last executing test programs: 3.031138091s ago: executing program 3 (id=1629): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/fs/lockd/nlm_end_grace\x00', 0x8282, 0x0) write$auto(0x3, 0x0, 0x7) unshare$auto(0x40000080) unshare$auto(0x1) adjtimex$auto(&(0x7f0000000280)={0xfffffff3, 0x0, 0x4, 0x9c, 0xe1d, 0x7, 0x4d, 0x0, 0x5, 0x4, 0x7fffffff, {0x100000000, 0x2}, 0x8000000252, 0x5, 0x3, 0x1, 0x0, 0x80000000000004, 0x5, 0xc578, 0x1, 0x3, 0x7ff}) mmap$auto(0x1, 0x4, 0x8000000000000de, 0xeb1, 0x3fd, 0x8003) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x102, 0x0) write$auto(0x3, 0x0, 0x4fffffdf2) unshare$auto(0x40000080) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(r1, 0x400, 0x1) execve$auto(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x0, 0x8000) writev$auto(r0, 0x0, 0x2c00000000000) fcntl$auto(0xffffffffffffffff, 0x400, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0xa02, 0x0) writev$auto(0x1, 0x0, 0x1) write$auto(0xca, &(0x7f0000000400)='\x04>\x00\x1d\xa4\xd2\xc3\xec&9\v\xbc\xdein\xe1G8\x02\x18\x00\x00\xd3b\x01\xbd\x9b@\xb0\x00\x00\x00\x84\xa2\\\x15\xc4>\xa9\x82,\x95\xeeH\xf8}v\xb3\xcb(\xa90Abe\xc3\x8c\xcc\xe7\xb8\x00F\x89#\xb4\xf0F\xa1GH\xb5\x8f\x9dZ~\xea\xa3\x93\xc2\x04\xe1;b\x99\x97}Z\x7f\x0f\x90\xce\x85-e\xb6n\xbc\xc6=\xf8\xce\xe7\x1e]\x85|\xce\xd7L\x9b\xd3lb\xc5\xee\xdb\xcb\xbb\xd8\xd9\xd3\xf8 \xe9e\xe5\x80\x1c7B+]\\!\xcej}H\x03x\x83Z\x98\xb8\t\xde\xd4\xf5\xf32\xccR\xaa\xdd\x16\xab\xd8\x1d\"\xc7\xa5\xe1k\x1d\xd9k\xc6\xb2\xa7\x97\x9a\xf6\xfe\xef\x1a\xbd\xcb\xb8*\x8b9\x00R\xe9)?Em\xb2\xac\xd1\xf6\xff\xc1\xc7\xbdl\xa2+tI\xa3\xa8\xabVe\x87\xa9\xae9\x82\xd2.SCt\xcc\x8c7\x7f\xdc\xc3\xfb\x94\xfc\xdfc+\x04\xfb\xf5$\xecO1@\x99l;\xd3X\xd5\"\xec\x17hR\xc5\x99\x8b\x9f\xf3\xf48%\xfa\xf2\x1d\xc5\x10T\x83p0\xd7]\x83{\x81\xdei\xd2\xfc\xfd=3K\xc3\xfe\x12\x98\x8b\xbe\xd1+\xc4r\x7f\x8f5\xcc\xa6\xd8>k\xcc\xee\xe0\x9bW\x0e\xc63\x84^\xde`\xd2\xe8\xfc\x02\xef\xa4\xdc\xd0A\xd5`?9D\x1c\x1b\x1b\xd5\xcb\xfb\x03I\xc9\x97\xac#\x0ee\xc8ltL\x88\x17m~aA%\xd3\xaf\xaa6hf\x9b\x83\x02A\xb0\xf6\x14\xb3\x18B\xfd\x9ai\xf8j \a\x1es\xa3U\x98sqq,\xd2A4?l\xa2\x9c\xc9\x9fa\xe8\x99qw\xf3\x18\x12R+(%x\xb6\xf8\x92\xa5\xe4\xdd\xe9\xf2\x0e\xc8', 0x100) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x3, 0x0) io_uring_register$auto(0x2, 0x6, &(0x7f0000000180), 0x670) semctl$auto_SETALL(0x70, 0x234e, 0x11, 0x6) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000180)=""/250, 0xfa) 2.116415069s ago: executing program 3 (id=1636): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x3, 0x21) add_key$auto(&(0x7f0000000140)='/dev/ram2\x00\"!>\x15]\xebj\xf6\x96\rD\x13\x8an^\x92\xd6f\xd8\xab\x8d\xca;\xbd[-8', &(0x7f0000000080)='/dev/ram2\x00', &(0x7f00000000c0)="f0b3cda690da41af7c8005ff512686a9429962dce35124ed3856671de680a0781a3d288ee0f113183cf6ed65d82adb5f250a7cba1fdd64ebf9eebf0090bba20665b4fbf6e8b7cf", 0x9f, 0xfffff801) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram2\x00', 0x14f642, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$auto(r0, 0x0, 0x200) mmap$auto(0xffffffffffffffff, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) r2 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) move_pages$auto(r1, 0x7f, &(0x7f0000000040)=&(0x7f0000000180)="0f9b691e659d524099cde722a59f1ef6dae0f62a205d3dba5b8870144ed3384a10c630894d7dc28b4662179d3c101d307898e6a59b0758f4f408e7823d8436171cd17d65d1b61f4872788f33db29cc32783c0c24fe2e5def022deb79814635fab7d3c77faccf2314b95a12ca0bdc4ce8c74b8e08aeb659f790c2bbe89d3ddf21735e48c0ddf0564031facc47407ef9602b2b7525e5b82d2b4f7dfab0b38118", &(0x7f0000000240)=0xbb7, &(0x7f0000000280)=0x6, 0x5) write$auto(0x3, 0x0, 0xfffffdef) connect$auto(0x3, 0x0, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_DUPFD_QUERY(r0, 0x403, r1) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x6) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0x800000, 0x0) open(0x0, 0xa240, 0x1de) socketpair$auto(0x1e, 0x5, 0x40, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socket(0x2a, 0x5, 0x1000) 2.063578474s ago: executing program 1 (id=1637): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x15, 0x5, 0x0) r2 = pipe$auto(0x0) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000001c0), r1) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r2, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="020027bd7000fbdbdf250500000011c16512228f23cb091de628cfdc3c34c3f992d2304c1831e19ecbe32c1b05235c85167b8550e3d16309f3dcf4b370b1d996f5442c36d771cdfb7400"/86], 0x5c}, 0x1, 0x0, 0x0, 0x4800}, 0x4c090) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x3, 0x9) write$auto(0x6, 0x0, 0x100000001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) open_by_handle_at$auto(r2, &(0x7f00000000c0)={0x79, 0x10001, "fc22ce00065147fe1afc7b7ef50b0c131a65f9e3a450d3c171765e60409befa34f7c88193f034ddc0fd814091a4ad5fc31d49dd842a4efb91894b285935fd2ff5f246f602cfd82c5a84da602011a046bcfa62880f6373d3575801be3498c68ff374298c73d61d47cb63c8973166677f1a39b66304da4407a07"}, 0x7fff) ioctl$auto(0x3, 0x80000541b, 0x38) mmap$auto(0x0, 0x1, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x2a, 0x0, 0x4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0xffffffffffffffff, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x10843, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(r4, 0xae03, 0xe9) r5 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) write$auto_seq_oss_f_ops_seq_oss(r5, &(0x7f0000000680)="9729facfa507ec17e671250eb63e3b4643a15185858e1926aa9714b851b846a2d1da2df5da43982b9c23e01b488f3d0386c1568864c51e67d549333f7ded20c817a63fa0b76c502e681f3f188908bb69fd2c6abc82dab8d5178580fe430e8d4dcf164474f52dbaad3cb0e4fab7251eb597f32712537ebd3600958999b1c9be17381a7fc6eeb7d5779292b8e45150cd8b018fab763375f09bd15d7bf98c412c69aca4d718757df266a686e4f8a8cf507f21f3e04c1148782a81d6359d68bc3150edc538a69a39e4c1c845830fbc403ffe8c0de34c1421714031b288b89b957b6de556d901223a12f387ad34342a1f95d7684987834076c5e0454adab11d515d8908c593dcb1e6e3417d7e3fb7ed3276507c475a60572ea0d7bb1bb5b2681eca89e2616a601d3b784a845c1fdb366625fd76e2c9262fe5043e0005dda4e22a9892c006b336567a2205b843a2ce65ff64536d1a3fc808308214db380bd615fd1da1e10a35bf410c1bcb7ee2dd94a512240a60b3da7cc5d35504c5bf8dcb2470818607e8bcee7c35c78635a6353227dd64d5fae70e4561c6cb165737b8975c5d59f31676b1bebf68f60faee32521e6ecd97b508619b35980744e60f0060171a260604207bb8c22509fdd296fe87f13cbc4f0d52e425b0e9bd9beac5d4bc50445d0ed450f328988e43a2c6fd1c9788209bd55b96b636c53a5552fcf15d9357a57b844781af7fb0c67e4074746bb95bf051899c18d38538d937c23d1c519e0da3e8f3947702ca81ac3b69767b53915e0683bf181ad3edf72be1689bd675659c7c8f1a9c9d5b61642d71d2387e25e358fa65250f60a6789c50275b4c93b50a86123e0fb7d67e9e4d0f44869860046c2155143618b0da8414d5a32c663939a2f4decb5f6e58da8b5bf5efef228a6dbd55a627307485d5f20b49b9c9cd069e5b22048a57c7c3987c6b2b1f53435974f41a018c7561f80333499783d0e952ee1682f733aa89195fb0fe1132eb0ff45ebbd279058f853691a0f0ae0869f72b3099949d2e3fc0b54f43112e3136b5164429d16d2d0d27df08565ff797f0b8aeacb56b9af726afa9084d8e9460cfbb6b30d8104cad7da3758670944859266de7de42452f156055efa33d28d7254446855d4d621193c1b462bbc41c98c03e749f06ed4ab5bd520475bae611984b29e37f29b81785c9f59f35059f78d08b8636e61937c86ec305a158ae71870a944f33308f23ddbd7735d43d7c8411301cc0384d5b53a813f683bb2afe0e0da26c3ad93adf6c6a4b722836fd19573e92bd8aeb4d79ac39dfff8064abd00f2f5340efb93c69bd6a055df72374bb2849b1296bb0290f634c5d06d406d653fbeb9a86154407440b543bcf073c3877b547e9b5b6c11c1e23718f4708c11102da8165fe00f589644d166bc45a7e63176ada8dde31a9955f7defa6ba209fc9efb6fc5e7482eaf44cdf6882eeeb00cb143932ac3f11444dd595e946debbdb57f24642a19e2f3e58959e362bcd5c6fcf8ef16e22b33a155426e663101a1b31ad91bf206822a78b5452503b972b91368f1dd69b18f8caac702076eb481b3112715d831a11774ea4c655f721000a929f753829f86f2e74edd75aceccc16b84ce9cc7c6b11bbcd6f7fe304ca0833b9bd5193171cd15bd3028d056c0c4f621e78dc3699861cb2018fc5f7afb8e724e1573bd9645243eb3e758559c9108b6a902f1b996e9380187a809fd2853e9e4bd0b40383b68220fcdbf10f8dce737ba6508ba21173304b63290421d01fe129409a4c626b72a1b05ebd512f0c32e0590000005a06791c2a24166be04b06ed132f02f24b9cb6c2c5e5697b6248bc0b041e5dd0183c257e3bbc58ec2425f1870e93b3d77add107d5d7e83fc02ef69e082d46fdf6045cad2682681d18265e35030abecc48372b0deb5bea50f445d846922a14fd3ac1f1183b148136a6a35c1932be0af0cd870dbf390ebf1d8ee7d8d4d4a44d9a4e4ec1b206ae70131356b8d220be5b98757e78ab1496f07b152232792fceeed3c19b78263a68a1fab8755b9f9559239e00f035a8753a49aaa7eac8574c830b2e4b59a0400ec4f4e80cae74ce56b80107ce3950523dc53c3f1f06e6c277b3d6e45dcc9708e41e0aa010f31c1392d8ebccf1401462636c752449b5803b2c9d5141f68c26e44241fccb1f1af2c839096c319ba9a626212cdb8664f1e02445278b4f5fc4280a3a1d62a8f5dae9de9c6066262247b867193e2b85c92803c4f2dad056d4d945fd8f8d45829e59d15263796c0df81069df72370e890", 0x658) ioctl$auto(r0, 0x400454ca, 0x38) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) 2.009801085s ago: executing program 0 (id=1638): mmap$auto(0x0, 0x7, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/acpi/interrupts/ff_rt_clk\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) 1.965740339s ago: executing program 2 (id=1639): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nbd7\x00', 0x228040, 0x0) r0 = openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000440), 0x109101, 0x0) pread64$auto(r0, 0x0, 0x9b3, 0x40000010100) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) r1 = socket(0x2, 0x80002, 0x73) r2 = socket(0xa, 0x1, 0x84) r3 = semctl$auto(0x2, 0x4, 0x3, 