last executing test programs: 25.122632469s ago: executing program 0 (id=2315): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttynull\x00', 0x201, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0x81) timer_create$auto(0x0, &(0x7f0000000000)={@sival_int=0x9bb7, @inferred, 0x4, @_tid=0x1}, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) mlockall$auto(0x7) migrate_pages$auto(0x0, 0x3, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) socket(0x1d, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x9, 0x21e9, 0xfffffff2, 0x2, 0x9, 0xb, 0x2e, 0x8000, 0x3}, 0x6f4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xf) bpf$auto(0x40002, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x101}, 0x2) r5 = socket(0x2, 0x1, 0x106) connect$auto(r5, &(0x7f0000000040)=@in={0x2, 0x20, @remote}, 0x5) setsockopt$auto(r5, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(r6, 0x402c542d, 0x38) 13.073219526s ago: executing program 1 (id=2340): mmap$auto(0x0, 0x20009, 0x0, 0x410, 0x401, 0x8004) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.stat.local\x00', 0x200400, 0x0) write$auto(r0, 0x0, 0x800f) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) signalfd$auto(0xffffffff, 0x0, 0x8) r1 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_clock\x00', 0x101001, 0x0) write$auto_trace_clock_fops_trace(r1, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_size_kb\x00', 0x0, 0x0) prlimit64$auto(0x0, 0x7, &(0x7f0000000cc0)={0xfff, 0xf1c6}, 0x0) poll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xffff}, 0x3fa, 0x1c) r2 = open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x100) ppoll$auto(&(0x7f0000000180)={r2, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/pci0000:00/0000:00:01.1/ata1/link1/dev1.1/ata_device/dev1.1/power/control\x00', 0x6c1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) write$auto(r3, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) 9.117245707s ago: executing program 1 (id=2351): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) ioctl$auto_SNDCTL_DSP_SETDUPLEX(r1, 0x5016, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000052c4030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001"], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) sendmsg$auto_NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4004850) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x20, 0xf1, 0xb0, @raw=0xfffff038}}) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0x6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) r3 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) pread64$auto(r3, 0x0, 0x20000000001, 0x7fff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000003c0), r2) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="030026bd7000080000e704cf01524fba000f0000002b9cfd0c7c16dffc330339a20cb0c85646aa9598bd749dc9173b970c0a58"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x9, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x40, 0x8, 0x100000000}}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0xa, 0x3, 0xff) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) 8.223119489s ago: executing program 1 (id=2345): io_uring_setup$auto(0x59, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x13, 0x602, 0x300000000000) prctl$auto_PR_SET_MM_ARG_START(0x4, 0x8, 0xffffffffffffffff, 0xd, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x102, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) mlockall$auto(0x7) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) pipe$auto(0x0) ioctl$auto_IOCTL_VMCI_VERSION(0xffffffffffffffff, 0x79f, 0x4) migrate_pages$auto(0x0, 0x3, &(0x7f0000000100)=0x5, 0x0) mq_open$auto(0x0, 0x400056a, 0xd, 0x0) setitimer$auto(0x2, &(0x7f0000000040)={{}, {0x0, 0x8}}, 0x0) unshare$auto(0x40000080) mmap$auto(0x21, 0x40008, 0xdb, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') mmap$auto(0x0, 0x4, 0xffd, 0x8000000008012, 0x3, 0x0) setitimer$auto(0x7fffffff, &(0x7f0000000000)={{0x1ba4, 0x6}, {0x10000, 0x8000000000000001}}, 0x0) ioperm$auto(0x7, 0x6, 0x2) getpid() close_range$auto(0x2, 0xa, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) unshare$auto(0x40000080) 6.815421136s ago: executing program 2 (id=2347): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttynull\x00', 0x201, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x1fe, 0x81) timer_create$auto(0x0, &(0x7f0000000000)={@sival_int=0x9bb7, @inferred, 0x4, @_tid=0x1}, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00'], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) mlockall$auto(0x7) migrate_pages$auto(0x0, 0x3, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) socket(0x1d, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x9, 0x21e9, 0xfffffff2, 0x2, 0x9, 0xb, 0x2e, 0x8000, 0x3}, 0x6f4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xf) bpf$auto(0x40002, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x101}, 0x2) r5 = socket(0x2, 0x1, 0x106) connect$auto(r5, &(0x7f0000000040)=@in={0x2, 0x20, @remote}, 0x5) setsockopt$auto(r5, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(r6, 0x402c542d, 0x38) 6.815261262s ago: executing program 3 (id=2348): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1003, 0xebb, 0x3, 0x4) mmap$auto(0x0, 0x7e, 0x2, 0x9b72, 0x2, 0x7fff) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) sched_rr_get_interval$auto(0x0, 0x0) getrandom$auto(0x0, 0xe, 0x7) madvise$auto(0x81, 0x3, 0x9) madvise$auto(0x0, 0x2003f0, 0x13) mincore$auto(0x0, 0x10000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r1, 0x7, 0x6}, 0x8000004, 0xffffc) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/loop15/hctx0/cpu0/read_rq_list\x00', 0x101480, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) socket(0x2, 0x5, 0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000100)=@can={0x1d, 0x0}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000000)="d42aab0d5bea7cad64edad3f70e611d7c09e06dd142b968fbdcf09", 0x7, &(0x7f00000000c0)={0x0, 0x19ffb}, 0x201, 0x0, 0x0, 0xb}, 0x9fa5}, 0x7, 0x5) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x8) listen$auto(0x3, 0x83) setsockopt$auto(0x3, 0x1, 0x31, 0x0, 0x9) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r1) r5 = socket$nl_generic(0x10, 0x3, 0x10) timerfd_create$auto(0x8, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), r5) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="18e89765f5bf377fba12ddca1d0a53f6d8f0dc2bae5d47ea0e903fc018442c0ce6d62ccd0099daa64e6f2abaa1c2de54da9aca66453e7b151178328cce9732e76020fb80ab922765db10b1c6a08ee3b5f9107453467ce8ecec", @ANYRESOCT=r3, @ANYRESDEC=r4], 0x54}, 0x1, 0x0, 0x0, 0x4008050}, 0x4000800) 6.631022916s ago: executing program 3 (id=2349): mmap$auto(0x0, 0x20009, 0x0, 0x410, 0x401, 0x8004) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.stat.local\x00', 0x200400, 0x0) write$auto(r0, 0x0, 0x800f) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) signalfd$auto(0xffffffff, 0x0, 0x8) r1 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_clock\x00', 0x101001, 0x0) write$auto_trace_clock_fops_trace(r1, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_size_kb\x00', 0x0, 0x0) prlimit64$auto(0x0, 0x7, &(0x7f0000000cc0)={0xfff, 0xf1c6}, 0x0) poll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xffff}, 0x3fa, 0x1c) r2 = open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x100) ppoll$auto(&(0x7f0000000180)={r2, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/pci0000:00/0000:00:01.1/ata1/link1/dev1.1/ata_device/dev1.1/power/control\x00', 0x6c1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) write$auto(r3, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) 5.820505368s ago: executing program 2 (id=2350): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x2000, 0x0) r1 = getpgid(0x0) pidfd_open$auto(r1, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x1, 0x6, 0x80000001, "a2b8e85fc56865ba529faa000000000000000000000018f4ffffdeffff0000000000c7692a240000008000", @raw=0x6}, 0x6, 0x5, 0x7, @inferred=r1, @reserved="fb99d320be0de941ac3f58d7aae0c84cbe332d618e0342771e3ac6e9a9df07cf9b1c017c611ac455c01804d0d3c89bee7005c5affd5ab811fd53443e6cf63a902991b44e48364e8de3f344584996c31f9ae16c6c4f064c38f590125ed26400", "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f4ab606c276852295e00af49090000008034"}) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x9, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x742, 0x0) open(0x0, 0xa61c2, 0x84) ioctl$auto(r0, 0x8, r0) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000180), 0x220000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000015c0)={'wg1\x00', 0x0}) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) ioctl$auto_TIOCSTI2(r6, 0x5412, &(0x7f0000000840)) bpf$auto(0x0, &(0x7f0000001500)=@bpf_attr_5={@target_ifindex=r5, r3, 0x9, 0x1, r2, @relative_id=0x2, 0x2}, 0x12) bpf$auto(0x8000000, &(0x7f0000000000)=@query={@target_fd=r7, 0x5, 0x8000a93, 0x93, 0x10001, @count=0x1, 0x0, 0x2, 0x3, 0xbc13, 0xfffffffffffffff7}, 0x0) request_key$auto_KEY_SPEC_REQUESTOR_KEYRING(&(0x7f0000000040)='c\x00', &(0x7f0000000080)='Kn\x9f\x15\xaf\xfcyF\xe5\b\xdc\xff_l\x17\xd1\xf1\xde\xfc\x0e\xf2\x18\xc0o\xb8\xdbU\xb7', 0x0, 0xfffffffffffffff8) r8 = socket(0x26, 0x3, 0x9) r9 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) poll$auto(&(0x7f0000000000)={r9, 0x0, 0x3ff}, 0x2, 0x6) sendmmsg$auto(r8, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x11}, 0x5, &(0x7f0000000180), 0x5, 0xe}, 0x5}, 0x2, 0x100) 5.563697019s ago: executing program 2 (id=2352): mmap$auto(0x0, 0x20009, 0x0, 0x410, 0x401, 0x8004) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.stat.local\x00', 0x200400, 0x0) write$auto(r0, 0x0, 0x800f) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) signalfd$auto(0xffffffff, 0x0, 0x8) r1 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_clock\x00', 0x101001, 0x0) write$auto_trace_clock_fops_trace(r1, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_size_kb\x00', 0x0, 0x0) prlimit64$auto(0x0, 0x7, &(0x7f0000000cc0)={0xfff, 0xf1c6}, 0x0) poll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xffff}, 0x3fa, 0x1c) r2 = open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x100) ppoll$auto(&(0x7f0000000180)={r2, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/pci0000:00/0000:00:01.1/ata1/link1/dev1.1/ata_device/dev1.1/power/control\x00', 0x6c1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) write$auto(r3, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) 4.239487647s ago: executing program 3 (id=2353): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x14, 0xfffffffffffffffa, 0x6) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) r0 = prctl$auto(0x3e, 0x0, 0x0, 0xfffffffffffffffe, 0x4) mmap$auto(0x3, 0x200000000005, 0xdf, 0xeb5, 0x401, 0x8001) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd2/queue/io_timeout\x00', 0x129882, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0x40246f4c, 0x38) unshare$auto(0x40000080) ioctl$auto_RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x1, 0x3, {0x8005, 0x3, 0x2, 0x7, 0x2, 0x73, 0xfffffffd, 0x10003, 0x3}}) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r2 = timerfd_create$auto(0x9, 0x0) timerfd_settime$auto(r2, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7) open(0x0, 0x161342, 0x100) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) open(0x0, 0xeee00, 0x31) msgrcv$auto(0x71, &(0x7f0000000040)={0x4, 0x5}, 0x0, 0x7fffffffffffffff, 0x5) 4.001139095s ago: executing program 0 (id=2320): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x2000, 0x0) r1 = getpgid(0x0) pidfd_open$auto(r1, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{@inferred, 0x1, 0x6, 0x80000001, "a2b8e85fc56865ba529faa000000000000000000000018f4ffffdeffff0000000000c7692a240000008000", @raw=0x6}, 0x6, 0x5, 0x7, @inferred=r1, @reserved="fb99d320be0de941ac3f58d7aae0c84cbe332d618e0342771e3ac6e9a9df07cf9b1c017c611ac455c01804d0d3c89bee7005c5affd5ab811fd53443e6cf63a902991b44e48364e8de3f344584996c31f9ae16c6c4f064c38f590125ed26400", "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f4ab606c276852295e00af49090000008034"}) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x9, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x742, 0x0) open(0x0, 0xa61c2, 0x84) ioctl$auto(r0, 0x8, r0) openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000180), 0x220000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000015c0)={'wg1\x00', 0x0}) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd1, 0x0, 0x4) ioctl$auto_TIOCSTI2(r6, 0x5412, &(0x7f0000000840)="13915fb9") bpf$auto(0x0, &(0x7f0000001500)=@bpf_attr_5={@target_ifindex=r5, r3, 0x9, 0x1, r2, @relative_id=0x2, 0x2}, 0x12) bpf$auto(0x8000000, &(0x7f0000000000)=@query={@target_fd=r7, 0x5, 0x8000a93, 0x93, 0x10001, @count=0x1, 0x0, 0x2, 0x3, 0xbc13, 0xfffffffffffffff7}, 0x0) request_key$auto_KEY_SPEC_REQUESTOR_KEYRING(&(0x7f0000000040)='c\x00', &(0x7f0000000080)='Kn\x9f\x15\xaf\xfcyF\xe5\b\xdc\xff_l\x17\xd1\xf1\xde\xfc\x0e\xf2\x18\xc0o\xb8\xdbU\xb7', 0x0, 0xfffffffffffffff8) r8 = socket(0x26, 0x3, 0x9) r9 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) poll$auto(&(0x7f0000000000)={r9, 0x0, 0x3ff}, 0x2, 0x6) sendmmsg$auto(r8, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x11}, 0x5, 0x0, 0x5, 0xe}, 0x5}, 0x2, 0x100) 3.821389512s ago: executing program 1 (id=2354): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttynull\x00', 0x201, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x1fe, 0x81) timer_create$auto(0x0, &(0x7f0000000000)={@sival_int=0x9bb7, @inferred, 0x4, @_tid=0x1}, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) mlockall$auto(0x7) migrate_pages$auto(0x0, 0x3, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) socket(0x1d, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2, 0xfd}, 0x6a) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x9, 0x21e9, 0xfffffff2, 0x2, 0x9, 0xb, 0x2e, 0x8000, 0x3}, 0x6f4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bpf$auto(0x2, 0x0, 0xf) bpf$auto(0x40002, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x101}, 0x2) r5 = socket(0x2, 0x1, 0x106) connect$auto(r5, &(0x7f0000000040)=@in={0x2, 0x20, @remote}, 0x5) setsockopt$auto(r5, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ioctl$auto(r6, 0x402c542d, 0x38) 3.756194325s ago: executing program 2 (id=2355): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x14, 0xfffffffffffffffa, 0x6) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) r0 = prctl$auto(0x3e, 0x0, 0x0, 0xfffffffffffffffe, 0x4) mmap$auto(0x3, 0x200000000005, 0xdf, 0xeb5, 0x401, 0x8001) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd2/queue/io_timeout\x00', 0x129882, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0x3, 0x40246f4c, 0x38) unshare$auto(0x40000080) ioctl$auto_RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x1, 0x3, {0x8005, 0x3, 0x2, 0x7, 0x2, 0x73, 0xfffffffd, 0x10003, 0x3}}) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r2 = timerfd_create$auto(0x9, 0x0) timerfd_settime$auto(r2, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7) open(0x0, 0x161342, 0x100) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) open(0x0, 0xeee00, 0x31) msgrcv$auto(0x71, &(0x7f0000000040)={0x4, 0x5}, 0x0, 0x7fffffffffffffff, 0x5) 3.728431716s ago: executing program 0 (id=2356): socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/fs/cifs/LinuxExtensionsEnabled\x00', 0x842, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd2/mq/0/cpu_list\x00', 0xa0440, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/64, 0x40) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6c, 0x0, 0x0, 0xfffffffffffffffd, 0x4ea, 0x1, 0x6, 0x0, 0x1, 0x0, 0x8, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x6, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000500)='/dev/video0\x00', 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0) timerfd_create$auto(0x100, 0x150b) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x100) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x9, 0x1, 0x4) mprotect$auto(0x5, 0x8000000000000004, 0x5) madvise$auto(0x0, 0xffffffffffff0001, 0x15) msync$auto(0x0, 0x2000000005, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x1, 0xfc00, 0xa) syz_clone(0x40040000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) pkey_free$auto(0x7ff) 2.635579908s ago: executing program 1 (id=2357): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000100), r2) sendmsg$auto_HSR_C_GET_NODE_STATUS(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES8=r0, @ANYBLOB="00012cbd7000fbdbdf2503000000060006000080ee000827540e00040000fcffff08000300c06ca1510f629d37c35136dd32b2ead5b9b7875488f9259d550adbca625a4b4998a0ec5e13438af59fde7a3e84aa61b2f0b081ca4ade6f8b0339d7d8ed188a4fc1a2a9d6058e5adf3cd0d0dbda795e3a7d28631ad4b62cf5fa9f2d444793dfddfe1c1d08571e7bc6a9dd691e1b2c30650a72202182247d4bbecea6ed91920b0024c2cf5530ddf092fdabc7336a2d84359ca052214cfa9278d8c895c9eadb42e87855e3b9d86f81af95782aba2c8df9637dcb8e25164a358cbaf9bbd707c793943af651ade02cb8911eee3cfbd414daa11c7f3edda988c3f9f45fb613811ef2fef4a7570a40260d91a0db7292de164ebe90510b6c94607c"], 0x2c}, 0x1, 0x0, 0x0, 0x4008811}, 0x48c4) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC1D1p\x00', 0xa00, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7) open(0x0, 0x161342, 0x100) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) open(0x0, 0xecc00, 0x40) msgrcv$auto(0x71, &(0x7f0000000040)={0x4, 0x5}, 0x0, 0x7fffffffffffffff, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) gettid() r4 = socket(0xf, 0xa, 0x5) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r4) msgctl$auto(0x8000, 0x6, 0x0) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRES16=r5, @ANYBLOB="000226bd7000fbdbdf251f0000000500080007000000d1fe2c000000010006000a000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2000c814}, 0x40000) rt_sigtimedwait$auto(&(0x7f0000000000)={0x86e}, 0x0, 0x0, 0x8) socket(0x25, 0x2, 0x2) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000002400)='/sys/devices/virtual/mtd/mtd0/mtdblock0/ro\x00', 0x20000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)=""/156, 0x9c) mmap$auto(0x0, 0x400008, 0xdf, 0x9972, r3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sysfs$auto(0x2, 0x10000000000002a, 0x0) 2.635358835s ago: executing program 3 (id=2358): syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0x42c883, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0x800e, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x20d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x800, 0x0, 0x80000001, 0x6, 0x6d42, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) msync$auto(0x8001, 0x1c0000000100000, 0x7) msgrcv$auto(0x71, &(0x7f0000000040)={0x4, 0x7}, 0x0, 0x7fffffffffffffff, 0x5) socket(0xa, 0x4, 0x6) msgctl$auto(0x8000, 0x6, &(0x7f0000000180)={{0x442, 0xffffffffffffffff, 0xee01, 0x0, 0x1, 0x6, 0x83}, &(0x7f0000000100)=0xf9, &(0x7f0000000140)=0x2, 0x4, 0xfffffffffffffffe, 0xc869be, 0x1, 0x128, 0x8000, 0x806, 0x3, @inferred, @raw=0x3}) lseek$auto(0xffffffffffffffff, 0x3, 0x42) r2 = open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) lseek$auto(r2, 