auto(0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/bond_slave_1/disable_policy\x00', 0x202, 0x0) sendfile$auto(r3, 0xffffffffffffffff, 0x0, 0x48) 3.284684277s ago: executing program 2 (id=4166): io_uring_setup$auto(0x2, 0x0) 3.244776121s ago: executing program 2 (id=4168): r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x32, 0x65f, 0x1ffde, 0x1000, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x7ff, [0x0, 0x0, 0x0, 0x8050100000000000, 0x40000000000000, 0x100100001, 0x0, 0xa, 0x70624ce7, 0x0, 0x1d6f, 0x9, 0x0, 0x1, 0x3, 0x0, 0xfffffffffffffffd, 0x2, 0x200000000007, 0x8, 0xffffffffefffffff, 0x200000000000004, 0x0, 0x0, 0x0, 0x0, 0x400000000005b8, 0xc, 0x0, 0x0, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x10006]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r1 = openat$auto_generic(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_snd_ctl_f_ops_control(r1, 0x0, 0x0) mknod$auto(0x0, 0x1, 0x4) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r2 = io_uring_setup$auto(0x1, 0x0) r3 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r3, 0x107, 0x1, 0x0, 0x8004) r4 = bpf$auto(0x6, &(0x7f0000000040)=@token_create={0x400, r1}, 0x7) close_range$auto(r4, r2, 0x10000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) write$auto_proc_pid_attr_operations_base(r2, &(0x7f0000000380)="5bb1f434a7f11226d7ebd42531a03046901b82d4279f11a288b5cbecaa292494bb75804109c486d04393445e0a7d00789864ae62121d928495fa696a80d8fb65103f11c493b2d7087425025479b5a2886ec594bb1a3295065b260bc56b43ab9d5d833c8e162f46d4d897ca962f03697b2814b1c49f3610bafc34395418ab1563907bda08796c46445e5c33e659ff6ae1973d99089516d983b906c11c49ff22", 0x9f) r5 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000140), 0x10002, 0x0) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0xfd72) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = gettid() kexec_load$auto(0xff, 0x2, &(0x7f0000000000)={@buf=0x0, 0x2, 0x10000, 0x3000}, 0x4) kill$auto(r7, 0x11) rt_sigtimedwait$auto(&(0x7f0000000300)={0x8001}, 0x0, 0x0, 0x8) r8 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_GET(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r8, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@ETHTOOL_A_WOL_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$auto_LOOP_CTL_ADD(r0, 0x4c80, 0x6c) 2.313747952s ago: executing program 0 (id=4171): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) mmap$auto(0x1f00, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x23, 0x0, 0x8) 2.129319233s ago: executing program 0 (id=4172): socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000000), 0x68) connect$auto(0x3, &(0x7f0000000000), 0x55) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0x200d) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8a002, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x182, 0x0) sendfile$auto(r0, r0, 0x0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) read$auto(0x3, 0x0, 0x7) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, 0x0, 0x68) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) syz_clone(0xcc81455747ec94b6, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x8003, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000140)=""/192, 0xc0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'rose0\x00'}) 2.00159846s ago: executing program 1 (id=4173): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x1, 0x4000000000df, 0x44eb2, 0x3, 0x300000000000) mincore$auto(0x1000, 0x8001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x1) fsetxattr$auto(r1, &(0x7f0000000040)='#\x00', &(0x7f0000000080), 0x11a1, 0x1) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x1, {{0x2, 0xa}, 0x2}}, 0x66) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x6}, 0x5, 0x20000004) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x24, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0xd3e80, 0x0, 0x2, 0x0, 0x400}, 0x6}, 0x7, 0xb07e) 1.473801593s ago: executing program 4 (id=4174): readv$auto(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000440)="2aa59db66584f9bedc8f5329507eae1e04a1806364e54351b75b37902425044cdbb735ac87ff9bd88d77b3a397367c777882bd9b3d37e1cf4810b3c5fd184fb6c62cb4c03b53a7f8f31197d1704c17ccc67c0c6a7d3ca022632ce9ed8ac59bd65c9dd9f4ed2a7e92131bfb8425b026c3e1e6135cea2b976fe3af35807a326ad420a9a6f9e897d9583505717854c710d7950a6b5ba312bc10db469ca4bd655fabc717399d97ac7a5397295051d33ab65df8901351f2b2deb35e9aa293320903d2b3d824a951c396f476b3d26e09a47056c351f5fd06bde1ccc93174268953dbcedcd78f087b0a27ed3cabdeefef801bab16a1664875cdd75c9b11a5", 0x8}, 0xff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) (async) r1 = socket(0xa, 0x5, 0x84) sendto$auto(r1, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa}, 0x1f) ppoll$auto(&(0x7f0000000040)={r0, 0x9, 0x5}, 0x9, 0x0, 0x0, 0x8) write$auto(r2, &(0x7f00000000c0)='ns/net\x00', 0xe61d) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) ioctl$auto_RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, &(0x7f0000001a40)=0x5) (async) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') ioctl$NS_GET_PARENT(r3, 0xff02, 0x0) (async) migrate_pages$auto(0x0, 0x2, 0x0, 0x0) (async) r4 = socket(0xa, 0x1, 0x0) sendmmsg$auto(r4, 0x0, 0x1, 0x4) (async) close_range$auto(0x2, 0x8, 0x0) (async) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) (async) io_uring_enter$auto(r2, 0x3, 0x6, 0x800, &(0x7f0000000380)="59468e96581256", 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) r5 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x100000000, 0x5, 0x1b, 0x940, 0x1ffde, 0x3, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200, 0x0, 0x0, [0x0, 0x4, 0x0, 0xffffffffeffffffd, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x400000, 0x0, 0x80000000000, 0x400000000000000, 0x0, 0x8000000000000000, 0x80000000000000, 0x2, 0x0, 0x0, 0xfffffffffffffbfe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0xfffffffffffffffe, 0x80000000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x80000001, 0x1]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) (async) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/afs/addr_prefs\x00', 0x20000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r6, &(0x7f0000000080)=""/168, 0xa8) 1.345471594s ago: executing program 2 (id=4175): r0 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, 0x0, 0x4000080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="cf8cb5165c8ea18405e469c891602e0000", @ANYRES16=r0, @ANYBLOB="00032cbd7000fddbdf251f0000000800dc00faffffff050039017800000008002700070000002c002901d7524dfa34511aaa009814b116fbe1f5e2471f0d0b37042b1fc5a96ed3aa73cc5d3ffd3403bc789c"], 0x58}, 0x1, 0x0, 0x0, 0x44810}, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0xfffffdef) listen$auto(0x3, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mbind$auto(0x9, 0x98, 0x7af, &(0x7f00000000c0)=0x6465, 0x4, 0x7fd) close_range$auto(0x2, 0x8, 0x0) 1.203999065s ago: executing program 1 (id=4176): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0xa0202, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0x22, 0x1, 0x84) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x1fd, 0x7, 0x5, 0x7184, 0x1ffe1, 0x7, 0x3, 0x9, 0x9, 0x8, 0x4, 0x200000000001, 0x6, 0xfffffffffffffff8, 0x8, 0x6, 0x4000080, 0x8000, 0x100, 0x9, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x6, 0x0, 0x2, 0x7, 0x2000, 0x0, 0x5a17a924, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x1000000000000000, 0x7fffffff, 0xa, 0xfffffffffffbfff9, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x0, 0x8, 0x80000001005, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x1, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa3c, 0x0, 0x3, 0x3ff, 0x2, 0x8, 0x7, 0xc567]}, 0x1fe, 0x4000d) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/virtual/tty/ptyba/power/runtime_suspended_time\x00', 0x40000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000001100)=""/4106, 0x100a) r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r3, 0xfffffff7fffffd06, &(0x7f00000001c0)) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) bind$auto(0x3, &(0x7f0000000040)=@rc={0x1f, @none, 0x3}, 0x6a) setsockopt$auto(r1, 0x10000000084, 0x75, 0x0, 0x8) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x79, 0x0, 0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), r5) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c00c022", @ANYRES16=r6, @ANYBLOB="01002bbd7000fbdbdf2507000000060001004a000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x80) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r4, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c000014f3415219944af6ed60afd7c816dd5476b6c121f387b3c5bdc97e8f08274ecb18e04029fe140000952b08000000f61272c5b9501b7c66800694414e8bb88f95eb62236b610b5a063751705e6be56b091acf0e4c570418f8d655006a4a4ad4b0fadcc3", @ANYRES16=r6, @ANYBLOB="000426bd7000ffdbdf25020000000600010005000000060001000600000006000100c200000006000100fffb0000060001007f000000"], 0x3c}, 0x1, 0x0, 0x0, 0x840}, 0x400c051) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r7 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/ipsec\x00', 0x40, 0x0) read$auto_ipsec_dbg_fops_ipsec(r7, &(0x7f0000000040)=""/243, 0xf3) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x18000) ioctl$auto(0xc8, 0x480454d1, 0x5c8d) mount$auto(&(0x7f0000000140)='vcan0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='\x00', 0x0, &(0x7f0000000200)="35f4fb5a71027fa4be5f3784e3e5e0728500fb67f22d298dece219c10c49845c70719f3bdb915af77a40441859b54a1cc6adf2dc6f6dd8a20a2e46b113b1d34db029c6fed6669b") sendfile$auto(r0, r0, 0x0, 0x7bffe000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptydb\x00', 0x2040, 0x0) 1.007721518s ago: executing program 4 (id=4177): io_uring_setup$auto(0x2, 0x0) 799.160079ms ago: executing program 4 (id=4178): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/query\x00', 0xc8040, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket(0x11, 0x80003, 0x300) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) 702.038761ms ago: executing program 0 (id=4179): r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000440), 0x20100, 0x0) ioctl$auto_LOOP_CTL_GET_FREE(r0, 0x4c82, 0x24) 632.078244ms ago: executing program 1 (id=4180): r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000440), 0x20100, 0x0) ioctl$auto_LOOP_CTL_GET_FREE(r0, 0x4c82, 0x24) (fail_nth: 3) 577.747897ms ago: executing program 0 (id=4181): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x29, 0x2, 0x0) ioctl$auto(r0, 0x89e2, 0x38) close_range$auto(0x0, 0xfffffffffffff000, 0x0) get_mempolicy$auto(&(0x7f00000001c0)=0x5, 0x0, 0x2d0000000000000, 0x59, 0x4) fanotify_init$auto(0x5, 0x800) pipe2$auto(0x0, 0x80) ioctl$auto(0x1, 0x5761, 0x4) 352.887673ms ago: executing program 0 (id=4182): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/est_nice\x00', 0x80000, 0x0) mprotect$auto(0x0, 0x8040000000000002, 0xeb) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x7f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x14) sendfile$auto(r0, r0, 0x0, 0x200002) 352.695549ms ago: executing program 1 (id=4183): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fanotify_init$auto(0x1, 0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b74, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) modify_ldt$auto(0x2, 0x0, 0x80) timerfd_create$auto(0x5, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) poll$auto(&(0x7f0000000000)={r1, 0x1ff, 0x2f4}, 0x4, 0x7) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0xa, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x400002, 0x3, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x200000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x400000000004, 0x7, 0x3, 0xeb1, 0x0, 0x8000) setuid$auto(0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/bond_slave_1/disable_policy\x00', 0x202, 0x0) sendfile$auto(r3, 0xffffffffffffffff, 0x0, 0x48) 352.424933ms ago: executing program 2 (id=4184): close_range$auto(0x2, 0x8, 0x0) r0 = epoll_create$auto(0x5) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)="54f6982455139d62df92d9362847dd91a5438d5456c621ff88522a263b753fc0b2da", 0x22) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r1, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, "d8babe8c27dadbc937f03739"}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4000) setsockopt$auto(0x3, 0x10000000084, 0x23, 0x0, 0x8) 207.947483ms ago: executing program 0 (id=4185): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000340)=ANY=[@ANYBLOB="8d72af605cf6a8c43a9d5b9bfb839b9b71ca95a427a4a2b408dd7fbd96ffda0f41a264a5da7fde06a502c87643", @ANYRES16=r2, @ANYBLOB="010b27bd7000fbdbdf2505000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4000080) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="cf8cb5165c8ea18405e469c891602e0000", @ANYRES16=r2, @ANYBLOB="00032cbd7000fddbdf251f0000000800dc00faffffff050039017800000008002700070000002c002901d7524dfa34511aaa009814b116fbe1f5e2471f0d0b37042b1fc5a96ed3aa73cc5d3ffd3403bc789c"], 0x58}, 0x1, 0x0, 0x0, 0x44810}, 0x4) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0xfffffdef) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mprotect$auto(0x1ffff000, 0x8000000001000001, 0xd) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time\x00') getdents$auto(r3, 0x0, 0x40000100) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm1p/sub2/xrun_injection\x00', 0x141001, 0x0) write$auto(0x3, 0x0, 0xffd8) getdents64$auto(r3, 0x0, 0x101) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0x9}, 0xffffffffffffffff, 0x0, 0xd, 0x40000000000330) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptys0\x00', 0x101e81, 0x0) 197.275596ms ago: executing program 1 (id=4186): close_range$auto(0x2, 0x8, 0x0) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) socket(0xa, 0x801, 0x84) socket(0x11, 0x2, 0x1) socket(0x2, 0x801, 0x100) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x40054) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'veth0_to_bridge\x00'}) bpf$auto(0x0, 0x0, 0x96) 177.550697ms ago: executing program 2 (id=4187): socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) ioctl$auto(0x3, 0x80000541b, 0x38) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) socket(0x10, 0x3, 0x6) prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) write$auto(0x3, 0x0, 0x5c8) 41.567879ms ago: executing program 2 (id=4188): r0 = openat$auto_gpiolib_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) read$auto(r0, 0x0, 0x3ba) (fail_nth: 2) 0s ago: executing program 1 (id=4196): close_range$auto(0x2, 0x8, 0x0) r0 = epoll_create$auto(0x5) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)="54f6982455139d62df92d9362847dd91a5438d5456c621ff88522a263b753fc0b2da", 0x22) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r1, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, "d8babe8c27dadbc937f03739"}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4000) setsockopt$auto(0x3, 0x10000000084, 0x23, 0x0, 0x8) kernel console output (not intermixed with test programs): nset [1, 0] type 2 family 0 port 6081 - 0 [ 545.172104][T15410] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.247845][T15410] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.379343][T15410] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 545.393776][T15410] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 545.402406][T15410] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 545.413406][T15410] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 545.472811][T15410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 545.491418][T15410] 8021q: adding VLAN 0 to HW filter on device team0 [ 545.504849][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.511943][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state [ 545.524440][ T5836] Bluetooth: hci0: command tx timeout [ 545.536610][T11524] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.543735][T11524] bridge0: port 2(bridge_slave_1) entered forwarding state [ 545.687103][T15410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 545.724784][T15410] veth0_vlan: entered promiscuous mode [ 545.735364][T15410] veth1_vlan: entered promiscuous mode [ 545.765617][T15410] veth0_macvtap: entered promiscuous mode [ 545.774064][T15410] veth1_macvtap: entered promiscuous mode [ 