0x80000001) sendmsg$auto_NL80211_CMD_DEL_STATION(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000001040)=ANY=[@ANYBLOB='4\n\x00\x00', @ANYRES16=0x0, @ANYBLOB="080029bd7000fcdbdf2514000000e0015a8005008f00000000003400ef00f9ddaf84902fa100aa775b172b10c2c4f573c87135fcf69061a3f9f18c698af296a78d1412659c2fec09c2c912b328709500098008004000ac141420040029801a84b9d9b85e6e8311d4d0eda4bcac24b091fcc567438035f1ccf07d31c15f4759b2c4841f813eeb791e16346c825f1be7c393ab463f8df90cf9b214f2c18a8a2e3a1776cef5282f5942d36bf944438b6c74a06021e036c1df8745a3d37258f31a2d148123a0b41aa5841401fbb5daeddc59cc01ef000000fd00b780040015803e75cd89b7a2de0c3eecc06682bfc3822d93a108b5bd2a29b1adeae689204150105b97e5fe38602bdac2d5b5bc9ca0ea9355a804004580072df1c4937119e02bffa7ec840a350ac25051497790682dee3420f715ced8655cd88b0a8fa5f03ab499325301f8bd6d0e4f79009600db77a7cbafc504b6924f8e8ea457e25fc1034bd9b74f9dd3c1c83cceb3a520e2707b909ac14853811e5c81467b707f78d4416ba210279dbaa256ddaa593767de81afd7838ac10b798c2ed70b9dbfa2d965a100db85716b435f71829b0154f1f7af727495e86dfce4b7f095ee75be116d6a70f5f7d4000000040042800c001300fb0200000000000000000008000700"/490, @ANYRES32=r3, @ANYBLOB="08003700090000000400d1000400dd0005007400e00000000500890008000000ea0733006e6270b18fc3b4a4f1affa78da9f8985e62bd3c7cce6e6495a3fed2ad03b4a92df22751ea0d5e5198f876110b304a70179464353ca7e1783a045f3895231b2087bd8ea67cc41bc5695fdefc6247cc8850c3eb42aad98fef413023240d349f2058bae7efac789cf810220bf53c45fa5f2a92fd99098d06dd75013963507402fad8adec3ea480368809bf799ab0c6ea2cce82f2d5cc097eefefccc3da74df30b465c50fdbbcac39ce04dadd6a55c91b0fcb53392ff9e6f185aed8dd1a0b49d5644c409777205d1c3ec0fd10a863dda17728dffbb4b9f9cb8d719c5ad721a3e4c6b2b56c9ca5abbe7abd4faf95314595ee7ebabdee2496da8e3a1e4ec1cf8aa3f6d7ff19aa8045f41e2dc3a4b28529888602e492445674c60558f8504a23fac8d46866033791a456bce7b616ddfee63ac63730a221c0b24df1a2352d7b35a2b950f2f687a634bdf4defe9fc1d7f93e1d6a24230711dbacd397ac3a44d9db802d5df466e6d6c23ed3074d08aaafdf0994ea898db3c0d9f1e6b2f43056b980b14fd79b3726ba7433ef05048cca331f64f94b0cce65f0a65b882e154dd633bbc330c5d6f3e0cd7b6f8fecc7faca4c1320ffe84d38a27085989667646efadb22bcefdf45b26b62e01f36110096001668922993bfcb59e66e8c4e2305780c7025b139a1747a7ece7405954e6f6fc2727cf9f5f4a18442d8dbcbdba0a1405b72be231d7d0996304aa273102429a1484074e9cb92d3f6de36a703c94251109ab24500bc30a82a4960762fc83d84183109ed9c527a01fb4546eb314e6265301ec0e9bf642195594ec0d052b4496729e42cc359d81d5fcec865184ed6c77de7a69b8cf93e44505b2e101e16f722b29bd1c273c4287bb0b19353a520a368ab3bdb47b393a2b2dcb0dfadde28437fbb6a4151f9db21677bff7c636265ac190963b56f562a9581089b64d2c4b210e17df44a388b785b8189b2369ba70b4ec11cfb1ec770b241489335184ee91280a699605427212d0c0a72335b64efe6ecab223a09608a7b9cf2319bf9fe76951447e28f02bd370fddf82467404ac7f2f5751b333a4751bdae5bb9a1500f751599d08b7ebaa14bd922d8c042c63a31a408bf0cf6bb539a4a5e17e36b7dfe93c3428a3f71c90e8fe677e50093eef35a31ad49c9eeff52adc253053f7e97faf2a9bbfbb214d540167fade2dc53477357aad0ee67b5fba3a76740b00c696948ab0c6d048b12aa3bc5057f3128f29f8494d41c401b12e605bd4ca880d1b3f925080bdd8b2eb209da2dfe59e9e37ed290501c19f5b4d8e57704b32c145df3a5b11157349ab8db4bae9d7394c9b40fbd407f9859cd2bb2ce15c8a8c64ff8609908da7a028bc9b7aafdd1159cdac65705e240cfc584e6e029e4d870f4974198edcf98cefbf137ec6d18d583b699b0a78ca049feb32995c8b2be8067c5b4ec1524cbaa47dfcd6fd57f5d684195fb946c11e5981b8cfe4f7659ed6e2ba8689b3ba5a64967b509450d1d13f5c3ee0dd33d51dc8ad1f658023be1febfc997fc5f7f5262f8ef800ca99c616c4c93c70499825773b6ce4a5d4c0d87837323fca7790c9de9e667cf0a8fb006709d630a14a6eaa0105c745ebe1525c4ef4c8136176b725315a45d11a0684c1cc3a21fb6ba8c26fad466567e42bb3d82f389921fff43324fa2e31465812fa8f5a8d0dcc07bd31658bdffe82ea2826f76c8a7dbb7f514d22fcb5766bb0c590d8541e9e11477019bc43e297de2adc7a4ff5e8183c8698b95f4d40a844f80ef284213bff9d87096cdfc403534e80554ed4bc3436b04bf35257a41526ae0311deff13e36dbf95f6722b0cbc6f908fcb88eacf00fb99a3930acbb0af828c2165e939d8b0a6a261aabe690859d2612d7335e6da78f82b62f99cd2bc8619f29e8d704f918fe9db1bc53afca2a55ee649b3fe3d3b329faff70a5f981cc89409ec5dc06bec36c960cccfa3f36df8def26dbf14b03a0bafb7afd8024e933d3aefe9e2fee2454d5c46646bb4a65bd474196eb8f57aeca85f524e6292421ed7e12422067808da9632774fc428ab5a74dc402cd471b5c9d10118cdce54c6f03ca5cfca9c52cab3bce171ce0e7b466b4af63a6d61f3f13428e9271f63afac0dc3a06f9116fd17f2d4ceb6dbbe86e3654f0247a0459c4af46d6dc1e26643c7f1da769cf90d0909be946d824b8cee265f9e9ac280bf3ebf5c9e6fd2bf1cff02b8b45c984d2b4637c7e059c846080369efbcacdada8f6788875fbff0177b399b6295489274ac3a077432b462c76c7266d75c724b8bfa199c38980c442add1886b646235bbc470af414c04bff683ecc7df29e8064eee4c25e41cef050ea7f89fd5703742f86be91e5f0964a8f94e2ae1f16415c9f700ca11dcd41e6db0c5c61dad6eacd74e4077f0c3fb6e4cf9be688097e8abc87f9e2dff1400dd6fdefdf8e0749c1f1cce927d4d8bfa002a3633c7855cbb78191b01cf9a1be7bd043e78533aca0b01b1141f123c02b552354cfe1d35df2722b859b45ef2d508bf6cdab0fe3801196955b599ad4f7d7023a757f14cccfa6f05c61c5200476933c50edd499aeebdcd50a4b88119792defbafb742d8d843e54f938775c77b3b1fdf1de061ff6851aa9801a5e9cd1489c386fd46fa835bfd9eb6e3c8e8c380f73baae300551ac4177cfd0b755d6afa2c80a558a23b9d08254226d7b2264431daf40f5aef9273097c2d752aa1c9d71d9b0ee87152fba8e992562a65a1a3bca56b5ee8c2ad8931b56ba62f33fa2ce15c33adb71d02a14658038035d01728e244ba3ede66dcdafa7fa4d21394a9e4b94ecb27096ea2cc92d3fb0028b35f8cfdd80ee46e57b17c668a0c9305a76a000032000d0135ae9c2c8f8114ca8ac9366c0f688ba772b76124f235d4974d8c144dc9c482034592d3ba3df5edd6c12fcb509ec80000"], 0xa34}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x33a00, 0x0, 0x9, 0x0, 0xfffffffffffffffe, 0x3333}, 0x7}, 0x9, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/ip_forward\x00', 0x2002, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/ip_local_port_range\x00', 0x20202, 0x0) sendfile$auto(r4, r5, 0x0, 0x4) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="810b25bd7000ffdbdf254180ec82e81236b80100000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x0, 0x432, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_LINK_ID={0x5, 0x139, 0x6}, @NL80211_ATTR_IFTYPE={0x8}, @NL80211_ATTR_PRIVACY={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x0) socket(0x28, 0x3, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2000, 0x0) openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, 0x0, 0x8240, 0x0) r6 = eventfd$auto(0x8c) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r6, 0x40505412, &(0x7f0000000100)={0x0, 0x5, 0x3, 0xf5, 0x8, "5c79a7390ea1f024169e5072944fa9703f290259708128d20cbbe6a10c83b62a34969f6bf56c71a8f5ed8711d7c2b3de2dfe918e3793dbd5e79ded25"}) socket(0x2, 0x801, 0x100) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) 1.81882906s ago: executing program 0 (id=1640): r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/8/actions\x00', 0x60000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)=""/58, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) chmod$auto(&(0x7f00000000c0)='./file0\x00', 0xf4ba) r2 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer2\x00', 0x200000, 0x0) ioctl$auto_SOUND_MIXER_READ_RECMASK(r2, 0x80044dfd, &(0x7f0000000100)="90631428984bf991286be7ed8802be8aa74dc9d8463a171247b63ef0346be9e46493bfcf7d356b60a9bd8b663d6722f9") getrandom$auto(0x0, 0xe, 0xae0f) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_BEARER_SET(r3, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x18, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x80000) r4 = gettid() process_vm_writev$auto(r4, 0x0, 0x3, 0x0, 0x4, 0x0) sendmsg$auto_TIPC_NL_BEARER_ADD(r0, &(0x7f0000000780)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000740)={&(0x7f0000000140)=ANY=[@ANYBLOB="ec070000", @ANYRES16, @ANYBLOB="10002abd7000fcdbdf2515000000a40208801b00c60033ffe731ab97e2d6553db2110c2c7ff654912d47f70b2700e2008380040099800400c6800400188004005e8073d441eb2e5e33b33be54e00407eed4dd39fba6689fbe4e5dcc014fa9815c1d925069f5a06671857aed9a30a4f10ed29c3d33907b77da079f0317a2cfe629414c3a61f2214be61f16562ff10d0d64d63fd3c9d7c9465fa2d5c92b70a2ea14f58a39bd1ce35fb2e8686cbe44029a6ff50a47f8b31c97cd379929b8df6fed133f87b1e2d7ec8b04000c000c5413a365765a5a63569c6cf6c502123141fa56f0642748a6e76dd9ea9690a41fbffe64ee76ec9402738fda8db9d9d117e71a9629fc1c38ac91f9ee504001d800400760000007f007d80093244676a3b238d61e6cc58e89e9cdb94fab0507a349ed9a4f528a13a1ca69792af26b102e1be3fb910f8e9eeb51cf1a78930d506080af114dcd55c577f98c071ceea8de5460734153cc328666670ffaa2c7e420802f9f3c62e42a526dd623b1fc74fb626ab124567b06bb8ad87a80c00e700ad6c000000000000002001ae807000f4000c68e085f75d9642d0db1acdc289e1587d1f34850756da7add2914f6c4f9561e6f1f6b2ab5335ae6c6232223da4b1aa16dfe0a541a8e7c4e1a4bf581571fd91f186d1e88c56f21f7d9588da437b5ee06c4a3db6e7994aa4f6bfe8f020be689ce6c0b07aeb2b1abfdbea3e3feab00f30026a495e5b38a94357fb1e937636186601dcff98755e83228cec612426faf74d7015c0f027b95c88b94d5de2ac6c083052130e6250bde9d032570d965d7f1fe725556b5d560a5806a70a09b184396e80380679a702dd384101577051550f6a4985f19066ad141a96c8e84e1a21173de506a0d235ed4b898c227fe2e222c0c478bc04085a02f8a5beb4e890a505affc32d7a3d9bc55647f4cdfdce4285072d6c9034d9576b3e1d4600ed0203803501a6805c00e617c8a2af0b149775e691a5e1118c4d8112c714aed5e7890109844fb4b8a96bac4174ca6a78f0255d294981a4e35a79bbbc1fb2172b8bf8d4af80911c298e49a728ad24f97516d7f5d13d3b92a6941a8744c4b613575ded33f7423cb35701470516f91cf6ecfbdd73bbae56adc2a2d0022b2bcf0c3eeac844e016606f368646143f3dd3d768a50e0c0c57b441d013148cd33b220dbdfe425bff6a51eb927835c2a8758f3baa4a7a1ca3c49db71731b4e4517011f058875e9a1417b5b6a91a7ed06446e27fb653515934f5e8bc0773147ca1fd03ae0696fb5a967a074c585df8b7f3a87f40eb33aa2fedc41df9acb340b2f7e40800a500", @ANYRES32=r4, @ANYBLOB="0400b38004001180f7120c8a0c702253a501e0ca7e10446366099b25b44b968e74781b357c7ff526bb1da27594ae4a7f5ea2c007000000b400fd80a400530094c8425fe1bda703d925def298ad1716750a4de94ab285773477eee14a3818794f20211efa0f9bd125cbfd78a8d9e7a515795420eb9a7a8fdf531807ef11c33414c1b5ee727ae38d941e4288f3e9f226cd4b3f75e3eb2007349e00ad21151fe2f87385a6d472893190a946f2557096bcbafe2be71395e00bda3df97efebccc158bc5316dcfd9f3be21d209ed331daa57180953f6e6abfcf2d1da738d720581e90c006800080000000000000004002d002083fc1ade19b1760aa00fbef0209c98e11481a91d866c67581b4fecd7cabfea512945093e48503777496a850869cb9e4ad32ede6f25a3deda22c25700b14b02233f300950194b675649a433545e383b9016c805fbcab57766c60eac3cd55770ddfcdb62e261476a56501e8cf597858d71a049db9afae6d0dbd408931fe0c3c8beaea884a851e4dcdacdf11f7fb904c1fd0b273db5076ba1edf687b05c8ead3f658a7ea8b4ffa30afb84e2a68e3ceb6f44f2b8402cfea90bb78c33384ebc7171253174f7c26a955eb1a82d43ea5ddbaf9e0d8f2f5c1bb883928d2a7b18e0094bea1501529efa505a5d94f431e0e4978d5a1d47d6575f293f3c0000004300088019f538b41150d7eef5842b18f406953bd94e6de0478c8e59ab5ee1abe84375c6e948fa927b4f6e8f0999b00ee7499bb95d4d6c2d2f8cf408007900e000000100"], 0x5ec}, 0x1, 0x0, 0x0, 0x20000040}, 0x4008011) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/sys/vm/nr_overcommit_hugepages\x00', 0x80001, 0x0) write$auto(0x3, 0x0, 0xfdef) stat$auto(0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r5 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x4, 0x8000000000001, 0xffff}, 0x9, 0x0) landlock_restrict_self$auto(r5, 0x0) sendmsg$auto_TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000003e80)={0x0, 0x0, &(0x7f0000003e40)={0x0}}, 0x8040) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_GET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r7, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x6, 