0x7fffffffffffffff, 0x3) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, 0x0, 0x800) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1\x00', 0x82000, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, 0x0) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto_snd_pcm_oss_f_reg_pcm_oss(r4, &(0x7f0000000000)="ca", 0x1) 1.458993341s ago: executing program 0 (id=2359): mmap$auto(0x0, 0x20009, 0x0, 0x410, 0x401, 0x8004) ioctl$auto_IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, 0x0) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.stat.local\x00', 0x200400, 0x0) write$auto(r0, 0x0, 0x800f) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) signalfd$auto(0xffffffff, 0x0, 0x8) r1 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_clock\x00', 0x101001, 0x0) write$auto_trace_clock_fops_trace(r1, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_size_kb\x00', 0x0, 0x0) prlimit64$auto(0x0, 0x7, &(0x7f0000000cc0)={0xfff, 0xf1c6}, 0x0) poll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xffff}, 0x3fa, 0x1c) r2 = open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x100) ppoll$auto(&(0x7f0000000180)={r2, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/pci0000:00/0000:00:01.1/ata1/link1/dev1.1/ata_device/dev1.1/power/control\x00', 0x6c1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) write$auto(r3, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) 1.267637932s ago: executing program 2 (id=2360): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) ioctl$auto_SNDCTL_DSP_SETDUPLEX(r1, 0x5016, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000052c4030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001"], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) sendmsg$auto_NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4004850) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x20, 0xf1, 0xb0, @raw=0xfffff038}}) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0x6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) r3 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) pread64$auto(r3, 0x0, 0x20000000001, 0x7fff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000003c0), r2) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="030026bd7000080000e704cf01524fba000f0000002b9cfd0c7c"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x9, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x40, 0x8, 0x100000000}}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0xa, 0x3, 0xff) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) 477.830406ms ago: executing program 0 (id=2361): socket(0xa, 0x6, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/plpmtud_probe_interval\x00', 0x88082, 0x0) sendfile$auto(r0, 0x3, 0x0, 0x400000000008) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x80200, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x2, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x31}}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) 283.59702ms ago: executing program 0 (id=2362): mmap$auto(0x0, 0x20009, 0x0, 0x410, 0x401, 0x8004) ioctl$auto_IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, 0x0) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000140), 0x80800, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.stat.local\x00', 0x200400, 0x0) write$auto(r0, 0x0, 0x800f) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) signalfd$auto(0xffffffff, 0x0, 0x8) r1 = openat$auto_trace_clock_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_clock\x00', 0x101001, 0x0) write$auto_trace_clock_fops_trace(r1, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socket(0xa, 0x2, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_size_kb\x00', 0x0, 0x0) prlimit64$auto(0x0, 0x7, &(0x7f0000000cc0)={0xfff, 0xf1c6}, 0x0) poll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xffff}, 0x3fa, 0x1c) r2 = open(&(0x7f0000000000)='./file0\x00', 0x101800, 0x100) ppoll$auto(&(0x7f0000000180)={r2, 0x4, 0x8}, 0x6, 0x0, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/pci0000:00/0000:00:01.1/ata1/link1/dev1.1/ata_device/dev1.1/power/control\x00', 0x6c1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/dummy_hcd.2/usb3/authorized\x00', 0x81, 0x0) write$auto(r3, &(0x7f0000000080)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) 282.816023ms ago: executing program 3 (id=2363): prctl$auto(0x39, 0xfffffffffffffff2, 0x0, 0x0, 0x0) ioctl$auto_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000100)={"777d18b3b58c533bd55ed1721787c4ff3dd840773f2b8a55eaabccaf2d2c5073", 0x0, 0x4734, 0x1, 0x3, 0x6, 0x0}) getpgrp(r0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video3\x00', 0x10b000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r2, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0xffffffff}]}, 0x24}}, 0x4000000) close_range$auto(0x0, 0x5, 0x0) 212.997431ms ago: executing program 1 (id=2364): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x40040, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snd/pcmC0D0p\x00', 0xa00, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7) open(0x0, 0x161342, 0x100) msync$auto(0x1ffff000, 0x1800000ff010000, 0x400000004) open(0x0, 0xeee00, 0x31) msgrcv$auto(0x71, &(0x7f0000000040)={0x6, 0x5}, 0x8000000000000001, 0x4, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) gettid() r1 = socket(0xf, 0xa, 0x5) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r1) msgctl$auto(0x8000, 0x6, 0x0) sendmsg$auto_NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRES16=r2, @ANYBLOB="000226bd7000fbdbdf251f0000000500080007000000d1fe2c000000010006000a000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2000c814}, 0x40000) rt_sigtimedwait$auto(&(0x7f0000000000)={0x86e}, 0x0, 0x0, 0x8) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x10ba00, 0x114) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x9, 0x4020009, 0xdf, 0xeb1, r3, 0xb) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) ioperm$auto(0x2, 0x31c, 0x4) add_key$auto(0x0, 0x0, 0x0, 0x1, 0x8010) msgget$auto(0x0, 0x77d9) 157.768094ms ago: executing program 2 (id=2365): r0 = socket$nl_generic(0x10, 0x3, 0x10) pread64$auto(0xffffffffffffffff, 0x0, 0x3, 0x5) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x4000000) mmap$auto(0x0, 0xc, 0xdf, 0xeb1, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) recvmmsg$auto(r0, &(0x7f0000000280)={{&(0x7f0000000200)="2d30284dac75b85fd636db4df2a17ab5710b95fcaeee1d8b6d00cb860574636dfdafd96e128f4d9b4c68f1c425c7a8cbdb0ee08d449b589530207e5ccb7f650d15049feceb", 0xff, &(0x7f0000000040)={&(0x7f0000000340)="abd3ca1c556f0280f93dd790fc95d898df0f575c7649fac6188d7c24adc22cf0adbf95dc2534178f1107a3094b68553085357db51ce8f47f62c02a88bde66e98f88238f902c32f39ba2424c2fb8c57500c8b60dff1a045830c6060f11342d6b495489d6aa822de3a971c679a7a13a7301bb026974eae9d5bbfeadf", 0x1ff}, 0x7, &(0x7f00000003c0)="8ba54b0d05bdd35749beb7acefbf9958fcf008de98936bdec397c4bdaf20a57eec7b7709e4609d705672eb4a6f1f8893628b5a1b965c45b01f28005f1c1c6d32bd1e1bd8ee3b6122325cf23cafef1e7e97319c51de023b938dee970d9c694b95d70f9378e1d3f3caf099736bbaa002ba8cc3a4770ab2799f5727884707dc8d11b1d879d483040d5e057f1834a2dfaada0c60db3acaf6cfc0758e1d9a278f861b40", 0x71, 0x401}, 0x7ff}, 0x2, 0xfffff6c1, &(0x7f0000000480)={0x8, 0x10}) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS0\x00', 0x1, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r1, 0x22, &(0x7f0000000000), 0x20000001) sendmsg$auto_NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x4000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x11, 0x3, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x80000062, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x82802, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x9, 0x2, 0x6]}, 0x0) select$auto(0x3, 0x0, &(0x7f0000000100)={[0x8, 0xb, 0x0, 0x9, 0xfffffffffffffffc, 0x83, 0x6, 0x2, 0x9, 0x5, 0x4000000000000002, 0xd, 0x3, 0xfffffffffffffffa, 0x7, 0x1000000006]}, 0x0, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x5590, 0xffffffff, 0x7ffe, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001a40), r0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r0, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000002f00)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="fc180000", @ANYRES16=r3, @ANYBLOB="010027bd7000fcdbdf251b", @ANYRES32=0x0, @ANYBLOB="0c00028008000300", @ANYRES32=0x0, @ANYBLOB], 0x90}, 0x1, 0x0, 0x0, 0x24040000}, 0x4000800) 0s ago: executing program 3 (id=2366): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/block/parameters/events_dfl_poll_msecs\x00', 0x80002, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/xfs/xqmstat\x00', 0x100382, 0x0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, 0x0, 0x141a41, 0x0) socket(0x10, 0x2, 0x0) socket(0x2, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x40106f52, 0xffffffffffffffff) kernel console output (not intermixed with test programs): eyboard as /devices/platform/i8042/serio0/input/input30 [ 506.514248][T11190] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1273'. [ 506.828873][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.835505][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.591909][T11227] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1281'. [ 509.885290][T11252] FAULT_INJECTION: forcing a failure. [ 509.885290][T11252] name failslab, interval 1, probability 0, space 0, times 0 [ 509.914571][T11252] CPU: 0 UID: 0 PID: 11252 Comm: syz.1.1288 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 509.914614][T11252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 509.914632][T11252] Call Trace: [ 509.914641][T11252] [ 509.914651][T11252] dump_stack_lvl+0x16c/0x1f0 [ 509.914698][T11252] should_fail_ex+0x512/0x640 [ 509.914729][T11252] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 509.914776][T11252] should_failslab+0xc2/0x120 [ 509.914802][T11252] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 509.914845][T11252] ? __alloc_skb+0x2b2/0x380 [ 509.914879][T11252] ? bpf_lsm_capable+0x9/0x10 [ 509.914922][T11252] __alloc_skb+0x2b2/0x380 [ 509.914954][T11252] ? __pfx___alloc_skb+0x10/0x10 [ 509.914987][T11252] ? genl_rcv_msg+0x460/0x800 [ 509.915010][T11252] ? genl_rcv_msg+0x4bb/0x800 [ 509.915044][T11252] netlink_ack+0x15d/0xb80 [ 509.915085][T11252] ? __lock_acquire+0xaa4/0x1ba0 [ 509.915136][T11252] netlink_rcv_skb+0x347/0x440 [ 509.915176][T11252] ? __pfx_genl_rcv_msg+0x10/0x10 [ 509.915204][T11252] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 509.915261][T11252] ? __pfx_down_read+0x10/0x10 [ 509.915286][T11252] ? netlink_deliver_tap+0x1ae/0xd30 [ 509.915329][T11252] genl_rcv+0x28/0x40 [ 509.915368][T11252] netlink_unicast+0x53a/0x7f0 [ 509.915412][T11252] ? __pfx_netlink_unicast+0x10/0x10 [ 509.915486][T11252] netlink_sendmsg+0x8d1/0xdd0 [ 509.915532][T11252] ? __pfx_netlink_sendmsg+0x10/0x10 [ 509.915586][T11252] ____sys_sendmsg+0xa95/0xc70 [ 509.915632][T11252] ? copy_msghdr_from_user+0x10a/0x160 [ 509.915667][T11252] ? __pfx_____sys_sendmsg+0x10/0x10 [ 509.915728][T11252] ___sys_sendmsg+0x134/0x1d0 [ 509.915766][T11252] ? __pfx____sys_sendmsg+0x10/0x10 [ 509.915845][T11252] __sys_sendmsg+0x16d/0x220 [ 509.915881][T11252] ? __pfx___sys_sendmsg+0x10/0x10 [ 509.915927][T11252] ? rcu_is_watching+0x12/0xc0 [ 509.915971][T11252] do_syscall_64+0xcd/0x260 [ 509.916013][T11252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.916041][T11252] RIP: 0033:0x7fc6bf18d169 [ 509.916063][T11252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.916090][T11252] RSP: 002b:00007fc6bffca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 509.916117][T11252] RAX: ffffffffffffffda RBX: 00007fc6bf3a5fa0 RCX: 00007fc6bf18d169 [ 509.916135][T11252] RDX: 0000000000000800 RSI: 00002000000011c0 RDI: 0000000000000003 [ 509.916151][T11252] RBP: 00007fc6bffca090 R08: 0000000000000000 R09: 0000000000000000 [ 509.916168][T11252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 509.916184][T11252] R13: 0000000000000000 R14: 00007fc6bf3a5fa0 R15: 00007ffdf3d08288 [ 509.916218][T11252] [ 512.722298][T11303] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 515.806918][T11363] GUP no longer grows the stack in syz.2.1313 (11363): 14000-401000 (4000) [ 515.838358][T11363] CPU: 1 UID: 0 PID: 11363 Comm: syz.2.1313 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 515.838405][T11363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 515.838425][T11363] Call Trace: [ 515.838436][T11363] [ 515.838450][T11363] dump_stack_lvl+0x16c/0x1f0 [ 515.838504][T11363] gup_vma_lookup+0x1d2/0x220 [ 515.838545][T11363] __get_user_pages+0x234/0x36f0 [ 515.838599][T11363] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 515.838631][T11363] ? look_up_lock_class+0x59/0x150 [ 515.838676][T11363] ? __pfx___get_user_pages+0x10/0x10 [ 515.838716][T11363] ? process_vm_rw+0x2ff/0x360 [ 515.838742][T11363] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 515.838773][T11363] ? do_syscall_64+0xcd/0x260 [ 515.838833][T11363] __gup_longterm_locked+0x20d/0x1850 [ 515.838889][T11363] ? __pfx___gup_longterm_locked+0x10/0x10 [ 515.838950][T11363] pin_user_pages_remote+0xed/0x140 [ 515.838994][T11363] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 515.839036][T11363] ? mm_access+0x22d/0x2e0 [ 515.839096][T11363] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 515.839136][T11363] ? futex_wait_queue+0x14c/0x220 [ 515.839165][T11363] ? futex_unqueue+0xba/0x140 [ 515.839217][T11363] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 515.839255][T11363] ? iovec_from_user+0xbb/0x140 [ 515.839328][T11363] ? iovec_from_user+0xbb/0x140 [ 515.839375][T11363] process_vm_rw+0x2ff/0x360 [ 515.839408][T11363] ? __pfx_process_vm_rw+0x10/0x10 [ 515.839448][T11363] ? task_mm_cid_work+0x6b9/0x910 [ 515.839525][T11363] ? xfd_validate_state+0x5d/0x180 [ 515.839573][T11363] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 515.839607][T11363] ? do_syscall_64+0x91/0x260 [ 515.839651][T11363] ? lockdep_hardirqs_on+0x7c/0x110 [ 515.839696][T11363] do_syscall_64+0xcd/0x260 [ 515.839747][T11363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.839780][T11363] RIP: 0033:0x7f7f84f8d169 [ 515.839806][T11363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 515.839838][T11363] RSP: 002b:00007f7f85ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 515.839869][T11363] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8d169 [ 515.839890][T11363] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000494 [ 515.839910][T11363] RBP: 00007f7f8500e990 R08: 0000000000000003 R09: 0000000000000000 [ 515.839928][T11363] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 515.839948][T11363] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 515.839989][T11363] [ 518.054585][T11399] FAULT_INJECTION: forcing a failure. [ 518.054585][T11399] name failslab, interval 1, probability 0, space 0, times 0 [ 518.187646][T11399] CPU: 1 UID: 0 PID: 11399 Comm: syz.3.1322 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 518.187693][T11399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 518.187713][T11399] Call Trace: [ 518.187723][T11399] [ 518.187735][T11399] dump_stack_lvl+0x16c/0x1f0 [ 518.187786][T11399] should_fail_ex+0x512/0x640 [ 518.187822][T11399] ? fs_reclaim_acquire+0xae/0x150 [ 518.187863][T11399] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 518.187908][T11399] should_failslab+0xc2/0x120 [ 518.187937][T11399] __kmalloc_noprof+0xd2/0x510 [ 518.187994][T11399] tomoyo_realpath_from_path+0xc2/0x6e0 [ 518.188041][T11399] ? tomoyo_profile+0x47/0x60 [ 518.188093][T11399] tomoyo_path_number_perm+0x245/0x580 [ 518.188130][T11399] ? tomoyo_path_number_perm+0x237/0x580 [ 518.188181][T11399] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 518.188220][T11399] ? find_held_lock+0x2b/0x80 [ 518.188299][T11399] ? find_held_lock+0x2b/0x80 [ 518.188337][T11399] ? hook_file_ioctl_common+0x145/0x410 [ 518.188381][T11399] ? __fget_files+0x20e/0x3c0 [ 518.188434][T11399] security_file_ioctl+0x9b/0x240 [ 518.188475][T11399] __x64_sys_ioctl+0xb7/0x200 [ 518.188517][T11399] do_syscall_64+0xcd/0x260 [ 518.188567][T11399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.188600][T11399] RIP: 0033:0x7ff06c18d169 [ 518.188623][T11399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.188653][T11399] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 518.188686][T11399] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 518.188705][T11399] RDX: 0000000000000000 RSI: 0000000080605414 RDI: 0000000000000003 [ 518.188724][T11399] RBP: 00007ff06cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 518.188741][T11399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 518.188758][T11399] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 518.188798][T11399] [ 518.188871][T11399] ERROR: Out of memory at tomoyo_realpath_from_path. [ 518.821509][T11401] Invalid ELF header magic: != ELF [ 520.685361][T11436] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1334'. [ 525.291622][T11485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1346'. [ 526.592296][T11509] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 526.933471][T11511] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1350'. [ 528.486099][T11546] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1360'. [ 528.507473][T11545] ecryptfs_miscdev_write: Invalid packet size [192] [ 530.518832][T11581] FAULT_INJECTION: forcing a failure. [ 530.518832][T11581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 530.580258][T11581] CPU: 1 UID: 0 PID: 11581 Comm: syz.2.1373 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 530.580300][T11581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 530.580313][T11581] Call Trace: [ 530.580321][T11581] [ 530.580330][T11581] dump_stack_lvl+0x16c/0x1f0 [ 530.580366][T11581] should_fail_ex+0x512/0x640 [ 530.580397][T11581] _copy_to_user+0x32/0xd0 [ 530.580427][T11581] tomoyo_flush+0x161/0x520 [ 530.580465][T11581] tomoyo_set_string+0xaf/0xe0 [ 530.580497][T11581] tomoyo_io_printf+0x26c/0x2e0 [ 530.580532][T11581] ? __pfx_tomoyo_io_printf+0x10/0x10 [ 530.580567][T11581] ? tomoyo_flush+0x3f5/0x520 [ 530.580598][T11581] ? tomoyo_flush+0x3f5/0x520 [ 530.580647][T11581] tomoyo_read_profile+0x6dc/0xd40 [ 530.580692][T11581] tomoyo_read_control+0x299/0x540 [ 530.580731][T11581] ? __pfx_tomoyo_read+0x10/0x10 [ 530.580764][T11581] vfs_read+0x1de/0xc70 [ 530.580802][T11581] ? __pfx_vfs_read+0x10/0x10 [ 530.580829][T11581] ? find_held_lock+0x2b/0x80 [ 530.580859][T11581] ? __fget_files+0x204/0x3c0 [ 530.580896][T11581] ? __fget_files+0x20e/0x3c0 [ 530.580925][T11581] ? __fget_files+0x120/0x3c0 [ 530.580964][T11581] __x64_sys_pread64+0x1f4/0x250 [ 530.580998][T11581] ? __pfx___x64_sys_pread64+0x10/0x10 [ 530.581029][T11581] ? rcu_is_watching+0x12/0xc0 [ 530.581065][T11581] do_syscall_64+0xcd/0x260 [ 530.581101][T11581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.581124][T11581] RIP: 0033:0x7f7f84f8d169 [ 530.581142][T11581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 530.581164][T11581] RSP: 