545.788540][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.799784][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.810375][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.821548][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.831749][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.842684][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.852790][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.863899][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.873883][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.884447][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.894611][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 545.905571][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.916894][T15410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 545.927857][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.939221][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.949373][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.960209][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.970084][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 545.981171][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 545.991031][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.001555][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.011476][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.022356][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.032873][T15410] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.043434][T15410] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.054459][T15410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 546.069986][T15410] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.078764][T15410] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.088654][T15410] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.097458][T15410] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 546.172415][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 546.186543][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.211915][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 546.220282][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.350635][T15466] FAULT_INJECTION: forcing a failure. [ 546.350635][T15466] name failslab, interval 1, probability 0, space 0, times 0 [ 546.380728][T15466] CPU: 0 UID: 0 PID: 15466 Comm: syz.4.2464 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 546.391548][T15466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 546.401627][T15466] Call Trace: [ 546.404923][T15466] [ 546.407871][T15466] dump_stack_lvl+0x16c/0x1f0 [ 546.412593][T15466] should_fail_ex+0x497/0x5b0 [ 546.417329][T15466] ? fs_reclaim_acquire+0xae/0x150 [ 546.422482][T15466] should_failslab+0xc2/0x120 [ 546.427203][T15466] __kmalloc_cache_noprof+0x68/0x420 [ 546.432535][T15466] refill_pi_state_cache+0x89/0x250 [ 546.437785][T15466] futex_lock_pi+0x227/0x7a0 [ 546.442436][T15466] ? __pfx_futex_lock_pi+0x10/0x10 [ 546.447582][T15466] ? find_held_lock+0x2d/0x110 [ 546.452410][T15466] ? find_held_lock+0x2d/0x110 [ 546.457217][T15466] ? __pfx_futex_wake_mark+0x10/0x10 [ 546.462534][T15466] ? vfs_write+0x306/0x1150 [ 546.467075][T15466] do_futex+0x11b/0x350 [ 546.471277][T15466] ? __pfx_do_futex+0x10/0x10 [ 546.476007][T15466] __x64_sys_futex+0x1e1/0x4c0 [ 546.480811][T15466] ? fput+0x67/0x440 [ 546.484739][T15466] ? __pfx___x64_sys_futex+0x10/0x10 [ 546.490060][T15466] ? ksys_write+0x1ba/0x250 [ 546.494588][T15466] ? __pfx_ksys_write+0x10/0x10 [ 546.499471][T15466] do_syscall_64+0xcd/0x250 [ 546.504006][T15466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.509932][T15466] RIP: 0033:0x7f3b7d185d29 [ 546.514364][T15466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.534000][T15466] RSP: 002b:00007f3b7dfd6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 546.542448][T15466] RAX: ffffffffffffffda RBX: 00007f3b7d375fa0 RCX: 00007f3b7d185d29 [ 546.550448][T15466] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 546.558433][T15466] RBP: 00007f3b7dfd6090 R08: 0000000000000000 R09: 0000000080000001 [ 546.566418][T15466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 546.574398][T15466] R13: 0000000000000000 R14: 00007f3b7d375fa0 R15: 00007ffc2bb0e898 [ 546.582385][T15466] [ 546.684877][T15468] FAULT_INJECTION: forcing a failure. [ 546.684877][T15468] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 546.779024][T15468] CPU: 0 UID: 0 PID: 15468 Comm: syz.2.2438 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 546.789851][T15468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 546.799933][T15468] Call Trace: [ 546.803230][T15468] [ 546.806176][T15468] dump_stack_lvl+0x16c/0x1f0 [ 546.810885][T15468] should_fail_ex+0x497/0x5b0 [ 546.815598][T15468] _copy_from_user+0x2e/0xd0 [ 546.820222][T15468] core_sys_select+0x34f/0xa10 [ 546.825031][T15468] ? __pfx_core_sys_select+0x10/0x10 [ 546.830354][T15468] ? find_held_lock+0x2d/0x110 [ 546.835177][T15468] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 546.841200][T15468] kern_select+0x15e/0x1e0 [ 546.845649][T15468] ? __pfx_kern_select+0x10/0x10 [ 546.850623][T15468] ? __pfx_ksys_write+0x10/0x10 [ 546.855508][T15468] __x64_sys_select+0xbd/0x160 [ 546.860302][T15468] ? do_syscall_64+0x91/0x250 [ 546.865019][T15468] ? lockdep_hardirqs_on+0x7c/0x110 [ 546.870249][T15468] do_syscall_64+0xcd/0x250 [ 546.874783][T15468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.880707][T15468] RIP: 0033:0x7fc62fb85d29 [ 546.885147][T15468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.904784][T15468] RSP: 002b:00007fc6308ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 546.913223][T15468] RAX: ffffffffffffffda RBX: 00007fc62fd76080 RCX: 00007fc62fb85d29 [ 546.921201][T15468] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 546.929173][T15468] RBP: 00007fc6308ee090 R08: 0000000000000000 R09: 0000000000000000 [ 546.937145][T15468] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001 [ 546.945115][T15468] R13: 0000000000000000 R14: 00007fc62fd76080 R15: 00007ffcb707ee18 [ 546.953103][T15468] [ 547.229446][T15477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2466'. [ 547.611860][ T5836] Bluetooth: hci0: command tx timeout [ 547.674234][ T5830] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 547.746681][ T5830] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 547.784413][ T5830] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 547.822200][ T5830] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 547.831364][ T5830] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 547.840104][ T5830] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 548.085212][ T8884] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 548.397554][ T8125] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.450644][T15487] chnl_net:caif_netlink_parms(): no params data found [ 548.547667][ T8125] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.702997][T15523] unsupported nla_type 32969 [ 548.769372][ T8125] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.987084][ T8125] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.082652][T15487] bridge0: port 1(bridge_slave_0) entered blocking state [ 549.110398][T15487] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.153047][T15487] bridge_slave_0: entered allmulticast mode [ 549.193381][T15487] bridge_slave_0: entered promiscuous mode [ 549.267206][T15487] bridge0: port 2(bridge_slave_1) entered blocking state [ 549.293724][T15487] bridge0: port 2(bridge_slave_1) entered disabled state [ 549.328208][T15487] bridge_slave_1: entered allmulticast mode [ 549.358882][T15487] bridge_slave_1: entered promiscuous mode [ 549.456653][T15487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 549.478900][T15487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 549.683883][ T5830] Bluetooth: hci0: command tx timeout [ 549.730546][T15487] team0: Port device team_slave_0 added [ 549.786391][T15487] team0: Port device team_slave_1 added [ 549.923742][ T5830] Bluetooth: hci2: command tx timeout [ 550.018868][ T8125] bridge_slave_1: left allmulticast mode [ 550.033615][ T8125] bridge_slave_1: left promiscuous mode [ 550.066998][ T8125] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.226410][ T8125] bridge_slave_0: left allmulticast mode [ 550.232140][ T8125] bridge_slave_0: left promiscuous mode [ 550.247885][ T8125] bridge0: port 1(bridge_slave_0) entered disabled state [ 550.561824][T15561] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2482'. [ 551.217355][ T8125] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 551.229096][ T8125] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 551.254920][ T8125] bond0 (unregistering): Released all slaves [ 551.285094][T15487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 551.302270][T15487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 551.383704][T15487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 551.504105][T15487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 551.533883][T15487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 551.611698][T15487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 551.763619][ T5830] Bluetooth: hci0: command tx timeout [ 551.978051][T15487] hsr_slave_0: entered promiscuous mode [ 552.004594][ T5830] Bluetooth: hci2: command tx timeout [ 552.031918][T15487] hsr_slave_1: entered promiscuous mode [ 552.098268][T15487] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 552.143578][T15487] Cannot create hsr debugfs directory [ 552.523950][ T8125] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 552.547079][ T8125] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 552.579869][ T8125] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 552.614582][ T8125] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 552.703143][ T8125] veth1_macvtap: left promiscuous mode [ 552.719838][ T8125] veth0_macvtap: left promiscuous mode [ 552.736441][ T8125] veth1_vlan: left promiscuous mode [ 552.754964][ T8125] veth0_vlan: left promiscuous mode [ 554.123184][ T5830] Bluetooth: hci2: command tx timeout [ 554.137502][T15605] sg_write: data in/out 14/93 bytes for SCSI command 0x0-- guessing data in; [ 554.137502][T15605] program syz.4.2491 not setting count and/or reply_len properly [ 554.698478][ T8125] team0 (unregistering): Port device team_slave_1 removed [ 554.802549][ T8125] team0 (unregistering): Port device team_slave_0 removed [ 556.186704][ T5830] Bluetooth: hci2: command tx timeout [ 556.925307][T15487] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 556.967924][T15487] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 557.026201][T15487] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 557.050087][T15487] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 557.287939][T15487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 557.319424][T15487] 8021q: adding VLAN 0 to HW filter on device team0 [ 557.332287][ T8125] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.339434][ T8125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 557.427298][T11520] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.434512][T11520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 558.190267][T15487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 558.301366][T15487] veth0_vlan: entered promiscuous mode [ 558.335428][T15487] veth1_vlan: entered promiscuous mode [ 558.428525][T15487] veth0_macvtap: entered promiscuous mode [ 558.490073][T15677] sg_write: data in/out 14/93 bytes for SCSI command 0x0-- guessing data in; [ 558.490073][T15677] program syz.2.2504 not setting count and/or reply_len properly [ 558.509538][T15487] veth1_macvtap: entered promiscuous mode [ 558.517182][T15678] FAULT_INJECTION: forcing a failure. [ 558.517182][T15678] name failslab, interval 1, probability 0, space 0, times 0 [ 558.549046][T15678] CPU: 0 UID: 0 PID: 15678 Comm: syz.4.2505 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 558.559855][T15678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 558.569925][T15678] Call Trace: [ 558.573203][T15678] [ 558.576144][T15678] dump_stack_lvl+0x16c/0x1f0 [ 558.580852][T15678] should_fail_ex+0x497/0x5b0 [ 558.585543][T15678] ? fs_reclaim_acquire+0xae/0x150 [ 558.590663][T15678] should_failslab+0xc2/0x120 [ 558.595350][T15678] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 558.600733][T15678] ? getname_flags.part.0+0x4c/0x550 [ 558.606033][T15678] ? vfs_write+0x306/0x1150 [ 558.610547][T15678] getname_flags.part.0+0x4c/0x550 [ 558.615676][T15678] getname+0x8d/0xe0 [ 558.619583][T15678] do_sys_openat2+0x104/0x1e0 [ 558.624277][T15678] ? __pfx_do_sys_openat2+0x10/0x10 [ 558.629491][T15678] ? __fget_files+0x206/0x3a0 [ 558.634178][T15678] __x64_sys_openat+0x175/0x210 [ 558.639038][T15678] ? __pfx___x64_sys_openat+0x10/0x10 [ 558.644421][T15678] ? ksys_write+0x1ba/0x250 [ 558.648938][T15678] do_syscall_64+0xcd/0x250 [ 558.653455][T15678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.659362][T15678] RIP: 0033:0x7f3b7d185d29 [ 558.663780][T15678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.683397][T15678] RSP: 002b:00007f3b7dfb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 558.691811][T15678] RAX: ffffffffffffffda RBX: 00007f3b7d376080 RCX: 00007f3b7d185d29 [ 558.699784][T15678] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: ffffffffffffff9c [ 558.707757][T15678] RBP: 00007f3b7dfb5090 R08: 0000000000000000 R09: 0000000000000000 [ 558.715729][T15678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 558.723704][T15678] R13: 0000000000000001 R14: 00007f3b7d376080 R15: 00007ffc2bb0e898 [ 558.731706][T15678] [ 558.739801][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.773573][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.793631][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.814974][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.825290][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.836832][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.846853][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.857469][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.867349][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.877905][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.888063][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.898816][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.909835][T15487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 558.943819][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.954815][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.967263][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.003642][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.023963][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.043537][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.063700][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.084502][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.109652][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.131008][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.163531][T15487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.178960][T15487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.190926][T15487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 559.248182][T15487] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.273803][T15487] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.282547][T15487] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.301374][T15487] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.329393][T15690] sctp: [Deprecated]: syz.4.2507 (pid 15690) Use of struct sctp_assoc_value in delayed_ack socket option. [ 559.329393][T15690] Use struct sctp_sack_info instead [ 559.583209][T11520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.605161][T11520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 559.707164][T11520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.715236][T11520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.325934][T15764] FAULT_INJECTION: forcing a failure. [ 561.325934][T15764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 561.339294][T15764] CPU: 0 UID: 0 PID: 15764 Comm: syz.2.2517 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 561.350098][T15764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 561.360179][T15764] Call Trace: [ 561.363483][T15764] [ 561.366433][T15764] dump_stack_lvl+0x16c/0x1f0 [ 561.371144][T15764] should_fail_ex+0x497/0x5b0 [ 561.375863][T15764] _copy_to_user+0x32/0xd0 [ 561.380324][T15764] simple_read_from_buffer+0xd0/0x160 [ 561.385731][T15764] proc_fail_nth_read+0x198/0x270 [ 561.390951][T15764] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 