0x1, 'd\x00'}]}, 0x1c}}, 0x40000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000800), r5) 1.470575546s ago: executing program 0 (id=1641): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001fc0)='/dev/input/event2\x00', 0xc0502, 0x0) ioctl$auto_EVIOCSKEYCODE_V2(r0, 0x40284504, 0x0) 1.275014981s ago: executing program 1 (id=1642): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_TIOCGDEV2(r0, 0x5410, 0x0) 1.141956676s ago: executing program 0 (id=1643): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vbi17\x00', 0x280, 0x0) ioctl$auto(r0, 0xc0905664, 0x38) 1.074079938s ago: executing program 1 (id=1644): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/lockd/parameters/nlm_grace_period\x00', 0x8001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) 981.287565ms ago: executing program 3 (id=1645): r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/8/actions\x00', 0x60000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000080)=""/58, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) chmod$auto(&(0x7f00000000c0)='./file0\x00', 0xf4ba) r2 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer2\x00', 0x200000, 0x0) ioctl$auto_SOUND_MIXER_READ_RECMASK(r2, 0x80044dfd, &(0x7f0000000100)="90631428984bf991286be7ed8802be8aa74dc9d8463a171247b63ef0346be9e46493bfcf7d356b60a9bd8b663d6722f9") getrandom$auto(0x0, 0xe, 0xae0f) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_BEARER_SET(r3, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000240)={0x18, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x80000) r4 = gettid() process_vm_writev$auto(r4, 0x0, 0x3, 0x0, 0x4, 0x0) sendmsg$auto_TIPC_NL_BEARER_ADD(r0, &(0x7f0000000780)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000740)={&(0x7f0000000140)=ANY=[@ANYBLOB="ec070000", @ANYRES16, @ANYBLOB="10002abd7000fcdbdf2515000000a40208801b00c60033ffe731ab97e2d6553db2110c2c7ff654912d47f70b2700e2008380040099800400c6800400188004005e8073d441eb2e5e33b33be54e00407eed4dd39fba6689fbe4e5dcc014fa9815c1d925069f5a06671857aed9a30a4f10ed29c3d33907b77da079f0317a2cfe629414c3a61f2214be61f16562ff10d0d64d63fd3c9d7c9465fa2d5c92b70a2ea14f58a39bd1ce35fb2e8686cbe44029a6ff50a47f8b31c97cd379929b8df6fed133f87b1e2d7ec8b04000c000c5413a365765a5a63569c6cf6c502123141fa56f0642748a6e76dd9ea9690a41fbffe64ee76ec9402738fda8db9d9d117e71a9629fc1c38ac91f9ee504001d800400760000007f007d80093244676a3b238d61e6cc58e89e9cdb94fab0507a349ed9a4f528a13a1ca69792af26b102e1be3fb910f8e9eeb51cf1a78930d506080af114dcd55c577f98c071ceea8de5460734153cc328666670ffaa2c7e420802f9f3c62e42a526dd623b1fc74fb626ab124567b06bb8ad87a80c00e700ad6c000000000000002001ae807000f4000c68e085f75d9642d0db1acdc289e1587d1f34850756da7add2914f6c4f9561e6f1f6b2ab5335ae6c6232223da4b1aa16dfe0a541a8e7c4e1a4bf581571fd91f186d1e88c56f21f7d9588da437b5ee06c4a3db6e7994aa4f6bfe8f020be689ce6c0b07aeb2b1abfdbea3e3feab00f30026a495e5b38a94357fb1e937636186601dcff98755e83228cec612426faf74d7015c0f027b95c88b94d5de2ac6c083052130e6250bde9d032570d965d7f1fe725556b5d560a5806a70a09b184396e80380679a702dd384101577051550f6a4985f19066ad141a96c8e84e1a21173de506a0d235ed4b898c227fe2e222c0c478bc04085a02f8a5beb4e890a505affc32d7a3d9bc55647f4cdfdce4285072d6c9034d9576b3e1d4600ed0203803501a6805c00e617c8a2af0b149775e691a5e1118c4d8112c714aed5e7890109844fb4b8a96bac4174ca6a78f0255d294981a4e35a79bbbc1fb2172b8bf8d4af80911c298e49a728ad24f97516d7f5d13d3b92a6941a8744c4b613575ded33f7423cb35701470516f91cf6ecfbdd73bbae56adc2a2d0022b2bcf0c3eeac844e016606f368646143f3dd3d768a50e0c0c57b441d013148cd33b220dbdfe425bff6a51eb927835c2a8758f3baa4a7a1ca3c49db71731b4e4517011f058875e9a1417b5b6a91a7ed06446e27fb653515934f5e8bc0773147ca1fd03ae0696fb5a967a074c585df8b7f3a87f40eb33aa2fedc41df9acb340b2f7e40800a500", @ANYRES32=r4, @ANYBLOB="0400b38004001180f7120c8a0c702253a501e0ca7e10446366099b25b44b968e74781b357c7ff526bb1da27594ae4a7f5ea2c007000000b400fd80a400530094c8425fe1bda703d925def298ad1716750a4de94ab285773477eee14a3818794f20211efa0f9bd125cbfd78a8d9e7a515795420eb9a7a8fdf531807ef11c33414c1b5ee727ae38d941e4288f3e9f226cd4b3f75e3eb2007349e00ad21151fe2f87385a6d472893190a946f2557096bcbafe2be71395e00bda3df97efebccc158bc5316dcfd9f3be21d209ed331daa57180953f6e6abfcf2d1da738d720581e90c006800080000000000000004002d002083fc1ade19b1760aa00fbef0209c98e11481a91d866c67581b4fecd7cabfea512945093e48503777496a850869cb9e4ad32ede6f25a3deda22c25700b14b02233f300950194b675649a433545e383b9016c805fbcab57766c60eac3cd55770ddfcdb62e261476a56501e8cf597858d71a049db9afae6d0dbd408931fe0c3c8beaea884a851e4dcdacdf11f7fb904c1fd0b273db5076ba1edf687b05c8ead3f658a7ea8b4ffa30afb84e2a68e3ceb6f44f2b8402cfea90bb78c33384ebc7171253174f7c26a955eb1a82d43ea5ddbaf9e0d8f2f5c1bb883928d2a7b18e0094bea1501529efa505a5d94f431e0e4978d5a1d47d6575f293f3c0000004300088019f538b41150d7eef5842b18f406953bd94e6de0478c8e59ab5ee1abe84375c6e948fa927b4f6e8f0999b00ee7499bb95d4d6c2d2f8cf408007900e000000100"], 0x5ec}, 0x1, 0x0, 0x0, 0x20000040}, 0x4008011) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/sys/vm/nr_overcommit_hugepages\x00', 0x80001, 0x0) write$auto(0x3, 0x0, 0xfdef) stat$auto(0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r5 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x4, 0x8000000000001, 0xffff}, 0x9, 0x0) landlock_restrict_self$auto(r5, 0x0) sendmsg$auto_TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000003e80)={0x0, 0x0, &(0x7f0000003e40)={0x0}}, 0x8040) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_GET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r7, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x6, 0x1, 'd\x00'}]}, 0x1c}}, 0x40000) sendmsg$auto_NL80211_CMD_AUTHENTICATE(r6, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000880)={&(0x7f0000000900)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="040029bd7000fbdbdf252500000005d3be0238a18427e5548c2c12002900090000000500130104000000"], 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x4040004) 973.055428ms ago: executing program 0 (id=1646): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000000)={0x20, r1, 0x301, 0x70bd23, 0x25dfdbff, {}, [@CTRL_ATTR_FAMILY_NAME={0x9, 0x2, 'l2tp\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) 920.57807ms ago: executing program 2 (id=1647): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/neigh/ipvlan0/retrans_time\x00', 0x121482, 0x0) pwrite64$auto(r0, 0x0, 0xec, 0x0) 877.808583ms ago: executing program 1 (id=1648): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000002100), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x8470}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044800}, 0x4000) 765.613953ms ago: executing program 0 (id=1649): unshare$auto(0x40000080) socket(0x10, 0x2, 0x7fffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) socket(0x28, 0x1, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="2f212abd"], 0x14}}, 0x4000000) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000000c0)="58fcb282bcbc38bfaef257e019406e8ec445cd4f7f7662ac0f8834baa918d5b3cea133243c4f2b9a39e536b67f5a1a2bfdf589da2b1c980e9ce53883444996d1721d7f3ae627c6c68118e15b5a753fd37910fbc02d898cfc8254c80582fc6184113a38c8937e") openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.max.depth\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(0x3, 0x0, 0x80) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f00000001c0), 0x1cb803, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x40146f2c, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x7, 0x7, 0xd, 0x1, 0x948b, 0x4460, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x1, 0x5, 0x2]}, 0x0) unshare$auto(0x40000080) prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x40400, 0x0) io_uring_setup$auto(0x4bf15e08, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f00000000c0)={0x1, 0xfa, 0x9, 0x1, 0x418, "e72171dd9872b555facc1e8f"}) bpf$auto(0x0, &(0x7f0000000480)=@link_update={0xa, @new_map_fd, 0x4007, @old_prog_fd=0x13b}, 0xa3) 735.228744ms ago: executing program 2 (id=1650): bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) write$auto(r0, &(0x7f0000000040)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x4) 647.200543ms ago: executing program 1 (id=1651): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/kernel/tracepoint_printk\x00', 0x101202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) 531.529921ms ago: executing program 3 (id=1652): pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\xfc\x00\x06\x00\x06\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) 527.242134ms ago: executing program 2 (id=1653): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/amidi2\x00', 0x80102, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card2/midi1\x00', 0x4a640, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)=""/193, 0xc1) 433.222491ms ago: executing program 1 (id=1654): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x3, 0x21) add_key$auto(&(0x7f0000000140)='/dev/ram2\x00\"!