002b:00007f7f85ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 530.581185][T11581] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8d169 [ 530.581200][T11581] RDX: 000000000000b69c RSI: 0000200000000140 RDI: 0000000000000003 [ 530.581214][T11581] RBP: 00007f7f85ece090 R08: 0000000000000000 R09: 0000000000000000 [ 530.581228][T11581] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 530.581241][T11581] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 530.581280][T11581] [ 531.417589][T11592] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 532.003272][T11606] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 535.853246][T11658] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1396'. [ 536.226191][T11673] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 540.263092][T11740] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1415'. [ 540.829362][T11740] bridge0: port 3(vlan1) entered disabled state [ 541.628954][T11740] vlan1 (unregistering): left allmulticast mode [ 541.727203][T11740] veth0_vlan (unregistering): left allmulticast mode [ 541.777465][T11740] vlan1 (unregistering): left promiscuous mode [ 541.830808][T11740] bridge0: port 3(vlan1) entered disabled state [ 542.884064][T11740] syz.1.1415 (11740) used greatest stack depth: 21384 bytes left [ 543.009442][T11765] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 545.794113][T11797] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 549.100840][T11837] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 552.599074][T11891] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 552.939410][T11898] snd_aloop snd_aloop.0: control 1:6:-2147483647:¢¸è_ÅheºRŸª:6 is already present [ 554.704013][T11923] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 555.199364][T11935] FAULT_INJECTION: forcing a failure. [ 555.199364][T11935] name failslab, interval 1, probability 0, space 0, times 0 [ 555.248651][T11935] CPU: 1 UID: 0 PID: 11935 Comm: syz.1.1467 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 555.248701][T11935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 555.248720][T11935] Call Trace: [ 555.248730][T11935] [ 555.248742][T11935] dump_stack_lvl+0x16c/0x1f0 [ 555.248793][T11935] should_fail_ex+0x512/0x640 [ 555.248830][T11935] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 555.248882][T11935] should_failslab+0xc2/0x120 [ 555.248913][T11935] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 555.248963][T11935] ? __pmd_alloc+0xc3/0x870 [ 555.249006][T11935] __pmd_alloc+0xc3/0x870 [ 555.249040][T11935] ? find_held_lock+0x2b/0x80 [ 555.249083][T11935] __handle_mm_fault+0x948/0x2a40 [ 555.249139][T11935] ? __pfx___handle_mm_fault+0x10/0x10 [ 555.249207][T11935] ? find_vma+0xbf/0x140 [ 555.249238][T11935] ? __pfx_find_vma+0x10/0x10 [ 555.249279][T11935] handle_mm_fault+0x3fe/0xad0 [ 555.249330][T11935] do_user_addr_fault+0x7a6/0x1370 [ 555.249374][T11935] ? rcu_is_watching+0x12/0xc0 [ 555.249425][T11935] exc_page_fault+0x5c/0xc0 [ 555.249469][T11935] asm_exc_page_fault+0x26/0x30 [ 555.249498][T11935] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 555.249535][T11935] Code: c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 555.249566][T11935] RSP: 0018:ffffc900039af958 EFLAGS: 00050202 [ 555.249592][T11935] RAX: 0000000000000033 RBX: 0000000000000002 RCX: 0000000000000002 [ 555.249611][T11935] RDX: ffffed100f310c01 RSI: ffff888079886000 RDI: 0000000000000000 [ 555.249631][T11935] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100f310c00 [ 555.249650][T11935] R10: ffff888079886001 R11: 0000000000000000 R12: 0000000000000000 [ 555.249668][T11935] R13: ffffc900039afd38 R14: 0000000000000002 R15: ffff888079886000 [ 555.249710][T11935] _copy_to_iter+0x391/0x15a0 [ 555.249761][T11935] ? __pfx__copy_to_iter+0x10/0x10 [ 555.249802][T11935] ? kernfs_seq_stop+0xcd/0x120 [ 555.249848][T11935] ? kernfs_put_active+0x86/0xe0 [ 555.249886][T11935] seq_read_iter+0xcf8/0x12c0 [ 555.249947][T11935] kernfs_fop_read_iter+0x40f/0x5a0 [ 555.249994][T11935] do_iter_readv_writev+0x735/0x950 [ 555.250038][T11935] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 555.250092][T11935] ? rw_verify_area+0xcf/0x680 [ 555.250135][T11935] vfs_readv+0x4c5/0x8a0 [ 555.250174][T11935] ? proc_fail_nth_write+0x9f/0x250 [ 555.250218][T11935] ? find_held_lock+0x2b/0x80 [ 555.250264][T11935] ? __pfx_vfs_readv+0x10/0x10 [ 555.250306][T11935] ? vfs_write+0x316/0x1180 [ 555.250345][T11935] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 555.250436][T11935] ? do_readv+0x132/0x330 [ 555.250472][T11935] do_readv+0x132/0x330 [ 555.250510][T11935] ? __pfx_do_readv+0x10/0x10 [ 555.250548][T11935] ? rcu_is_watching+0x12/0xc0 [ 555.250597][T11935] do_syscall_64+0xcd/0x260 [ 555.250648][T11935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.250679][T11935] RIP: 0033:0x7fc6bf18d169 [ 555.250704][T11935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 555.250735][T11935] RSP: 002b:00007fc6bffca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 555.250763][T11935] RAX: ffffffffffffffda RBX: 00007fc6bf3a5fa0 RCX: 00007fc6bf18d169 [ 555.250783][T11935] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000003 [ 555.250802][T11935] RBP: 00007fc6bffca090 R08: 0000000000000000 R09: 0000000000000000 [ 555.250820][T11935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 555.250837][T11935] R13: 0000000000000000 R14: 00007fc6bf3a5fa0 R15: 00007ffdf3d08288 [ 555.250878][T11935] [ 557.690408][T11954] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 561.657606][T12019] netlink: 206 bytes leftover after parsing attributes in process `syz.0.1494'. [ 561.920165][T12026] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 564.147692][T12061] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1506'. [ 564.279150][T12065] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 564.444914][T12068] FAULT_INJECTION: forcing a failure. [ 564.444914][T12068] name failslab, interval 1, probability 0, space 0, times 0 [ 564.489902][T12068] CPU: 0 UID: 0 PID: 12068 Comm: syz.2.1510 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 564.489948][T12068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 564.489975][T12068] Call Trace: [ 564.489985][T12068] [ 564.489998][T12068] dump_stack_lvl+0x16c/0x1f0 [ 564.490050][T12068] should_fail_ex+0x512/0x640 [ 564.490086][T12068] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 564.490134][T12068] should_failslab+0xc2/0x120 [ 564.490165][T12068] __kmalloc_cache_noprof+0x6a/0x3e0 [ 564.490209][T12068] ? wq_sysfs_prep_attrs+0x8b/0x3d0 [ 564.490250][T12068] ? __pfx_wq_cpumask_store+0x10/0x10 [ 564.490300][T12068] wq_sysfs_prep_attrs+0x8b/0x3d0 [ 564.490337][T12068] wq_cpumask_store+0x51/0x190 [ 564.490382][T12068] dev_attr_store+0x55/0x80 [ 564.490419][T12068] ? __pfx_dev_attr_store+0x10/0x10 [ 564.490449][T12068] sysfs_kf_write+0xef/0x150 [ 564.490496][T12068] kernfs_fop_write_iter+0x351/0x510 [ 564.490540][T12068] ? __pfx_sysfs_kf_write+0x10/0x10 [ 564.490590][T12068] vfs_write+0x5ba/0x1180 [ 564.490636][T12068] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 564.490682][T12068] ? __pfx_vfs_write+0x10/0x10 [ 564.490730][T12068] ? __pfx_do_sys_openat2+0x10/0x10 [ 564.490761][T12068] ? __pfx_do_sys_openat2+0x10/0x10 [ 564.490815][T12068] ksys_write+0x12a/0x240 [ 564.490858][T12068] ? __pfx_ksys_write+0x10/0x10 [ 564.490899][T12068] ? rcu_is_watching+0x12/0xc0 [ 564.490961][T12068] do_syscall_64+0xcd/0x260 [ 564.491012][T12068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.491045][T12068] RIP: 0033:0x7f7f84f8d169 [ 564.491069][T12068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 564.491100][T12068] RSP: 002b:00007f7f85ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 564.491130][T12068] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8d169 [ 564.491150][T12068] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 564.491168][T12068] RBP: 00007f7f85ece090 R08: 0000000000000000 R09: 0000000000000000 [ 564.491187][T12068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 564.491204][T12068] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 564.491247][T12068] [ 566.241779][T12100] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 566.496624][T12105] netlink: 206 bytes leftover after parsing attributes in process `syz.1.1521'. [ 567.752923][T12125] zswap: compressor not available [ 568.269248][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.275650][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.330812][T12154] netlink: 206 bytes leftover after parsing attributes in process `syz.2.1534'. [ 573.328114][T12194] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1543'. [ 574.335349][T12165] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 574.619427][T12227] Invalid ELF header magic: != ELF [ 574.935297][T12227] busy [ 575.788154][T12255] FAULT_INJECTION: forcing a failure. [ 575.788154][T12255] name failslab, interval 1, probability 0, space 0, times 0 [ 575.801271][T12255] CPU: 0 UID: 0 PID: 12255 Comm: syz.1.1552 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 575.801315][T12255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 575.801333][T12255] Call Trace: [ 575.801344][T12255] [ 575.801355][T12255] dump_stack_lvl+0x16c/0x1f0 [ 575.801407][T12255] should_fail_ex+0x512/0x640 [ 575.801442][T12255] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 575.801489][T12255] should_failslab+0xc2/0x120 [ 575.801518][T12255] __kmalloc_cache_noprof+0x6a/0x3e0 [ 575.801563][T12255] ? trace_pid_list_alloc+0x27c/0x3f0 [ 575.801617][T12255] trace_pid_list_alloc+0x27c/0x3f0 [ 575.801670][T12255] trace_pid_write+0x10e/0x460 [ 575.801712][T12255] ? __pfx_trace_pid_write+0x10/0x10 [ 575.801747][T12255] ? __pfx___mutex_lock+0x10/0x10 [ 575.801796][T12255] ? update_last_data+0xb3/0x480 [ 575.801856][T12255] event_pid_write.isra.0+0x3cc/0x7c0 [ 575.801909][T12255] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 575.801974][T12255] vfs_write+0x25c/0x1180 [ 575.802016][T12255] ? __pfx_ftrace_event_pid_write+0x10/0x10 [ 575.802072][T12255] ? __pfx___mutex_lock+0x10/0x10 [ 575.802119][T12255] ? __pfx_vfs_write+0x10/0x10 [ 575.802181][T12255] ? __fget_files+0x20e/0x3c0 [ 575.802240][T12255] ksys_write+0x12a/0x240 [ 575.802289][T12255] ? __pfx_ksys_write+0x10/0x10 [ 575.802329][T12255] ? rcu_is_watching+0x12/0xc0 [ 575.802379][T12255] do_syscall_64+0xcd/0x260 [ 575.802428][T12255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.802461][T12255] RIP: 0033:0x7fc6bf18d169 [ 575.802487][T12255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.802516][T12255] RSP: 002b:00007fc6bffca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 575.802543][T12255] RAX: ffffffffffffffda RBX: 00007fc6bf3a5fa0 RCX: 00007fc6bf18d169 [ 575.802562][T12255] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 575.802581][T12255] RBP: 00007fc6bffca090 R08: 0000000000000000 R09: 0000000000000000 [ 575.802598][T12255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 575.802616][T12255] R13: 0000000000000000 R14: 00007fc6bf3a5fa0 R15: 00007ffdf3d08288 [ 575.802657][T12255] [ 576.154554][T12255] Invalid ELF header magic: != ELF [ 576.300867][T12256] busy [ 576.618728][T12260] Invalid ELF header magic: != ELF [ 576.730634][T12265] busy [ 580.637259][T12333] Invalid ELF header magic: != ELF [ 580.944454][T12334] busy [ 582.268143][T12354] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 582.609251][T12359] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1577'. [ 583.213980][T12370] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 583.920935][T12377] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[12377] [ 584.634316][T12397] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1589'. [ 584.827767][T12389] Invalid ELF header magic: != ELF [ 585.109685][T12389] busy [ 586.364226][T12427] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 591.248161][T12482] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 592.847347][T12501] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1611'. [ 593.203505][T12513] Invalid ELF header magic: != ELF [ 593.294076][T12514] Invalid ELF header magic: != ELF [ 593.428369][T12513] busy [ 593.995324][T12514] busy [ 594.012417][T12527] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 594.878972][T12542] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 595.087393][T12552] ptrace attach of "./syz-executor exec"[5840] was attempted by ""[12552] [ 595.729286][T12564] netlink: 'syz.3.1628': attribute type 4 has an invalid length. [ 595.748979][T12564] netlink: 'syz.3.1628': attribute type 9 has an invalid length. [ 597.678443][T12600] Invalid ELF header magic: != ELF [ 599.658247][T12632] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 600.815043][T12641] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1648'. [ 601.378140][T12651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1650'. [ 603.929515][T12672] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1656'. [ 603.959373][T12668] netlink: 'syz.3.1654': attribute type 1 has an invalid length. [ 604.069693][T12679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1655'. [ 604.617542][T12694] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 605.094089][T12702] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 605.211836][T12687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1658'. [ 605.827033][T12716] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1666'. [ 606.381107][T12736] FAULT_INJECTION: forcing a failure. [ 606.381107][T12736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 606.464182][T12736] CPU: 0 UID: 0 PID: 12736 Comm: syz.1.1671 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 606.464227][T12736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 606.464245][T12736] Call Trace: [ 606.464255][T12736] [ 606.464267][T12736] dump_stack_lvl+0x16c/0x1f0 [ 606.464319][T12736] should_fail_ex+0x512/0x640 [ 606.464362][T12736] _copy_to_user+0x32/0xd0 [ 606.464402][T12736] simple_read_from_buffer+0xcb/0x170 [ 606.464449][T12736] proc_fail_nth_read+0x197/0x270 [ 606.464493][T12736] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 606.464540][T12736] ? rw_verify_area+0xcf/0x680 [ 606.464577][T12736] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 606.464622][T12736] vfs_read+0x1de/0xc70 [ 606.464669][T12736] ? __pfx___mutex_lock+0x10/0x10 [ 606.464713][T12736] ? __pfx_vfs_read+0x10/0x10 [ 606.464767][T12736] ? __fget_files+0x20e/0x3c0 [ 606.464824][T12736] ksys_read+0x12a/0x240 [ 606.464866][T12736] ? __pfx_ksys_read+0x10/0x10 [ 606.464906][T12736] ? rcu_is_watching+0x12/0xc0 [ 606.464957][T12736] do_syscall_64+0xcd/0x260 [ 606.465007][T12736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.465039][T12736] RIP: 0033:0x7fc6bf18bb7c [ 606.465064][T12736] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 606.465095][T12736] RSP: 002b:00007fc6bffca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 606.465124][T12736] RAX: ffffffffffffffda RBX: 00007fc6bf3a5fa0 RCX: 00007fc6bf18bb7c [ 606.465144][T12736] RDX: 000000000000000f RSI: 00007fc6bffca0a0 RDI: 0000000000000004 [ 606.465171][T12736] RBP: 00007fc6bffca090 R08: 0000000000000000 R09: 0000000000000000 [ 606.465193][T12736] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 606.465211][T12736] R13: 0000000000000000 R14: 00007fc6bf3a5fa0 R15: 00007ffdf3d08288 [ 606.465251][T12736] [ 607.583442][T12760] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1677'. [ 608.518959][T12781] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 608.546037][T12777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1681'. [ 609.467268][T12806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1687'. [ 609.638033][T12805] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1684'. [ 610.562047][T12831] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 610.705115][T12829] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1691'. [ 612.758525][T12866] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 613.623572][T12878] FAULT_INJECTION: forcing a failure. [ 613.623572][T12878] name failslab, interval 1, probability 0, space 0, times 0 [ 613.665356][T12878] CPU: 1 UID: 0 PID: 12878 Comm: syz.2.1706 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 613.665401][T12878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 613.665420][T12878] Call Trace: [ 613.665430][T12878] [ 613.665441][T12878] dump_stack_lvl+0x16c/0x1f0 [ 613.665492][T12878] should_fail_ex+0x512/0x640 [ 613.665528][T12878] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 613.665587][T12878] should_failslab+0xc2/0x120 [ 613.665618][T12878] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 613.665673][T12878] ? nvmet_root_discovery_nqn_store+0x5f/0x200 [ 613.665724][T12878] kstrndup+0x6d/0x160 [ 613.665757][T12878] nvmet_root_discovery_nqn_store+0x5f/0x200 [ 613.665805][T12878] configfs_write_iter+0x303/0x4e0 [ 613.665847][T12878] vfs_write+0x5ba/0x1180 [ 613.665892][T12878] ? __pfx_configfs_write_iter+0x10/0x10 [ 613.665928][T12878] ? __pfx___mutex_lock+0x10/0x10 [ 613.665974][T12878] ? __pfx_vfs_write+0x10/0x10 [ 613.666049][T12878] ksys_write+0x12a/0x240 [ 613.666091][T12878] ? __pfx_ksys_write+0x10/0x10 [ 613.666132][T12878] ? rcu_is_watching+0x12/0xc0 [ 613.666183][T12878] do_syscall_64+0xcd/0x260 [ 613.666233][T12878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.666264][T12878] RIP: 0033:0x7f7f84f8d169 [ 613.666289][T12878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 613.666320][T12878] RSP: 002b:00007f7f85ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 613.666356][T12878] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8d169 [ 613.666378][T12878] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000003 [ 613.666397][T12878] RBP: 00007f7f85ece090 R08: 0000000000000000 R09: 0000000000000000 [ 613.666417][T12878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 613.666436][T12878] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 613.666479][T12878] [ 619.000404][T12971] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1735'. [ 620.485115][T13004] ======================================================= [ 620.485115][T13004] WARNING: The mand mount option has been deprecated and [ 620.485115][T13004] and is ignored by this kernel. Remove the mand [ 620.485115][T13004] option from the mount to silence this warning. [ 620.485115][T13004] ======================================================= [ 620.712253][T13005] FAULT_INJECTION: forcing a failure. [ 620.712253][T13005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 620.736952][T13007] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 620.768079][T13005] CPU: 0 UID: 0 PID: 13005 Comm: syz.2.1744 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 620.768123][T13005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 620.768148][T13005] Call Trace: [ 620.768158][T13005] [ 620.768169][T13005] dump_stack_lvl+0x16c/0x1f0 [ 620.768215][T13005] should_fail_ex+0x512/0x640 [ 620.768252][T13005] _copy_from_user+0x2e/0xd0 [ 