561.396523][T15764] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 561.402091][T15764] vfs_read+0x1df/0xbe0 [ 561.406266][T15764] ? __fget_files+0x1fc/0x3a0 [ 561.410956][T15764] ? __pfx___mutex_lock+0x10/0x10 [ 561.415996][T15764] ? __pfx_vfs_read+0x10/0x10 [ 561.420691][T15764] ? __fget_files+0x206/0x3a0 [ 561.425393][T15764] ksys_read+0x12b/0x250 [ 561.429645][T15764] ? __pfx_ksys_read+0x10/0x10 [ 561.434418][T15764] do_syscall_64+0xcd/0x250 [ 561.438933][T15764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.444837][T15764] RIP: 0033:0x7fc62fb8473c [ 561.449253][T15764] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 561.468885][T15764] RSP: 002b:00007fc63090f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 561.477321][T15764] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb8473c [ 561.485304][T15764] RDX: 000000000000000f RSI: 00007fc63090f0a0 RDI: 0000000000000003 [ 561.493294][T15764] RBP: 00007fc63090f090 R08: 0000000000000000 R09: 0000000000000000 [ 561.501301][T15764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 561.509285][T15764] R13: 0000000000000001 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 561.517278][T15764] [ 563.208699][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.218748][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.422796][T15819] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2530'. [ 564.562960][T15830] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2540'. [ 564.995252][T15843] sg_write: data in/out 14/93 bytes for SCSI command 0x0-- guessing data in; [ 564.995252][T15843] program syz.0.2536 not setting count and/or reply_len properly [ 566.252200][T15871] can: request_module (can-proto-0) failed. [ 566.292592][T15871] sp0: Synchronizing with TNC [ 567.958109][T15902] FAULT_INJECTION: forcing a failure. [ 567.958109][T15902] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 567.974554][T15902] CPU: 0 UID: 0 PID: 15902 Comm: syz.1.2552 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 567.985358][T15902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 567.995439][T15902] Call Trace: [ 567.998730][T15902] [ 568.001688][T15902] dump_stack_lvl+0x16c/0x1f0 [ 568.006396][T15902] should_fail_ex+0x497/0x5b0 [ 568.011114][T15902] _copy_from_user+0x2e/0xd0 [ 568.015734][T15902] core_sys_select+0x34f/0xa10 [ 568.020530][T15902] ? __pfx_core_sys_select+0x10/0x10 [ 568.025849][T15902] ? find_held_lock+0x2d/0x110 [ 568.030672][T15902] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 568.036695][T15902] kern_select+0x15e/0x1e0 [ 568.041137][T15902] ? __pfx_kern_select+0x10/0x10 [ 568.046110][T15902] ? __pfx_ksys_write+0x10/0x10 [ 568.050991][T15902] __x64_sys_select+0xbd/0x160 [ 568.055775][T15902] ? do_syscall_64+0x91/0x250 [ 568.060476][T15902] ? lockdep_hardirqs_on+0x7c/0x110 [ 568.065698][T15902] do_syscall_64+0xcd/0x250 [ 568.070229][T15902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.076145][T15902] RIP: 0033:0x7f2834585d29 [ 568.080580][T15902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.100215][T15902] RSP: 002b:00007f28352de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 568.108655][T15902] RAX: ffffffffffffffda RBX: 00007f2834776080 RCX: 00007f2834585d29 [ 568.116641][T15902] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 568.124612][T15902] RBP: 00007f28352de090 R08: 0000000000000000 R09: 0000000000000000 [ 568.132582][T15902] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001 [ 568.140550][T15902] R13: 0000000000000000 R14: 00007f2834776080 R15: 00007ffdd4d01378 [ 568.148536][T15902] [ 568.706629][T15924] FAULT_INJECTION: forcing a failure. [ 568.706629][T15924] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.728510][T15924] CPU: 1 UID: 0 PID: 15924 Comm: syz.4.2563 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 568.739325][T15924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 568.749404][T15924] Call Trace: [ 568.752701][T15924] [ 568.755653][T15924] dump_stack_lvl+0x16c/0x1f0 [ 568.760363][T15924] should_fail_ex+0x497/0x5b0 [ 568.765095][T15924] _copy_to_user+0x32/0xd0 [ 568.769555][T15924] simple_read_from_buffer+0xd0/0x160 [ 568.774960][T15924] proc_fail_nth_read+0x198/0x270 [ 568.780027][T15924] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 568.785625][T15924] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 568.791212][T15924] vfs_read+0x1df/0xbe0 [ 568.795397][T15924] ? __fget_files+0x1fc/0x3a0 [ 568.800113][T15924] ? __pfx___mutex_lock+0x10/0x10 [ 568.805171][T15924] ? __pfx_vfs_read+0x10/0x10 [ 568.809889][T15924] ? __fget_files+0x206/0x3a0 [ 568.814614][T15924] ksys_read+0x12b/0x250 [ 568.818890][T15924] ? __pfx_ksys_read+0x10/0x10 [ 568.823695][T15924] do_syscall_64+0xcd/0x250 [ 568.828232][T15924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.834162][T15924] RIP: 0033:0x7f3b7d18473c [ 568.838603][T15924] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 568.858235][T15924] RSP: 002b:00007f3b7dfd6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 568.866679][T15924] RAX: ffffffffffffffda RBX: 00007f3b7d375fa0 RCX: 00007f3b7d18473c [ 568.874672][T15924] RDX: 000000000000000f RSI: 00007f3b7dfd60a0 RDI: 0000000000000004 [ 568.882668][T15924] RBP: 00007f3b7dfd6090 R08: 0000000000000000 R09: 0000000000000000 [ 568.890663][T15924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.898658][T15924] R13: 0000000000000000 R14: 00007f3b7d375fa0 R15: 00007ffc2bb0e898 [ 568.906676][T15924] [ 569.347644][T15946] kernel read not supported for file /#)-\&[} (pid: 15946 comm: syz.2.2570) [ 569.357451][ T29] audit: type=1804 audit(3834.182:12): pid=15946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2570" name="#)-\&[}" dev="mqueue" ino=48538 res=1 errno=0 [ 569.393648][T15941] can: request_module (can-proto-0) failed. [ 569.423337][ T29] audit: type=1800 audit(3834.262:13): pid=15946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2570" name="#)-\&[}" dev="mqueue" ino=48538 res=0 errno=0 [ 569.491532][ T29] audit: type=1804 audit(3834.262:14): pid=15946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2570" name="#)-\&[}" dev="mqueue" ino=48538 res=1 errno=0 [ 569.558199][ T29] audit: type=1804 audit(3834.262:15): pid=15946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2570" name="#)-\&[}" dev="mqueue" ino=48538 res=1 errno=0 [ 569.755362][T15961] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2574'. [ 570.917127][T15977] can: request_module (can-proto-0) failed. [ 571.280143][T15979] sp0: Synchronizing with TNC [ 571.573995][T15992] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2583'. [ 572.056050][T16003] size and base must be multiples of 4 kiB [ 572.061912][T16003] CPU: 1 UID: 0 PID: 16003 Comm: syz.0.2585 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 572.072710][T16003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 572.082805][T16003] Call Trace: [ 572.086116][T16003] [ 572.089076][T16003] dump_stack_lvl+0x16c/0x1f0 [ 572.093801][T16003] mtrr_del+0xd1/0x110 [ 572.097925][T16003] mtrr_ioctl+0x900/0xcd0 [ 572.102310][T16003] ? __pfx_mtrr_ioctl+0x10/0x10 [ 572.107214][T16003] ? __pfx_lock_release+0x10/0x10 [ 572.112289][T16003] ? __fget_files+0x206/0x3a0 [ 572.117007][T16003] ? __pfx_mtrr_ioctl+0x10/0x10 [ 572.121907][T16003] proc_reg_unlocked_ioctl+0x226/0x320 [ 572.127407][T16003] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 572.133428][T16003] __x64_sys_ioctl+0x190/0x200 [ 572.138234][T16003] do_syscall_64+0xcd/0x250 [ 572.142784][T16003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.148724][T16003] RIP: 0033:0x7f4b17785d29 [ 572.153168][T16003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 572.172809][T16003] RSP: 002b:00007f4b18603038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 572.181268][T16003] RAX: ffffffffffffffda RBX: 00007f4b17976080 RCX: 00007f4b17785d29 [ 572.189269][T16003] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000007 [ 572.197271][T16003] RBP: 00007f4b17801b08 R08: 0000000000000000 R09: 0000000000000000 [ 572.205273][T16003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 572.213269][T16003] R13: 0000000000000000 R14: 00007f4b17976080 R15: 00007fff68d72188 [ 572.221283][T16003] [ 573.342290][T16030] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2594'. [ 574.672831][T16058] vivid-013: ================= START STATUS ================= [ 574.782130][T16058] vivid-013: Generate PTS: true [ 574.823801][T16058] vivid-013: Generate SCR: true [ 574.828746][T16058] tpg source WxH: 640x360 (Y'CbCr) [ 574.878690][T16058] tpg field: 1 [ 574.893624][T16058] tpg crop: 640x360@0x0 [ 574.912307][T16058] tpg compose: 640x360@0x0 [ 574.934882][T16058] tpg colorspace: 8 [ 574.939432][T16059] FAULT_INJECTION: forcing a failure. [ 574.939432][T16059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 574.960433][T16059] CPU: 0 UID: 0 PID: 16059 Comm: syz.0.2603 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 574.971236][T16059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 574.981312][T16059] Call Trace: [ 574.984617][T16059] [ 574.987571][T16059] dump_stack_lvl+0x16c/0x1f0 [ 574.992293][T16059] should_fail_ex+0x497/0x5b0 [ 574.997008][T16059] _copy_from_user+0x2e/0xd0 [ 575.001637][T16059] restore_sigcontext+0xcc/0x6a0 [ 575.006622][T16059] ? __pfx_restore_sigcontext+0x10/0x10 [ 575.012231][T16059] ? __pfx_restore_altstack+0x10/0x10 [ 575.017643][T16059] ? _raw_spin_unlock_irq+0x23/0x50 [ 575.021281][T16058] tpg transfer function: 0/0 [ 575.022854][T16059] ? lockdep_hardirqs_on+0x7c/0x110 [ 575.022896][T16059] __do_sys_rt_sigreturn+0x1bd/0x240 [ 575.037967][T16059] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 575.043827][T16059] do_syscall_64+0xcd/0x250 [ 575.048376][T16059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.054305][T16059] RIP: 0033:0x7f4b17721f29 [ 575.058752][T16059] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 575.071874][T16058] tpg Y'CbCr encoding: 0/0 [ 575.078366][T16059] RSP: 002b:00007f4b18623a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 575.078398][T16059] RAX: ffffffffffffffda RBX: 00007f4b17975fa0 RCX: 00007f4b17721f29 [ 575.078414][T16059] RDX: 00007f4b18623a80 RSI: 00007f4b18623bb0 RDI: 0000000000000021 [ 575.078430][T16059] RBP: 00007f4b18624090 R08: 0000000000000000 R09: 0000000000000000 [ 575.078445][T16059] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 575.078460][T16059] R13: 0000000000000000 R14: 00007f4b17975fa0 R15: 00007fff68d72188 [ 575.078489][T16059] [ 575.275845][T16058] tpg quantization: 0/0 [ 575.275866][T16058] tpg RGB range: 0/2 [ 575.275881][T16058] vivid-013: ================== END STATUS ================== [ 575.300167][T16073] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2605'. [ 575.884253][T16086] kernel read not supported for file /#)-\&[} (pid: 16086 comm: syz.1.2608) [ 575.893185][ T29] audit: type=1804 audit(3840.732:16): pid=16086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2608" name="#)-\&[}" dev="mqueue" ino=48983 res=1 errno=0 [ 575.941519][T16084] can: request_module (can-proto-0) failed. [ 575.999065][ T29] audit: type=1800 audit(3840.802:17): pid=16086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2608" name="#)-\&[}" dev="mqueue" ino=48983 res=0 errno=0 [ 576.197238][ T29] audit: type=1804 audit(3841.042:18): pid=16082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2608" name="#)-\&[}" dev="mqueue" ino=48983 res=1 errno=0 [ 576.240269][ T29] audit: type=1804 audit(3841.042:19): pid=16082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2608" name="#)-\&[}" dev="mqueue" ino=48983 res=1 errno=0 [ 576.762346][T16101] can: request_module (can-proto-0) failed. [ 576.876699][T16103] sp0: Synchronizing with TNC [ 577.460109][T16114] netlink: 'syz.0.2615': attribute type 1 has an invalid length. [ 577.478892][T16114] netlink: 'syz.0.2615': attribute type 1 has an invalid length. [ 577.665784][T16118] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2617'. [ 579.952944][T16162] size and base must be multiples of 4 kiB [ 579.988034][T16162] CPU: 1 UID: 0 PID: 16162 Comm: syz.2.2630 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 579.998871][T16162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 580.008965][T16162] Call Trace: [ 580.012278][T16162] [ 580.015243][T16162] dump_stack_lvl+0x16c/0x1f0 [ 580.019965][T16162] mtrr_del+0xd1/0x110 [ 580.024082][T16162] mtrr_ioctl+0x900/0xcd0 [ 580.028483][T16162] ? __pfx_mtrr_ioctl+0x10/0x10 [ 580.033387][T16162] ? __pfx_lock_release+0x10/0x10 [ 580.038452][T16162] ? __sys_sendmsg+0x19a/0x220 [ 580.043284][T16162] ? __fget_files+0x206/0x3a0 [ 580.048004][T16162] ? __pfx_mtrr_ioctl+0x10/0x10 [ 580.052902][T16162] proc_reg_unlocked_ioctl+0x226/0x320 [ 580.058397][T16162] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 580.064425][T16162] __x64_sys_ioctl+0x190/0x200 [ 580.069244][T16162] do_syscall_64+0xcd/0x250 [ 580.073793][T16162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.079735][T16162] RIP: 0033:0x7fc62fb85d29 [ 580.084266][T16162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 580.103911][T16162] RSP: 002b:00007fc63090f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 580.112370][T16162] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb85d29 [ 580.120382][T16162] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000007 [ 580.128390][T16162] RBP: 00007fc62fc01b08 R08: 0000000000000000 R09: 0000000000000000 [ 580.136399][T16162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 580.144405][T16162] R13: 0000000000000000 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 580.152423][T16162] [ 580.655698][T16185] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2636'. [ 580.772425][T16187] Invalid ELF header magic: != ELF [ 580.881061][ T29] audit: type=1800 audit(3845.722:20): pid=16187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2637" name="features" dev="configfs" ino=49273 res=0 errno=0 [ 581.381099][T16196] netlink: 'syz.4.2640': attribute type 1 has an invalid length. [ 581.392566][T16196] netlink: 'syz.4.2640': attribute type 1 has an invalid length. [ 581.548527][T16197] can: request_module (can-proto-0) failed. [ 581.649713][T16192] kernel read not supported for file /#)-\&[} (pid: 16192 comm: syz.0.2638) [ 581.658939][ T29] audit: type=1804 audit(3846.492:21): pid=16192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2638" name="#)-\&[}" dev="mqueue" ino=50242 res=1 errno=0 [ 581.693662][ T29] audit: type=1800 audit(3846.532:22): pid=16192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2638" name="#)-\&[}" dev="mqueue" ino=50242 res=0 errno=0 [ 581.713590][ T29] audit: type=1804 audit(3846.532:23): pid=16192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2638" name="#)-\&[}" dev="mqueue" ino=50242 res=1 errno=0 [ 581.733695][ T29] audit: type=1804 audit(3846.532:24): pid=16192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2638" name="#)-\&[}" dev="mqueue" ino=50242 res=1 errno=0 [ 582.696871][T16221] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2647'. [ 583.200980][T16238] netlink: 'syz.1.2650': attribute type 1 has an invalid length. [ 583.243722][T16238] netlink: 'syz.1.2650': attribute type 1 has an invalid length. [ 584.448166][T16268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2658'. [ 585.674766][T16289] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2666'. [ 585.721169][T16291] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2665'. [ 586.603735][T16322] Process accounting resumed [ 587.055722][T16331] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2678'. [ 587.442660][T16334] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2679'. [ 588.102294][T16350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2686'. [ 588.834441][T16363] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2689'. [ 588.948472][T16368] netlink: 'syz.0.2690': attribute type 1 has an invalid length. [ 588.993678][T16368] netlink: 'syz.0.2690': attribute type 1 has an invalid length. [ 589.357708][T16380] netlink: 228 bytes leftover after parsing attributes in process `syz.1.2691'. [ 589.742293][T16388] zswap: compressor not available [ 590.038364][T16410] netlink: 'syz.0.2704': attribute type 1 has an invalid length. [ 590.079470][T16410] netlink: 'syz.0.2704': attribute type 1 has an invalid length. [ 590.713775][T16435] FAULT_INJECTION: forcing a failure. [ 590.713775][T16435] name fail_futex, interval 1, probability 0, space 0, times 1 [ 590.713810][T16435] CPU: 0 UID: 0 PID: 16435 Comm: syz.4.2716 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 590.713841][T16435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 590.713856][T16435] Call Trace: [ 590.713864][T16435] [ 590.713875][T16435] dump_stack_lvl+0x16c/0x1f0 [ 590.713910][T16435] should_fail_ex+0x497/0x5b0 [ 590.713947][T16435] get_futex_key+0x4a3/0x1000 [ 590.713984][T16435] ? __pfx_get_futex_key+0x10/0x10 [ 590.714022][T16435] ? kasan_save_track+0x14/0x30 [ 590.714053][T16435] ? __kasan_kmalloc+0xaa/0xb0 [ 590.714087][T16435] futex_lock_pi+0x282/0x7a0 [ 590.714118][T16435] ? __pfx_futex_lock_pi+0x10/0x10 [ 590.714143][T16435] ? find_held_lock+0x2d/0x110 [ 590.714196][T16435] ? find_held_lock+0x2d/0x110 [ 590.714232][T16435] ? __pfx_futex_wake_mark+0x10/0x10 [ 590.714262][T16435] ? vfs_write+0x306/0x1150 [ 590.714298][T16435] do_futex+0x11b/0x350 [ 590.714333][T16435] ? __pfx_do_futex+0x10/0x10 [ 590.714377][T16435] __x64_sys_futex+0x1e1/0x4c0 [ 590.714410][T16435] ? fput+0x67/0x440 [ 590.714442][T16435] ? __pfx___x64_sys_futex+0x10/0x10 [ 590.714474][T16435] ? ksys_write+0x1ba/0x250 [ 590.714507][T16435] ? __pfx_ksys_write+0x10/0x10 [ 590.714544][T16435] do_syscall_64+0xcd/0x250 [ 590.714577][T16435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.714609][T16435] RIP: 0033:0x7f3b7d185d29 [ 590.714631][T16435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.714655][T16435] RSP: 002b:00007f3b7dfd6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 590.714682][T16435] RAX: ffffffffffffffda RBX: 00007f3b7d375fa0 RCX: 00007f3b7d185d29 [ 590.714700][T16435] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 590.714717][T16435] RBP: 00007f3b7dfd6090 R08: 0000000000000000 R09: 0000000080000001 [ 590.714734][T16435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 590.714750][T16435] R13: 0000000000000000 R14: 00007f3b7d375fa0 R15: 00007ffc2bb0e898 [ 590.714782][T16435] [ 590.940675][T16442] netlink: 'syz.1.2717': attribute type 1 has an invalid length. [ 590.940703][T16442] netlink: 'syz.1.2717': attribute type 1 has an invalid length. [ 591.240607][T16450] FAULT_INJECTION: forcing a failure. [ 591.240607][T16450] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 591.240699][T16450] CPU: 0 UID: 0 PID: 16450 Comm: syz.1.2720 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 591.240731][T16450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 591.240746][T16450] Call Trace: [ 591.240755][T16450] [ 591.240765][T16450] dump_stack_lvl+0x16c/0x1f0 [ 591.240801][T16450] should_fail_ex+0x497/0x5b0 [ 591.240833][T16450] ? fs_reclaim_acquire+0xae/0x150 [ 591.240865][T16450] should_fail_alloc_page+0xe7/0x130 [ 591.240904][T16450] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 591.240940][T16450] __alloc_pages_noprof+0x190/0x25b0 [ 591.240979][T16450] ? hlock_class+0x4e/0x130 [ 591.241010][T16450] ? __lock_acquire+0x15a9/0x3c40 [ 591.241043][T16450] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 591.241076][T16450] ? hlock_class+0x4e/0x130 [ 591.241106][T16450] ? __lock_acquire+0xcc5/0x3c40 [ 591.241143][T16450] ? __pfx___lock_acquire+0x10/0x10 [ 591.241168][T16450] ? __pfx___lock_acquire+0x10/0x10 [ 591.241192][T16450] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 591.241222][T16450] ? policy_nodemask+0xea/0x4e0 [ 591.241261][T16450] alloc_pages_mpol_noprof+0x2c9/0x610 [ 591.241289][T16450] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 591.241317][T16450] ? __fget_files+0x1fc/0x3a0 [ 591.241347][T16450] ? __pfx_lock_release+0x10/0x10 [ 591.241372][T16450] ? __pfx_lock_release+0x10/0x10 [ 591.241403][T16450] get_free_pages_noprof+0xc/0x40 [ 591.241428][T16450] __pollwait+0x291/0x4c0 [ 591.241456][T16450] ? __fget_files+0x206/0x3a0 [ 591.241494][T16450] pipe_poll+0x4a7/0x8a0 [ 591.241523][T16450] ? __pfx___pollwait+0x10/0x10 [ 591.241552][T16450] ? __pfx_pipe_poll+0x10/0x10 [ 591.241582][T16450] do_select+0xd88/0x17e0 [ 591.241633][T16450] ? __pfx_do_select+0x10/0x10 [ 591.241660][T16450] ? __pfx_mark_lock+0x10/0x10 [ 591.241694][T16450] ? mark_lock+0xb5/0xc60 [ 591.241731][T16450] ? __pfx___pollwait+0x10/0x10 [ 591.241763][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.241794][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.241824][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.241855][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.241885][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.241915][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.241946][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.241976][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.242007][T16450] ? __pfx_pollwake+0x10/0x10 [ 591.242035][T16450] ? trace_lock_acquire+0x14e/0x1f0 [ 591.242071][T16450] ? lock_acquire+0x2f/0xb0 [ 591.242094][T16450] ? __might_fault+0xe3/0x190 [ 591.242131][T16450] ? __might_fault+0xe3/0x190 [ 591.242175][T16450] ? core_sys_select+0x3a6/0xa10 [ 591.242203][T16450] core_sys_select+0x3a6/0xa10 [ 591.242237][T16450] ? __pfx_core_sys_select+0x10/0x10 [ 591.242272][T16450] ? find_held_lock+0x2d/0x110 [ 591.242331][T16450] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 591.242371][T16450] kern_select+0x15e/0x1e0 [ 591.242401][T16450] ? __pfx_kern_select+0x10/0x10 [ 591.242434][T16450] ? __pfx_ksys_write+0x10/0x10 [ 591.242473][T16450] __x64_sys_select+0xbd/0x160 [ 591.242502][T16450] ? do_syscall_64+0x91/0x250 [ 591.242533][T16450] ? lockdep_hardirqs_on+0x7c/0x110 [ 591.242562][T16450] do_syscall_64+0xcd/0x250 [ 591.242596][T16450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.242628][T16450] RIP: 0033:0x7f2834585d29 [ 591.242649][T16450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.242674][T16450] RSP: 002b:00007f28352de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 591.242701][T16450] RAX: ffffffffffffffda RBX: 00007f2834776080 RCX: 00007f2834585d29 [ 591.242720][T16450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 591.242737][T16450] RBP: 00007f28352de090 R08: 0000000000000000 R09: 0000000000000000 [ 591.242754][T16450] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001 [ 591.242772][T16450] R13: 0000000000000000 R14: 00007f2834776080 R15: 00007ffdd4d01378 [ 591.242805][T16450] [ 592.158064][T16459] Invalid ELF header magic: != ELF [ 592.384854][T16473] netlink: 'syz.4.2728': attribute type 1 has an invalid length. [ 592.384884][T16473] netlink: 'syz.4.2728': attribute type 1 has an invalid length. [ 592.718725][T16483] HfR: entered promiscuous mode [ 593.660546][T16499] netlink: 'syz.2.2738': attribute type 1 has an invalid length. [ 593.679076][T16499] netlink: 'syz.2.2738': attribute type 1 has an invalid length. [ 595.532518][T16538] netlink: 'syz.2.2750': attribute type 1 has an invalid length. [ 595.544128][T16538] netlink: 'syz.2.2750': attribute type 1 has an invalid length. [ 598.049385][T16581] netlink: 'syz.1.2761': attribute type 1 has an invalid length. [ 598.083826][T16581] netlink: 'syz.1.2761': attribute type 1 has an invalid length. [ 599.102166][T16589] Invalid ELF header magic: != ELF [ 599.185289][T16595] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2764'. [ 600.974161][ T8119] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 601.244449][T16612] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2769'. [ 601.366805][T16614] netlink: 'syz.1.2770': attribute type 1 has an invalid length. [ 601.413534][T16614] netlink: 'syz.1.2770': attribute type 1 has an invalid length. [ 601.494685][T16618] netlink: 'syz.2.2771': attribute type 1 has an invalid length. [ 601.543617][T16618] netlink: 'syz.2.2771': attribute type 1 has an invalid length. [ 603.963894][T16652] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2781'. [ 604.791722][T16659] openvswitch: HfR: Dropping previously announced user features [ 605.869246][T16678] zswap: compressor not available [ 606.403838][T16692] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2790'. [ 608.903886][ T1089] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 609.158724][T16720] zswap: compressor not available [ 614.895644][ T8125] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 618.308114][T16803] zswap: compressor not available [ 619.120906][T16826] sctp: [Deprecated]: syz.2.2830 (pid 16826) Use of int in max_burst socket option deprecated. [ 619.120906][T16826] Use struct sctp_assoc_value instead [ 619.243864][T16809] Invalid ELF header magic: != ELF [ 620.750566][T16849] zswap: compressor not available [ 622.549629][T16883] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 622.556242][T16883] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 622.905543][T16885] zswap: compressor not available [ 623.515599][T16904] zswap: compressor not available [ 623.553000][T16898] Invalid ELF header magic: != ELF [ 624.715218][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.721607][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.803723][T16923] binder: 16922:16923 unknown command 1074790400 [ 624.833536][T16923] binder: 16922:16923 ioctl c0306201 9 returned -22 [ 627.116686][T16937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2863'. [ 627.598221][T16946] zswap: compressor not available [ 628.384190][T16963] Invalid ELF header magic: != ELF [ 629.248077][T16982] zswap: compressor not available [ 629.650685][T16998] zswap: compressor not available [ 630.076736][T17011] zswap: compressor not available [ 631.737492][T17054] zswap: compressor not available [ 631.850576][T17062] zswap: compressor not available [ 632.136103][T17082] FAULT_INJECTION: forcing a failure. [ 632.136103][T17082] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 632.150463][T17082] CPU: 1 UID: 0 PID: 17082 Comm: syz.2.2896 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 632.161272][T17082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 632.171368][T17082] Call Trace: [ 632.174667][T17082] [ 632.177618][T17082] dump_stack_lvl+0x16c/0x1f0 [ 632.182335][T17082] should_fail_ex+0x497/0x5b0 [ 632.187052][T17082] strncpy_from_user+0x3b/0x2d0 [ 632.191941][T17082] getname_flags.part.0+0x8f/0x550 [ 632.197093][T17082] getname+0x8d/0xe0 [ 632.201018][T17082] do_sys_openat2+0x104/0x1e0 [ 632.205741][T17082] ? __pfx_do_sys_openat2+0x10/0x10 [ 632.210983][T17082] ? __fget_files+0x206/0x3a0 [ 632.215704][T17082] __x64_sys_openat+0x175/0x210 [ 632.220589][T17082] ? __pfx___x64_sys_openat+0x10/0x10 [ 632.225994][T17082] ? ksys_write+0x1ba/0x250 [ 632.230537][T17082] do_syscall_64+0xcd/0x250 [ 632.235074][T17082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.240997][T17082] RIP: 0033:0x7fc62fb85d29 [ 632.245431][T17082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 632.265063][T17082] RSP: 002b:00007fc6308ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 632.273483][T17082] RAX: ffffffffffffffda RBX: 00007fc62fd76080 RCX: 00007fc62fb85d29 [ 632.281460][T17082] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: ffffffffffffff9c [ 632.289431][T17082] RBP: 00007fc6308ee090 R08: 0000000000000000 R09: 0000000000000000 [ 632.297403][T17082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 632.305376][T17082] R13: 0000000000000001 R14: 00007fc62fd76080 R15: 00007ffcb707ee18 [ 632.313357][T17082] [ 633.148213][T17100] zswap: compressor not available [ 633.687612][T17110] zswap: compressor not available [ 634.625049][T17140] zswap: compressor not available [ 636.086989][T17162] zswap: compressor not available [ 636.627876][T17174] zswap: compressor not available [ 636.800860][T17180] zswap: compressor not available [ 637.649437][T17210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2931'. [ 637.807918][T17205] binder: 17204:17205 unknown command 0 [ 637.813831][T17205] binder: 17204:17205 ioctl c0306201 9 returned -22 [ 638.299083][T17219] zswap: compressor not available [ 638.502714][T17229] zswap: compressor not available [ 639.036252][T17252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2942'. [ 639.456007][T17258] zswap: compressor not available [ 639.873187][T17278] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2952'. [ 640.825048][T17294] zswap: compressor not available [ 641.027223][T17301] zswap: compressor not available [ 641.210478][T17299] zswap: compressor not available [ 641.562039][T17329] zswap: compressor not available [ 642.642343][T17356] zswap: compressor not available [ 642.950097][T17367] zswap: compressor not available [ 643.167883][T17371] zswap: compressor not available [ 643.351364][T17382] zswap: compressor not available [ 643.771733][T17395] zswap: compressor not available [ 644.152113][T17413] zswap: compressor not available [ 644.425367][T17431] netlink: 85 bytes leftover after parsing attributes in process `syz.2.2990'. [ 644.717654][T17442] netlink: del zone limit has 8 unknown bytes [ 644.829940][T17438] zswap: compressor not available [ 645.297961][T17456] zswap: compressor not available [ 646.563294][T17492] zswap: compressor not available [ 646.735523][T17499] zswap: compressor not available [ 647.769204][T17537] zswap: compressor not available [ 648.006472][T17547] zswap: compressor not available [ 648.594993][T17568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3027'. [ 649.661752][T17590] zswap: compressor not available [ 650.473099][T17621] zswap: compressor not available [ 650.644329][T17625] zswap: compressor not available [ 650.670059][T17641] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 651.159337][T17659] zswap: compressor not available [ 652.154399][T17697] zswap: compressor not available [ 652.384319][T17719] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3068'. [ 653.378774][T17729] FAULT_INJECTION: forcing a failure. [ 653.378774][T17729] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 653.403451][T17729] CPU: 1 UID: 0 PID: 17729 Comm: syz.0.3070 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 653.414283][T17729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 653.424375][T17729] Call Trace: [ 653.427677][T17729] [ 653.430627][T17729] dump_stack_lvl+0x16c/0x1f0 [ 653.435352][T17729] should_fail_ex+0x497/0x5b0 [ 653.440086][T17729] core_sys_select+0x420/0xa10 [ 653.444895][T17729] ? __pfx_core_sys_select+0x10/0x10 [ 653.450223][T17729] ? find_held_lock+0x2d/0x110 [ 653.455052][T17729] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 653.461083][T17729] kern_select+0x15e/0x1e0 [ 653.465541][T17729] ? __pfx_kern_select+0x10/0x10 [ 653.470517][T17729] ? __pfx_ksys_write+0x10/0x10 [ 653.475403][T17729] __x64_sys_select+0xbd/0x160 [ 653.480211][T17729] ? do_syscall_64+0x91/0x250 [ 653.484923][T17729] ? lockdep_hardirqs_on+0x7c/0x110 [ 653.490159][T17729] do_syscall_64+0xcd/0x250 [ 653.494707][T17729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.500633][T17729] RIP: 0033:0x7f4b17785d29 [ 653.505071][T17729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.524712][T17729] RSP: 002b:00007f4b18603038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 653.533167][T17729] RAX: ffffffffffffffda RBX: 00007f4b17976080 RCX: 00007f4b17785d29 [ 653.541175][T17729] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 653.549181][T17729] RBP: 00007f4b18603090 R08: 0000000000000000 R09: 0000000000000000 [ 653.557190][T17729] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001 [ 653.565191][T17729] R13: 0000000000000000 R14: 00007f4b17976080 R15: 00007fff68d72188 [ 653.573207][T17729] [ 655.310799][T17773] ima: policy update failed [ 655.326286][ T29] audit: type=1802 audit(4024.443:25): pid=17773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.3079" res=0 errno=0 [ 657.026423][T17822] zswap: compressor not available [ 657.446946][T17790] Bluetooth: hci4: command 0x0406 tx timeout [ 657.736241][T17849] zero sized request [ 662.596809][T17923] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 662.620692][T17923] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 662.663679][T17923] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 662.702900][T17923] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 662.743751][T17923] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 662.758699][T17923] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 662.782923][T17923] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 662.793964][T17923] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 662.820686][T17923] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 663.679455][T17969] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 663.908467][T17957] ima: policy update failed [ 663.924252][ T5830] Bluetooth: hci3: command 