>\x15]\xebj\xf6\x96\rD\x13\x8an^\x92\xd6f\xd8\xab\x8d\xca;\xbd[-8', &(0x7f0000000080)='/dev/ram2\x00', &(0x7f00000000c0)="f0b3cda690da41af7c8005ff512686a9429962dce35124ed3856671de680a0781a3d288ee0f113183cf6ed65d82adb5f250a7cba1fdd64ebf9eebf0090bba20665b4fbf6e8b7cf", 0x9f, 0xfffff801) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram2\x00', 0x14f642, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$auto(r0, 0x0, 0x200) mmap$auto(0xffffffffffffffff, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) r2 = socket(0x2b, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) move_pages$auto(r1, 0x7f, &(0x7f0000000040)=&(0x7f0000000180)="0f9b691e659d524099cde722a59f1ef6dae0f62a205d3dba5b8870144ed3384a10c630894d7dc28b4662179d3c101d307898e6a59b0758f4f408e7823d8436171cd17d65d1b61f4872788f33db29cc32783c0c24fe2e5def022deb79814635fab7d3c77faccf2314b95a12ca0bdc4ce8c74b8e08aeb659f790c2bbe89d3ddf21735e48c0ddf0564031facc47407ef9602b2b7525e5b82d2b4f7dfab0b3811800", &(0x7f0000000240)=0xbb7, &(0x7f0000000280)=0x6, 0x5) write$auto(0x3, 0x0, 0xfffffdef) connect$auto(0x3, 0x0, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0xff) socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_DUPFD_QUERY(r0, 0x403, r1) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x6) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0x800000, 0x0) open(0x0, 0xa240, 0x1de) socketpair$auto(0x1e, 0x5, 0x40, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socket(0x2a, 0x5, 0x1000) 320.318308ms ago: executing program 3 (id=1655): setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) setfsuid$auto(0x0) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/options/test_nop_accept\x00', 0x2, 0x0) 271.945662ms ago: executing program 2 (id=1656): mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) ioperm$auto(0x7, 0x6, 0x2) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000001c0)='/\x00', &(0x7f0000000400)={0xc, 0x9, "7fe41baa0a63df918c51c201"}, 0x0, 0x1001) 185.602574ms ago: executing program 3 (id=1657): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0xd}, 0x5, 0x20000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) r1 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/trace\x00', 0x1a6b75d63882e712, 0x0) mmap$auto(0x3, 0x40009, 0xdf, 0x9b72, r1, 0x28000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto(0x5, &(0x7f0000000000)=@test={0x12, 0x1, 0xa93f, 0x9, 0x3, 0x3, 0x3da1, 0x0, 0xb4, 0x5, 0x140000000000, 0x0, 0x7fffffff, 0x9, 0x1}, 0x171) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/card0/pcm0c/sub4/xrun_injection\x00', 0x400, 0x0) r3 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0x42, 0x14, 0x401, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x3) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) write$auto(0x1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) ioctl$auto(r3, 0x80004d00, r2) socket(0x29, 0x80000, 0xed) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0x0, 0xe9, 0xe3, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xf90000, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) clone$auto(0x800000000021, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) 0s ago: executing program 2 (id=1658): socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) kernel console output (not intermixed with test programs): hw-vuln/l1tf.html for details. [ 106.016813][ T5951] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 106.032891][ T5951] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 106.075470][ T5951] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 106.143468][ T5951] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 106.179110][ T5951] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 106.200269][ T5951] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 106.220352][ T5951] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 106.247901][ T5951] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 106.304773][ T5951] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 106.334689][ T5951] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 106.359124][ T5951] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 106.377877][ T5951] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 107.108824][ T5976] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14'. [ 107.366416][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 108.146498][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 108.226543][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout [ 108.386484][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout [ 108.657536][ T5990] delete_channel: no stack [ 108.894214][ T5983] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 108.920282][ T5983] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 108.927632][ T5983] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 108.942654][ T5983] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 110.038280][ T6012] could not allocate digest TFM handle [ 110.148799][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 110.948272][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout [ 110.948344][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 110.954336][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 111.297325][ T6045] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 111.356753][ T6042] bridge0: port 3(syz_tun) entered blocking state [ 111.363341][ T6042] bridge0: port 3(syz_tun) entered disabled state [ 111.377542][ T6045] mmap: syz.2.26 (6045) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 111.442165][ T6042] syz_tun: entered allmulticast mode [ 111.495456][ T6042] syz_tun: entered promiscuous mode [ 111.569148][ T6042] bridge0: port 3(syz_tun) entered blocking state [ 111.575930][ T6042] bridge0: port 3(syz_tun) entered forwarding state [ 111.910668][ T6033] ima: policy update failed [ 111.926652][ T30] audit: type=1802 audit(6038525707.751:2): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.25" res=0 errno=0 [ 112.046968][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.055746][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.097571][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.106229][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.238756][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 112.455486][ T6055] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.600084][ T6032] FAULT_INJECTION: forcing a failure. [ 112.600084][ T6032] name failslab, interval 1, probability 0, space 0, times 1 [ 112.646975][ T6032] CPU: 1 UID: 0 PID: 6032 Comm: syz.1.24 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 112.647019][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 112.647039][ T6032] Call Trace: [ 112.647050][ T6032] [ 112.647067][ T6032] dump_stack_lvl+0x16c/0x1f0 [ 112.647112][ T6032] should_fail_ex+0x512/0x640 [ 112.647142][ T6032] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 112.647178][ T6032] ? __pfx_cec_config_thread_func+0x10/0x10 [ 112.647209][ T6032] should_failslab+0xc2/0x120 [ 112.647232][ T6032] __kmalloc_cache_noprof+0x6a/0x3e0 [ 112.647264][ T6032] ? lockdep_init_map_type+0x5c/0x280 [ 112.647287][ T6032] ? __kthread_create_on_node+0xce/0x3f0 [ 112.647325][ T6032] ? __init_swait_queue_head+0xca/0x150 [ 112.647356][ T6032] ? __pfx_cec_config_thread_func+0x10/0x10 [ 112.647387][ T6032] __kthread_create_on_node+0xce/0x3f0 [ 112.647427][ T6032] ? __pfx___kthread_create_on_node+0x10/0x10 [ 112.647473][ T6032] ? cec_adap_enable+0x77c/0xc30 [ 112.647508][ T6032] ? __pfx_cec_config_thread_func+0x10/0x10 [ 112.647540][ T6032] kthread_create_on_node+0xc7/0x100 [ 112.647578][ T6032] ? __pfx_kthread_create_on_node+0x10/0x10 [ 112.647615][ T6032] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 112.647648][ T6032] ? lockdep_init_map_type+0x5c/0x280 [ 112.647682][ T6032] ? lockdep_init_map_type+0x5c/0x280 [ 112.647711][ T6032] cec_claim_log_addrs+0x13e/0x2e0 [ 112.647743][ T6032] __cec_s_log_addrs+0xdc9/0x1670 [ 112.647784][ T6032] cec_ioctl+0x4b8/0x2970 [ 112.647820][ T6032] ? __pfx_cec_ioctl+0x10/0x10 [ 112.647854][ T6032] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 112.647881][ T6032] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 112.647908][ T6032] ? do_vfs_ioctl+0x512/0x1990 [ 112.647937][ T6032] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 112.647985][ T6032] ? find_held_lock+0x2b/0x80 [ 112.648015][ T6032] ? hook_file_ioctl_common+0x145/0x410 [ 112.648052][ T6032] ? __pfx_cec_ioctl+0x10/0x10 [ 112.648085][ T6032] __x64_sys_ioctl+0x190/0x200 [ 112.648116][ T6032] do_syscall_64+0xcd/0x260 [ 112.648145][ T6032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.648169][ T6032] RIP: 0033:0x7fee06b8d169 [ 112.648188][ T6032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.648210][ T6032] RSP: 002b:00007fee07a71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 112.648232][ T6032] RAX: ffffffffffffffda RBX: 00007fee06da5fa0 RCX: 00007fee06b8d169 [ 112.648248][ T6032] RDX: 00002000000000c0 RSI: 00000000c05c6104 RDI: 0000000000000005 [ 112.648262][ T6032] RBP: 00007fee06c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 112.648276][ T6032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.648290][ T6032] R13: 0000000000000000 R14: 00007fee06da5fa0 R15: 00007ffc59b8d8d8 [ 112.648319][ T6032] [ 113.052767][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 113.066526][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 113.081946][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 113.853035][ T6064] netlink: 544 bytes leftover after parsing attributes in process `syz.2.30'. [ 114.396634][ T6074] netlink: 8 bytes leftover after parsing attributes in process `syz.3.33'. [ 114.466964][ T5847] Bluetooth: hci3: unexpected event 0x1d length: 6 > 5 [ 115.602034][ T6061] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 115.650906][ T6061] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 115.680711][ T6061] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 115.710481][ T6076] GUP no longer grows the stack in syz.0.31 (6076): 1000-401000 (0) [ 115.731954][ T6061] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 115.758683][ T6076] CPU: 1 UID: 0 PID: 6076 Comm: syz.0.31 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 115.758730][ T6076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 115.758749][ T6076] Call Trace: [ 115.758761][ T6076] [ 115.758773][ T6076] dump_stack_lvl+0x16c/0x1f0 [ 115.758818][ T6076] gup_vma_lookup+0x1d2/0x220 [ 115.758862][ T6076] __get_user_pages+0x234/0x36f0 [ 115.758908][ T6076] ? __pfx___might_resched+0x10/0x10 [ 115.758968][ T6076] ? __pfx___get_user_pages+0x10/0x10 [ 115.759011][ T6076] ? __pfx_down_read_killable+0x10/0x10 [ 115.759061][ T6076] ? __lock_acquire+0x5ca/0x1ba0 [ 115.759097][ T6076] __gup_longterm_locked+0x20d/0x1850 [ 115.759153][ T6076] ? __pfx___gup_longterm_locked+0x10/0x10 [ 115.759202][ T6076] ? find_held_lock+0x2b/0x80 [ 115.759257][ T6076] gup_fast_fallback+0x183d/0x2650 [ 115.759328][ T6076] ? __pfx_gup_fast_fallback+0x10/0x10 [ 115.759369][ T6076] ? do_syscall_64+0xcd/0x260 [ 115.759413][ T6076] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.759468][ T6076] get_user_pages_fast+0xa7/0xf0 [ 115.759512][ T6076] ? __pfx_get_user_pages_fast+0x10/0x10 [ 115.759569][ T6076] get_futex_key+0x1f4/0x1000 [ 115.759621][ T6076] ? __pfx_get_futex_key+0x10/0x10 [ 115.759674][ T6076] ? kasan_save_track+0x14/0x30 [ 115.759722][ T6076] ? __kasan_kmalloc+0xaa/0xb0 [ 115.759775][ T6076] futex_lock_pi+0x27c/0x7b0 [ 115.759814][ T6076] ? __pfx_futex_lock_pi+0x10/0x10 [ 115.759845][ T6076] ? __pfx___futex_wait+0x10/0x10 [ 115.759912][ T6076] ? futex_wait+0x120/0x380 [ 