620.768288][T13005] snd_pcm_oss_write2+0x1c2/0x410 [ 620.768317][T13005] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 620.768341][T13005] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 620.768383][T13005] snd_pcm_oss_write+0x711/0xa10 [ 620.768413][T13005] ? security_file_permission+0x71/0x210 [ 620.768457][T13005] vfs_write+0x25c/0x1180 [ 620.768494][T13005] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 620.768528][T13005] ? __pfx_vfs_write+0x10/0x10 [ 620.768563][T13005] ? find_held_lock+0x2b/0x80 [ 620.768599][T13005] ? __fget_files+0x204/0x3c0 [ 620.768644][T13005] ? __fget_files+0x20e/0x3c0 [ 620.768693][T13005] ksys_write+0x12a/0x240 [ 620.768731][T13005] ? __pfx_ksys_write+0x10/0x10 [ 620.768779][T13005] do_syscall_64+0xcd/0x260 [ 620.768823][T13005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.768852][T13005] RIP: 0033:0x7f7f84f8d169 [ 620.768875][T13005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.768903][T13005] RSP: 002b:00007f7f85ead038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 620.768929][T13005] RAX: ffffffffffffffda RBX: 00007f7f851a6080 RCX: 00007f7f84f8d169 [ 620.768947][T13005] RDX: 000000007fffffff RSI: 0000000000000000 RDI: 0000000000000003 [ 620.768963][T13005] RBP: 00007f7f85ead090 R08: 0000000000000000 R09: 0000000000000000 [ 620.768980][T13005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 620.768996][T13005] R13: 0000000000000001 R14: 00007f7f851a6080 R15: 00007ffcd9dad978 [ 620.769031][T13005] [ 621.870575][T12978] kexec: Could not allocate control_code_buffer [ 622.624254][T13036] FAULT_INJECTION: forcing a failure. [ 622.624254][T13036] name failslab, interval 1, probability 0, space 0, times 0 [ 622.642558][T13036] CPU: 1 UID: 0 PID: 13036 Comm: syz.3.1753 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 622.642603][T13036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 622.642620][T13036] Call Trace: [ 622.642630][T13036] [ 622.642641][T13036] dump_stack_lvl+0x16c/0x1f0 [ 622.642693][T13036] should_fail_ex+0x512/0x640 [ 622.642737][T13036] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 622.642790][T13036] should_failslab+0xc2/0x120 [ 622.642821][T13036] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 622.642867][T13036] ? crng_make_state+0x48e/0x6d0 [ 622.642899][T13036] ? proc_net_ns_init+0x42/0x410 [ 622.642937][T13036] ? __pfx_proc_net_ns_init+0x10/0x10 [ 622.642975][T13036] proc_net_ns_init+0x42/0x410 [ 622.643013][T13036] ? __pfx_proc_net_ns_init+0x10/0x10 [ 622.643046][T13036] ops_init+0x1df/0x5f0 [ 622.643096][T13036] setup_net+0x21e/0x850 [ 622.643144][T13036] ? __pfx_setup_net+0x10/0x10 [ 622.643183][T13036] ? lockdep_init_map_type+0x5c/0x280 [ 622.643214][T13036] ? __pfx_down_read_killable+0x10/0x10 [ 622.643249][T13036] ? debug_mutex_init+0x37/0x70 [ 622.643292][T13036] copy_net_ns+0x2a6/0x5f0 [ 622.643345][T13036] create_new_namespaces+0x3ea/0xad0 [ 622.643400][T13036] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 622.643451][T13036] ksys_unshare+0x45b/0xa40 [ 622.643499][T13036] ? __pfx_ksys_unshare+0x10/0x10 [ 622.643559][T13036] ? ksys_write+0x1b9/0x240 [ 622.643603][T13036] ? rcu_is_watching+0x12/0xc0 [ 622.643652][T13036] __x64_sys_unshare+0x31/0x40 [ 622.643700][T13036] do_syscall_64+0xcd/0x260 [ 622.643757][T13036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.643793][T13036] RIP: 0033:0x7ff06c18d169 [ 622.643817][T13036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.643847][T13036] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 622.643875][T13036] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 622.643895][T13036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 622.643913][T13036] RBP: 00007ff06cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 622.643932][T13036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 622.643950][T13036] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 622.643990][T13036] [ 623.485592][T13052] FAULT_INJECTION: forcing a failure. [ 623.485592][T13052] name failslab, interval 1, probability 0, space 0, times 0 [ 623.524720][T13052] CPU: 0 UID: 0 PID: 13052 Comm: syz.1.1759 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 623.524763][T13052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 623.524781][T13052] Call Trace: [ 623.524790][T13052] [ 623.524802][T13052] dump_stack_lvl+0x16c/0x1f0 [ 623.524848][T13052] should_fail_ex+0x512/0x640 [ 623.524879][T13052] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 623.524922][T13052] should_failslab+0xc2/0x120 [ 623.524947][T13052] __kmalloc_cache_noprof+0x6a/0x3e0 [ 623.524985][T13052] ? alloc_pipe_info+0x10e/0x590 [ 623.525032][T13052] alloc_pipe_info+0x10e/0x590 [ 623.525079][T13052] splice_direct_to_actor+0x77d/0xa30 [ 623.525125][T13052] ? __pfx_direct_splice_actor+0x10/0x10 [ 623.525169][T13052] ? __pfx_aa_file_perm+0x10/0x10 [ 623.525207][T13052] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 623.525244][T13052] ? get_pid_task+0xfc/0x250 [ 623.525279][T13052] do_splice_direct+0x174/0x240 [ 623.525318][T13052] ? __pfx_do_splice_direct+0x10/0x10 [ 623.525357][T13052] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 623.525400][T13052] ? rw_verify_area+0xcf/0x680 [ 623.525437][T13052] do_sendfile+0xafd/0xe50 [ 623.525478][T13052] ? __pfx_do_sendfile+0x10/0x10 [ 623.525515][T13052] ? __fget_files+0x20e/0x3c0 [ 623.525564][T13052] __x64_sys_sendfile64+0x1d8/0x220 [ 623.525589][T13052] ? ksys_write+0x1b9/0x240 [ 623.525626][T13052] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 623.525660][T13052] ? rcu_is_watching+0x12/0xc0 [ 623.525704][T13052] do_syscall_64+0xcd/0x260 [ 623.525746][T13052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.525774][T13052] RIP: 0033:0x7fc6bf18d169 [ 623.525796][T13052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.525823][T13052] RSP: 002b:00007fc6bffca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 623.525849][T13052] RAX: ffffffffffffffda RBX: 00007fc6bf3a5fa0 RCX: 00007fc6bf18d169 [ 623.525866][T13052] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 623.525882][T13052] RBP: 00007fc6bffca090 R08: 0000000000000000 R09: 0000000000000000 [ 623.525898][T13052] R10: 0000000001000200 R11: 0000000000000246 R12: 0000000000000001 [ 623.525916][T13052] R13: 0000000000000000 R14: 00007fc6bf3a5fa0 R15: 00007ffdf3d08288 [ 623.525950][T13052] [ 624.096275][T13060] openvswitch: netlink: IP tunnel dst address not specified [ 624.120911][T13060] openvswitch: netlink: IP tunnel dst address not specified [ 624.294749][T13064] openvswitch: netlink: IP tunnel dst address not specified [ 624.547221][T13078] FAULT_INJECTION: forcing a failure. [ 624.547221][T13078] name failslab, interval 1, probability 0, space 0, times 0 [ 624.577020][T13078] CPU: 0 UID: 0 PID: 13078 Comm: syz.0.1767 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 624.577063][T13078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 624.577081][T13078] Call Trace: [ 624.577091][T13078] [ 624.577101][T13078] dump_stack_lvl+0x16c/0x1f0 [ 624.577151][T13078] should_fail_ex+0x512/0x640 [ 624.577185][T13078] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 624.577231][T13078] should_failslab+0xc2/0x120 [ 624.577258][T13078] __kmalloc_cache_noprof+0x6a/0x3e0 [ 624.577300][T13078] ? alloc_pipe_info+0x10e/0x590 [ 624.577352][T13078] alloc_pipe_info+0x10e/0x590 [ 624.577404][T13078] splice_direct_to_actor+0x77d/0xa30 [ 624.577451][T13078] ? __pfx_direct_splice_actor+0x10/0x10 [ 624.577499][T13078] ? __pfx_aa_file_perm+0x10/0x10 [ 624.577543][T13078] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 624.577583][T13078] ? get_pid_task+0xfc/0x250 [ 624.577621][T13078] do_splice_direct+0x174/0x240 [ 624.577664][T13078] ? __pfx_do_splice_direct+0x10/0x10 [ 624.577708][T13078] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 624.577756][T13078] ? rw_verify_area+0xcf/0x680 [ 624.577798][T13078] do_sendfile+0xafd/0xe50 [ 624.577855][T13078] ? __pfx_do_sendfile+0x10/0x10 [ 624.577896][T13078] ? __fget_files+0x20e/0x3c0 [ 624.577951][T13078] __x64_sys_sendfile64+0x1d8/0x220 [ 624.577980][T13078] ? ksys_write+0x1b9/0x240 [ 624.578022][T13078] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 624.578051][T13078] ? rcu_is_watching+0x12/0xc0 [ 624.578101][T13078] do_syscall_64+0xcd/0x260 [ 624.578149][T13078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.578180][T13078] RIP: 0033:0x7f8d51f8d169 [ 624.578204][T13078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 624.578235][T13078] RSP: 002b:00007f8d52e16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 624.578264][T13078] RAX: ffffffffffffffda RBX: 00007f8d521a5fa0 RCX: 00007f8d51f8d169 [ 624.578284][T13078] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 624.578301][T13078] RBP: 00007f8d52e16090 R08: 0000000000000000 R09: 0000000000000000 [ 624.578320][T13078] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 624.578337][T13078] R13: 0000000000000000 R14: 00007f8d521a5fa0 R15: 00007ffdca434518 [ 624.578376][T13078] [ 624.815486][ T30] audit: type=1800 audit(6039351566.682:3): pid=13079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1766" name="discovery_nqn" dev="configfs" ino=38361 res=0 errno=0 [ 625.646719][T13106] FAULT_INJECTION: forcing a failure. [ 625.646719][T13106] name failslab, interval 1, probability 0, space 0, times 0 [ 625.676845][T13106] CPU: 0 UID: 0 PID: 13106 Comm: syz.3.1774 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 625.676891][T13106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 625.676910][T13106] Call Trace: [ 625.676925][T13106] [ 625.676937][T13106] dump_stack_lvl+0x16c/0x1f0 [ 625.676987][T13106] should_fail_ex+0x512/0x640 [ 625.677022][T13106] ? fs_reclaim_acquire+0xae/0x150 [ 625.677062][T13106] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 625.677105][T13106] should_failslab+0xc2/0x120 [ 625.677134][T13106] __kmalloc_noprof+0xd2/0x510 [ 625.677191][T13106] tomoyo_realpath_from_path+0xc2/0x6e0 [ 625.677240][T13106] ? tomoyo_profile+0x47/0x60 [ 625.677290][T13106] tomoyo_path_number_perm+0x245/0x580 [ 625.677326][T13106] ? tomoyo_path_number_perm+0x237/0x580 [ 625.677367][T13106] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 625.677407][T13106] ? find_held_lock+0x2b/0x80 [ 625.677483][T13106] ? find_held_lock+0x2b/0x80 [ 625.677534][T13106] ? hook_file_ioctl_common+0x145/0x410 [ 625.677577][T13106] ? __fget_files+0x20e/0x3c0 [ 625.677629][T13106] security_file_ioctl+0x9b/0x240 [ 625.677671][T13106] __x64_sys_ioctl+0xb7/0x200 [ 625.677713][T13106] do_syscall_64+0xcd/0x260 [ 625.677762][T13106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.677793][T13106] RIP: 0033:0x7ff06c18d169 [ 625.677818][T13106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.677849][T13106] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 625.677879][T13106] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 625.677899][T13106] RDX: 0000200000000040 RSI: 0000000040046104 RDI: 0000000000000003 [ 625.677918][T13106] RBP: 00007ff06cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 625.677936][T13106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.677953][T13106] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 625.677993][T13106] [ 625.678142][T13106] ERROR: Out of memory at tomoyo_realpath_from_path. [ 626.737496][T13121] zswap: compressor not available [ 626.765499][T13132] FAULT_INJECTION: forcing a failure. [ 626.765499][T13132] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 626.790600][T13132] CPU: 0 UID: 0 PID: 13132 Comm: syz.3.1783 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 626.790635][T13132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 626.790649][T13132] Call Trace: [ 626.790657][T13132] [ 626.790665][T13132] dump_stack_lvl+0x16c/0x1f0 [ 626.790703][T13132] should_fail_ex+0x512/0x640 [ 626.790734][T13132] should_fail_alloc_page+0xe7/0x130 [ 626.790757][T13132] prepare_alloc_pages+0x3c2/0x610 [ 626.790790][T13132] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 626.790827][T13132] ? copy_splice_read+0x1a8/0xba0 [ 626.790856][T13132] ? stack_trace_save+0x8e/0xc0 [ 626.790887][T13132] ? __pfx_stack_trace_save+0x10/0x10 [ 626.790916][T13132] ? stack_depot_save_flags+0x28/0xa50 [ 626.790949][T13132] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 626.790983][T13132] ? kasan_save_stack+0x42/0x60 [ 626.791014][T13132] ? kasan_save_track+0x14/0x30 [ 626.791045][T13132] ? __kmalloc_noprof+0x223/0x510 [ 626.791077][T13132] ? copy_splice_read+0x1a8/0xba0 [ 626.791104][T13132] ? do_splice_read+0x282/0x370 [ 626.791131][T13132] ? splice_file_to_pipe+0x109/0x120 [ 626.791161][T13132] ? do_sendfile+0x400/0xe50 [ 626.791188][T13132] ? __x64_sys_sendfile64+0x1d8/0x220 [ 626.791209][T13132] ? do_syscall_64+0xcd/0x260 [ 626.791262][T13132] alloc_pages_bulk_noprof+0x703/0x13b0 [ 626.791306][T13132] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 626.791348][T13132] ? trace_kmalloc+0x2b/0xd0 [ 626.791369][T13132] ? __kmalloc_noprof+0x242/0x510 [ 626.791409][T13132] copy_splice_read+0x1e1/0xba0 [ 626.791542][T13132] ? trace_contention_end+0xdd/0x130 [ 626.791567][T13132] ? __mutex_lock+0x1ca/0xb90 [ 626.791601][T13132] ? __pfx_copy_splice_read+0x10/0x10 [ 626.791635][T13132] ? __pfx___mutex_lock+0x10/0x10 [ 626.791675][T13132] ? __fget_files+0x204/0x3c0 [ 626.791710][T13132] ? __pfx_copy_splice_read+0x10/0x10 [ 626.791742][T13132] do_splice_read+0x282/0x370 [ 626.791776][T13132] splice_file_to_pipe+0x109/0x120 [ 626.791811][T13132] do_sendfile+0x400/0xe50 [ 626.791847][T13132] ? __pfx_do_sendfile+0x10/0x10 [ 626.791877][T13132] ? __fget_files+0x20e/0x3c0 [ 626.791916][T13132] __x64_sys_sendfile64+0x1d8/0x220 [ 626.791937][T13132] ? ksys_write+0x1b9/0x240 [ 626.791967][T13132] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 626.791988][T13132] ? rcu_is_watching+0x12/0xc0 [ 626.792024][T13132] do_syscall_64+0xcd/0x260 [ 626.792058][T13132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.792082][T13132] RIP: 0033:0x7ff06c18d169 [ 626.792101][T13132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.792122][T13132] RSP: 002b:00007ff06cf46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 626.792143][T13132] RAX: ffffffffffffffda RBX: 00007ff06c3a6080 RCX: 00007ff06c18d169 [ 626.792158][T13132] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000 [ 626.792171][T13132] RBP: 00007ff06cf46090 R08: 0000000000000000 R09: 0000000000000000 [ 626.792185][T13132] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 626.792198][T13132] R13: 0000000000000000 R14: 00007ff06c3a6080 R15: 00007ffec91269e8 [ 626.792227][T13132] [ 627.106052][ C0] vkms_vblank_simulate: vblank timer overrun [ 627.278305][T13109] kexec: Could not allocate control_code_buffer [ 627.449648][T13131] zswap: compressor not available [ 627.551474][T13137] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 628.888497][T13170] FAULT_INJECTION: forcing a failure. [ 628.888497][T13170] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 628.950126][T13170] CPU: 1 UID: 0 PID: 13170 Comm: syz.0.1791 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 628.950165][T13170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 628.950179][T13170] Call Trace: [ 628.950186][T13170] [ 628.950195][T13170] dump_stack_lvl+0x16c/0x1f0 [ 628.950232][T13170] should_fail_ex+0x512/0x640 [ 628.950262][T13170] _copy_to_user+0x32/0xd0 [ 628.950298][T13170] rng_dev_read+0x1ea/0x810 [ 628.950325][T13170] ? __pfx_virtio_read+0x10/0x10 [ 628.950350][T13170] ? __pfx_rng_dev_read+0x10/0x10 [ 628.950378][T13170] ? bpf_lsm_file_permission+0x9/0x10 [ 628.950406][T13170] ? security_file_permission+0x71/0x210 [ 628.950437][T13170] ? rw_verify_area+0xcf/0x680 [ 628.950463][T13170] ? __pfx_rng_dev_read+0x10/0x10 [ 628.950492][T13170] vfs_read+0x1de/0xc70 [ 628.950528][T13170] ? __pfx_vfs_read+0x10/0x10 [ 628.950558][T13170] ? find_held_lock+0x2b/0x80 [ 628.950588][T13170] ? __fget_files+0x204/0x3c0 [ 628.950624][T13170] ? __fget_files+0x20e/0x3c0 [ 628.950663][T13170] ksys_read+0x12a/0x240 [ 628.950693][T13170] ? __pfx_ksys_read+0x10/0x10 [ 628.950721][T13170] ? rcu_is_watching+0x12/0xc0 [ 628.950756][T13170] do_syscall_64+0xcd/0x260 [ 628.950791][T13170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.950814][T13170] RIP: 0033:0x7f8d51f8d169 [ 628.950832][T13170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.950854][T13170] RSP: 002b:00007f8d52e16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 628.950874][T13170] RAX: ffffffffffffffda RBX: 00007f8d521a5fa0 RCX: 00007f8d51f8d169 [ 628.950889][T13170] RDX: 00000000fffffe82 RSI: 0000200000000040 RDI: 0000000000000003 [ 628.950903][T13170] RBP: 00007f8d52e16090 R08: 0000000000000000 R09: 0000000000000000 [ 628.950917][T13170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 628.950930][T13170] R13: 0000000000000000 R14: 00007f8d521a5fa0 R15: 00007ffdca434518 [ 628.950958][T13170] [ 629.497867][T13176] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 629.710582][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.717419][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.888831][T13188] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1796'. [ 630.530020][T13201] FAULT_INJECTION: forcing a failure. [ 630.530020][T13201] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 630.576391][T13201] CPU: 0 UID: 0 PID: 13201 Comm: syz.2.1801 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 630.576436][T13201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 630.576454][T13201] Call Trace: [ 630.576464][T13201] [ 630.576476][T13201] dump_stack_lvl+0x16c/0x1f0 [ 630.576526][T13201] should_fail_ex+0x512/0x640 [ 630.576567][T13201] _copy_to_user+0x32/0xd0 [ 630.576610][T13201] simple_read_from_buffer+0xcb/0x170 [ 630.576656][T13201] proc_fail_nth_read+0x197/0x270 [ 630.576702][T13201] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 630.576749][T13201] ? rw_verify_area+0xcf/0x680 [ 630.576784][T13201] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 630.576829][T13201] vfs_read+0x1de/0xc70 [ 630.576878][T13201] ? __pfx___mutex_lock+0x10/0x10 [ 630.576924][T13201] ? __pfx_vfs_read+0x10/0x10 [ 630.576979][T13201] ? __fget_files+0x20e/0x3c0 [ 630.577036][T13201] ksys_read+0x12a/0x240 [ 630.577079][T13201] ? __pfx_ksys_read+0x10/0x10 [ 630.577119][T13201] ? rcu_is_watching+0x12/0xc0 [ 630.577171][T13201] do_syscall_64+0xcd/0x260 [ 630.577220][T13201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 630.577260][T13201] RIP: 0033:0x7f7f84f8bb7c [ 630.577284][T13201] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 630.577314][T13201] RSP: 002b:00007f7f85ece030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 630.577343][T13201] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8bb7c [ 630.577364][T13201] RDX: 000000000000000f RSI: 00007f7f85ece0a0 RDI: 0000000000000004 [ 630.577381][T13201] RBP: 00007f7f85ece090 R08: 0000000000000000 R09: 0000000000000000 [ 630.577400][T13201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 630.577418][T13201] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 