0x0c1a tx timeout [ 663.932184][ T29] audit: type=1802 audit(4033.043:26): pid=17957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.3132" res=0 errno=0 [ 664.494822][T17991] mtrr: base(0x0000) is not aligned on a size(0x4003300000) boundary [ 664.646480][ T5830] Bluetooth: hci4: command 0x0406 tx timeout [ 664.723789][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 664.803736][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 665.207521][T18015] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3147'. [ 665.224708][T18015] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3147'. [ 665.235000][T18015] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3147'. [ 665.297964][T18019] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3147'. [ 666.459627][T18024] ima: policy update failed [ 666.484216][ T29] audit: type=1802 audit(8277292036.310:27): pid=18024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.3150" res=0 errno=0 [ 666.724042][ T5830] Bluetooth: hci4: command 0x0406 tx timeout [ 666.803660][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 666.891481][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 668.883915][ T5830] Bluetooth: hci0: command 0x0c1a tx timeout [ 668.963586][ T5830] Bluetooth: hci2: command 0x0c1a tx timeout [ 670.753132][T18098] FAULT_INJECTION: forcing a failure. [ 670.753132][T18098] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 670.803806][T18098] CPU: 1 UID: 0 PID: 18098 Comm: syz.0.3171 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 670.814638][T18098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 670.824725][T18098] Call Trace: [ 670.828026][T18098] [ 670.830980][T18098] dump_stack_lvl+0x16c/0x1f0 [ 670.835696][T18098] should_fail_ex+0x497/0x5b0 [ 670.840415][T18098] __fpu_restore_sig+0xf5/0x1430 [ 670.845393][T18098] ? __pfx___fpu_restore_sig+0x10/0x10 [ 670.850908][T18098] ? lock_acquire+0x2f/0xb0 [ 670.855441][T18098] ? __might_fault+0xe3/0x190 [ 670.860182][T18098] fpu__restore_sig+0x113/0x190 [ 670.865079][T18098] restore_sigcontext+0x4ca/0x6a0 [ 670.870144][T18098] ? __pfx_restore_sigcontext+0x10/0x10 [ 670.875751][T18098] ? __pfx_restore_altstack+0x10/0x10 [ 670.881163][T18098] ? _raw_spin_unlock_irq+0x23/0x50 [ 670.886389][T18098] ? lockdep_hardirqs_on+0x7c/0x110 [ 670.891639][T18098] __do_sys_rt_sigreturn+0x1bd/0x240 [ 670.896967][T18098] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 670.902818][T18098] do_syscall_64+0xcd/0x250 [ 670.907361][T18098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.913286][T18098] RIP: 0033:0x7f4b17785d29 [ 670.917728][T18098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 670.937367][T18098] RSP: 002b:00007f4b18624038 EFLAGS: 00000246 [ 670.943467][T18098] RAX: fffffffffffffff2 RBX: 00007f4b17975fa0 RCX: 00007f4b17785d29 [ 670.951464][T18098] RDX: 00007ffffffff000 RSI: 0000000000000000 RDI: 0000000000000003 [ 670.959458][T18098] RBP: 00007f4b18624090 R08: 0000000000000000 R09: 0000000000000000 [ 670.967457][T18098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 670.975455][T18098] R13: 0000000000000000 R14: 00007f4b17975fa0 R15: 00007fff68d72188 [ 670.983470][T18098] [ 673.823317][T18154] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3191'. [ 674.063564][T18153] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3191'. [ 674.075397][T18153] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3191'. [ 674.162551][T18154] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3191'. [ 677.308996][T18195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3196'. [ 677.980567][T18210] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3199'. [ 678.110020][T18208] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3199'. [ 678.129395][T18208] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3199'. [ 678.200151][T18210] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3199'. [ 679.540565][T18230] netlink: 74 bytes leftover after parsing attributes in process `syz.2.3206'. [ 680.771966][T18259] netlink: 74 bytes leftover after parsing attributes in process `syz.4.3217'. [ 681.322377][T18275] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3224'. [ 681.435416][T18275] hsr_slave_1 (unregistering): left promiscuous mode [ 681.760268][T18287] netlink: 74 bytes leftover after parsing attributes in process `syz.1.3227'. [ 682.088410][T18296] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3230'. [ 682.938145][T18322] netlink: 74 bytes leftover after parsing attributes in process `syz.0.3237'. [ 686.086842][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.093372][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.398716][T18410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3266'. [ 687.783776][T18437] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3276'. [ 687.961111][T18437] hsr_slave_1 (unregistering): left promiscuous mode syzkaller syzkaller login: [ 691.491481][T18525] Process accounting resumed [ 693.270287][T18574] mkiss: ax0: crc mode is auto. [ 695.265185][T18626] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3322'. [ 695.364801][T18626] bond0: (slave bond_slave_0): Releasing backup interface [ 696.572394][T18643] mkiss: ax0: crc mode is auto. [ 699.169124][T18699] Invalid ELF header magic: != ELF [ 699.720874][T18699] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3343'. [ 700.486001][T18722] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3349'. [ 700.557196][T18725] FAULT_INJECTION: forcing a failure. [ 700.557196][T18725] name fail_futex, interval 1, probability 0, space 0, times 0 [ 700.557230][T18725] CPU: 0 UID: 0 PID: 18725 Comm: syz.4.3350 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 700.557259][T18725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 700.557273][T18725] Call Trace: [ 700.557281][T18725] [ 700.557290][T18725] dump_stack_lvl+0x16c/0x1f0 [ 700.557324][T18725] should_fail_ex+0x497/0x5b0 [ 700.557358][T18725] get_futex_key+0x1c3/0x1000 [ 700.557392][T18725] ? __pfx_get_futex_key+0x10/0x10 [ 700.557427][T18725] ? kasan_save_track+0x14/0x30 [ 700.557455][T18725] ? __kasan_kmalloc+0xaa/0xb0 [ 700.557486][T18725] futex_lock_pi+0x282/0x7a0 [ 700.557514][T18725] ? __pfx_futex_lock_pi+0x10/0x10 [ 700.557537][T18725] ? find_held_lock+0x2d/0x110 [ 700.557588][T18725] ? find_held_lock+0x2d/0x110 [ 700.557620][T18725] ? __pfx_futex_wake_mark+0x10/0x10 [ 700.557648][T18725] ? vfs_write+0x306/0x1150 [ 700.557681][T18725] do_futex+0x11b/0x350 [ 700.557713][T18725] ? __pfx_do_futex+0x10/0x10 [ 700.557753][T18725] __x64_sys_futex+0x1e1/0x4c0 [ 700.557786][T18725] ? fput+0x67/0x440 [ 700.557817][T18725] ? __pfx___x64_sys_futex+0x10/0x10 [ 700.557847][T18725] ? ksys_write+0x1ba/0x250 [ 700.557874][T18725] ? __pfx_ksys_write+0x10/0x10 [ 700.557909][T18725] do_syscall_64+0xcd/0x250 [ 700.557941][T18725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 700.557971][T18725] RIP: 0033:0x7f3b7d185d29 [ 700.557992][T18725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 700.558015][T18725] RSP: 002b:00007f3b7dfd6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 700.558041][T18725] RAX: ffffffffffffffda RBX: 00007f3b7d375fa0 RCX: 00007f3b7d185d29 [ 700.558058][T18725] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 700.558074][T18725] RBP: 00007f3b7dfd6090 R08: 0000000000000000 R09: 0000000080000001 [ 700.558090][T18725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 700.558115][T18725] R13: 0000000000000000 R14: 00007f3b7d375fa0 R15: 00007ffc2bb0e898 [ 700.558146][T18725] [ 700.667342][T18722] bond0: (slave bond_slave_0): Releasing backup interface [ 703.520173][T18781] FAULT_INJECTION: forcing a failure. [ 703.520173][T18781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 703.554552][T18781] CPU: 0 UID: 0 PID: 18781 Comm: syz.1.3363 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 703.565377][T18781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 703.575460][T18781] Call Trace: [ 703.578762][T18781] [ 703.581710][T18781] dump_stack_lvl+0x16c/0x1f0 [ 703.586420][T18781] should_fail_ex+0x497/0x5b0 [ 703.591583][T18781] core_sys_select+0x420/0xa10 [ 703.596397][T18781] ? __pfx_core_sys_select+0x10/0x10 [ 703.601720][T18781] ? find_held_lock+0x2d/0x110 [ 703.606546][T18781] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 703.612568][T18781] kern_select+0x15e/0x1e0 [ 703.617018][T18781] ? __pfx_kern_select+0x10/0x10 [ 703.621991][T18781] ? __pfx_ksys_write+0x10/0x10 [ 703.626885][T18781] __x64_sys_select+0xbd/0x160 [ 703.631678][T18781] ? do_syscall_64+0x91/0x250 [ 703.639071][T18781] ? lockdep_hardirqs_on+0x7c/0x110 [ 703.639108][T18781] do_syscall_64+0xcd/0x250 [ 703.639142][T18781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.639175][T18781] RIP: 0033:0x7f2834585d29 [ 703.639198][T18781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.639222][T18781] RSP: 002b:00007f28352de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 703.639250][T18781] RAX: ffffffffffffffda RBX: 00007f2834776080 RCX: 00007f2834585d29 [ 703.639268][T18781] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 703.639285][T18781] RBP: 00007f28352de090 R08: 0000000000000000 R09: 0000000000000000 [ 703.639302][T18781] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001 [ 703.639319][T18781] R13: 0000000000000000 R14: 00007f2834776080 R15: 00007ffdd4d01378 [ 703.639351][T18781] [ 704.930951][T18830] openvswitch: HfR: Dropping previously announced user features [ 705.923994][T18857] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3389'. [ 706.754694][T18871] Invalid ELF header magic: != ELF [ 707.678962][T18874] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3393'. [ 708.353009][T18888] zswap: compressor not available [ 710.822343][T18926] Invalid ELF header magic: != ELF [ 712.123910][T18929] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3408'. [ 714.464112][T18996] Invalid ELF header magic: != ELF [ 714.989474][T18997] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3428'. [ 715.070080][T19000] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3429'. [ 715.121519][T19000] hsr_slave_0: left promiscuous mode [ 715.162172][T19000] hsr_slave_1: left promiscuous mode [ 715.751339][T19015] FAULT_INJECTION: forcing a failure. [ 715.751339][T19015] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 715.751375][T19015] CPU: 1 UID: 0 PID: 19015 Comm: syz.2.3434 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 715.751406][T19015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 715.751422][T19015] Call Trace: [ 715.751430][T19015] [ 715.751440][T19015] dump_stack_lvl+0x16c/0x1f0 [ 715.751475][T19015] should_fail_ex+0x497/0x5b0 [ 715.751511][T19015] _copy_from_user+0x2e/0xd0 [ 715.751546][T19015] copy_msghdr_from_user+0x99/0x160 [ 715.751581][T19015] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 715.751615][T19015] ? __lock_acquire+0xcc5/0x3c40 [ 715.751655][T19015] ___sys_sendmsg+0xff/0x1e0 [ 715.751691][T19015] ? __pfx____sys_sendmsg+0x10/0x10 [ 715.751740][T19015] ? trace_lock_acquire+0x14e/0x1f0 [ 715.751801][T19015] __sys_sendmmsg+0x201/0x420 [ 715.751840][T19015] ? __pfx___sys_sendmmsg+0x10/0x10 [ 715.751886][T19015] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 715.751930][T19015] ? fput+0x67/0x440 [ 715.751965][T19015] ? ksys_write+0x1ba/0x250 [ 715.751993][T19015] ? __pfx_ksys_write+0x10/0x10 [ 715.752028][T19015] __x64_sys_sendmmsg+0x9c/0x100 [ 715.752062][T19015] ? lockdep_hardirqs_on+0x7c/0x110 [ 715.752092][T19015] do_syscall_64+0xcd/0x250 [ 715.752125][T19015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.752157][T19015] RIP: 0033:0x7fc62fb85d29 [ 715.752178][T19015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.752203][T19015] RSP: 002b:00007fc63090f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 715.752230][T19015] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb85d29 [ 715.752249][T19015] RDX: 0000000000000007 RSI: 0000000020000200 RDI: 0000000000000004 [ 715.752266][T19015] RBP: 00007fc63090f090 R08: 0000000000000000 R09: 0000000000000000 [ 715.752283][T19015] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 715.752300][T19015] R13: 0000000000000000 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 715.752333][T19015] [ 728.306043][T19205] FAULT_INJECTION: forcing a failure. [ 728.306043][T19205] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 728.306080][T19205] CPU: 0 UID: 0 PID: 19205 Comm: syz.2.3488 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 728.306111][T19205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 728.306127][T19205] Call Trace: [ 728.306135][T19205] [ 728.306146][T19205] dump_stack_lvl+0x16c/0x1f0 [ 728.306182][T19205] should_fail_ex+0x497/0x5b0 [ 728.306220][T19205] _copy_to_user+0x32/0xd0 [ 728.306258][T19205] simple_read_from_buffer+0xd0/0x160 [ 728.306289][T19205] proc_fail_nth_read+0x198/0x270 [ 728.306328][T19205] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 728.306369][T19205] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 728.306405][T19205] vfs_read+0x1df/0xbe0 [ 728.306435][T19205] ? __fget_files+0x1fc/0x3a0 [ 728.306465][T19205] ? __pfx___mutex_lock+0x10/0x10 [ 728.306496][T19205] ? __pfx_vfs_read+0x10/0x10 [ 728.306535][T19205] ? __fget_files+0x206/0x3a0 [ 728.306574][T19205] ksys_read+0x12b/0x250 [ 728.306603][T19205] ? __pfx_ksys_read+0x10/0x10 [ 728.306642][T19205] do_syscall_64+0xcd/0x250 [ 728.306676][T19205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.306709][T19205] RIP: 0033:0x7fc62fb8473c [ 728.306736][T19205] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 728.306763][T19205] RSP: 002b:00007fc63090f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 728.306791][T19205] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb8473c [ 728.306809][T19205] RDX: 000000000000000f RSI: 00007fc63090f0a0 RDI: 0000000000000008 [ 728.306827][T19205] RBP: 00007fc63090f090 R08: 0000000000000000 R09: 0000000000000000 [ 728.306844][T19205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 728.306861][T19205] R13: 0000000000000000 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 728.306896][T19205] [ 729.732037][T19224] binder: 19221:19224 ioctl 541b 9 returned -22 [ 729.839838][T19227] FAULT_INJECTION: forcing a failure. [ 729.839838][T19227] name failslab, interval 1, probability 0, space 0, times 0 [ 729.898405][T19227] CPU: 1 UID: 0 PID: 19227 Comm: syz.4.3494 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 729.909228][T19227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 729.919314][T19227] Call Trace: [ 729.922616][T19227] [ 729.925565][T19227] dump_stack_lvl+0x16c/0x1f0 [ 729.930287][T19227] should_fail_ex+0x497/0x5b0 [ 729.935003][T19227] ? fs_reclaim_acquire+0xae/0x150 [ 729.940161][T19227] should_failslab+0xc2/0x120 [ 729.944887][T19227] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 729.950295][T19227] ? alloc_empty_file+0x73/0x1e0 [ 729.955271][T19227] alloc_empty_file+0x73/0x1e0 [ 729.960079][T19227] path_openat+0xe1/0x2d60 [ 729.964530][T19227] ? hlock_class+0x4e/0x130 [ 729.969070][T19227] ? __lock_acquire+0x15a9/0x3c40 [ 729.974129][T19227] ? __pfx_path_openat+0x10/0x10 [ 729.979100][T19227] ? __pfx___lock_acquire+0x10/0x10 [ 729.984327][T19227] ? lock_acquire.part.0+0x11b/0x380 [ 729.989636][T19227] ? find_held_lock+0x2d/0x110 [ 729.994433][T19227] do_filp_open+0x20c/0x470 [ 729.998973][T19227] ? __pfx_do_filp_open+0x10/0x10 [ 730.004029][T19227] ? find_held_lock+0x2d/0x110 [ 730.008848][T19227] ? alloc_fd+0x41f/0x760 [ 730.013220][T19227] do_sys_openat2+0x17a/0x1e0 [ 730.017937][T19227] ? __pfx_do_sys_openat2+0x10/0x10 [ 730.023177][T19227] ? __fget_files+0x206/0x3a0 [ 730.027893][T19227] __x64_sys_openat+0x175/0x210 [ 730.032787][T19227] ? __pfx___x64_sys_openat+0x10/0x10 [ 730.038217][T19227] ? ksys_write+0x1ba/0x250 [ 730.038261][T19227] do_syscall_64+0xcd/0x250 [ 730.038296][T19227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.038329][T19227] RIP: 0033:0x7f3b7d185d29 [ 730.038349][T19227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 730.038373][T19227] RSP: 002b:00007f3b7dfb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 730.038399][T19227] RAX: ffffffffffffffda RBX: 00007f3b7d376080 RCX: 00007f3b7d185d29 [ 730.038418][T19227] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: ffffffffffffff9c [ 730.038435][T19227] RBP: 00007f3b7dfb5090 R08: 0000000000000000 R09: 0000000000000000 [ 730.038451][T19227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 