115.759949][ T6076] ? __pfx_futex_wake_mark+0x10/0x10 [ 115.760002][ T6076] do_futex+0x33e/0x350 [ 115.760051][ T6076] ? __pfx_do_futex+0x10/0x10 [ 115.760103][ T6076] ? __pfx___might_resched+0x10/0x10 [ 115.760156][ T6076] __x64_sys_futex+0x1e0/0x4c0 [ 115.760210][ T6076] ? __pfx___x64_sys_futex+0x10/0x10 [ 115.760263][ T6076] ? rcu_is_watching+0x12/0xc0 [ 115.760317][ T6076] do_syscall_64+0xcd/0x260 [ 115.760359][ T6076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.760401][ T6076] RIP: 0033:0x7fe75ff8d169 [ 115.760428][ T6076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.760460][ T6076] RSP: 002b:00007fe760d93038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 115.760491][ T6076] RAX: ffffffffffffffda RBX: 00007fe7601a6160 RCX: 00007fe75ff8d169 [ 115.760513][ T6076] RDX: 000000000000000a RSI: 0000000000000008 RDI: 0000000000000000 [ 115.760532][ T6076] RBP: 00007fe76000e2a0 R08: 0000000000000000 R09: 0000000080800001 [ 115.760553][ T6076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.760573][ T6076] R13: 0000000000000000 R14: 00007fe7601a6160 R15: 00007ffe433a44f8 [ 115.760616][ T6076] [ 116.049799][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 116.560071][ T5150] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 116.696562][ T30] audit: type=1800 audit(6038525720.526:3): pid=6098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.37" name="dbroot" dev="configfs" ino=7512 res=0 errno=0 [ 116.817458][ T6087] random: crng reseeded on system resumption [ 117.159185][ T6101] Invalid ELF header magic: != ELF [ 117.681432][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 117.766539][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 117.772705][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 118.049477][ T6100] Zero length message leads to an empty skb [ 118.317480][ T5150] Bluetooth: hci1: unexpected event 0x1d length: 6 > 5 [ 118.853195][ T6118] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 119.562100][ T6130] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 119.663614][ T6124] netlink: 'syz.3.41': attribute type 33 has an invalid length. [ 119.710381][ T6124] netlink: 322 bytes leftover after parsing attributes in process `syz.3.41'. [ 119.800610][ T6124] team0: entered promiscuous mode [ 119.811035][ T6124] team_slave_0: entered promiscuous mode [ 119.830642][ T6124] team_slave_1: entered promiscuous mode [ 119.848611][ T6124] team0: entered allmulticast mode [ 119.854003][ T6124] team_slave_0: entered allmulticast mode [ 119.866467][ T6124] team_slave_1: entered allmulticast mode [ 120.958630][ T6144] netlink: 28 bytes leftover after parsing attributes in process `syz.2.45'. [ 121.297638][ T6144] team0: Port device team_slave_0 removed [ 121.793043][ T6130] kexec: Could not allocate control_code_buffer [ 122.773943][ T6167] netlink: 544 bytes leftover after parsing attributes in process `syz.3.50'. [ 123.062643][ T6175] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 123.991036][ T5150] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 124.146388][ T30] audit: type=1800 audit(6038525735.955:4): pid=6185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.53" name="dbroot" dev="configfs" ino=8849 res=0 errno=0 [ 124.861595][ T6189] Invalid ELF header magic: != ELF [ 126.535288][ T6185] kexec: Could not allocate control_code_buffer [ 128.210619][ T6214] Invalid ELF header magic: != ELF [ 130.359218][ T6243] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 131.459643][ T6261] kAFS: Invalid Command on /proc/fs/afs/cells file [ 132.648636][ T6275] netlink: 544 bytes leftover after parsing attributes in process `syz.0.68'. [ 136.323972][ T6308] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 136.343150][ T6308] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 136.363445][ T6308] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 136.376748][ T6308] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 137.192349][ T6331] netlink: 544 bytes leftover after parsing attributes in process `syz.2.77'. [ 137.746530][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 138.097244][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.103863][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.398422][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 138.398434][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 138.416534][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 139.950354][ T6364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.86'. [ 142.912236][ T6406] netlink: 334 bytes leftover after parsing attributes in process `syz.3.92'. [ 143.618702][ T30] audit: type=1806 audit(6038525757.467:5): xattr=05 res=-22 [ 143.732738][ T6421] netlink: 28 bytes leftover after parsing attributes in process `syz.0.95'. [ 144.247620][ T5150] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 145.361642][ T6442] netlink: 28 bytes leftover after parsing attributes in process `syz.3.102'. [ 145.409034][ T6447] syz.2.103: vmalloc error: size 1794048, failed to allocate pages, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 145.431897][ T6442] veth0_macvtap: left promiscuous mode [ 145.451524][ T6442] macvtap0: entered promiscuous mode [ 145.458322][ T6447] CPU: 0 UID: 0 PID: 6447 Comm: syz.2.103 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 145.458363][ T6447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 145.458381][ T6447] Call Trace: [ 145.458391][ T6447] [ 145.458402][ T6447] dump_stack_lvl+0x16c/0x1f0 [ 145.458442][ T6447] warn_alloc+0x248/0x3a0 [ 145.458493][ T6447] ? __pfx_warn_alloc+0x10/0x10 [ 145.458543][ T6447] ? alloc_pages_mpol+0x25a/0x550 [ 145.458576][ T6447] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 145.458609][ T6447] ? trace_kmalloc+0x2b/0xd0 [ 145.458653][ T6447] __vmalloc_node_range_noprof+0x12d2/0x1540 [ 145.458710][ T6447] ? __snd_dma_alloc_pages+0x50/0x90 [ 145.458745][ T6447] ? do_alloc_pages+0xd7/0x280 [ 145.458794][ T6447] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 145.458839][ T6447] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 145.458883][ T6447] ? __snd_dma_alloc_pages+0x50/0x90 [ 145.458913][ T6447] vmalloc_noprof+0x6b/0x90 [ 145.458954][ T6447] ? __snd_dma_alloc_pages+0x50/0x90 [ 145.458981][ T6447] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 145.459021][ T6447] __snd_dma_alloc_pages+0x50/0x90 [ 145.459053][ T6447] snd_dma_alloc_dir_pages+0x151/0x240 [ 145.459087][ T6447] do_alloc_pages+0x115/0x280 [ 145.459138][ T6447] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 145.459196][ T6447] snd_pcm_hw_params+0x15e1/0x1b40 [ 145.459232][ T6447] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 145.459261][ T6447] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 145.459314][ T6447] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 145.459366][ T6447] ? __asan_memset+0x23/0x50                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       syzkaller syzkaller login: [ 171.485644][ T6794] syz.1.169 uses obsolete (PF_INET,SOCK_PACKET) [ 176.429343][ T6852] netlink: 28 bytes leftover after parsing attributes in process `syz.1.179'. [ 176.462795][ T6852] bridge_slave_1: left allmulticast mode [ 176.476348][ T6852] bridge_slave_1: left promiscuous mode [ 176.483160][ T6852] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.631863][ T6852] bridge_slave_0: left allmulticast mode [ 176.686533][ T6852] bridge_slave_0: left promiscuous mode [ 176.693238][ T6852] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.448621][ T5150] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 180.364127][ T5150] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 180.503054][ T30] audit: type=1800 audit(6038525826.329:7): pid=6898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.188" name="dbroot" dev="configfs" ino=11271 res=0 errno=0 syzkaller syzkaller login: [ 181.914365][ T6905] tipc: Started in network mode [ 181.949845][ T6905] tipc: Node identity ee00, cluster identity 4711 [ 181.976489][ T6905] tipc: Node number set to 60928 [ 189.858542][ T5150] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 192.323919][ T7032] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 192.338799][ T7032] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 192.359610][ T7032] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 192.375931][ T7032] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 193.266484][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 193.628594][ T7052] netlink: 334 bytes leftover after parsing attributes in process `syz.1.218'. [ 194.386671][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 194.386701][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 194.392905][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 195.405696][ T7087] netlink: 342 bytes leftover after parsing attributes in process `syz.3.225'. [ 196.835090][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 196.835191][ T5847] Bluetooth: hci0: connection err: -111 [ 199.265127][ T7157] Invalid ELF header magic: != ELF [ 199.514424][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.522804][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.816974][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 200.817058][ T5847] Bluetooth: hci1: connection err: -111 [ 202.934511][ T5847] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 204.534353][ T5847] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 208.000060][ T7256] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 208.016180][ T7256] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 208.025458][ T7256] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 208.032630][ T7256] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 208.086082][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 208.086138][ T5847] Bluetooth: hci3: connection err: -111 [ 209.186540][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 209.298414][ T7297] netlink: 146 bytes leftover after parsing attributes in process `syz.3.268'. [ 209.799741][ T7301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.266'. [ 210.066591][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 210.072690][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 210.079227][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 