630.577459][T13201] [ 630.770620][ C0] vkms_vblank_simulate: vblank timer overrun [ 631.532644][T13180] kexec: Could not allocate control_code_buffer [ 631.666279][T13210] FAULT_INJECTION: forcing a failure. [ 631.666279][T13210] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 631.746938][T13210] CPU: 0 UID: 0 PID: 13210 Comm: syz.2.1804 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 631.746974][T13210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 631.746988][T13210] Call Trace: [ 631.746995][T13210] [ 631.747003][T13210] dump_stack_lvl+0x16c/0x1f0 [ 631.747041][T13210] should_fail_ex+0x512/0x640 [ 631.747071][T13210] _copy_to_user+0x32/0xd0 [ 631.747108][T13210] rng_dev_read+0x1ea/0x810 [ 631.747133][T13210] ? __pfx_virtio_read+0x10/0x10 [ 631.747159][T13210] ? __pfx_rng_dev_read+0x10/0x10 [ 631.747187][T13210] ? bpf_lsm_file_permission+0x9/0x10 [ 631.747216][T13210] ? security_file_permission+0x71/0x210 [ 631.747247][T13210] ? rw_verify_area+0xcf/0x680 [ 631.747275][T13210] ? __pfx_rng_dev_read+0x10/0x10 [ 631.747299][T13210] vfs_readv+0x6bc/0x8a0 [ 631.747334][T13210] ? __pfx_vfs_readv+0x10/0x10 [ 631.747382][T13210] ? __fget_files+0x20e/0x3c0 [ 631.747412][T13210] ? __fget_files+0x120/0x3c0 [ 631.747451][T13210] ? do_readv+0x132/0x330 [ 631.747476][T13210] do_readv+0x132/0x330 [ 631.747504][T13210] ? __pfx_do_readv+0x10/0x10 [ 631.747540][T13210] do_syscall_64+0xcd/0x260 [ 631.747575][T13210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.747598][T13210] RIP: 0033:0x7f7f84f8d169 [ 631.747615][T13210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.747637][T13210] RSP: 002b:00007f7f85ead038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 631.747659][T13210] RAX: ffffffffffffffda RBX: 00007f7f851a6080 RCX: 00007f7f84f8d169 [ 631.747674][T13210] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000003 [ 631.747688][T13210] RBP: 00007f7f85ead090 R08: 0000000000000000 R09: 0000000000000000 [ 631.747702][T13210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 631.747715][T13210] R13: 0000000000000001 R14: 00007f7f851a6080 R15: 00007ffcd9dad978 [ 631.747743][T13210] [ 632.317641][T13212] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 633.801445][T13243] ICMPv6: process `syz.1.1811' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 635.206330][T13271] FAULT_INJECTION: forcing a failure. [ 635.206330][T13271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 635.219868][T13271] CPU: 1 UID: 0 PID: 13271 Comm: syz.2.1819 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 635.219913][T13271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 635.219932][T13271] Call Trace: [ 635.219943][T13271] [ 635.219954][T13271] dump_stack_lvl+0x16c/0x1f0 [ 635.220006][T13271] should_fail_ex+0x512/0x640 [ 635.220049][T13271] _copy_to_user+0x32/0xd0 [ 635.220092][T13271] proc_getdriver+0x1dc/0x2c0 [ 635.220134][T13271] ? __pfx_proc_getdriver+0x10/0x10 [ 635.220217][T13271] ? find_held_lock+0x2b/0x80 [ 635.220259][T13271] ? tomoyo_path_number_perm+0x295/0x580 [ 635.220306][T13271] usbdev_ioctl+0x1454/0x4070 [ 635.220356][T13271] ? __pfx_usbdev_ioctl+0x10/0x10 [ 635.220400][T13271] ? do_vfs_ioctl+0x512/0x1990 [ 635.220438][T13271] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 635.220504][T13271] ? find_held_lock+0x2b/0x80 [ 635.220542][T13271] ? hook_file_ioctl_common+0x145/0x410 [ 635.220586][T13271] ? __fget_files+0x20e/0x3c0 [ 635.220638][T13271] ? __pfx_usbdev_ioctl+0x10/0x10 [ 635.220684][T13271] __x64_sys_ioctl+0x190/0x200 [ 635.220726][T13271] do_syscall_64+0xcd/0x260 [ 635.220776][T13271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.220808][T13271] RIP: 0033:0x7f7f84f8d169 [ 635.220838][T13271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.220869][T13271] RSP: 002b:00007f7f85ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 635.220898][T13271] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8d169 [ 635.220918][T13271] RDX: 0000000000000003 RSI: 0000000041045508 RDI: 0000000000000003 [ 635.220936][T13271] RBP: 00007f7f85ece090 R08: 0000000000000000 R09: 0000000000000000 [ 635.220955][T13271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 635.220973][T13271] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 635.221013][T13271] [ 635.569533][T13282] FAULT_INJECTION: forcing a failure. [ 635.569533][T13282] name failslab, interval 1, probability 0, space 0, times 0 [ 635.585036][T13282] CPU: 1 UID: 0 PID: 13282 Comm: syz.0.1822 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 635.585075][T13282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 635.585091][T13282] Call Trace: [ 635.585102][T13282] [ 635.585112][T13282] dump_stack_lvl+0x16c/0x1f0 [ 635.585157][T13282] should_fail_ex+0x512/0x640 [ 635.585190][T13282] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 635.585242][T13282] should_failslab+0xc2/0x120 [ 635.585268][T13282] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 635.585315][T13282] ? nvmet_root_discovery_nqn_store+0x5f/0x200 [ 635.585359][T13282] kstrndup+0x6d/0x160 [ 635.585386][T13282] nvmet_root_discovery_nqn_store+0x5f/0x200 [ 635.585428][T13282] configfs_write_iter+0x303/0x4e0 [ 635.585464][T13282] vfs_write+0x5ba/0x1180 [ 635.585503][T13282] ? __pfx_configfs_write_iter+0x10/0x10 [ 635.585534][T13282] ? __pfx___mutex_lock+0x10/0x10 [ 635.585573][T13282] ? __pfx_vfs_write+0x10/0x10 [ 635.585636][T13282] ksys_write+0x12a/0x240 [ 635.585674][T13282] ? __pfx_ksys_write+0x10/0x10 [ 635.585709][T13282] ? rcu_is_watching+0x12/0xc0 [ 635.585754][T13282] do_syscall_64+0xcd/0x260 [ 635.585797][T13282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.585824][T13282] RIP: 0033:0x7f8d51f8d169 [ 635.585853][T13282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.585881][T13282] RSP: 002b:00007f8d52e16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 635.585907][T13282] RAX: ffffffffffffffda RBX: 00007f8d521a5fa0 RCX: 00007f8d51f8d169 [ 635.585926][T13282] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000003 [ 635.585942][T13282] RBP: 00007f8d52e16090 R08: 0000000000000000 R09: 0000000000000000 [ 635.585958][T13282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 635.585974][T13282] R13: 0000000000000000 R14: 00007f8d521a5fa0 R15: 00007ffdca434518 [ 635.586010][T13282] [ 636.495025][T13301] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 636.913249][T13313] FAULT_INJECTION: forcing a failure. [ 636.913249][T13313] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 636.944292][T13313] CPU: 1 UID: 0 PID: 13313 Comm: syz.0.1832 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 636.944338][T13313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 636.944356][T13313] Call Trace: [ 636.944365][T13313] [ 636.944378][T13313] dump_stack_lvl+0x16c/0x1f0 [ 636.944427][T13313] should_fail_ex+0x512/0x640 [ 636.944471][T13313] should_fail_alloc_page+0xe7/0x130 [ 636.944504][T13313] prepare_alloc_pages+0x3c2/0x610 [ 636.944541][T13313] ? is_bpf_text_address+0x8a/0x1a0 [ 636.944577][T13313] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 636.944631][T13313] ? __lock_acquire+0x5ca/0x1ba0 [ 636.944698][T13313] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 636.944762][T13313] ? find_held_lock+0x2b/0x80 [ 636.944818][T13313] ? __lock_acquire+0xaa4/0x1ba0 [ 636.944868][T13313] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 636.944906][T13313] ? policy_nodemask+0xea/0x4e0 [ 636.944962][T13313] alloc_pages_mpol+0x1fb/0x550 [ 636.944995][T13313] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 636.945026][T13313] ? __pfx___might_resched+0x10/0x10 [ 636.945075][T13313] ? __pfx___pollwait+0x10/0x10 [ 636.945116][T13313] alloc_pages_noprof+0x131/0x390 [ 636.945147][T13313] get_free_pages_noprof+0xc/0x40 [ 636.945180][T13313] __pollwait+0x295/0x490 [ 636.945225][T13313] ? __pfx___pollwait+0x10/0x10 [ 636.945263][T13313] ? __pfx_ptp_poll+0x10/0x10 [ 636.945301][T13313] ptp_poll+0xac/0x1c0 [ 636.945345][T13313] posix_clock_poll+0xed/0x160 [ 636.945392][T13313] ? __pfx_posix_clock_poll+0x10/0x10 [ 636.945437][T13313] do_select+0xd67/0x17d0 [ 636.945509][T13313] ? __pfx_do_select+0x10/0x10 [ 636.945557][T13313] ? __pfx___pollwait+0x10/0x10 [ 636.945605][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.945651][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.945697][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.945749][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.945796][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.945843][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.945888][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.945935][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.945980][T13313] ? __pfx_pollwake+0x10/0x10 [ 636.946027][T13313] ? find_held_lock+0x2b/0x80 [ 636.946064][T13313] ? __might_fault+0xe3/0x190 [ 636.946111][T13313] ? __might_fault+0xe3/0x190 [ 636.946156][T13313] ? __might_fault+0x13b/0x190 [ 636.946219][T13313] ? core_sys_select+0x440/0xbe0 [ 636.946261][T13313] core_sys_select+0x440/0xbe0 [ 636.946316][T13313] ? __pfx_core_sys_select+0x10/0x10 [ 636.946370][T13313] ? proc_fail_nth_write+0x9f/0x250 [ 636.946451][T13313] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 636.946511][T13313] kern_select+0x15d/0x1e0 [ 636.946555][T13313] ? __pfx_kern_select+0x10/0x10 [ 636.946606][T13313] ? __pfx_ksys_write+0x10/0x10 [ 636.946659][T13313] __x64_sys_select+0xbd/0x160 [ 636.946700][T13313] ? do_syscall_64+0x91/0x260 [ 636.946753][T13313] ? lockdep_hardirqs_on+0x7c/0x110 [ 636.946797][T13313] do_syscall_64+0xcd/0x260 [ 636.946847][T13313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.946879][T13313] RIP: 0033:0x7f8d51f8d169 [ 636.946904][T13313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 636.946935][T13313] RSP: 002b:00007f8d52dd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 636.946964][T13313] RAX: ffffffffffffffda RBX: 00007f8d521a6160 RCX: 00007f8d51f8d169 [ 636.946986][T13313] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 636.947004][T13313] RBP: 00007f8d52dd4090 R08: 0000000000000000 R09: 0000000000000000 [ 636.947022][T13313] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 636.947041][T13313] R13: 0000000000000001 R14: 00007f8d521a6160 R15: 00007ffdca434518 [ 636.947083][T13313] [ 638.992594][T13344] FAULT_INJECTION: forcing a failure. [ 638.992594][T13344] name failslab, interval 1, probability 0, space 0, times 0 [ 639.020655][T13344] CPU: 1 UID: 0 PID: 13344 Comm: syz.3.1838 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 639.020702][T13344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 639.020721][T13344] Call Trace: [ 639.020731][T13344] [ 639.020743][T13344] dump_stack_lvl+0x16c/0x1f0 [ 639.020786][T13344] should_fail_ex+0x512/0x640 [ 639.020812][T13344] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 639.020850][T13344] should_failslab+0xc2/0x120 [ 639.020872][T13344] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 639.020906][T13344] ? vma_merge_new_range+0x3f8/0xc10 [ 639.020940][T13344] ? vm_area_alloc+0x1f/0x160 [ 639.020975][T13344] vm_area_alloc+0x1f/0x160 [ 639.021005][T13344] __mmap_region+0xfd0/0x27c0 [ 639.021040][T13344] ? rcu_is_watching+0x12/0xc0 [ 639.021070][T13344] ? __pfx___mmap_region+0x10/0x10 [ 639.021105][T13344] ? finish_task_switch.isra.0+0x221/0xc10 [ 639.021145][T13344] ? __schedule+0x1186/0x5de0 [ 639.021173][T13344] ? kvm_sched_clock_read+0x11/0x20 [ 639.021202][T13344] ? sched_clock+0x38/0x60 [ 639.021267][T13344] ? trace_cap_capable+0x18d/0x200 [ 639.021291][T13344] ? cap_capable+0xb3/0x250 [ 639.021317][T13344] mmap_region+0x1ab/0x3f0 [ 639.021357][T13344] do_mmap+0xd8e/0x11b0 [ 639.021389][T13344] ? __pfx_do_mmap+0x10/0x10 [ 639.021417][T13344] ? __pfx_down_write_killable+0x10/0x10 [ 639.021460][T13344] vm_mmap_pgoff+0x281/0x450 [ 639.021492][T13344] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 639.021525][T13344] ? __x64_sys_futex+0x1e0/0x4c0 [ 639.021556][T13344] ? __x64_sys_futex+0x1e9/0x4c0 [ 639.021600][T13344] ksys_mmap_pgoff+0x7d/0x5c0 [ 639.021627][T13344] ? rcu_is_watching+0x12/0xc0 [ 639.021658][T13344] __x64_sys_mmap+0x125/0x190 [ 639.021688][T13344] do_syscall_64+0xcd/0x260 [ 639.021725][T13344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.021748][T13344] RIP: 0033:0x7ff06c18d169 [ 639.021766][T13344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.021789][T13344] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 639.021811][T13344] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 639.021826][T13344] RDX: 00000000000000b3 RSI: 0000000000040008 RDI: 0000000000000000 [ 639.021840][T13344] RBP: 00007ff06c20e990 R08: 0000000000000006 R09: 0000000000028000 [ 639.021855][T13344] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 639.021869][T13344] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 639.021897][T13344] [ 639.337924][T13350] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 639.396783][T13357] FAULT_INJECTION: forcing a failure. [ 639.396783][T13357] name failslab, interval 1, probability 0, space 0, times 0 [ 639.474818][T13357] CPU: 0 UID: 0 PID: 13357 Comm: syz.1.1840 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 639.474867][T13357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 639.474887][T13357] Call Trace: [ 639.474897][T13357] [ 639.474909][T13357] dump_stack_lvl+0x16c/0x1f0 [ 639.474962][T13357] should_fail_ex+0x512/0x640 [ 639.474998][T13357] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 639.475055][T13357] should_failslab+0xc2/0x120 [ 639.475087][T13357] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 639.475138][T13357] ? mas_alloc_nodes+0x18b/0x8b0 [ 639.475184][T13357] mas_alloc_nodes+0x18b/0x8b0 [ 639.475235][T13357] mas_node_count_gfp+0x105/0x130 [ 639.475282][T13357] mas_preallocate+0x53e/0xcd0 [ 639.475320][T13357] ? __pfx_mas_preallocate+0x10/0x10 [ 639.475365][T13357] ? anon_vma_name+0x75/0x100 [ 639.475404][T13357] __split_vma+0x33b/0x1030 [ 639.475458][T13357] ? __pfx___split_vma+0x10/0x10 [ 639.475525][T13357] vms_gather_munmap_vmas+0x392/0x1310 [ 639.475598][T13357] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 639.475657][T13357] ? mas_walk+0x6a6/0x910 [ 639.475715][T13357] __mmap_region+0x314/0x27c0 [ 639.475767][T13357] ? finish_task_switch.isra.0+0x221/0xc10 [ 639.475820][T13357] ? __pfx___mmap_region+0x10/0x10 [ 639.475873][T13357] ? trace_sched_exit_tp+0xde/0x130 [ 639.475936][T13357] ? __lock_acquire+0x5ca/0x1ba0 [ 639.475997][T13357] ? __pfx___schedule+0x10/0x10 [ 639.476085][T13357] ? trace_cap_capable+0x18d/0x200 [ 639.476122][T13357] ? cap_capable+0xb3/0x250 [ 639.476159][T13357] mmap_region+0x1ab/0x3f0 [ 639.476219][T13357] do_mmap+0xd8e/0x11b0 [ 639.476266][T13357] ? __pfx_do_mmap+0x10/0x10 [ 639.476306][T13357] ? __pfx_down_write_killable+0x10/0x10 [ 639.476369][T13357] vm_mmap_pgoff+0x281/0x450 [ 639.476417][T13357] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 639.476466][T13357] ? __x64_sys_futex+0x1e0/0x4c0 [ 639.476511][T13357] ? __x64_sys_futex+0x1e9/0x4c0 [ 639.476564][T13357] ksys_mmap_pgoff+0x7d/0x5c0 [ 639.476615][T13357] ? rcu_is_watching+0x12/0xc0 [ 639.476663][T13357] __x64_sys_mmap+0x125/0x190 [ 639.476708][T13357] do_syscall_64+0xcd/0x260 [ 639.476763][T13357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.476798][T13357] RIP: 0033:0x7fc6bf18d169 [ 639.476825][T13357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.476859][T13357] RSP: 002b:00007fc6bffa9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 639.476891][T13357] RAX: ffffffffffffffda RBX: 00007fc6bf3a6080 RCX: 00007fc6bf18d169 [ 639.476913][T13357] RDX: 00000000000000b3 RSI: 0000000000040008 RDI: 0000000000000000 [ 639.476933][T13357] RBP: 00007fc6bf20e990 R08: 0000000000000005 R09: 0000000000028000 [ 639.476953][T13357] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 639.476972][T13357] R13: 0000000000000000 R14: 00007fc6bf3a6080 R15: 00007ffdf3d08288 [ 639.477014][T13357] [ 639.810683][T13361] FAULT_INJECTION: forcing a failure. [ 639.810683][T13361] name failslab, interval 1, probability 0, space 0, times 0 [ 639.823912][T13361] CPU: 0 UID: 0 PID: 13361 Comm: syz.3.1842 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 639.823952][T13361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 639.823970][T13361] Call Trace: [ 639.823980][T13361] [ 639.823991][T13361] dump_stack_lvl+0x16c/0x1f0 [ 639.824042][T13361] should_fail_ex+0x512/0x640 [ 639.824077][T13361] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 639.824131][T13361] should_failslab+0xc2/0x120 [ 639.824160][T13361] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 639.824210][T13361] ? __alloc_skb+0x2b2/0x380 [ 639.824255][T13361] __alloc_skb+0x2b2/0x380 [ 639.824292][T13361] ? __pfx___alloc_skb+0x10/0x10 [ 639.824335][T13361] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 639.824379][T13361] ? __lock_acquire+0xaa4/0x1ba0 [ 639.824437][T13361] netlink_alloc_large_skb+0x69/0x130 [ 639.824486][T13361] netlink_sendmsg+0x6a1/0xdd0 [ 639.824539][T13361] ? __pfx_netlink_sendmsg+0x10/0x10 [ 639.824612][T13361] ____sys_sendmsg+0xa95/0xc70 [ 639.824663][T13361] ? copy_msghdr_from_user+0x10a/0x160 [ 639.824704][T13361] ? __pfx_____sys_sendmsg+0x10/0x10 [ 639.824773][T13361] ___sys_sendmsg+0x134/0x1d0 [ 639.824817][T13361] ? __pfx____sys_sendmsg+0x10/0x10 [ 639.824909][T13361] __sys_sendmsg+0x16d/0x220 [ 639.824962][T13361] ? __pfx___sys_sendmsg+0x10/0x10 [ 639.825015][T13361] ? rcu_is_watching+0x12/0xc0 [ 639.825066][T13361] do_syscall_64+0xcd/0x260 [ 639.825115][T13361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.825147][T13361] RIP: 0033:0x7ff06c18d169 [ 639.825171][T13361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.825203][T13361] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 639.825233][T13361] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 639.825253][T13361] RDX: 000000000004c848 RSI: 0000200000006140 RDI: 0000000000000003 [ 639.825272][T13361] RBP: 00007ff06cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 639.825290][T13361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 639.825308][T13361] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 639.825347][T13361] [ 640.121257][T13364] netlink: 'syz.2.1843': attribute type 4 has an invalid length. [ 640.202878][T13365] FAULT_INJECTION: forcing a failure. [ 640.202878][T13365] name failslab, interval 1, probability 0, space 0, times 0 [ 640.244713][T13365] CPU: 1 UID: 0 PID: 13365 Comm: syz.3.1844 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 640.244764][T13365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 640.244781][T13365] Call Trace: [ 640.244790][T13365] [ 640.244801][T13365] dump_stack_lvl+0x16c/0x1f0 [ 640.244849][T13365] should_fail_ex+0x512/0x640 [ 640.244890][T13365] should_failslab+0xc2/0x120 [ 640.244918][T13365] __kmalloc_cache_noprof+0x6a/0x3e0 [ 640.244960][T13365] ? proc_thread_self_get_link+0x1c6/0x240 [ 640.245015][T13365] proc_thread_self_get_link+0x1c6/0x240 [ 