730.038467][T19227] R13: 0000000000000001 R14: 00007f3b7d376080 R15: 00007ffc2bb0e898 [ 730.038498][T19227] [ 732.175461][T19267] Process accounting resumed [ 732.180149][T19267] bonding: no command found in bonding_masters - use +ifname or -ifname [ 735.411896][T19321] binder: 19320:19321 ioctl c0306201 9 returned -14 [ 736.250276][T19346] Process accounting resumed [ 736.255155][T19346] bonding: no command found in bonding_masters - use +ifname or -ifname [ 736.955831][T19356] blktrace: Concurrent blktraces are not allowed on sg0 [ 737.331741][T19369] binder: 19368:19369 ioctl c0306201 9 returned -14 [ 739.247749][T19406] futex_wake_op: syz.4.3539 tries to shift op by 64; fix this program [ 740.225950][T19418] blktrace: Concurrent blktraces are not allowed on sg0 [ 741.834820][T19450] FAULT_INJECTION: forcing a failure. [ 741.834820][T19450] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 741.879367][T19450] CPU: 0 UID: 0 PID: 19450 Comm: syz.1.3550 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 741.879405][T19450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 741.879421][T19450] Call Trace: [ 741.879429][T19450] [ 741.879440][T19450] dump_stack_lvl+0x16c/0x1f0 [ 741.879475][T19450] should_fail_ex+0x497/0x5b0 [ 741.879512][T19450] _copy_from_user+0x2e/0xd0 [ 741.879547][T19450] move_addr_to_kernel+0x68/0x160 [ 741.879577][T19450] __sys_connect+0xb0/0x170 [ 741.879606][T19450] ? __pfx___sys_connect+0x10/0x10 [ 741.879647][T19450] ? __pfx_ksys_write+0x10/0x10 [ 741.879681][T19450] __x64_sys_connect+0x72/0xb0 [ 741.879710][T19450] ? lockdep_hardirqs_on+0x7c/0x110 [ 741.879740][T19450] do_syscall_64+0xcd/0x250 [ 741.879774][T19450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.879806][T19450] RIP: 0033:0x7f2834585d29 [ 741.879827][T19450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 741.879851][T19450] RSP: 002b:00007f28352ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 741.879878][T19450] RAX: ffffffffffffffda RBX: 00007f2834775fa0 RCX: 00007f2834585d29 [ 741.879897][T19450] RDX: 0000000000000055 RSI: 00000000200018c0 RDI: 0000000000000003 [ 741.879914][T19450] RBP: 00007f28352ff090 R08: 0000000000000000 R09: 0000000000000000 [ 741.879931][T19450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 741.879948][T19450] R13: 0000000000000000 R14: 00007f2834775fa0 R15: 00007ffdd4d01378 [ 741.879981][T19450] [ 743.425040][T19462] blktrace: Concurrent blktraces are not allowed on sg0 [ 745.112943][T19501] zswap: compressor not available [ 745.977726][T19523] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3567'. [ 745.987834][T19526] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3568'. [ 746.542161][T19534] FAULT_INJECTION: forcing a failure. [ 746.542161][T19534] name failslab, interval 1, probability 0, space 0, times 0 [ 746.605566][T19534] CPU: 0 UID: 0 PID: 19534 Comm: syz.1.3572 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 746.616390][T19534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 746.626474][T19534] Call Trace: [ 746.629774][T19534] [ 746.632727][T19534] dump_stack_lvl+0x16c/0x1f0 [ 746.637441][T19534] should_fail_ex+0x497/0x5b0 [ 746.642162][T19534] ? fs_reclaim_acquire+0xae/0x150 [ 746.647310][T19534] should_failslab+0xc2/0x120 [ 746.652026][T19534] __kmalloc_noprof+0xce/0x4f0 [ 746.656826][T19534] ? rcu_is_watching+0x12/0xc0 [ 746.661622][T19534] ? kernfs_fop_write_iter+0x223/0x500 [ 746.667122][T19534] kernfs_fop_write_iter+0x223/0x500 [ 746.672453][T19534] vfs_write+0x5ae/0x1150 [ 746.676812][T19534] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 746.682652][T19534] ? __pfx___mutex_lock+0x10/0x10 [ 746.687708][T19534] ? __pfx_vfs_write+0x10/0x10 [ 746.692526][T19534] ksys_write+0x12b/0x250 [ 746.696888][T19534] ? __pfx_ksys_write+0x10/0x10 [ 746.701782][T19534] do_syscall_64+0xcd/0x250 [ 746.706326][T19534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.712256][T19534] RIP: 0033:0x7f2834585d29 [ 746.716698][T19534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 746.736340][T19534] RSP: 002b:00007f28352ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 746.744788][T19534] RAX: ffffffffffffffda RBX: 00007f2834775fa0 RCX: 00007f2834585d29 [ 746.752789][T19534] RDX: 0000000000000001 RSI: 0000000020003900 RDI: 0000000000000003 [ 746.760788][T19534] RBP: 00007f28352ff090 R08: 0000000000000000 R09: 0000000000000000 [ 746.768785][T19534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 746.776779][T19534] R13: 0000000000000000 R14: 00007f2834775fa0 R15: 00007ffdd4d01378 [ 746.784792][T19534] [ 747.527247][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.534813][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.818097][T19561] tty tty12: ldisc open failed (-12), clearing slot 11 [ 749.354492][T19571] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 749.490641][T19572] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 749.563574][T19572] CPU: 1 UID: 0 PID: 19572 Comm: syz.4.3582 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 749.574389][T19572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 749.584469][T19572] Call Trace: [ 749.587766][T19572] [ 749.590718][T19572] dump_stack_lvl+0x16c/0x1f0 [ 749.595436][T19572] sysfs_warn_dup+0x7f/0xa0 [ 749.600003][T19572] sysfs_do_create_link_sd+0x124/0x140 [ 749.605484][T19572] sysfs_create_link+0x61/0xc0 [ 749.610284][T19572] device_add+0x62e/0x1a70 [ 749.614736][T19572] ? __pfx_device_add+0x10/0x10 [ 749.619612][T19572] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 749.625544][T19572] ? ieee80211_set_bitrate_flags+0x249/0x6a0 [ 749.631562][T19572] wiphy_register+0x1c7a/0x2860 [ 749.636450][T19572] ? netdev_run_todo+0x837/0x12d0 [ 749.641524][T19572] ? __pfx_wiphy_register+0x10/0x10 [ 749.646783][T19572] ieee80211_register_hw+0x2951/0x3fa0 [ 749.652296][T19572] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 749.658137][T19572] ? net_generic+0xea/0x2a0 [ 749.662711][T19572] ? lockdep_init_map_type+0x16d/0x7d0 [ 749.668195][T19572] ? rcu_is_watching+0x12/0xc0 [ 749.672974][T19572] ? trace_hrtimer_init+0x1a6/0x230 [ 749.678175][T19572] ? __hrtimer_init+0x106/0x2c0 [ 749.683034][T19572] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 749.688793][T19572] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 749.694879][T19572] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 749.700199][T19572] hwsim_new_radio_nl+0xb42/0x12b0 [ 749.705333][T19572] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 749.710904][T19572] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 749.718288][T19572] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 749.725677][T19572] genl_family_rcv_msg_doit+0x202/0x2f0 [ 749.731233][T19572] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 749.737308][T19572] ? genl_get_cmd+0x195/0x580 [ 749.741999][T19572] ? bpf_lsm_capable+0x9/0x10 [ 749.746680][T19572] ? security_capable+0x7e/0x260 [ 749.751630][T19572] ? ns_capable+0xd7/0x110 [ 749.756059][T19572] genl_rcv_msg+0x565/0x800 [ 749.760574][T19572] ? __pfx_genl_rcv_msg+0x10/0x10 [ 749.765608][T19572] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 749.771271][T19572] netlink_rcv_skb+0x165/0x410 [ 749.776043][T19572] ? __pfx_genl_rcv_msg+0x10/0x10 [ 749.781079][T19572] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 749.786378][T19572] ? down_read+0xc9/0x330 [ 749.790716][T19572] ? __pfx_down_read+0x10/0x10 [ 749.795492][T19572] ? netlink_deliver_tap+0x1ae/0xca0 [ 749.800803][T19572] genl_rcv+0x28/0x40 [ 749.804793][T19572] netlink_unicast+0x53c/0x7f0 [ 749.809565][T19572] ? __pfx_netlink_unicast+0x10/0x10 [ 749.814866][T19572] ? __phys_addr_symbol+0x30/0x80 [ 749.819901][T19572] ? __check_object_size+0x488/0x710 [ 749.825204][T19572] netlink_sendmsg+0x8b8/0xd70 [ 749.829979][T19572] ? __pfx_netlink_sendmsg+0x10/0x10 [ 749.835282][T19572] ____sys_sendmsg+0x9ae/0xb40 [ 749.840048][T19572] ? copy_msghdr_from_user+0x10b/0x160 [ 749.845520][T19572] ? __pfx_____sys_sendmsg+0x10/0x10 [ 749.850824][T19572] ___sys_sendmsg+0x135/0x1e0 [ 749.855513][T19572] ? __pfx____sys_sendmsg+0x10/0x10 [ 749.860734][T19572] ? __pfx_lock_release+0x10/0x10 [ 749.865763][T19572] ? trace_lock_acquire+0x14e/0x1f0 [ 749.870978][T19572] ? __fget_files+0x206/0x3a0 [ 749.875671][T19572] __sys_sendmsg+0x16e/0x220 [ 749.880277][T19572] ? __pfx___sys_sendmsg+0x10/0x10 [ 749.885406][T19572] ? do_user_addr_fault+0x83d/0x13f0 [ 749.890701][T19572] do_syscall_64+0xcd/0x250 [ 749.895215][T19572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.901114][T19572] RIP: 0033:0x7f3b7d185d29 [ 749.905533][T19572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 749.925146][T19572] RSP: 002b:00007f3b7dfb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 749.933562][T19572] RAX: ffffffffffffffda RBX: 00007f3b7d376080 RCX: 00007f3b7d185d29 [ 749.941532][T19572] RDX: 0000000004000800 RSI: 0000000020000e00 RDI: 0000000000000003 [ 749.949504][T19572] RBP: 00007f3b7d201b08 R08: 0000000000000000 R09: 0000000000000000 [ 749.957474][T19572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.965444][T19572] R13: 0000000000000001 R14: 00007f3b7d376080 R15: 00007ffc2bb0e898 [ 749.973436][T19572] [ 756.252385][T19656] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 756.741776][T19664] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3609'. [ 759.916158][T16179] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 760.221040][T17790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 760.254120][T17790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 760.272273][T17790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 760.284481][T17790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 760.293393][T17790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 760.300910][T17790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 760.321025][T19713] FAULT_INJECTION: forcing a failure. [ 760.321025][T19713] name failslab, interval 1, probability 0, space 0, times 0 [ 760.334203][T19713] CPU: 0 UID: 0 PID: 19713 Comm: syz.2.3622 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 760.345009][T19713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 760.355093][T19713] Call Trace: [ 760.358396][T19713] [ 760.361351][T19713] dump_stack_lvl+0x16c/0x1f0 [ 760.366075][T19713] should_fail_ex+0x497/0x5b0 [ 760.370792][T19713] ? fs_reclaim_acquire+0xae/0x150 [ 760.375946][T19713] should_failslab+0xc2/0x120 [ 760.380670][T19713] __kmalloc_cache_noprof+0x68/0x420 [ 760.385993][T19713] ? trace_lock_acquire+0x14e/0x1f0 [ 760.391235][T19713] alloc_pipe_info+0x10e/0x590 [ 760.396041][T19713] splice_direct_to_actor+0x793/0xa40 [ 760.401447][T19713] ? __pfx_direct_splice_actor+0x10/0x10 [ 760.407116][T19713] ? __pfx_aa_file_perm+0x10/0x10 [ 760.412171][T19713] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 760.418101][T19713] ? __fget_files+0x1fc/0x3a0 [ 760.422817][T19713] do_splice_direct+0x178/0x250 [ 760.427711][T19713] ? __pfx_do_splice_direct+0x10/0x10 [ 760.433119][T19713] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 760.439053][T19713] do_sendfile+0xaed/0xe30 [ 760.443497][T19713] ? __pfx_do_sendfile+0x10/0x10 [ 760.448455][T19713] ? __fget_files+0x206/0x3a0 [ 760.453166][T19713] __x64_sys_sendfile64+0x1da/0x220 [ 760.458398][T19713] ? ksys_write+0x1ba/0x250 [ 760.462932][T19713] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 760.468694][T19713] do_syscall_64+0xcd/0x250 [ 760.473252][T19713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.479182][T19713] RIP: 0033:0x7fc62fb85d29 [ 760.483626][T19713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 760.503265][T19713] RSP: 002b:00007fc63090f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 760.511691][T19713] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb85d29 [ 760.519674][T19713] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 760.527650][T19713] RBP: 00007fc63090f090 R08: 0000000000000000 R09: 0000000000000000 [ 760.535634][T19713] R10: 000000007fffe000 R11: 0000000000000246 R12: 0000000000000001 [ 760.543632][T19713] R13: 0000000000000000 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 760.551651][T19713] [ 760.992512][T19709] chnl_net:caif_netlink_parms(): no params data found [ 761.279553][T19709] bridge0: port 1(bridge_slave_0) entered blocking state [ 761.298564][T19709] bridge0: port 1(bridge_slave_0) entered disabled state [ 761.327211][T19709] bridge_slave_0: entered allmulticast mode [ 761.344601][T19709] bridge_slave_0: entered promiscuous mode [ 761.360686][T19709] bridge0: port 2(bridge_slave_1) entered blocking state [ 761.382399][T19709] bridge0: port 2(bridge_slave_1) entered disabled state [ 761.400959][T19709] bridge_slave_1: entered allmulticast mode [ 761.414417][T19709] bridge_slave_1: entered promiscuous mode [ 761.486444][T19709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 761.508509][T19709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 761.561263][T19738] svc: failed to register nfsdv3 RPC service (errno 111). [ 761.575691][T19738] svc: failed to register nfsaclv3 RPC service (errno 111). [ 761.584272][T19709] team0: Port device team_slave_0 added [ 761.608924][T19709] team0: Port device team_slave_1 added [ 761.683444][T19709] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 761.693021][T19709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 761.719791][T19709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 761.733059][T19709] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 761.740298][T19709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 761.766427][T19709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 761.864023][T19709] hsr_slave_0: entered promiscuous mode [ 761.874995][T19709] hsr_slave_1: entered promiscuous mode [ 762.403794][T17790] Bluetooth: hci1: command tx timeout [ 762.590768][T19749] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3633'. [ 762.821851][T19709] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.025521][T19709] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.146301][T19709] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.312035][T19709] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.561779][T19709] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 763.596553][T19709] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 763.611469][T19709] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 763.624027][T19770] FAULT_INJECTION: forcing a failure. [ 763.624027][T19770] name failslab, interval 1, probability 0, space 0, times 0 [ 763.624079][T19770] CPU: 0 UID: 0 PID: 19770 Comm: syz.0.3640 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 763.624110][T19770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 763.624125][T19770] Call Trace: [ 763.624133][T19770] [ 763.624144][T19770] dump_stack_lvl+0x16c/0x1f0 [ 763.624178][T19770] should_fail_ex+0x497/0x5b0 [ 763.624209][T19770] ? fs_reclaim_acquire+0xae/0x150 [ 763.624241][T19770] should_failslab+0xc2/0x120 [ 763.624277][T19770] __kmalloc_noprof+0xce/0x4f0 [ 763.624307][T19770] ? d_absolute_path+0x137/0x1b0 [ 763.624342][T19770] ? tomoyo_encode2+0x100/0x3e0 [ 763.624376][T19770] tomoyo_encode2+0x100/0x3e0 [ 763.624409][T19770] tomoyo_realpath_from_path+0x1a7/0x710 [ 763.624448][T19770] tomoyo_path_number_perm+0x248/0x5b0 [ 763.624483][T19770] ? tomoyo_path_number_perm+0x235/0x5b0 [ 763.624532][T19770] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 763.624602][T19770] ? __pfx_lock_release+0x10/0x10 [ 763.624626][T19770] ? trace_lock_acquire+0x14e/0x1f0 [ 763.624663][T19770] ? lock_acquire+0x2f/0xb0 [ 763.624685][T19770] ? __fget_files+0x40/0x3a0 [ 763.624720][T19770] ? __fget_files+0x206/0x3a0 [ 763.624753][T19770] security_file_ioctl+0x9b/0x240 [ 763.624782][T19770] __x64_sys_ioctl+0xb7/0x200 [ 763.624811][T19770] do_syscall_64+0xcd/0x250 [ 763.624845][T19770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 763.624877][T19770] RIP: 0033:0x7f4b17785d29 [ 763.624898][T19770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 763.624922][T19770] RSP: 002b:00007f4b18624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 763.624950][T19770] RAX: ffffffffffffffda RBX: 00007f4b17975fa0 RCX: 00007f4b17785d29 [ 763.624968][T19770] RDX: 0000000000000024 RSI: 0000000000004c82 RDI: 0000000000000003 [ 763.624985][T19770] RBP: 00007f4b18624090 R08: 0000000000000000 R09: 0000000000000000 [ 763.625002][T19770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 763.625018][T19770] R13: 0000000000000000 R14: 00007f4b17975fa0 