215.625548][ T7360] netlink: zone id is out of range [ 215.636444][ T7360] netlink: zone id is out of range [ 215.652764][ T7360] netlink: zone id is out of range [ 215.683327][ T7343] netlink: 334 bytes leftover after parsing attributes in process `syz.2.272'. [ 215.763113][ T7360] netlink: zone id is out of range [ 215.828824][ T7360] netlink: zone id is out of range [ 215.834022][ T7360] netlink: zone id is out of range [ 215.888641][ T7360] netlink: zone id is out of range [ 215.943290][ T7360] netlink: zone id is out of range [ 215.976409][ T7360] netlink: zone id is out of range [ 215.998924][ T7360] netlink: zone id is out of range [ 216.586447][ T5847] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 219.069199][ T7410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.288'. [ 219.788211][ T7420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.292'. [ 222.445611][ T7419] netlink: 334 bytes leftover after parsing attributes in process `syz.0.290'. [ 224.095191][ T5847] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 230.125282][ T7550] netlink: 8 bytes leftover after parsing attributes in process `syz.2.310'. [ 231.541123][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 231.541177][ T5847] Bluetooth: hci2: connection err: -111 [ 236.661499][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 236.661624][ T5847] Bluetooth: hci0: connection err: -111 [ 239.300349][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 239.300388][ T5847] Bluetooth: hci3: connection err: -111 [ 240.829414][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 240.829474][ T5847] Bluetooth: hci3: connection err: -111 [ 242.761242][ T5847] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 242.936358][ T30] audit: type=1800 audit(6038525920.755:8): pid=7744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.342" name="dbroot" dev="configfs" ino=14304 res=0 errno=0 [ 248.106726][ T7818] bridge0: port 3(syz_tun) entered blocking state [ 248.128654][ T7818] bridge0: port 3(syz_tun) entered disabled state [ 248.137457][ T7818] syz_tun: entered allmulticast mode [ 248.148338][ T7818] syz_tun: entered promiscuous mode [ 248.155619][ T7818] bridge0: port 3(syz_tun) entered blocking state [ 248.162268][ T7818] bridge0: port 3(syz_tun) entered forwarding state [ 248.692475][ T7805] ima: policy update failed [ 248.698972][ T30] audit: type=1802 audit(6038525926.545:9): pid=7805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.354" res=0 errno=0 [ 250.479404][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 250.479460][ T5847] Bluetooth: hci1: connection err: -111 [ 254.208049][ T7886] netlink: 28 bytes leftover after parsing attributes in process `syz.3.367'. [ 257.421275][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 257.421316][ T5847] Bluetooth: hci3: connection err: -111 [ 260.953737][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.960746][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.456905][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 261.456960][ T5847] Bluetooth: hci1: connection err: -111 [ 266.210456][ T8029] random: crng reseeded on system resumption [ 270.294065][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 270.294119][ T5847] Bluetooth: hci1: connection err: -111 [ 271.149537][ T8105] FAULT_INJECTION: forcing a failure. [ 271.149537][ T8105] name failslab, interval 1, probability 0, space 0, times 0 [ 271.226601][ T8105] CPU: 1 UID: 0 PID: 8105 Comm: syz.0.404 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 271.226644][ T8105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 271.226662][ T8105] Call Trace: [ 271.226672][ T8105] [ 271.226688][ T8105] dump_stack_lvl+0x16c/0x1f0 [ 271.226730][ T8105] should_fail_ex+0x512/0x640 [ 271.226767][ T8105] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 271.226816][ T8105] should_failslab+0xc2/0x120 [ 271.226846][ T8105] __kmalloc_cache_noprof+0x6a/0x3e0 [ 271.226886][ T8105] ? do_raw_spin_lock+0x12c/0x2b0 [ 271.226921][ T8105] ? single_open+0x4d/0x1f0 [ 271.226961][ T8105] ? __pfx_tracing_clock_show+0x10/0x10 [ 271.226999][ T8105] single_open+0x4d/0x1f0 [ 271.227044][ T8105] tracing_clock_open+0xa7/0x100 [ 271.227077][ T8105] do_dentry_open+0x741/0x1c10 [ 271.227120][ T8105] ? __pfx_tracing_clock_open+0x10/0x10 [ 271.227159][ T8105] vfs_open+0x82/0x3f0 [ 271.227195][ T8105] path_openat+0x1e5e/0x2d40 [ 271.227258][ T8105] ? __pfx_path_openat+0x10/0x10 [ 271.227316][ T8105] do_filp_open+0x20b/0x470 [ 271.227362][ T8105] ? __pfx_do_filp_open+0x10/0x10 [ 271.227438][ T8105] ? alloc_fd+0x471/0x7d0 [ 271.227495][ T8105] do_sys_openat2+0x11b/0x1d0 [ 271.227527][ T8105] ? __pfx_do_sys_openat2+0x10/0x10 [ 271.227577][ T8105] __x64_sys_openat+0x174/0x210 [ 271.227612][ T8105] ? __pfx___x64_sys_openat+0x10/0x10 [ 271.227650][ T8105] ? rcu_is_watching+0x12/0xc0 [ 271.227700][ T8105] do_syscall_64+0xcd/0x260 [ 271.227741][ T8105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.227773][ T8105] RIP: 0033:0x7fe75ff8d169 [ 271.227798][ T8105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.227828][ T8105] RSP: 002b:00007fe760dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 271.227857][ T8105] RAX: ffffffffffffffda RBX: 00007fe7601a5fa0 RCX: 00007fe75ff8d169 [ 271.227878][ T8105] RDX: 0000000000022500 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 271.227897][ T8105] RBP: 00007fe76000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 271.227915][ T8105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 271.227933][ T8105] R13: 0000000000000000 R14: 00007fe7601a5fa0 R15: 00007ffe433a44f8 [ 271.227970][ T8105] [ 271.730764][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 271.730815][ T5847] Bluetooth: hci1: connection err: -111 [ 276.618684][ T8163] ======================================================= [ 276.618684][ T8163] WARNING: The mand mount option has been deprecated and [ 276.618684][ T8163] and is ignored by this kernel. Remove the mand [ 276.618684][ T8163] option from the mount to silence this warning. [ 276.618684][ T8163] ======================================================= [ 277.875531][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 277.875571][ T5847] Bluetooth: hci1: connection err: -111 [ 283.920273][ T8232] netlink: 28 bytes leftover after parsing attributes in process `syz.2.427'. [ 284.054250][ T8232] bridge0: port 3(syz_tun) entered disabled state [ 284.068550][ T8234] netlink: 326 bytes leftover after parsing attributes in process `syz.1.428'. [ 284.370044][ T8232] syz_tun (unregistering): left allmulticast mode [ 284.408846][ T8232] syz_tun (unregistering): left promiscuous mode [ 284.436630][ T8232] bridge0: port 3(syz_tun) entered disabled state [ 284.687651][ T8234] syz.1.428 (8234) used greatest stack depth: 21384 bytes left [ 289.235164][ T8249] netlink: 28 bytes leftover after parsing attributes in process `syz.2.432'. [ 290.691593][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 290.691650][ T5847] Bluetooth: hci0: connection err: -111 [ 297.442715][ T7966] syz.2.379 (7966) used greatest stack depth: 17512 bytes left [ 297.490337][ T8365] FAULT_INJECTION: forcing a failure. [ 297.490337][ T8365] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 297.512684][ T8365] CPU: 0 UID: 0 PID: 8365 Comm: syz.0.455 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 297.512739][ T8365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 297.512758][ T8365] Call Trace: [ 297.512769][ T8365] [ 297.512781][ T8365] dump_stack_lvl+0x16c/0x1f0 [ 297.512824][ T8365] should_fail_ex+0x512/0x640 [ 297.512864][ T8365] should_fail_alloc_page+0xe7/0x130 [ 297.512913][ T8365] prepare_alloc_pages+0x3c2/0x610 [ 297.512953][ T8365] ? rcu_is_watching+0x12/0xc0 [ 297.512998][ T8365] __alloc_frozen_pages_noprof+0x18d/0x2370 [ 297.513051][ T8365] ? arch_stack_walk+0xa6/0x100 [ 297.513113][ T8365] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 297.513162][ T8365] ? __pfx_stack_trace_save+0x10/0x10 [ 297.513211][ T8365] ? check_path.constprop.0+0x24/0x50 [ 297.513265][ T8365] ? add_lock_to_list+0x9d/0x130 [ 297.513313][ T8365] ? __lock_acquire+0xaa4/0x1ba0 [ 297.513339][ T8365] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 297.513387][ T8365] ? policy_nodemask+0xea/0x4e0 [ 297.513437][ T8365] alloc_pages_mpol+0x1fb/0x550 [ 297.513469][ T8365] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 297.513497][ T8365] ? __page_table_check_ptes_set+0x1ae/0x420 [ 297.513558][ T8365] ? find_held_lock+0x2b/0x80 [ 297.513612][ T8365] alloc_pages_noprof+0x131/0x390 [ 297.513643][ T8365] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 297.513687][ T8365] get_free_pages_noprof+0xc/0x40 [ 297.513719][ T8365] kasan_populate_vmalloc_pte+0x2d/0x160 [ 297.513770][ T8365] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 297.513816][ T8365] __apply_to_page_range+0x5f9/0xd30 [ 297.513859][ T8365] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 297.513913][ T8365] ? __pfx___apply_to_page_range+0x10/0x10 [ 297.513954][ T8365] ? alloc_vmap_area+0x872/0x2970 [ 297.513997][ T8365] alloc_vmap_area+0x919/0x2970 [ 297.514048][ T8365] ? __pfx_alloc_vmap_area+0x10/0x10 [ 297.514094][ T8365] __get_vm_area_node+0x1a7/0x300 [ 297.514139][ T8365] vmap+0x159/0x350 [ 297.514174][ T8365] ? relay_open_buf.part.0+0x445/0xb90 [ 297.514226][ T8365] ? __pfx_vmap+0x10/0x10 [ 297.514262][ T8365] ? trace_kmalloc+0x2b/0xd0 [ 297.514295][ T8365] ? relay_open_buf.part.0+0x194/0xb90 [ 297.514355][ T8365] relay_open_buf.part.0+0x445/0xb90 [ 297.514421][ T8365] relay_open+0x653/0xad0 [ 297.514472][ T8365] ? debugfs_create_file_full+0x41/0x60 [ 297.514522][ T8365] do_blk_trace_setup+0x503/0xb50 [ 297.514571][ T8365] blk_trace_setup+0xed/0x1b0 [ 297.514614][ T8365] ? __pfx_blk_trace_setup+0x10/0x10 [ 297.514655][ T8365] ? __pfx_snprintf+0x10/0x10 [ 297.514709][ T8365] blk_trace_ioctl+0x146/0x280 [ 297.514759][ T8365] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 297.514811][ T8365] ? find_held_lock+0x2b/0x80 [ 297.514852][ T8365] ? hook_file_ioctl_common+0x145/0x410 [ 297.514890][ T8365] blkdev_ioctl+0x108/0x6d0 [ 297.514940][ T8365] ? __pfx_blkdev_ioctl+0x10/0x10 [ 297.514996][ T8365] ? __pfx_blkdev_ioctl+0x10/0x10 [ 297.515047][ T8365] __x64_sys_ioctl+0x190/0x200 [ 297.515091][ T8365] do_syscall_64+0xcd/0x260 [ 297.515133][ T8365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.515165][ T8365] RIP: 0033:0x7fe75ff8d169 [ 297.515192][ T8365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.515223][ T8365] RSP: 002b:00007fe760dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 297.515252][ T8365] RAX: ffffffffffffffda RBX: 00007fe7601a5fa0 RCX: 00007fe75ff8d169 [ 297.515273][ T8365] RDX: 0000200000000180 RSI: 00000000c0481273 RDI: 0000000000000006 [ 297.515293][ T8365] RBP: 00007fe76000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 297.515312][ T8365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.515331][ T8365] R13: 0000000000000000 R14: 00007fe7601a5fa0 R15: 00007ffe433a44f8 [ 297.515374][ T8365] [ 298.300043][ T8365] netlink: 28 bytes leftover after parsing attributes in process `syz.0.455'. [ 298.348590][ T8365] ipvlan1: entered promiscuous mode [ 298.358759][ T8369] Invalid ELF header magic: != ELF [ 298.812345][ T8375] FAULT_INJECTION: forcing a failure. [ 298.812345][ T8375] name failslab, interval 1, probability 0, space 0, times 0 [ 298.857891][ T8375] CPU: 0 UID: 0 PID: 8375 Comm: syz.0.458 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 298.857939][ T8375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 298.857958][ T8375] Call Trace: [ 298.857968][ T8375] [ 298.857980][ T8375] dump_stack_lvl+0x16c/0x1f0 [ 298.858022][ T8375] should_fail_ex+0x512/0x640 [ 298.858057][ T8375] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 298.858115][ T8375] should_failslab+0xc2/0x120 [ 298.858147][ T8375] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 298.858198][ T8375] ? __alloc_skb+0x2b2/0x380 [ 298.858236][ T8375] __alloc_skb+0x2b2/0x380 [ 298.858268][ T8375] ? __pfx___alloc_skb+0x10/0x10 [ 298.858306][ T8375] ? __pfx___register_sysctl_table+0x10/0x10 [ 298.858343][ T8375] ? is_module_address+0x69/0xf0 [ 298.858395][ T8375] inet6_netconf_notify_devconf+0x87/0x180 [ 298.858432][ T8375] __addrconf_sysctl_register+0x22b/0x360 [ 298.858462][ T8375] ? __pfx___addrconf_sysctl_register+0x10/0x10 [ 298.858493][ T8375] ? addrconf_init_net+0x1e9/0x8f0 [ 298.858519][ T8375] ? __asan_memcpy+0x3c/0x60 [ 298.858557][ T8375] addrconf_init_net+0x513/0x8f0 [ 298.858586][ T8375] ? __pfx_addrconf_init_net+0x10/0x10 [ 298.858613][ T8375] ops_init+0x1df/0x5f0 [ 298.858647][ T8375] setup_net+0x21e/0x850 [ 298.858682][ T8375] ? __pfx_setup_net+0x10/0x10 [ 298.858711][ T8375] ? lockdep_init_map_type+0x5c/0x280 [ 298.858737][ T8375] ? __pfx_down_read_killable+0x10/0x10 [ 298.858776][ T8375] ? debug_mutex_init+0x37/0x70 [ 298.858816][ T8375] copy_net_ns+0x2a6/0x5f0 [ 298.858856][ T8375] create_new_namespaces+0x3ea/0xad0 [ 298.858902][ T8375] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 298.858944][ T8375] ksys_unshare+0x45b/0xa40 [ 298.858987][ T8375] ? __pfx_ksys_unshare+0x10/0x10 [ 298.859026][ T8375] ? xfd_validate_state+0x5d/0x180 [ 298.859057][ T8375] ? rcu_is_watching+0x12/0xc0 [ 298.859097][ T8375] __x64_sys_unshare+0x31/0x40 [ 298.859138][ T8375] do_syscall_64+0xcd/0x260 [ 298.859171][ T8375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.859197][ T8375] RIP: 0033:0x7fe75ff8d169 [ 298.859218][ T8375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.859243][ T8375] RSP: 002b:00007fe760dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 298.859268][ T8375] RAX: ffffffffffffffda RBX: 00007fe7601a5fa0 RCX: 00007fe75ff8d169 [ 298.859285][ T8375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 298.859300][ T8375] RBP: 00007fe76000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 298.859316][ T8375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 298.859330][ T8375] R13: 0000000000000000 R14: 00007fe7601a5fa0 R15: 00007ffe433a44f8 [ 298.859369][ T8375] [ 299.094420][ T8370] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 299.094420][ T8370] The task syz.3.456 (8370) triggered the difference, watch for misbehavior. [ 303.183535][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 303.183586][ T5847] Bluetooth: hci1: connection err: -111 [ 304.322013][ T8452] netlink: 28 bytes leftover after parsing attributes in process `syz.0.471'. [ 307.859927][ T8498] random: crng reseeded on system resumption [ 308.669696][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 308.669746][ T5847] Bluetooth: hci0: connection err: -111 [ 309.484969][ T8498] Unrecognized hibernate image header format! [ 309.540303][ T8498] PM: hibernation: Image mismatch: architecture specific data [ 310.674474][ T8534] Invalid ELF header magic: != ELF [ 313.793338][ T30] audit: type=1800 audit(6038525991.635:10): pid=8595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.495" name="file0" dev="tmpfs" ino=648 res=0 errno=0 [ 314.106179][ T8607] [U]  [ 314.109249][ T8607] [U] [ 314.112014][ T8607] [U] [ 314.114769][ T8607] [U] [ 314.144409][ T8607] [U] [ 314.147210][ T8607] [U] [ 314.149967][ T8607] [U] [ 314.152725][ T8607] [U] [ 314.181879][ T8608] [U] [ 314.206482][ T8601] netlink: 346 bytes leftover after parsing attributes in process `syz.2.498'. [ 314.293367][ T8607] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE r҄y*"l-y– [ 315.871582][ T5847] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 315.939165][ T8628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.504'. [ 317.198005][ T8655] netlink: 100 bytes leftover after parsing attributes in process `syz.0.509'. [ 317.933489][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 317.933534][ T5847] Bluetooth: hci3: connection err: -111 [ 319.263677][ T8682] net_ratelimit: 21 callbacks suppressed [ 319.263702][ T8682] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 320.077590][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 320.077645][ T5847] Bluetooth: hci3: connection err: -111 [ 322.195069][ T5847] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 322.316430][ T30] audit: type=1800 audit(6038526016.121:11): pid=8724 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.522" name="dbroot" dev="configfs" ino=19473 res=0 errno=0 [ 322.391850][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.403803][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 325.972539][ T8746] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 326.009427][ T8746] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 326.036887][ T8746] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 326.056746][ T8746] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 327.085776][ T5847] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 327.116310][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 327.722339][ T8776] debugfs: Directory '!PjE r҄y*"l-y–L̓]' with parent 'ieee80211' already present! [ 327.994799][ T8781] netlink: 4 bytes leftover after parsing attributes in process `syz.1.533'. [ 328.025244][ T8781] netlink: 4 bytes leftover after parsing attributes in process `syz.1.533'. [ 328.066386][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 328.072514][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout [ 328.078211][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 330.666596][ T8817] tipc: Started in network mode [ 330.671507][ T8817] tipc: Node identity ee00, cluster identity 4711 [ 330.742277][ T8817] tipc: Node number set to 60928 [ 332.914768][ T8844] random: crng reseeded on system resumption [ 334.713572][ T8880] netlink: 346 bytes leftover after parsing attributes in process `syz.1.552'. [ 335.691404][ T5150] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 335.761192][ T30] audit: type=1800 audit(6038526045.592:12): pid=8905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.557" name="dbroot" dev="configfs" ino=20949 res=0 errno=0 [ 340.585694][ T5150] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 340.585754][ T5150] Bluetooth: hci2: connection err: -111 [ 340.881907][ T5150] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 340.881963][ T5150] Bluetooth: hci3: connection err: -111 [ 343.161026][ T8979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.568'. [ 343.531426][ T5150] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 343.531482][ T5150] Bluetooth: hci3: connection err: -111 [ 347.169074][ T9033] Invalid ELF header magic: != ELF [ 347.333479][ T5150] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 347.333533][ T5150] Bluetooth: hci3: connection err: -111 [ 348.828660][ T5150] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 349.985745][ T9075] netlink: 28 bytes leftover after parsing attributes in process `syz.3.585'. [ 351.293154][ T30] audit: type=1800 audit(6038526069.129:13): pid=9089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.588" name="lu_gp_id" dev="configfs" ino=20343 res=0 errno=0 [ 351.822511][ T5150] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 351.822561][ T5150] Bluetooth: hci2: connection err: -111 [ 352.017328][ T5150] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 352.017374][ T5150] Bluetooth: hci0: connection err: -111 [ 354.004937][ T5150] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 354.004988][ T5150] Bluetooth: hci0: connection err: -111 [ 355.375107][ T9150] ubi0: attaching mtd0 [ 355.403736][ T9150] ubi0: scanning is finished [ 355.486371][ T9150] ubi0: empty MTD device detected [ 355.502809][ T9150] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 356.685360][ T9150] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 356.893901][ T9166] netlink: 146 bytes leftover after parsing attributes in process `syz.1.601'. [ 359.063723][ T5150] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 359.063775][ T5150] Bluetooth: hci3: connection err: -111 [ 361.356010][ T5150] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 361.356068][ T5150] Bluetooth: hci2: connection err: -111 [ 366.638727][ T5150] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 366.638778][ T5150] Bluetooth: hci1: connection err: -111 [ 367.819492][ T5150] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 367.819531][ T5150] Bluetooth: hci1: connection err: -111 [ 370.290723][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 370.290777][ T5847] Bluetooth: hci2: connection err: -111 [ 371.778632][ T9363] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 