640.245066][T13365] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 640.245115][T13365] step_into+0x19e4/0x2270 [ 640.245163][T13365] ? __pfx_step_into+0x10/0x10 [ 640.245208][T13365] ? lookup_fast+0x156/0x610 [ 640.245253][T13365] walk_component+0xfc/0x5b0 [ 640.245295][T13365] link_path_walk.part.0.constprop.0+0x682/0xd60 [ 640.245353][T13365] path_openat+0x227/0x2d40 [ 640.245393][T13365] ? __x64_sys_openat+0x174/0x210 [ 640.245441][T13365] ? __pfx_path_openat+0x10/0x10 [ 640.245496][T13365] do_filp_open+0x20b/0x470 [ 640.245542][T13365] ? __pfx_do_filp_open+0x10/0x10 [ 640.245614][T13365] ? alloc_fd+0x471/0x7d0 [ 640.245667][T13365] do_sys_openat2+0x11b/0x1d0 [ 640.245699][T13365] ? __pfx_do_sys_openat2+0x10/0x10 [ 640.245747][T13365] __x64_sys_openat+0x174/0x210 [ 640.245786][T13365] ? __pfx___x64_sys_openat+0x10/0x10 [ 640.245821][T13365] ? rcu_is_watching+0x12/0xc0 [ 640.245870][T13365] do_syscall_64+0xcd/0x260 [ 640.245916][T13365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 640.245947][T13365] RIP: 0033:0x7ff06c18bad0 [ 640.245970][T13365] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 640.245999][T13365] RSP: 002b:00007ff06cf66fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 640.246026][T13365] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff06c18bad0 [ 640.246046][T13365] RDX: 0000000000000002 RSI: 00007ff06c20ec75 RDI: 00000000ffffff9c [ 640.246065][T13365] RBP: 00007ff06c20ec75 R08: 0000000000000000 R09: 00007ff06cf68000 [ 640.246083][T13365] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 640.246101][T13365] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 640.246139][T13365] [ 640.246494][T13365] FAULT_INJECTION: forcing a failure. [ 640.246494][T13365] name failslab, interval 1, probability 0, space 0, times 0 [ 640.498167][T13365] CPU: 1 UID: 0 PID: 13365 Comm: syz.3.1844 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 640.498210][T13365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 640.498228][T13365] Call Trace: [ 640.498237][T13365] [ 640.498249][T13365] dump_stack_lvl+0x16c/0x1f0 [ 640.498298][T13365] should_fail_ex+0x512/0x640 [ 640.498332][T13365] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 640.498381][T13365] should_failslab+0xc2/0x120 [ 640.498410][T13365] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 640.498454][T13365] ? mas_alloc_nodes+0x18b/0x8b0 [ 640.498506][T13365] mas_alloc_nodes+0x18b/0x8b0 [ 640.498556][T13365] mas_node_count_gfp+0x105/0x130 [ 640.498597][T13365] mas_preallocate+0x53e/0xcd0 [ 640.498631][T13365] ? __pfx_mas_preallocate+0x10/0x10 [ 640.498676][T13365] ? anon_vma_name+0x75/0x100 [ 640.498717][T13365] __split_vma+0x33b/0x1030 [ 640.498770][T13365] ? __pfx___split_vma+0x10/0x10 [ 640.498833][T13365] vms_gather_munmap_vmas+0x392/0x1310 [ 640.498888][T13365] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 640.498939][T13365] ? mas_walk+0x6a6/0x910 [ 640.498993][T13365] __mmap_region+0x314/0x27c0 [ 640.499045][T13365] ? __pfx___mmap_region+0x10/0x10 [ 640.499087][T13365] ? bpf_ksym_find+0x124/0x1c0 [ 640.499135][T13365] ? __kernel_text_address+0xd/0x40 [ 640.499171][T13365] ? unwind_get_return_address+0x59/0xa0 [ 640.499213][T13365] ? arch_stack_walk+0xa6/0x100 [ 640.499261][T13365] ? __lock_acquire+0x5ca/0x1ba0 [ 640.499361][T13365] ? trace_cap_capable+0x18d/0x200 [ 640.499396][T13365] ? cap_capable+0xb3/0x250 [ 640.499432][T13365] mmap_region+0x1ab/0x3f0 [ 640.499499][T13365] do_mmap+0xd8e/0x11b0 [ 640.499546][T13365] ? __pfx_do_mmap+0x10/0x10 [ 640.499584][T13365] ? __pfx_down_write_killable+0x10/0x10 [ 640.499643][T13365] vm_mmap_pgoff+0x281/0x450 [ 640.499694][T13365] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 640.499735][T13365] ? __fget_files+0x20e/0x3c0 [ 640.499800][T13365] ksys_mmap_pgoff+0x7d/0x5c0 [ 640.499837][T13365] ? __pfx_ksys_write+0x10/0x10 [ 640.499879][T13365] ? rcu_is_watching+0x12/0xc0 [ 640.499921][T13365] __x64_sys_mmap+0x125/0x190 [ 640.499964][T13365] do_syscall_64+0xcd/0x260 [ 640.500013][T13365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 640.500044][T13365] RIP: 0033:0x7ff06c18d169 [ 640.500069][T13365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 640.500099][T13365] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 640.500128][T13365] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 640.500148][T13365] RDX: 00000000000000b3 RSI: 0000000000040008 RDI: 0000000000000000 [ 640.500166][T13365] RBP: 00007ff06cf67090 R08: 0000000000000003 R09: 0000000000028000 [ 640.500185][T13365] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 640.500202][T13365] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 640.500243][T13365] [ 640.975910][T13380] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 641.045539][T13386] FAULT_INJECTION: forcing a failure. [ 641.045539][T13386] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 641.089411][T13386] CPU: 1 UID: 0 PID: 13386 Comm: syz.3.1850 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 641.089466][T13386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 641.089483][T13386] Call Trace: [ 641.089492][T13386] [ 641.089502][T13386] dump_stack_lvl+0x16c/0x1f0 [ 641.089547][T13386] should_fail_ex+0x512/0x640 [ 641.089583][T13386] _copy_from_user+0x2e/0xd0 [ 641.089618][T13386] core_sys_select+0x314/0xbe0 [ 641.089664][T13386] ? __pfx_core_sys_select+0x10/0x10 [ 641.089717][T13386] ? proc_fail_nth_write+0x9f/0x250 [ 641.089794][T13386] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 641.089852][T13386] kern_select+0x15d/0x1e0 [ 641.089894][T13386] ? __pfx_kern_select+0x10/0x10 [ 641.089942][T13386] ? __pfx_ksys_write+0x10/0x10 [ 641.089984][T13386] ? rcu_is_watching+0x12/0xc0 [ 641.090028][T13386] __x64_sys_select+0xbd/0x160 [ 641.090069][T13386] ? do_syscall_64+0x91/0x260 [ 641.090109][T13386] ? lockdep_hardirqs_on+0x7c/0x110 [ 641.090152][T13386] do_syscall_64+0xcd/0x260 [ 641.090200][T13386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.090231][T13386] RIP: 0033:0x7ff06c18d169 [ 641.090254][T13386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 641.090284][T13386] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 641.090312][T13386] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 641.090333][T13386] RDX: 0000200000002400 RSI: 0000000000000000 RDI: 000000000000000f [ 641.090351][T13386] RBP: 00007ff06cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 641.090369][T13386] R10: 0000200000002480 R11: 0000000000000246 R12: 0000000000000001 [ 641.090387][T13386] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 641.090425][T13386] [ 641.669417][T13397] FAULT_INJECTION: forcing a failure. [ 641.669417][T13397] name failslab, interval 1, probability 0, space 0, times 0 [ 641.691537][T13397] CPU: 0 UID: 0 PID: 13397 Comm: syz.1.1855 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 641.691581][T13397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 641.691600][T13397] Call Trace: [ 641.691611][T13397] [ 641.691623][T13397] dump_stack_lvl+0x16c/0x1f0 [ 641.691674][T13397] should_fail_ex+0x512/0x640 [ 641.691709][T13397] ? fs_reclaim_acquire+0xae/0x150 [ 641.691751][T13397] ? tomoyo_encode2+0x100/0x3e0 [ 641.691792][T13397] should_failslab+0xc2/0x120 [ 641.691822][T13397] __kmalloc_noprof+0xd2/0x510 [ 641.691870][T13397] ? d_absolute_path+0x136/0x1a0 [ 641.691912][T13397] tomoyo_encode2+0x100/0x3e0 [ 641.691960][T13397] tomoyo_encode+0x29/0x50 [ 641.692001][T13397] tomoyo_realpath_from_path+0x18f/0x6e0 [ 641.692056][T13397] tomoyo_path_number_perm+0x245/0x580 [ 641.692089][T13397] ? tomoyo_path_number_perm+0x237/0x580 [ 641.692126][T13397] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 641.692165][T13397] ? find_held_lock+0x2b/0x80 [ 641.692239][T13397] ? find_held_lock+0x2b/0x80 [ 641.692293][T13397] ? hook_file_ioctl_common+0x145/0x410 [ 641.692335][T13397] ? __fget_files+0x20e/0x3c0 [ 641.692388][T13397] security_file_ioctl+0x9b/0x240 [ 641.692438][T13397] __x64_sys_ioctl+0xb7/0x200 [ 641.692479][T13397] do_syscall_64+0xcd/0x260 [ 641.692532][T13397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.692563][T13397] RIP: 0033:0x7fc6bf18d169 [ 641.692587][T13397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 641.692618][T13397] RSP: 002b:00007fc6bffca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 641.692648][T13397] RAX: ffffffffffffffda RBX: 00007fc6bf3a5fa0 RCX: 00007fc6bf18d169 [ 641.692668][T13397] RDX: 0000000000000001 RSI: 0000000000004b47 RDI: 0000000000000004 [ 641.692686][T13397] RBP: 00007fc6bffca090 R08: 0000000000000000 R09: 0000000000000000 [ 641.692705][T13397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 641.692723][T13397] R13: 0000000000000000 R14: 00007fc6bf3a5fa0 R15: 00007ffdf3d08288 [ 641.692763][T13397] [ 641.693692][T13397] ERROR: Out of memory at tomoyo_realpath_from_path. [ 646.052402][T13460] FAULT_INJECTION: forcing a failure. [ 646.052402][T13460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 646.209272][T13460] CPU: 1 UID: 0 PID: 13460 Comm: syz.1.1870 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 646.209317][T13460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 646.209335][T13460] Call Trace: [ 646.209355][T13460] [ 646.209367][T13460] dump_stack_lvl+0x16c/0x1f0 [ 646.209419][T13460] should_fail_ex+0x512/0x640 [ 646.209461][T13460] _copy_from_user+0x2e/0xd0 [ 646.209501][T13460] kstrtouint_from_user+0xd6/0x1d0 [ 646.209551][T13460] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 646.209598][T13460] ? __lock_acquire+0xaa4/0x1ba0 [ 646.209667][T13460] proc_fail_nth_write+0x83/0x250 [ 646.209713][T13460] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 646.209770][T13460] vfs_write+0x25c/0x1180 [ 646.209810][T13460] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 646.209858][T13460] ? __pfx___mutex_lock+0x10/0x10 [ 646.209905][T13460] ? __pfx_vfs_write+0x10/0x10 [ 646.209960][T13460] ? __fget_files+0x20e/0x3c0 [ 646.210016][T13460] ksys_write+0x12a/0x240 [ 646.210058][T13460] ? __pfx_ksys_write+0x10/0x10 [ 646.210099][T13460] ? rcu_is_watching+0x12/0xc0 [ 646.210151][T13460] do_syscall_64+0xcd/0x260 [ 646.210199][T13460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 646.210231][T13460] RIP: 0033:0x7fc6bf18bc1f [ 646.210254][T13460] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 646.210283][T13460] RSP: 002b:00007fc6bffca030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 646.210312][T13460] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc6bf18bc1f [ 646.210331][T13460] RDX: 0000000000000001 RSI: 00007fc6bffca0a0 RDI: 0000000000000007 [ 646.210359][T13460] RBP: 00007fc6bffca090 R08: 0000000000000000 R09: 0000000000000000 [ 646.210379][T13460] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 646.210398][T13460] R13: 0000000000000000 R14: 00007fc6bf3a5fa0 R15: 00007ffdf3d08288 [ 646.210439][T13460] [ 646.494076][T13468] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 647.859581][T13492] FAULT_INJECTION: forcing a failure. [ 647.859581][T13492] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 647.879998][T13492] CPU: 1 UID: 0 PID: 13492 Comm: syz.1.1875 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 647.880044][T13492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 647.880062][T13492] Call Trace: [ 647.880072][T13492] [ 647.880085][T13492] dump_stack_lvl+0x16c/0x1f0 [ 647.880135][T13492] should_fail_ex+0x512/0x640 [ 647.880178][T13492] should_fail_alloc_page+0xe7/0x130 [ 647.880210][T13492] prepare_alloc_pages+0x3c2/0x610 [ 647.880257][T13492] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 647.880316][T13492] ? find_held_lock+0x2b/0x80 [ 647.880366][T13492] ? aa_file_perm+0x4c7/0xfb0 [ 647.880410][T13492] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 647.880460][T13492] ? aa_file_perm+0x4d6/0xfb0 [ 647.880503][T13492] ? register_lock_class+0x41/0x4c0 [ 647.880539][T13492] ? __pfx_aa_file_perm+0x10/0x10 [ 647.880582][T13492] ? __lock_acquire+0xaa4/0x1ba0 [ 647.880634][T13492] ? find_held_lock+0x2b/0x80 [ 647.880682][T13492] __alloc_pages_noprof+0xb/0x1b0 [ 647.880729][T13492] ___kmalloc_large_node+0x82/0x1e0 [ 647.880772][T13492] __kmalloc_large_noprof+0x1c/0x70 [ 647.880811][T13492] event_filter_read+0x83/0x440 [ 647.880843][T13492] ? rw_verify_area+0xcf/0x680 [ 647.880880][T13492] ? __pfx_event_filter_read+0x10/0x10 [ 647.880917][T13492] vfs_read+0x1de/0xc70 [ 647.880963][T13492] ? __pfx___mutex_lock+0x10/0x10 [ 647.881010][T13492] ? __pfx_vfs_read+0x10/0x10 [ 647.881064][T13492] ? __fget_files+0x20e/0x3c0 [ 647.881122][T13492] ksys_read+0x12a/0x240 [ 647.881162][T13492] ? __pfx_ksys_read+0x10/0x10 [ 647.881202][T13492] ? rcu_is_watching+0x12/0xc0 [ 647.881253][T13492] do_syscall_64+0xcd/0x260 [ 647.881303][T13492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.881339][T13492] RIP: 0033:0x7fc6bf18d169 [ 647.881364][T13492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.881395][T13492] RSP: 002b:00007fc6bff88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 647.881422][T13492] RAX: ffffffffffffffda RBX: 00007fc6bf3a6160 RCX: 00007fc6bf18d169 [ 647.881443][T13492] RDX: 0000000000000200 RSI: 0000200000000000 RDI: 000000000000000a [ 647.881461][T13492] RBP: 00007fc6bff88090 R08: 0000000000000000 R09: 0000000000000000 [ 647.881478][T13492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 647.881495][T13492] R13: 0000000000000000 R14: 00007fc6bf3a6160 R15: 00007ffdf3d08288 [ 647.881535][T13492] [ 649.834942][T13520] FAULT_INJECTION: forcing a failure. [ 649.834942][T13520] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 649.879894][T13520] CPU: 0 UID: 0 PID: 13520 Comm: syz.0.1882 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 649.879939][T13520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 649.879958][T13520] Call Trace: [ 649.879969][T13520] [ 649.879980][T13520] dump_stack_lvl+0x16c/0x1f0 [ 649.880032][T13520] should_fail_ex+0x512/0x640 [ 649.880075][T13520] _copy_from_user+0x2e/0xd0 [ 649.880124][T13520] sg_write+0x2cc/0xe10 [ 649.880166][T13520] ? __pfx_sg_write+0x10/0x10 [ 649.880241][T13520] ? apparmor_file_permission+0x251/0x400 [ 649.880279][T13520] ? bpf_lsm_file_permission+0x9/0x10 [ 649.880320][T13520] ? security_file_permission+0x71/0x210 [ 649.880363][T13520] ? rw_verify_area+0xcf/0x680 [ 649.880406][T13520] vfs_write+0x25c/0x1180 [ 649.880447][T13520] ? __pfx_sg_write+0x10/0x10 [ 649.880488][T13520] ? __pfx_vfs_write+0x10/0x10 [ 649.880528][T13520] ? find_held_lock+0x2b/0x80 [ 649.880569][T13520] ? __fget_files+0x204/0x3c0 [ 649.880621][T13520] ? __fget_files+0x20e/0x3c0 [ 649.880679][T13520] ksys_write+0x12a/0x240 [ 649.880723][T13520] ? __pfx_ksys_write+0x10/0x10 [ 649.880765][T13520] ? rcu_is_watching+0x12/0xc0 [ 649.880815][T13520] do_syscall_64+0xcd/0x260 [ 649.880864][T13520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.880896][T13520] RIP: 0033:0x7f8d51f8d169 [ 649.880921][T13520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 649.880952][T13520] RSP: 002b:00007f8d52e16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 649.880981][T13520] RAX: ffffffffffffffda RBX: 00007f8d521a5fa0 RCX: 00007f8d51f8d169 [ 649.881001][T13520] RDX: 0000000000008587 RSI: 0000200000000040 RDI: 0000000000000003 [ 649.881020][T13520] RBP: 00007f8d52e16090 R08: 0000000000000000 R09: 0000000000000000 [ 649.881039][T13520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 649.881056][T13520] R13: 0000000000000000 R14: 00007f8d521a5fa0 R15: 00007ffdca434518 [ 649.881103][T13520] [ 650.958754][T13538] syz.3.1890 (13538) used obsolete PPPIOCDETACH ioctl [ 651.825368][T13553] FAULT_INJECTION: forcing a failure. [ 651.825368][T13553] name failslab, interval 1, probability 0, space 0, times 0 [ 652.053223][T13553] CPU: 0 UID: 0 PID: 13553 Comm: syz.2.1893 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 652.053268][T13553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 652.053287][T13553] Call Trace: [ 652.053296][T13553] [ 652.053308][T13553] dump_stack_lvl+0x16c/0x1f0 [ 652.053359][T13553] should_fail_ex+0x512/0x640 [ 652.053401][T13553] should_failslab+0xc2/0x120 [ 652.053432][T13553] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 652.053481][T13553] ? skb_clone+0x190/0x3f0 [ 652.053527][T13553] skb_clone+0x190/0x3f0 [ 652.053570][T13553] netlink_deliver_tap+0xabd/0xd30 [ 652.053623][T13553] netlink_unicast+0x5df/0x7f0 [ 652.053674][T13553] ? __pfx_netlink_unicast+0x10/0x10 [ 652.053732][T13553] netlink_sendmsg+0x8d1/0xdd0 [ 652.053790][T13553] ? __pfx_netlink_sendmsg+0x10/0x10 [ 652.053853][T13553] sock_write_iter+0x4fc/0x5b0 [ 652.053903][T13553] ? __pfx_sock_write_iter+0x10/0x10 [ 652.053977][T13553] ? bpf_lsm_file_permission+0x9/0x10 [ 652.054016][T13553] ? security_file_permission+0x71/0x210 [ 652.054058][T13553] ? rw_verify_area+0xcf/0x680 [ 652.054101][T13553] vfs_write+0x5ba/0x1180 [ 652.054145][T13553] ? __pfx_sock_write_iter+0x10/0x10 [ 652.054198][T13553] ? __pfx_vfs_write+0x10/0x10 [ 652.054244][T13553] ? __pfx_do_sys_openat2+0x10/0x10 [ 652.054295][T13553] ksys_write+0x205/0x240 [ 652.054337][T13553] ? __pfx_ksys_write+0x10/0x10 [ 652.054377][T13553] ? rcu_is_watching+0x12/0xc0 [ 652.054427][T13553] do_syscall_64+0xcd/0x260 [ 652.054476][T13553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.054506][T13553] RIP: 0033:0x7f7f84f8d169 [ 652.054530][T13553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 652.054561][T13553] RSP: 002b:00007f7f85ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 652.054590][T13553] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8d169 [ 652.054610][T13553] RDX: 00000000000002fb RSI: 0000200000000000 RDI: 0000000000000004 [ 652.054628][T13553] RBP: 00007f7f85ece090 R08: 0000000000000000 R09: 0000000000000000 [ 652.054646][T13553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 652.054662][T13553] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 652.054703][T13553] [ 657.920611][T13655] FAULT_INJECTION: forcing a failure. [ 657.920611][T13655] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 657.956376][T13655] CPU: 1 UID: 0 PID: 13655 Comm: syz.2.1918 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 657.956422][T13655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 657.956440][T13655] Call Trace: [ 657.956450][T13655] [ 657.956461][T13655] dump_stack_lvl+0x16c/0x1f0 [ 657.956513][T13655] should_fail_ex+0x512/0x640 [ 657.956565][T13655] should_fail_alloc_page+0xe7/0x130 [ 657.956598][T13655] prepare_alloc_pages+0x3c2/0x610 [ 657.956644][T13655] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 657.956700][T13655] ? is_bpf_text_address+0x8a/0x1a0 [ 657.956729][T13655] ? bpf_ksym_find+0x124/0x1c0 [ 657.956770][T13655] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 657.956816][T13655] ? is_bpf_text_address+0x94/0x1a0 [ 657.956845][T13655] ? kernel_text_address+0x8d/0x100 [ 657.956882][T13655] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 657.956933][T13655] ? arch_stack_walk+0xa6/0x100 [ 657.956992][T13655] ? stack_trace_save+0x8e/0xc0 [ 657.957033][T13655] ? __pfx_stack_trace_save+0x10/0x10 [ 