R15: 00007fff68d72188 [ 763.625054][T19770] [ 763.625071][T19770] ERROR: Out of memory at tomoyo_realpath_from_path. [ 763.634155][T19709] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 763.797965][T19709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 763.817212][T19709] 8021q: adding VLAN 0 to HW filter on device team0 [ 763.823167][T17714] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.033678][T17714] bridge0: port 1(bridge_slave_0) entered forwarding state [ 764.049199][T17713] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.049266][T17713] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.110120][T19709] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 764.110149][T19709] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 764.483821][T17790] Bluetooth: hci1: command tx timeout [ 764.684853][T19709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 765.707989][T19709] veth0_vlan: entered promiscuous mode [ 765.728714][T19709] veth1_vlan: entered promiscuous mode [ 765.790241][T19709] veth0_macvtap: entered promiscuous mode [ 765.820860][T19709] veth1_macvtap: entered promiscuous mode [ 765.860273][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.886160][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.916742][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.939678][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.949700][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.960291][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.970222][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 765.980834][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.990942][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.001576][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.011662][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.022430][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.032619][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.043101][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.058687][T19709] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 766.081193][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.081217][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.081228][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.081254][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.081265][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.081281][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.081293][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.081309][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.081320][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.081336][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.081348][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.081364][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.081376][T19709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.081392][T19709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.082256][T19709] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 766.111106][T19709] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.111199][T19709] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.111242][T19709] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.111277][T19709] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.306295][T17735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.397236][T17735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 766.427166][T11520] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 766.436356][T11520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 766.564951][T17790] Bluetooth: hci1: command tx timeout [ 767.164322][T19816] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3647'. [ 767.314306][ T29] audit: type=1800 audit(8277292124.410:28): pid=19820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=FFFFF2FFFFFFF2FFFFFFF2FFFFFFF2 name="features" dev="configfs" ino=65799 res=0 errno=0 [ 768.643743][T17790] Bluetooth: hci1: command tx timeout [ 768.687987][T19848] svc: failed to register nfsdv3 RPC service (errno 111). [ 768.696330][T19848] svc: failed to register nfsaclv3 RPC service (errno 111). [ 769.257273][T19853] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3657'. [ 769.310141][T19853] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3657'. [ 770.079465][ T29] audit: type=1800 audit(8277292127.170:29): pid=19884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=FFFFF2FFFFFFF2FFFFFFF2FFFFFFF2 name="features" dev="configfs" ino=65890 res=0 errno=0 [ 774.278026][T19945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3683'. [ 774.314419][T19945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3683'. [ 774.793669][ T29] audit: type=1800 audit(8277292131.880:30): pid=19956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=FFFFF2FFFFFFF2FFFFFFF2FFFFFFF2 name="features" dev="configfs" ino=65392 res=0 errno=0 [ 776.174904][T19996] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3697'. [ 776.347996][T19989] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3694'. [ 776.360627][T19989] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3694'. [ 776.370735][T19996] bond0: (slave bond_slave_1): Releasing backup interface [ 778.774021][T20029] FAULT_INJECTION: forcing a failure. [ 778.774021][T20029] name failslab, interval 1, probability 0, space 0, times 0 [ 778.832337][T20029] CPU: 0 UID: 0 PID: 20029 Comm: syz.2.3707 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 778.843172][T20029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 778.853250][T20029] Call Trace: [ 778.856552][T20029] [ 778.859514][T20029] dump_stack_lvl+0x16c/0x1f0 [ 778.864231][T20029] should_fail_ex+0x497/0x5b0 [ 778.868942][T20029] ? fs_reclaim_acquire+0xae/0x150 [ 778.874086][T20029] should_failslab+0xc2/0x120 [ 778.878802][T20029] __kmalloc_node_noprof+0xd1/0x520 [ 778.884041][T20029] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 778.889552][T20029] __kvmalloc_node_noprof+0xad/0x1a0 [ 778.894875][T20029] seq_read_iter+0x82a/0x12b0 [ 778.899584][T20029] ? __mutex_trylock_common+0xea/0x250 [ 778.905082][T20029] kernfs_fop_read_iter+0x414/0x580 [ 778.910318][T20029] ? rw_verify_area+0xd0/0x700 [ 778.915113][T20029] vfs_read+0x87f/0xbe0 [ 778.919308][T20029] ? __pfx_vfs_read+0x10/0x10 [ 778.924043][T20029] ksys_read+0x12b/0x250 [ 778.928315][T20029] ? __pfx_ksys_read+0x10/0x10 [ 778.933122][T20029] do_syscall_64+0xcd/0x250 [ 778.937659][T20029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.943584][T20029] RIP: 0033:0x7fc62fb85d29 [ 778.947999][T20029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 778.967610][T20029] RSP: 002b:00007fc63090f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 778.976025][T20029] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb85d29 [ 778.983996][T20029] RDX: 0000000000001000 RSI: 0000000020000040 RDI: 0000000000000003 [ 778.991970][T20029] RBP: 00007fc63090f090 R08: 0000000000000000 R09: 0000000000000000 [ 778.999940][T20029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 779.007926][T20029] R13: 0000000000000000 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 779.015928][T20029] [ 779.931331][ T29] audit: type=1800 audit(8277292137.010:31): pid=20035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm=FFFFF2FFFFFFF2FFFFFFF2FFFFFFF2 name="features" dev="configfs" ino=66204 res=0 errno=0 [ 780.536238][T20049] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3709'. [ 780.806953][T20049] bond0: (slave bond_slave_1): Releasing backup interface [ 783.332801][T20108] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3725'. [ 783.725071][T20108] bond0: (slave bond_slave_1): Releasing backup interface [ 788.936442][T20194] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3755'. [ 791.363618][T20239] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3769'. [ 792.598773][T20252] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 792.644823][T20255] FAULT_INJECTION: forcing a failure. [ 792.644823][T20255] name failslab, interval 1, probability 0, space 0, times 0 [ 792.704186][T20255] CPU: 0 UID: 0 PID: 20255 Comm: syz.2.3774 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 792.715014][T20255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 792.725094][T20255] Call Trace: [ 792.728390][T20255] [ 792.731336][T20255] dump_stack_lvl+0x16c/0x1f0 [ 792.736049][T20255] should_fail_ex+0x497/0x5b0 [ 792.740756][T20255] ? fs_reclaim_acquire+0xae/0x150 [ 792.745901][T20255] should_failslab+0xc2/0x120 [ 792.750630][T20255] __kmalloc_noprof+0xce/0x4f0 [ 792.755431][T20255] ? i2cdev_read+0xe4/0x260 [ 792.759970][T20255] i2cdev_read+0xe4/0x260 [ 792.764332][T20255] ? __pfx_i2cdev_read+0x10/0x10 [ 792.769300][T20255] vfs_read+0x1df/0xbe0 [ 792.773483][T20255] ? __fget_files+0x1fc/0x3a0 [ 792.778188][T20255] ? __pfx_lock_release+0x10/0x10 [ 792.783245][T20255] ? __pfx_vfs_read+0x10/0x10 [ 792.787951][T20255] ? lock_acquire+0x2f/0xb0 [ 792.792478][T20255] ? __fget_files+0x40/0x3a0 [ 792.797101][T20255] ? __fget_files+0x206/0x3a0 [ 792.801810][T20255] ksys_read+0x12b/0x250 [ 792.806077][T20255] ? __pfx_ksys_read+0x10/0x10 [ 792.810878][T20255] do_syscall_64+0xcd/0x250 [ 792.815422][T20255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.821348][T20255] RIP: 0033:0x7fc62fb85d29 [ 792.825786][T20255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 792.845418][T20255] RSP: 002b:00007fc63090f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 792.853857][T20255] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb85d29 [ 792.861852][T20255] RDX: 0000000000001f40 RSI: 0000000000000000 RDI: 0000000000000003 [ 792.869842][T20255] RBP: 00007fc63090f090 R08: 0000000000000000 R09: 0000000000000000 [ 792.877835][T20255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 792.885827][T20255] R13: 0000000000000000 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 792.893833][T20255] [ 793.207071][T20268] Process accounting resumed [ 793.819849][T20282] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 795.738294][T20322] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3796'. [ 795.839591][T20325] Process accounting resumed [ 796.317337][T20341] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3800'. [ 796.416729][T20343] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 796.885528][T20352] zswap: compressor not available [ 797.425699][T20376] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 799.081592][T20415] FAULT_INJECTION: forcing a failure. [ 799.081592][T20415] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 799.114460][T20415] CPU: 1 UID: 0 PID: 20415 Comm: syz.1.3830 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 799.125284][T20415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 799.135369][T20415] Call Trace: [ 799.138664][T20415] [ 799.141617][T20415] dump_stack_lvl+0x16c/0x1f0 [ 799.146335][T20415] should_fail_ex+0x497/0x5b0 [ 799.151050][T20415] _copy_to_iter+0x29b/0x1400 [ 799.155770][T20415] ? __pfx___lock_acquire+0x10/0x10 [ 799.161000][T20415] ? __pfx__copy_to_iter+0x10/0x10 [ 799.166150][T20415] ? kmem_cache_free+0x152/0x4c0 [ 799.171123][T20415] ? lock_acquire.part.0+0x11b/0x380 [ 799.176446][T20415] signalfd_copyinfo+0x1aa/0x760 [ 799.181418][T20415] ? __pfx_signalfd_copyinfo+0x10/0x10 [ 799.186905][T20415] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 799.192704][T20415] ? lockdep_hardirqs_on+0x7c/0x110 [ 799.197917][T20415] signalfd_read_iter+0x373/0x780 [ 799.202984][T20415] ? __pfx_signalfd_read_iter+0x10/0x10 [ 799.208566][T20415] ? __pfx_default_wake_function+0x10/0x10 [ 799.214403][T20415] ? __pfx_mark_lock+0x10/0x10 [ 799.219219][T20415] do_iter_readv_writev+0x614/0x7f0 [ 799.224453][T20415] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 799.230204][T20415] ? bpf_lsm_file_permission+0x9/0x10 [ 799.235606][T20415] ? security_file_permission+0x71/0x210 [ 799.241271][T20415] vfs_readv+0x4cf/0x890 [ 799.245539][T20415] ? find_held_lock+0x2d/0x110 [ 799.250341][T20415] ? __pfx_vfs_readv+0x10/0x10 [ 799.255130][T20415] ? find_held_lock+0x2d/0x110 [ 799.259936][T20415] ? __pfx_lock_release+0x10/0x10 [ 799.264985][T20415] ? trace_lock_acquire+0x14e/0x1f0 [ 799.270230][T20415] ? __fget_files+0x206/0x3a0 [ 799.274945][T20415] ? do_readv+0x133/0x340 [ 799.279302][T20415] do_readv+0x133/0x340 [ 799.283482][T20415] ? __pfx_do_readv+0x10/0x10 [ 799.288192][T20415] do_syscall_64+0xcd/0x250 [ 799.292735][T20415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.298659][T20415] RIP: 0033:0x7f2834585d29 [ 799.303096][T20415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 799.322741][T20415] RSP: 002b:00007f28352ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 799.331188][T20415] RAX: ffffffffffffffda RBX: 00007f2834775fa0 RCX: 00007f2834585d29 [ 799.339183][T20415] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 799.347175][T20415] RBP: 00007f28352ff090 R08: 0000000000000000 R09: 0000000000000000 [ 799.355171][T20415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 799.363166][T20415] R13: 0000000000000000 R14: 00007f2834775fa0 R15: 00007ffdd4d01378 [ 799.371177][T20415] [ 801.241303][T20459] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3835'. [ 801.516898][T20469] random: crng reseeded on system resumption [ 803.575919][T20499] db_root: cannot open: [ 804.452333][ T29] audit: type=1107 audit(8277292161.540:32): pid=20520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 805.572227][T20544] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3864'. [ 806.089527][T20562] random: crng reseeded on system resumption [ 806.987855][T20573] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3874'. [ 807.196407][T20573] bond0: (slave bond_slave_1): Releasing backup interface [ 808.970112][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.970213][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.494248][T20644] db_root: cannot open: [ 811.024539][T20656] netlink: 326 bytes leftover after parsing attributes in process `syz.4.3902'. [ 811.686059][T20672] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3908'. [ 812.370118][T20691] ALSA: mixer_oss: invalid OSS volume '' [ 812.876209][T20703] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3918'. [ 813.269048][T20718] ALSA: mixer_oss: invalid OSS volume '' [ 814.061710][T20746] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3933'. [ 814.219232][T20748] ALSA: mixer_oss: invalid OSS volume '' [ 815.469032][T20770] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3943'. [ 816.855016][T20799] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3952'. [ 817.489016][T20805] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3954'. [ 819.581709][T20862] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3973'. [ 820.740313][T20889] binder: 20888:20889 ioctl 80081270 38 returned -22 [ 820.750468][T20887] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 821.472752][T20919] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 822.087856][T20931] could not allocate digest TFM handle [ 822.400425][T20949] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 822.966242][T20957] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4008'. [ 823.549498][T20969] bond0: option all_slaves_active: invalid value () [ 824.664352][T20995] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4019'. [ 825.322853][T21012] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4025'. [ 825.467889][T21017] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 825.980091][T21032] FAULT_INJECTION: forcing a failure. [ 825.980091][T21032] name failslab, interval 1, probability 0, space 0, times 0 [ 826.015337][T21032] CPU: 1 UID: 0 PID: 21032 Comm: syz.0.4031 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 826.026165][T21032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 826.036258][T21032] Call Trace: [ 826.039555][T21032] [ 826.042505][T21032] dump_stack_lvl+0x16c/0x1f0 [ 826.047225][T21032] should_fail_ex+0x497/0x5b0 [ 826.051941][T21032] ? fs_reclaim_acquire+0xae/0x150 [ 826.057084][T21032] should_failslab+0xc2/0x120 [ 826.061789][T21032] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 826.067180][T21032] ? security_file_alloc+0x34/0x2b0 [ 826.072389][T21032] security_file_alloc+0x34/0x2b0 [ 826.077420][T21032] init_file+0x93/0x480 [ 826.081585][T21032] alloc_empty_file+0x91/0x1e0 [ 826.086361][T21032] path_openat+0xe1/0x2d60 [ 826.090787][T21032] ? hlock_class+0x4e/0x130 [ 826.095301][T21032] ? __lock_acquire+0x15a9/0x3c40 [ 826.100335][T21032] ? __pfx_path_openat+0x10/0x10 [ 826.105281][T21032] ? __pfx___lock_acquire+0x10/0x10 [ 826.110479][T21032] ? lock_acquire.part.0+0x11b/0x380 [ 826.115767][T21032] ? find_held_lock+0x2d/0x110 [ 826.120537][T21032] do_filp_open+0x20c/0x470 [ 826.125049][T21032] ? __pfx_do_filp_open+0x10/0x10 [ 826.130078][T21032] ? find_held_lock+0x2d/0x110 [ 826.134869][T21032] ? alloc_fd+0x41f/0x760 [ 826.139213][T21032] do_sys_openat2+0x17a/0x1e0 [ 826.143901][T21032] ? __pfx_do_sys_openat2+0x10/0x10 [ 826.149118][T21032] ? __fget_files+0x206/0x3a0 [ 826.153831][T21032] __x64_sys_openat+0x175/0x210 [ 826.158693][T21032] ? __pfx___x64_sys_openat+0x10/0x10 [ 826.164079][T21032] ? ksys_write+0x1ba/0x250 [ 826.168602][T21032] do_syscall_64+0xcd/0x250 [ 826.173112][T21032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 826.179018][T21032] RIP: 0033:0x7f4b17785d29 [ 826.183433][T21032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 826.203049][T21032] RSP: 002b:00007f4b18603038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 826.211494][T21032] RAX: ffffffffffffffda RBX: 00007f4b17976080 RCX: 00007f4b17785d29 [ 826.219475][T21032] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: ffffffffffffff9c [ 826.227447][T21032] RBP: 00007f4b18603090 R08: 0000000000000000 R09: 0000000000000000 [ 826.235419][T21032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 826.243390][T21032] R13: 0000000000000001 R14: 00007f4b17976080 R15: 00007fff68d72188 [ 826.251381][T21032] [ 826.396496][T21030] could not allocate digest TFM handle [ 826.613775][T21034] could not allocate digest TFM handle [ 826.816987][T21046] ALSA: mixer_oss: invalid OSS volume 'òÿÿÿòÿÿÿòÿÿÿòÿÿÿ' [ 828.014669][T21070] bond0: option all_slaves_active: invalid value ( ) [ 832.581534][T21153] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 835.799897][T21239] netlink: 93 bytes leftover after parsing attributes in process `syz.0.4100'. [ 835.832874][T21241] zswap: compressor not available [ 836.394307][T21257] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4106'. [ 839.754351][T21286] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4117'. [ 840.734538][T21314] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4126'. [ 841.367729][T21328] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4129'. [ 844.540771][T21368] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4140'. [ 846.072367][T21378] Invalid ELF header magic: != ELF [ 847.630883][T21401] lo: entered allmulticast mode [ 847.660288][T21401] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4152'. [ 847.967070][T21409] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4153'. [ 848.659821][T21400] lo: left allmulticast mode [ 848.752986][T21419] FAULT_INJECTION: forcing a failure. [ 848.752986][T21419] name failslab, interval 1, probability 0, space 0, times 0 [ 848.883965][T21419] CPU: 1 UID: 0 PID: 21419 Comm: syz.0.4155 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 848.894791][T21419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 848.904875][T21419] Call Trace: [ 848.908170][T21419] [ 848.911118][T21419] dump_stack_lvl+0x16c/0x1f0 [ 848.915833][T21419] should_fail_ex+0x497/0x5b0 [ 848.920552][T21419] ? fs_reclaim_acquire+0xae/0x150 [ 848.925704][T21419] should_failslab+0xc2/0x120 [ 848.930418][T21419] __kmalloc_noprof+0xce/0x4f0 [ 848.935235][T21419] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 848.940896][T21419] ? tomoyo_realpath_from_path+0xbf/0x710 [ 848.946650][T21419] tomoyo_realpath_from_path+0xbf/0x710 [ 848.952228][T21419] ? tomoyo_path_number_perm+0x235/0x5b0 [ 848.957901][T21419] tomoyo_path_number_perm+0x248/0x5b0 [ 848.963395][T21419] ? tomoyo_path_number_perm+0x235/0x5b0 [ 848.969074][T21419] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 848.975094][T21419] ? __pfx_lock_release+0x10/0x10 [ 848.980122][T21419] ? trace_lock_acquire+0x14e/0x1f0 [ 848.985334][T21419] ? lock_acquire+0x2f/0xb0 [ 848.989839][T21419] ? __fget_files+0x40/0x3a0 [ 848.994443][T21419] ? __fget_files+0x206/0x3a0 [ 848.999128][T21419] security_file_ioctl+0x9b/0x240 [ 849.004160][T21419] __x64_sys_ioctl+0xb7/0x200 [ 849.008844][T21419] do_syscall_64+0xcd/0x250 [ 849.013354][T21419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 849.019255][T21419] RIP: 0033:0x7f4b17785d29 [ 849.023670][T21419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 849.043285][T21419] RSP: 002b:00007f4b18624038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 849.051722][T21419] RAX: ffffffffffffffda RBX: 00007f4b17975fa0 RCX: 00007f4b17785d29 [ 849.059694][T21419] RDX: 0000000000000009 RSI: 00000000c0306201 RDI: 0000000000000003 [ 849.067673][T21419] RBP: 00007f4b18624090 R08: 0000000000000000 R09: 0000000000000000 [ 849.075652][T21419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 849.083628][T21419] R13: 0000000000000000 R14: 00007f4b17975fa0 R15: 00007fff68d72188 [ 849.091626][T21419] [ 849.136588][T21405] kexec: Could not allocate control_code_buffer [ 849.138127][T21419] ERROR: Out of memory at tomoyo_realpath_from_path. [ 849.213774][T21419] binder: 21418:21419 ioctl c0306201 9 returned -14 [ 849.762391][T21440] FAULT_INJECTION: forcing a failure. [ 849.762391][T21440] name failslab, interval 1, probability 0, space 0, times 0 [ 849.762428][T21440] CPU: 1 UID: 0 PID: 21440 Comm: syz.4.4161 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 849.762460][T21440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 849.762475][T21440] Call Trace: [ 849.762484][T21440] [ 849.762494][T21440] dump_stack_lvl+0x16c/0x1f0 [ 849.762529][T21440] should_fail_ex+0x497/0x5b0 [ 849.762560][T21440] ? fs_reclaim_acquire+0xae/0x150 [ 849.762591][T21440] should_failslab+0xc2/0x120 [ 849.762625][T21440] __kmalloc_noprof+0xce/0x4f0 [ 849.762659][T21440] ? alloc_pipe_info+0x1ec/0x590 [ 849.762696][T21440] alloc_pipe_info+0x1ec/0x590 [ 849.762732][T21440] splice_direct_to_actor+0x793/0xa40 [ 849.762762][T21440] ? __pfx_direct_splice_actor+0x10/0x10 [ 849.762793][T21440] ? __pfx_aa_file_perm+0x10/0x10 [ 849.851993][T21440] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 849.852036][T21440] ? __fget_files+0x1fc/0x3a0 [ 849.852071][T21440] do_splice_direct+0x178/0x250 [ 849.852101][T21440] ? __pfx_do_splice_direct+0x10/0x10 [ 849.852129][T21440] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 849.852169][T21440] do_sendfile+0xaed/0xe30 [ 849.852204][T21440] ? __pfx_do_sendfile+0x10/0x10 [ 849.852233][T21440] ? __fget_files+0x206/0x3a0 [ 849.852272][T21440] __x64_sys_sendfile64+0x1da/0x220 [ 849.852305][T21440] ? ksys_write+0x1ba/0x250 [ 849.852335][T21440] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 849.852385][T21440] do_syscall_64+0xcd/0x250 [ 849.852421][T21440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 849.852454][T21440] RIP: 0033:0x7fbbaf385d29 [ 849.852476][T21440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 849.852502][T21440] RSP: 002b:00007fbbb026c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 849.852530][T21440] RAX: ffffffffffffffda RBX: 00007fbbaf575fa0 RCX: 00007fbbaf385d29 [ 849.852549][T21440] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 849.852567][T21440] RBP: 00007fbbb026c090 R08: 0000000000000000 R09: 0000000000000000 [ 849.852584][T21440] R10: 000000007fffe000 R11: 0000000000000246 R12: 0000000000000001 [ 849.852602][T21440] R13: 0000000000000000 R14: 00007fbbaf575fa0 R15: 00007ffec14176b8 [ 849.852636][T21440] [ 850.380483][T21457] lo: entered allmulticast mode [ 850.384245][T21455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4164'. [ 850.386979][T21457] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4168'. [ 851.336675][T21456] lo: left allmulticast mode [ 852.018557][T21458] kexec: Could not allocate control_code_buffer [ 852.221823][T21481] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4174'. [ 852.693686][T21490] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000000006 [ 853.000594][T21504] FAULT_INJECTION: forcing a failure. [ 853.000594][T21504] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 853.014837][T21504] CPU: 1 UID: 0 PID: 21504 Comm: syz.1.4180 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 853.025648][T21504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 853.035731][T21504] Call Trace: [ 853.039029][T21504] [ 853.041983][T21504] dump_stack_lvl+0x16c/0x1f0 [ 853.046700][T21504] should_fail_ex+0x497/0x5b0 [ 853.051416][T21504] _copy_to_user+0x32/0xd0 [ 853.055871][T21504] simple_read_from_buffer+0xd0/0x160 [ 853.061283][T21504] proc_fail_nth_read+0x198/0x270 [ 853.066352][T21504] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 853.071948][T21504] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 853.077540][T21504] vfs_read+0x1df/0xbe0 [ 853.081734][T21504] ? __fget_files+0x1fc/0x3a0 [ 853.086444][T21504] ? __pfx___mutex_lock+0x10/0x10 [ 853.091506][T21504] ? __pfx_vfs_read+0x10/0x10 [ 853.096221][T21504] ? __fget_files+0x206/0x3a0 [ 853.100951][T21504] ksys_read+0x12b/0x250 [ 853.105239][T21504] ? __pfx_ksys_read+0x10/0x10 [ 853.110045][T21504] do_syscall_64+0xcd/0x250 [ 853.114593][T21504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.120521][T21504] RIP: 0033:0x7f283458473c [ 853.124959][T21504] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 853.144593][T21504] RSP: 002b:00007f28352ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 853.153035][T21504] RAX: ffffffffffffffda RBX: 00007f2834775fa0 RCX: 00007f283458473c [ 853.161036][T21504] RDX: 000000000000000f RSI: 00007f28352ff0a0 RDI: 0000000000000004 [ 853.169037][T21504] RBP: 00007f28352ff090 R08: 0000000000000000 R09: 0000000000000000 [ 853.177038][T21504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 853.185040][T21504] R13: 0000000000000000 R14: 00007f2834775fa0 R15: 00007ffdd4d01378 [ 853.193056][T21504] [ 853.280024][T21508] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4183'. [ 853.577196][T21526] FAULT_INJECTION: forcing a failure. [ 853.577196][T21526] name failslab, interval 1, probability 0, space 0, times 0 [ 853.577252][T21526] CPU: 0 UID: 0 PID: 21526 Comm: syz.2.4188 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 853.577284][T21526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 853.577299][T21526] Call Trace: [ 853.577308][T21526] [ 853.577319][T21526] dump_stack_lvl+0x16c/0x1f0 [ 853.577356][T21526] should_fail_ex+0x497/0x5b0 [ 853.577387][T21526] ? fs_reclaim_acquire+0xae/0x150 [ 853.577420][T21526] should_failslab+0xc2/0x120 [ 853.577455][T21526] __kmalloc_cache_noprof+0x68/0x420 [ 853.577487][T21526] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 853.577521][T21526] ? __pfx_lock_release+0x10/0x10 [ 853.577550][T21526] gpiolib_seq_start+0x69/0x270 [ 853.577590][T21526] seq_read_iter+0x2ab/0x12b0 [ 853.577632][T21526] seq_read+0x39f/0x4e0 [ 853.577659][T21526] ? __pfx_seq_read+0x10/0x10 [ 853.577713][T21526] full_proxy_read+0xfb/0x1b0 [ 853.577745][T21526] ? __pfx_full_proxy_read+0x10/0x10 [ 853.577782][T21526] vfs_read+0x1df/0xbe0 [ 853.577812][T21526] ? __fget_files+0x1fc/0x3a0 [ 853.577843][T21526] ? __pfx___mutex_lock+0x10/0x10 [ 853.577876][T21526] ? __pfx_vfs_read+0x10/0x10 [ 853.577915][T21526] ? __fget_files+0x206/0x3a0 [ 853.577955][T21526] ksys_read+0x12b/0x250 [ 853.577983][T21526] ? __pfx_ksys_read+0x10/0x10 [ 853.578029][T21526] do_syscall_64+0xcd/0x250 [ 853.578063][T21526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.578096][T21526] RIP: 0033:0x7fc62fb85d29 [ 853.578118][T21526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 853.578142][T21526] RSP: 002b:00007fc63090f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 853.578169][T21526] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb85d29 [ 853.578188][T21526] RDX: 00000000000003ba RSI: 0000000000000000 RDI: 0000000000000003 [ 853.578205][T21526] RBP: 00007fc63090f090 R08: 0000000000000000 R09: 0000000000000000 [ 853.578223][T21526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 853.578240][T21526] R13: 0000000000000000 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 853.578276][T21526] [ 853.597765][T21526] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 853.597795][T21526] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 853.597813][T21526] CPU: 0 UID: 0 PID: 21526 Comm: syz.2.4188 Not tainted 6.13.0-rc6-syzkaller-00046-g0b7958fa05d5 #0 [ 853.597842][T21526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 853.597857][T21526] RIP: 0010:gpiolib_seq_stop+0x4c/0xe0 [ 853.597897][T21526] Code: 48 c1 ea 03 80 3c 02 00 0f 85 98 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 60 8b [ 853.597921][T21526] RSP: 0018:ffffc900108bfae0 EFLAGS: 00010247 [ 853.597943][T21526] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000400 [ 853.597960][T21526] RDX: 0000000000000000 RSI: ffffffff84cccf7e RDI: 0000000000000004 [ 853.597976][T21526] RBP: 0000000000000000 R08: 0000000000000dc0 R09: 00000000ffffffff [ 853.597991][T21526] R10: ffffffff8df7cd13 R11: 0000000000000002 R12: 0000000000000000 [ 853.598007][T21526] R13: ffffffff8bb59ba0 R14: 0000000000000000 R15: ffffc900108bfc48 [ 853.598024][T21526] FS: 00007fc63090f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 853.598050][T21526] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 853.598068][T21526] CR2: 0000001b2e35ffff CR3: 0000000065258000 CR4: 00000000003526f0 [ 853.598084][T21526] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 853.598099][T21526] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 853.598115][T21526] Call Trace: [ 853.598123][T21526] [ 853.598132][T21526] ? die_addr+0x3b/0xa0 [ 853.598159][T21526] ? exc_general_protection+0x155/0x230 [ 853.598199][T21526] ? asm_exc_general_protection+0x26/0x30 [ 853.598234][T21526] ? gpiolib_seq_stop+0xe/0xe0 [ 853.598268][T21526] ? gpiolib_seq_stop+0x4c/0xe0 [ 853.598302][T21526] seq_read_iter+0x5ff/0x12b0 [ 853.598333][T21526] seq_read+0x39f/0x4e0 [ 853.598356][T21526] ? __pfx_seq_read+0x10/0x10 [ 853.598393][T21526] full_proxy_read+0xfb/0x1b0 [ 853.598422][T21526] ? __pfx_full_proxy_read+0x10/0x10 [ 853.598452][T21526] vfs_read+0x1df/0xbe0 [ 853.598479][T21526] ? __fget_files+0x1fc/0x3a0 [ 853.598507][T21526] ? __pfx___mutex_lock+0x10/0x10 [ 853.598537][T21526] ? __pfx_vfs_read+0x10/0x10 [ 853.598567][T21526] ? __fget_files+0x206/0x3a0 [ 853.598598][T21526] ksys_read+0x12b/0x250 [ 853.598623][T21526] ? __pfx_ksys_read+0x10/0x10 [ 853.598654][T21526] do_syscall_64+0xcd/0x250 [ 853.598684][T21526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.598714][T21526] RIP: 0033:0x7fc62fb85d29 [ 853.598733][T21526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 853.598762][T21526] RSP: 002b:00007fc63090f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 853.598785][T21526] RAX: ffffffffffffffda RBX: 00007fc62fd75fa0 RCX: 00007fc62fb85d29 [ 853.598803][T21526] RDX: 00000000000003ba RSI: 0000000000000000 RDI: 0000000000000003 [ 853.598819][T21526] RBP: 00007fc63090f090 R08: 0000000000000000 R09: 0000000000000000 [ 853.598835][T21526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 853.598850][T21526] R13: 0000000000000000 R14: 00007fc62fd75fa0 R15: 00007ffcb707ee18 [ 853.598874][T21526] [ 853.598882][T21526] Modules linked in: [ 853.598921][T21526] ---[ end trace 0000000000000000 ]--- [ 853.598933][T21526] RIP: 0010:gpiolib_seq_stop+0x4c/0xe0 [ 853.598968][T21526] Code: 48 c1 ea 03 80 3c 02 00 0f 85 98 00 00 00 48 8b 9b e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 60 8b [ 853.598991][T21526] RSP: 0018:ffffc900108bfae0 EFLAGS: 00010247 [ 853.599011][T21526] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000400 [ 853.599028][T21526] RDX: 0000000000000000 RSI: ffffffff84cccf7e RDI: 0000000000000004 [ 853.599045][T21526] RBP: 0000000000000000 R08: 0000000000000dc0 R09: 00000000ffffffff [ 853.599061][T21526] R10: ffffffff8df7cd13 R11: 0000000000000002 R12: 0000000000000000 [ 853.599078][T21526] R13: ffffffff8bb59ba0 R14: 0000000000000000 R15: ffffc900108bfc48 [ 853.599095][T21526] FS: 00007fc63090f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 853.599121][T21526] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 853.599139][T21526] CR2: 0000001b2e35ffff CR3: 0000000065258000 CR4: 00000000003526f0 [ 853.599157][T21526] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 853.599172][T21526] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 853.599191][T21526] Kernel panic - not syncing: Fatal exception [ 853.599434][T21526] Kernel Offset: disabled