657.957075][T13655] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 657.957111][T13655] ? policy_nodemask+0xea/0x4e0 [ 657.957165][T13655] alloc_pages_mpol+0x1fb/0x550 [ 657.957197][T13655] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 657.957226][T13655] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.957270][T13655] alloc_pages_noprof+0x131/0x390 [ 657.957302][T13655] __pmd_alloc+0x3f/0x870 [ 657.957337][T13655] ? find_held_lock+0x2b/0x80 [ 657.957380][T13655] __handle_mm_fault+0x948/0x2a40 [ 657.957436][T13655] ? __pfx___handle_mm_fault+0x10/0x10 [ 657.957504][T13655] ? find_vma+0xbf/0x140 [ 657.957543][T13655] ? __pfx_find_vma+0x10/0x10 [ 657.957583][T13655] handle_mm_fault+0x3fe/0xad0 [ 657.957634][T13655] do_user_addr_fault+0x7a6/0x1370 [ 657.957677][T13655] ? rcu_is_watching+0x12/0xc0 [ 657.957721][T13655] exc_page_fault+0x5c/0xc0 [ 657.957766][T13655] asm_exc_page_fault+0x26/0x30 [ 657.957795][T13655] RIP: 0010:__get_user_4+0x14/0x20 [ 657.957830][T13655] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 657.957861][T13655] RSP: 0018:ffffc90003d5fe18 EFLAGS: 00050287 [ 657.957886][T13655] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: ffffc90003d5fdbc [ 657.957906][T13655] RDX: 00007ffffffff000 RSI: ffffffff854fe184 RDI: ffffffff8bf44f40 [ 657.957925][T13655] RBP: 1ffff920007abfc4 R08: 2cfb7b1ab8be5804 R09: 0000000000000001 [ 657.957945][T13655] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 657.957962][T13655] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000003 [ 657.957992][T13655] ? random_ioctl+0x214/0x4a0 [ 657.958035][T13655] random_ioctl+0x21c/0x4a0 [ 657.958070][T13655] ? __pfx_random_ioctl+0x10/0x10 [ 657.958121][T13655] ? __pfx_random_ioctl+0x10/0x10 [ 657.958158][T13655] __x64_sys_ioctl+0x190/0x200 [ 657.958200][T13655] do_syscall_64+0xcd/0x260 [ 657.958249][T13655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.958280][T13655] RIP: 0033:0x7f7f84f8d169 [ 657.958305][T13655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.958334][T13655] RSP: 002b:00007f7f85ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 657.958361][T13655] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8d169 [ 657.958381][T13655] RDX: 0000000000000000 RSI: 0000000040085203 RDI: 0000000000000003 [ 657.958400][T13655] RBP: 00007f7f85ece090 R08: 0000000000000000 R09: 0000000000000000 [ 657.958418][T13655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 657.958439][T13655] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 657.958481][T13655] [ 660.169264][T13693] FAULT_INJECTION: forcing a failure. [ 660.169264][T13693] name failslab, interval 1, probability 0, space 0, times 0 [ 660.186170][T13693] CPU: 0 UID: 0 PID: 13693 Comm: syz.2.1927 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 660.186216][T13693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 660.186230][T13693] Call Trace: [ 660.186238][T13693] [ 660.186246][T13693] dump_stack_lvl+0x16c/0x1f0 [ 660.186283][T13693] should_fail_ex+0x512/0x640 [ 660.186309][T13693] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 660.186342][T13693] should_failslab+0xc2/0x120 [ 660.186364][T13693] __kmalloc_cache_noprof+0x6a/0x3e0 [ 660.186392][T13693] ? __pfx_trace_seq_printf+0x10/0x10 [ 660.186422][T13693] ? tracing_log_err+0x490/0x6a0 [ 660.186470][T13693] tracing_log_err+0x490/0x6a0 [ 660.186512][T13693] append_filter_err+0x380/0x5e0 [ 660.186548][T13693] apply_subsystem_event_filter+0x678/0x1450 [ 660.186592][T13693] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 660.186635][T13693] ? _copy_from_user+0x59/0xd0 [ 660.186667][T13693] subsystem_filter_write+0x95/0x120 [ 660.186703][T13693] vfs_write+0x25c/0x1180 [ 660.186733][T13693] ? __pfx_subsystem_filter_write+0x10/0x10 [ 660.186771][T13693] ? __pfx___mutex_lock+0x10/0x10 [ 660.186804][T13693] ? __pfx_vfs_write+0x10/0x10 [ 660.186843][T13693] ? __fget_files+0x20e/0x3c0 [ 660.186884][T13693] ksys_write+0x12a/0x240 [ 660.186915][T13693] ? __pfx_ksys_write+0x10/0x10 [ 660.186944][T13693] ? rcu_is_watching+0x12/0xc0 [ 660.186981][T13693] do_syscall_64+0xcd/0x260 [ 660.187016][T13693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.187039][T13693] RIP: 0033:0x7f7f84f8d169 [ 660.187057][T13693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.187079][T13693] RSP: 002b:00007f7f85ece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 660.187099][T13693] RAX: ffffffffffffffda RBX: 00007f7f851a5fa0 RCX: 00007f7f84f8d169 [ 660.187114][T13693] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006 [ 660.187127][T13693] RBP: 00007f7f85ece090 R08: 0000000000000000 R09: 0000000000000000 [ 660.187140][T13693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 660.187154][T13693] R13: 0000000000000000 R14: 00007f7f851a5fa0 R15: 00007ffcd9dad978 [ 660.187183][T13693] [ 661.645493][T13712] FAULT_INJECTION: forcing a failure. [ 661.645493][T13712] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 661.683172][T13712] CPU: 0 UID: 0 PID: 13712 Comm: syz.0.1931 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 661.683212][T13712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 661.683225][T13712] Call Trace: [ 661.683233][T13712] [ 661.683241][T13712] dump_stack_lvl+0x16c/0x1f0 [ 661.683278][T13712] should_fail_ex+0x512/0x640 [ 661.683308][T13712] _copy_from_user+0x2e/0xd0 [ 661.683338][T13712] snd_rawmidi_kernel_write1+0x50a/0x8a0 [ 661.683373][T13712] snd_rawmidi_write+0x26e/0xc10 [ 661.683410][T13712] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 661.683437][T13712] ? __pfx_default_wake_function+0x10/0x10 [ 661.683469][T13712] ? bpf_lsm_file_permission+0x9/0x10 [ 661.683498][T13712] ? security_file_permission+0x71/0x210 [ 661.683528][T13712] ? rw_verify_area+0xcf/0x680 [ 661.683559][T13712] vfs_write+0x25c/0x1180 [ 661.683588][T13712] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 661.683617][T13712] ? __pfx_vfs_write+0x10/0x10 [ 661.683645][T13712] ? find_held_lock+0x2b/0x80 [ 661.683674][T13712] ? __fget_files+0x204/0x3c0 [ 661.683710][T13712] ? __fget_files+0x20e/0x3c0 [ 661.683749][T13712] ksys_write+0x205/0x240 [ 661.683793][T13712] ? __pfx_ksys_write+0x10/0x10 [ 661.683845][T13712] do_syscall_64+0xcd/0x260 [ 661.683892][T13712] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.683922][T13712] RIP: 0033:0x7f8d51f8d169 [ 661.683947][T13712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 661.683978][T13712] RSP: 002b:00007f8d52df5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 661.684007][T13712] RAX: ffffffffffffffda RBX: 00007f8d521a6080 RCX: 00007f8d51f8d169 [ 661.684027][T13712] RDX: 000000100000a3d9 RSI: 0000200000000400 RDI: 0000000000000005 [ 661.684046][T13712] RBP: 00007f8d52df5090 R08: 0000000000000000 R09: 0000000000000000 [ 661.684064][T13712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 661.684082][T13712] R13: 0000000000000001 R14: 00007f8d521a6080 R15: 00007ffdca434518 [ 661.684122][T13712] [ 664.185520][T13756] FAULT_INJECTION: forcing a failure. [ 664.185520][T13756] name failslab, interval 1, probability 0, space 0, times 0 [ 664.204352][T13756] CPU: 0 UID: 0 PID: 13756 Comm: syz.0.1939 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 664.204394][T13756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 664.204413][T13756] Call Trace: [ 664.204423][T13756] [ 664.204434][T13756] dump_stack_lvl+0x16c/0x1f0 [ 664.204485][T13756] should_fail_ex+0x512/0x640 [ 664.204520][T13756] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 664.204567][T13756] should_failslab+0xc2/0x120 [ 664.204594][T13756] __kmalloc_cache_noprof+0x6a/0x3e0 [ 664.204634][T13756] ? __pfx_trace_seq_printf+0x10/0x10 [ 664.204675][T13756] ? tracing_log_err+0x490/0x6a0 [ 664.204727][T13756] tracing_log_err+0x490/0x6a0 [ 664.204784][T13756] append_filter_err+0x380/0x5e0 [ 664.204833][T13756] apply_subsystem_event_filter+0x678/0x1450 [ 664.204895][T13756] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 664.204957][T13756] ? _copy_from_user+0x59/0xd0 [ 664.205001][T13756] subsystem_filter_write+0x95/0x120 [ 664.205052][T13756] vfs_write+0x25c/0x1180 [ 664.205094][T13756] ? __pfx_subsystem_filter_write+0x10/0x10 [ 664.205160][T13756] ? __pfx_vfs_write+0x10/0x10 [ 664.205206][T13756] ? do_sys_openat2+0x157/0x1d0 [ 664.205239][T13756] ? __pfx_do_sys_openat2+0x10/0x10 [ 664.205275][T13756] ? __pfx___might_resched+0x10/0x10 [ 664.205336][T13756] ksys_write+0x12a/0x240 [ 664.205380][T13756] ? __pfx_ksys_write+0x10/0x10 [ 664.205422][T13756] ? rcu_is_watching+0x12/0xc0 [ 664.205474][T13756] do_syscall_64+0xcd/0x260 [ 664.205524][T13756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.205557][T13756] RIP: 0033:0x7f8d51f8d169 [ 664.205582][T13756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.205612][T13756] RSP: 002b:00007f8d52e16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 664.205641][T13756] RAX: ffffffffffffffda RBX: 00007f8d521a5fa0 RCX: 00007f8d51f8d169 [ 664.205661][T13756] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000009 [ 664.205679][T13756] RBP: 00007f8d52e16090 R08: 0000000000000000 R09: 0000000000000000 [ 664.205697][T13756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 664.205715][T13756] R13: 0000000000000000 R14: 00007f8d521a5fa0 R15: 00007ffdca434518 [ 664.205757][T13756] [ 665.698461][T13774] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 666.166681][T13793] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1945'. [ 666.218200][T13793] FAULT_INJECTION: forcing a failure. [ 666.218200][T13793] name failslab, interval 1, probability 0, space 0, times 0 [ 666.270928][T13793] CPU: 0 UID: 0 PID: 13793 Comm: syz.0.1945 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 666.270976][T13793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 666.270995][T13793] Call Trace: [ 666.271006][T13793] [ 666.271018][T13793] dump_stack_lvl+0x16c/0x1f0 [ 666.271079][T13793] should_fail_ex+0x512/0x640 [ 666.271115][T13793] ? fs_reclaim_acquire+0xae/0x150 [ 666.271157][T13793] ? tomoyo_encode2+0x100/0x3e0 [ 666.271199][T13793] should_failslab+0xc2/0x120 [ 666.271229][T13793] __kmalloc_noprof+0xd2/0x510 [ 666.271276][T13793] ? d_absolute_path+0x136/0x1a0 [ 666.271319][T13793] tomoyo_encode2+0x100/0x3e0 [ 666.271369][T13793] tomoyo_encode+0x29/0x50 [ 666.271409][T13793] tomoyo_realpath_from_path+0x18f/0x6e0 [ 666.271468][T13793] tomoyo_path2_perm+0x36a/0x710 [ 666.271509][T13793] ? __pfx_tomoyo_path2_perm+0x10/0x10 [ 666.271544][T13793] ? trace_sched_exit_tp+0xde/0x130 [ 666.271594][T13793] ? __schedule+0x1186/0x5de0 [ 666.271691][T13793] tomoyo_path_link+0xae/0x100 [ 666.271738][T13793] ? __pfx_tomoyo_path_link+0x10/0x10 [ 666.271793][T13793] ? security_path_link+0x7b/0x2b0 [ 666.271835][T13793] security_path_link+0x12f/0x2b0 [ 666.271873][T13793] do_linkat+0x412/0x5a0 [ 666.271930][T13793] ? __pfx_do_linkat+0x10/0x10 [ 666.271981][T13793] ? strncpy_from_user+0x203/0x2e0 [ 666.272020][T13793] ? getname_flags.part.0+0x1c2/0x540 [ 666.272084][T13793] __x64_sys_link+0x7d/0xa0 [ 666.272115][T13793] do_syscall_64+0xcd/0x260 [ 666.272165][T13793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.272197][T13793] RIP: 0033:0x7f8d51f8d169 [ 666.272223][T13793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.272254][T13793] RSP: 002b:00007f8d52df5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056 [ 666.272284][T13793] RAX: ffffffffffffffda RBX: 00007f8d521a6080 RCX: 00007f8d51f8d169 [ 666.272304][T13793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000003240 [ 666.272322][T13793] RBP: 00007f8d52df5090 R08: 0000000000000000 R09: 0000000000000000 [ 666.272339][T13793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 666.272356][T13793] R13: 0000000000000000 R14: 00007f8d521a6080 R15: 00007ffdca434518 [ 666.272395][T13793] [ 666.272424][T13793] ERROR: Out of memory at tomoyo_realpath_from_path. [ 668.357701][T13823] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 670.725657][T13863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1962'. [ 672.249874][T13886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1966'. [ 673.167142][T13896] FAULT_INJECTION: forcing a failure. [ 673.167142][T13896] name failslab, interval 1, probability 0, space 0, times 0 [ 673.193878][T13896] CPU: 0 UID: 0 PID: 13896 Comm: syz.0.1970 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 673.193923][T13896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 673.193941][T13896] Call Trace: [ 673.193951][T13896] [ 673.193963][T13896] dump_stack_lvl+0x16c/0x1f0 [ 673.194012][T13896] should_fail_ex+0x512/0x640 [ 673.194047][T13896] ? __kvmalloc_node_noprof+0x122/0x600 [ 673.194096][T13896] should_failslab+0xc2/0x120 [ 673.194126][T13896] __kvmalloc_node_noprof+0x135/0x600 [ 673.194174][T13896] ? alloc_netdev_mqs+0xfbe/0x1570 [ 673.194226][T13896] ? alloc_netdev_mqs+0xfbe/0x1570 [ 673.194280][T13896] alloc_netdev_mqs+0xfbe/0x1570 [ 673.194334][T13896] slip_open+0x35c/0x1150 [ 673.194366][T13896] ? __pfx___might_resched+0x10/0x10 [ 673.194411][T13896] ? __pfx_n_tty_close+0x10/0x10 [ 673.194446][T13896] ? find_held_lock+0x2b/0x80 [ 673.194485][T13896] ? __pfx_slip_open+0x10/0x10 [ 673.194514][T13896] ? down_write+0x14d/0x200 [ 673.194566][T13896] ? __pfx_slip_open+0x10/0x10 [ 673.194597][T13896] tty_ldisc_open+0x9c/0x120 [ 673.194643][T13896] tty_set_ldisc+0x32b/0x780 [ 673.194695][T13896] tty_ioctl+0xc42/0x1610 [ 673.194746][T13896] ? __pfx_tty_ioctl+0x10/0x10 [ 673.194809][T13896] ? find_held_lock+0x2b/0x80 [ 673.194848][T13896] ? hook_file_ioctl_common+0x145/0x410 [ 673.194892][T13896] ? __fget_files+0x20e/0x3c0 [ 673.194945][T13896] ? __pfx_tty_ioctl+0x10/0x10 [ 673.194995][T13896] __x64_sys_ioctl+0x190/0x200 [ 673.195037][T13896] do_syscall_64+0xcd/0x260 [ 673.195086][T13896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.195118][T13896] RIP: 0033:0x7f8d51f8d169 [ 673.195144][T13896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 673.195174][T13896] RSP: 002b:00007f8d52e16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 673.195204][T13896] RAX: ffffffffffffffda RBX: 00007f8d521a5fa0 RCX: 00007f8d51f8d169 [ 673.195223][T13896] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000006 [ 673.195241][T13896] RBP: 00007f8d52e16090 R08: 0000000000000000 R09: 0000000000000000 [ 673.195259][T13896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 673.195286][T13896] R13: 0000000000000000 R14: 00007f8d521a5fa0 R15: 00007ffdca434518 [ 673.195327][T13896] [ 677.288267][T13968] FAULT_INJECTION: forcing a failure. [ 677.288267][T13968] name failslab, interval 1, probability 0, space 0, times 0 [ 677.406999][T13968] CPU: 1 UID: 0 PID: 13968 Comm: syz.3.1983 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 677.407044][T13968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 677.407063][T13968] Call Trace: [ 677.407073][T13968] [ 677.407085][T13968] dump_stack_lvl+0x16c/0x1f0 [ 677.407136][T13968] should_fail_ex+0x512/0x640 [ 677.407170][T13968] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 677.407225][T13968] should_failslab+0xc2/0x120 [ 677.407255][T13968] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 677.407304][T13968] ? __alloc_skb+0x2b2/0x380 [ 677.407349][T13968] __alloc_skb+0x2b2/0x380 [ 677.407386][T13968] ? __pfx___alloc_skb+0x10/0x10 [ 677.407429][T13968] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 677.407474][T13968] ? __lock_acquire+0xaa4/0x1ba0 [ 677.407528][T13968] netlink_alloc_large_skb+0x69/0x130 [ 677.407577][T13968] netlink_sendmsg+0x6a1/0xdd0 [ 677.407630][T13968] ? __pfx_netlink_sendmsg+0x10/0x10 [ 677.407692][T13968] ____sys_sendmsg+0xa95/0xc70 [ 677.407744][T13968] ? copy_msghdr_from_user+0x10a/0x160 [ 677.407786][T13968] ? __pfx_____sys_sendmsg+0x10/0x10 [ 677.407856][T13968] ___sys_sendmsg+0x134/0x1d0 [ 677.407899][T13968] ? __pfx____sys_sendmsg+0x10/0x10 [ 677.408023][T13968] __sys_sendmsg+0x16d/0x220 [ 677.408065][T13968] ? __pfx___sys_sendmsg+0x10/0x10 [ 677.408117][T13968] ? rcu_is_watching+0x12/0xc0 [ 677.408167][T13968] do_syscall_64+0xcd/0x260 [ 677.408215][T13968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.408247][T13968] RIP: 0033:0x7ff06c18d169 [ 677.408271][T13968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.408302][T13968] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 677.408331][T13968] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 677.408351][T13968] RDX: 0000000000040000 RSI: 00002000000039c0 RDI: 0000000000000003 [ 677.408370][T13968] RBP: 00007ff06cf67090 R08: 0000000000000000 R09: 0000000000000000 [ 677.408388][T13968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 677.408405][T13968] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 677.408444][T13968] [ 690.309081][T14161] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2040'. [ 691.153153][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.159690][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 693.631244][T14220] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 712.475485][T14457] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2098'. [ 714.572292][T14482] zswap: compressor not available [ 716.138186][T14500] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2110'. [ 718.585889][T14550] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2123'. [ 719.649109][T14571] FAULT_INJECTION: forcing a failure. [ 719.649109][T14571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 719.716658][T14571] CPU: 1 UID: 0 PID: 14571 Comm: syz.1.2130 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 719.716703][T14571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 719.716721][T14571] Call Trace: [ 719.716732][T14571] [ 719.716743][T14571] dump_stack_lvl+0x16c/0x1f0 [ 719.716793][T14571] should_fail_ex+0x512/0x640 [ 719.716835][T14571] _copy_to_user+0x32/0xd0 [ 719.716877][T14571] rng_dev_read+0x1ea/0x810 [ 719.716911][T14571] ? __pfx_virtio_read+0x10/0x10 [ 719.716948][T14571] ? __pfx_rng_dev_read+0x10/0x10 [ 719.716988][T14571] ? bpf_lsm_file_permission+0x9/0x10 [ 719.717029][T14571] ? security_file_permission+0x71/0x210 [ 719.717071][T14571] ? rw_verify_area+0xcf/0x680 [ 719.717118][T14571] ? __pfx_rng_dev_read+0x10/0x10 [ 719.717153][T14571] vfs_read+0x1de/0xc70 [ 719.717203][T14571] ? __pfx_vfs_read+0x10/0x10 [ 719.717242][T14571] ? find_held_lock+0x2b/0x80 [ 719.717282][T14571] ? __fget_files+0x204/0x3c0 [ 719.717331][T14571] ? __fget_files+0x20e/0x3c0 [ 719.717385][T14571] ksys_read+0x12a/0x240 [ 719.717427][T14571] ? __pfx_ksys_read+0x10/0x10 [ 719.717467][T14571] ? rcu_is_watching+0x12/0xc0 [ 719.717515][T14571] do_syscall_64+0xcd/0x260 [ 719.717564][T14571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.717596][T14571] RIP: 0033:0x7fc6bf18d169 [ 719.717620][T14571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 719.717649][T14571] RSP: 002b:00007fc6bffca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 719.717678][T14571] RAX: ffffffffffffffda RBX: 00007fc6bf3a5fa0 RCX: 00007fc6bf18d169 [ 719.717698][T14571] RDX: 00000000fffffe82 RSI: 0000200000000040 RDI: 0000000000000003 [ 719.717717][T14571] RBP: 00007fc6bffca090 R08: 0000000000000000 R09: 0000000000000000 [ 719.717734][T14571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 719.717752][T14571] R13: 0000000000000000 R14: 00007fc6bf3a5fa0 R15: 00007ffdf3d08288 [ 719.717792][T14571] [ 721.927932][T14596] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2135'. [ 724.946759][T14637] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2148'. [ 725.726819][T14646] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2149'. [ 726.174184][T14662] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 728.902088][T14661] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 729.351592][T14696] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2163'. [ 733.009503][T14751] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2177'. [ 737.822306][T14807] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2191'. [ 741.782640][T14864] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2203'. [ 743.723211][T14879] Invalid ELF header magic: != ELF [ 744.020075][T14879] busy [ 744.539145][T14903] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 745.768637][T14917] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2217'. [ 747.049617][T14934] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2222'. [ 750.285015][T14980] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2230'. [ 752.606037][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.612437][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.441982][T15037] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2244'. [ 754.389307][T15052] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 757.982185][T15087] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2256'. [ 764.647726][T15143] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2269'. [ 765.307290][T15161] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 766.508306][T15183] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2274'. [ 768.876347][T15204] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2280'. [ 769.814951][T15221] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 770.325737][T15230] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2281'. [ 775.239023][T15285] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2292'. [ 778.797027][T15341] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 780.245873][T15360] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2306'. [ 781.699082][T15359] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2305'. [ 782.715825][T15393] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2314'. [ 784.087175][T15391] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2315'. [ 785.817386][ T5857] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 785.832264][ T5857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 785.841814][ T5857] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 785.855612][ T5857] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 785.867148][ T5857] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 786.583327][T15429] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2324'. [ 787.954045][ T5857] Bluetooth: hci4: command tx timeout [ 788.280272][T15424] chnl_net:caif_netlink_parms(): no params data found [ 788.372829][ T82] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 788.696274][ T82] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.143242][ T82] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.418935][ T82] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.683231][T15424] bridge0: port 1(bridge_slave_0) entered blocking state [ 789.704860][T15424] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.712969][T15424] bridge_slave_0: entered allmulticast mode [ 789.724910][T15424] bridge_slave_0: entered promiscuous mode [ 789.772243][T15424] bridge0: port 2(bridge_slave_1) entered blocking state [ 789.783618][T15424] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.804808][T15424] bridge_slave_1: entered allmulticast mode [ 789.826802][T15424] bridge_slave_1: entered promiscuous mode [ 789.981281][T15424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 790.024384][ T5857] Bluetooth: hci4: command tx timeout [ 790.076023][T15424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 790.387188][T15424] team0: Port device team_slave_0 added [ 790.448923][ T82] bridge_slave_1: left allmulticast mode [ 790.461386][ T82] bridge_slave_1: left promiscuous mode [ 790.485514][ T82] bridge0: port 2(bridge_slave_1) entered disabled state [ 790.538462][ T82] bridge_slave_0: left allmulticast mode [ 790.556728][ T82] bridge_slave_0: left promiscuous mode [ 790.576840][ T82] bridge0: port 1(bridge_slave_0) entered disabled state [ 791.013122][ T82] ip_vti0 (unregistering): left allmulticast mode [ 791.365892][ T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 791.378565][ T82] bond0 (unregistering): Released all slaves [ 791.400595][T15424] team0: Port device team_slave_1 added [ 791.565378][T15424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 791.572394][T15424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 791.620728][T15424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 791.639705][ T82] HfR: left promiscuous mode [ 791.808290][T15424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 792.028381][T15424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 792.054512][T15424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 792.113101][ T5857] Bluetooth: hci4: command tx timeout [ 792.907558][T15424] hsr_slave_0: entered promiscuous mode [ 792.936726][T15424] hsr_slave_1: entered promiscuous mode [ 792.949163][T15424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 792.967064][T15424] Cannot create hsr debugfs directory [ 794.108215][ T82] hsr_slave_0: left promiscuous mode [ 794.126584][ T82] hsr_slave_1: left promiscuous mode [ 794.133092][ T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 794.151245][ T82] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 794.180485][ T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 794.184217][ T5857] Bluetooth: hci4: command tx timeout [ 794.198746][ T82] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 794.249222][ T82] veth1_macvtap: left promiscuous mode [ 794.257745][ T82] veth0_macvtap: left promiscuous mode [ 794.263568][ T82] veth1_vlan: left promiscuous mode [ 794.286907][ T82] veth0_vlan: left promiscuous mode [ 795.464764][ T82] team0 (unregistering): Port device team_slave_1 removed [ 795.552692][ T82] team0 (unregistering): Port device team_slave_0 removed [ 797.372393][T15532] kexec: Could not allocate control_code_buffer [ 798.079880][T15424] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 798.159276][T15424] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 798.233846][T15424] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 798.267040][T15424] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 798.579668][T15424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 798.677179][T15424] 8021q: adding VLAN 0 to HW filter on device team0 [ 798.744879][T10367] bridge0: port 1(bridge_slave_0) entered blocking state [ 798.752114][T10367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 798.817666][T10367] bridge0: port 2(bridge_slave_1) entered blocking state [ 798.825674][T10367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 800.334447][T15424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 800.529546][T15424] veth0_vlan: entered promiscuous mode [ 800.566640][T15424] veth1_vlan: entered promiscuous mode [ 800.724342][T15424] veth0_macvtap: entered promiscuous mode [ 800.783020][T15424] veth1_macvtap: entered promiscuous mode [ 800.847013][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 800.878896][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 800.914293][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 800.944713][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 800.973880][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 801.011525][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 801.054892][T15424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 801.104908][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 801.153685][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 801.184081][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 801.204592][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 801.243625][T15424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 801.266279][T15424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 801.381909][T15424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 801.458556][T15424] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.488187][T15424] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.528492][T15424] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 801.552173][T15424] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 802.914671][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 802.922556][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 803.103993][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 803.117886][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 803.584546][T15664] snd_aloop snd_aloop.0: control 1:6:-2147483647:¢¸è_ÅheºRŸª:6 is already present [ 804.328164][T15668] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2354'. [ 807.729240][T15724] ================================================================== [ 807.737344][T15724] BUG: KASAN: slab-out-of-bounds in try_module_get+0x4c/0xd0 [ 807.744754][T15724] Write of size 4 at addr ffff888141e842f8 by task syz.3.2366/15724 [ 807.752771][T15724] [ 807.755112][T15724] CPU: 0 UID: 0 PID: 15724 Comm: syz.3.2366 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 807.755144][T15724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 807.755158][T15724] Call Trace: [ 807.755165][T15724] [ 807.755175][T15724] dump_stack_lvl+0x116/0x1f0 [ 807.755212][T15724] print_report+0xc3/0x670 [ 807.755248][T15724] ? __virt_addr_valid+0x5e/0x590 [ 807.755281][T15724] ? __phys_addr+0xc6/0x150 [ 807.755314][T15724] ? try_module_get+0x4c/0xd0 [ 807.755344][T15724] kasan_report+0xe0/0x110 [ 807.755365][T15724] ? try_module_get+0x4c/0xd0 [ 807.755397][T15724] kasan_check_range+0xef/0x1a0 [ 807.755423][T15724] try_module_get+0x4c/0xd0 [ 807.755452][T15724] dvb_device_open+0x124/0x3b0 [ 807.755476][T15724] ? __pfx_dvb_device_open+0x10/0x10 [ 807.755498][T15724] chrdev_open+0x231/0x6a0 [ 807.755533][T15724] ? __pfx_apparmor_file_open+0x10/0x10 [ 807.755562][T15724] ? __pfx_chrdev_open+0x10/0x10 [ 807.755599][T15724] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 807.755634][T15724] do_dentry_open+0x741/0x1c10 [ 807.755667][T15724] ? __pfx_chrdev_open+0x10/0x10 [ 807.755704][T15724] vfs_open+0x82/0x3f0 [ 807.755728][T15724] path_openat+0x1e5e/0x2d40 [ 807.755766][T15724] ? __pfx_path_openat+0x10/0x10 [ 807.755803][T15724] do_filp_open+0x20b/0x470 [ 807.755835][T15724] ? __pfx_do_filp_open+0x10/0x10 [ 807.755878][T15724] ? alloc_fd+0x471/0x7d0 [ 807.755914][T15724] do_sys_openat2+0x11b/0x1d0 [ 807.755937][T15724] ? __pfx_do_sys_openat2+0x10/0x10 [ 807.755962][T15724] ? __pfx___might_resched+0x10/0x10 [ 807.755998][T15724] __x64_sys_openat+0x174/0x210 [ 807.756022][T15724] ? __pfx___x64_sys_openat+0x10/0x10 [ 807.756048][T15724] ? rcu_is_watching+0x12/0xc0 [ 807.756086][T15724] do_syscall_64+0xcd/0x260 [ 807.756121][T15724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.756145][T15724] RIP: 0033:0x7ff06c18d169 [ 807.756163][T15724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 807.756187][T15724] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 807.756208][T15724] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 807.756223][T15724] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 807.756238][T15724] RBP: 00007ff06c20e990 R08: 0000000000000000 R09: 0000000000000000 [ 807.756253][T15724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 807.756267][T15724] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 807.756290][T15724] [ 807.756297][T15724] [ 808.013463][T15724] Allocated by task 1: [ 808.017535][T15724] kasan_save_stack+0x33/0x60 [ 808.022232][T15724] kasan_save_track+0x14/0x30 [ 808.026943][T15724] __kasan_kmalloc+0xaa/0xb0 [ 808.031548][T15724] dvb_register_device+0x1e4/0x2370 [ 808.036759][T15724] dvb_dmxdev_init+0x33e/0x4e0 [ 808.041545][T15724] vidtv_bridge_probe+0x75d/0xa90 [ 808.046600][T15724] platform_probe+0xff/0x1f0 [ 808.051218][T15724] really_probe+0x23e/0xa90 [ 808.055755][T15724] __driver_probe_device+0x1de/0x440 [ 808.061076][T15724] driver_probe_device+0x4c/0x1b0 [ 808.066136][T15724] __driver_attach+0x283/0x580 [ 808.070933][T15724] bus_for_each_dev+0x13b/0x1d0 [ 808.075821][T15724] bus_add_driver+0x2e9/0x690 [ 808.080524][T15724] driver_register+0x15c/0x4b0 [ 808.085305][T15724] vidtv_bridge_init+0x45/0x80 [ 808.090087][T15724] do_one_initcall+0x120/0x6e0 [ 808.094883][T15724] kernel_init_freeable+0x5c2/0x900 [ 808.100133][T15724] kernel_init+0x1c/0x2b0 [ 808.104494][T15724] ret_from_fork+0x45/0x80 [ 808.108972][T15724] ret_from_fork_asm+0x1a/0x30 [ 808.113799][T15724] [ 808.116140][T15724] The buggy address belongs to the object at ffff888141e84200 [ 808.116140][T15724] which belongs to the cache kmalloc-256 of size 256 [ 808.130219][T15724] The buggy address is located 32 bytes to the right of [ 808.130219][T15724] allocated 216-byte region [ffff888141e84200, ffff888141e842d8) [ 808.144919][T15724] [ 808.147262][T15724] The buggy address belongs to the physical page: [ 808.153694][T15724] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x141e84 [ 808.162578][T15724] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 808.171090][T15724] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 808.178740][T15724] page_type: f5(slab) [ 808.182738][T15724] raw: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 808.191341][T15724] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 808.199944][T15724] head: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 808.208633][T15724] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 808.217324][T15724] head: 057ff00000000001 ffffea000507a101 00000000ffffffff 00000000ffffffff [ 808.226013][T15724] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 808.234868][T15724] page dumped because: kasan: bad access detected [ 808.241293][T15724] page_owner tracks the page as allocated [ 808.247018][T15724] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 25926447421, free_ts 0 [ 808.266762][T15724] post_alloc_hook+0x181/0x1b0 [ 808.271563][T15724] get_page_from_freelist+0x1193/0x39b0 [ 808.277141][T15724] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 808.283065][T15724] alloc_pages_mpol+0x1fb/0x550 [ 808.287931][T15724] new_slab+0x23c/0x330 [ 808.292110][T15724] ___slab_alloc+0xd9c/0x1940 [ 808.296809][T15724] __slab_alloc.constprop.0+0x56/0xb0 [ 808.302208][T15724] __kmalloc_cache_noprof+0xfb/0x3e0 [ 808.307525][T15724] dvb_register_device+0x1e4/0x2370 [ 808.312770][T15724] dvb_dmxdev_init+0x2e1/0x4e0 [ 808.317554][T15724] vidtv_bridge_probe+0x75d/0xa90 [ 808.322612][T15724] platform_probe+0xff/0x1f0 [ 808.327224][T15724] really_probe+0x23e/0xa90 [ 808.331757][T15724] __driver_probe_device+0x1de/0x440 [ 808.337090][T15724] driver_probe_device+0x4c/0x1b0 [ 808.342181][T15724] __driver_attach+0x283/0x580 [ 808.346979][T15724] page_owner free stack trace missing [ 808.352354][T15724] [ 808.354686][T15724] Memory state around the buggy address: [ 808.360324][T15724] ffff888141e84180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 808.368504][T15724] ffff888141e84200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 808.376600][T15724] >ffff888141e84280: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 808.384677][T15724] ^ [ 808.392666][T15724] ffff888141e84300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 808.400757][T15724] ffff888141e84380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 808.408851][T15724] ================================================================== [ 808.490067][T15724] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 808.497337][T15724] CPU: 1 UID: 0 PID: 15724 Comm: syz.3.2366 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) [ 808.509460][T15724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 808.519558][T15724] Call Trace: [ 808.522858][T15724] [ 808.525818][T15724] dump_stack_lvl+0x3d/0x1f0 [ 808.530447][T15724] panic+0x71c/0x800 [ 808.534366][T15724] ? __pfx_panic+0x10/0x10 [ 808.538802][T15724] ? irqentry_exit+0x3b/0x90 [ 808.543427][T15724] ? lockdep_hardirqs_on+0x7c/0x110 [ 808.548666][T15724] ? preempt_schedule_thunk+0x16/0x30 [ 808.554079][T15724] ? try_module_get+0x4c/0xd0 [ 808.558804][T15724] ? preempt_schedule_common+0x44/0xc0 [ 808.564305][T15724] ? try_module_get+0x4c/0xd0 [ 808.569015][T15724] check_panic_on_warn+0xab/0xb0 [ 808.573982][T15724] end_report+0x107/0x170 [ 808.578348][T15724] kasan_report+0xee/0x110 [ 808.582795][T15724] ? try_module_get+0x4c/0xd0 [ 808.587513][T15724] kasan_check_range+0xef/0x1a0 [ 808.592388][T15724] try_module_get+0x4c/0xd0 [ 808.596928][T15724] dvb_device_open+0x124/0x3b0 [ 808.601720][T15724] ? __pfx_dvb_device_open+0x10/0x10 [ 808.607057][T15724] chrdev_open+0x231/0x6a0 [ 808.611511][T15724] ? __pfx_apparmor_file_open+0x10/0x10 [ 808.617083][T15724] ? __pfx_chrdev_open+0x10/0x10 [ 808.622057][T15724] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 808.628863][T15724] do_dentry_open+0x741/0x1c10 [ 808.633659][T15724] ? __pfx_chrdev_open+0x10/0x10 [ 808.638643][T15724] vfs_open+0x82/0x3f0 [ 808.642735][T15724] path_openat+0x1e5e/0x2d40 [ 808.647368][T15724] ? __pfx_path_openat+0x10/0x10 [ 808.652347][T15724] do_filp_open+0x20b/0x470 [ 808.656886][T15724] ? __pfx_do_filp_open+0x10/0x10 [ 808.661967][T15724] ? alloc_fd+0x471/0x7d0 [ 808.666338][T15724] do_sys_openat2+0x11b/0x1d0 [ 808.671039][T15724] ? __pfx_do_sys_openat2+0x10/0x10 [ 808.676262][T15724] ? __pfx___might_resched+0x10/0x10 [ 808.681587][T15724] __x64_sys_openat+0x174/0x210 [ 808.686460][T15724] ? __pfx___x64_sys_openat+0x10/0x10 [ 808.691860][T15724] ? rcu_is_watching+0x12/0xc0 [ 808.696658][T15724] do_syscall_64+0xcd/0x260 [ 808.701233][T15724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.707150][T15724] RIP: 0033:0x7ff06c18d169 [ 808.711583][T15724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 808.731215][T15724] RSP: 002b:00007ff06cf67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 808.739654][T15724] RAX: ffffffffffffffda RBX: 00007ff06c3a5fa0 RCX: 00007ff06c18d169 [ 808.747645][T15724] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 808.755636][T15724] RBP: 00007ff06c20e990 R08: 0000000000000000 R09: 0000000000000000 [ 808.763628][T15724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 808.771622][T15724] R13: 0000000000000000 R14: 00007ff06c3a5fa0 R15: 00007ffec91269e8 [ 808.779631][T15724] [ 808.782917][T15724] Kernel Offset: disabled [ 808.787256][T15724] Rebooting in 86400 seconds..