371.917146][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 371.917193][ T5847] Bluetooth: hci2: connection err: -111 [ 377.389084][ T9419] netlink: 206 bytes leftover after parsing attributes in process `syz.3.648'. [ 378.387429][ T9428] netlink: 8 bytes leftover after parsing attributes in process `syz.3.650'. [ 378.747922][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 378.747972][ T5847] Bluetooth: hci0: connection err: -111 [ 380.969080][ T9456] netlink: 36 bytes leftover after parsing attributes in process `syz.3.655'. [ 382.186997][ T9474] Invalid ELF header magic: != ELF [ 382.253829][ T9475] random: crng reseeded on system resumption [ 383.227660][ T9486] netlink: 28 bytes leftover after parsing attributes in process `syz.1.661'. [ 383.614869][ C0] vcan0: j1939_session_tx_dat: 0xffff88807e22dc00: queue data error: -100 [ 383.623653][ C0] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found [ 383.631498][ C0] vcan0 (unregistering): j1939_xtp_rx_dpo: no connection found [ 383.639276][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.647222][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.655200][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.663140][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.671161][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.679091][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.687130][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.695002][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.703051][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.710983][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.719056][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.726982][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.735098][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.743031][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.751030][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.758966][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.766986][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.774858][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.782898][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.790809][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.798850][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.806763][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.814721][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.822633][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.830648][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.838573][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.846577][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.854439][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.862487][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.870413][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.878444][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.886330][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.894297][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.902233][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.910241][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.918250][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.926311][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 383.934614][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 383.947135][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.954305][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 387.729909][ T9523] Invalid ELF header magic: != ELF [ 389.748098][ T9544] netlink: 28 bytes leftover after parsing attributes in process `syz.2.672'. [ 393.699559][ T9578] Invalid ELF header magic: != ELF [ 403.235974][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 403.236031][ T5847] Bluetooth: hci2: connection err: -111 [ 405.432972][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 405.433038][ T5847] Bluetooth: hci1: connection err: -111 [ 409.204628][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 409.204679][ T5847] Bluetooth: hci3: connection err: -111 [ 413.243269][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 413.243331][ T5847] Bluetooth: hci0: connection err: -111 [ 413.369471][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 413.369509][ T5847] Bluetooth: hci2: connection err: -111 [ 414.130507][ T9773] netlink: 8 bytes leftover after parsing attributes in process `syz.0.711'. [ 418.050052][ T9818] ubi0: attaching mtd0 [ 418.062960][ T9818] ubi0: scanning is finished [ 418.126841][ T9818] ubi0: empty MTD device detected [ 418.166642][ T9818] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 419.068016][ T9818] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 424.193542][ T9880] FAULT_INJECTION: forcing a failure. [ 424.193542][ T9880] name failslab, interval 1, probability 0, space 0, times 0 [ 424.206839][ T9880] CPU: 0 UID: 0 PID: 9880 Comm: syz.0.730 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 424.206882][ T9880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 424.206902][ T9880] Call Trace: [ 424.206912][ T9880] [ 424.206925][ T9880] dump_stack_lvl+0x16c/0x1f0 [ 424.206967][ T9880] should_fail_ex+0x512/0x640 [ 424.207000][ T9880] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 424.207051][ T9880] should_failslab+0xc2/0x120 [ 424.207082][ T9880] __kmalloc_cache_noprof+0x6a/0x3e0 [ 424.207128][ T9880] ? percpu_ref_init+0xec/0x410 [ 424.207180][ T9880] ? __pfx_css_release+0x10/0x10 [ 424.207229][ T9880] percpu_ref_init+0xec/0x410 [ 424.207282][ T9880] cgroup_mkdir+0x2d2/0x1160 [ 424.207321][ T9880] ? __pfx_cgroup_mkdir+0x10/0x10 [ 424.207358][ T9880] kernfs_iop_mkdir+0x108/0x190 [ 424.207390][ T9880] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 424.207429][ T9880] vfs_mkdir+0x590/0x8c0 [ 424.207473][ T9880] do_mkdirat+0x304/0x3e0 [ 424.207524][ T9880] ? __pfx_do_mkdirat+0x10/0x10 [ 424.207588][ T9880] __x64_sys_mkdir+0xef/0x140 [ 424.207646][ T9880] do_syscall_64+0xcd/0x260 [ 424.207688][ T9880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.207720][ T9880] RIP: 0033:0x7fe75ff8d169 [ 424.207745][ T9880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.207775][ T9880] RSP: 002b:00007fe760db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 424.207802][ T9880] RAX: ffffffffffffffda RBX: 00007fe7601a6080 RCX: 00007fe75ff8d169 [ 424.207820][ T9880] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00002000000002c0 [ 424.207836][ T9880] RBP: 00007fe76000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 424.207856][ T9880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.207873][ T9880] R13: 0000000000000000 R14: 00007fe7601a6080 R15: 00007ffe433a44f8 [ 424.207918][ T9880] [ 425.454378][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 425.454432][ T5847] Bluetooth: hci3: connection err: -111 [ 426.966159][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 426.966350][ T5847] Bluetooth: hci2: connection err: -111 [ 432.690102][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 432.690151][ T5847] Bluetooth: hci2: connection err: -111 [ 435.108010][T10044] Invalid ELF header magic: != ELF [ 436.811528][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 436.811583][ T5847] Bluetooth: hci3: connection err: -111 [ 437.280433][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 437.280471][ T5847] Bluetooth: hci0: connection err: -111 [ 437.363457][T10066] netlink: 100 bytes leftover after parsing attributes in process `syz.3.763'. [ 437.856702][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 437.856757][ T5847] Bluetooth: hci1: connection err: -111 [ 438.785302][T10095] netlink: 342 bytes leftover after parsing attributes in process `syz.2.766'. [ 443.105640][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 443.105692][ T5847] Bluetooth: hci0: connection err: -111 [ 443.129157][T10169] netlink: 342 bytes leftover after parsing attributes in process `syz.1.779'. [ 444.276913][ T30] audit: type=1800 audit(6038526170.105:14): pid=10204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.786" name="lu_gp_id" dev="configfs" ino=26062 res=0 errno=0 [ 445.271919][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.278411][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.397638][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 446.397697][ T5847] Bluetooth: hci1: connection err: -111 [ 454.103895][T10340] netlink: 342 bytes leftover after parsing attributes in process `syz.0.808'. [ 455.296519][T10374] tipc: Started in network mode [ 455.345534][T10374] tipc: Node identity 8e4e6f15, cluster identity 4711 [ 455.379793][T10374] tipc: Node number set to 2387504917 [ 456.232913][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 456.232970][ T5847] Bluetooth: hci2: connection err: -111 [ 456.908064][T10369] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 456.937571][T10369] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 456.943668][T10369] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 456.967583][T10369] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 457.436393][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 458.587168][T10441] nbd: must specify an index to disconnect [ 459.027556][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 459.027575][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 459.027625][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 459.062810][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 459.062865][T10454] Bluetooth: hci0: connection err: -111 [ 469.024978][T10454] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 469.025032][T10454] Bluetooth: hci3: connection err: -111 [ 470.631824][T10656] netlink: 12 bytes leftover after parsing attributes in process `syz.0.866'. [ 471.864346][T10674] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 471.974933][T10674] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 472.076122][T10674] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 472.086543][T10674] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 472.674762][T10454] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 472.674812][T10454] Bluetooth: hci3: connection err: -111 [ 473.350062][T10454] Bluetooth: hci0: command 0x0c1a tx timeout [ 473.986475][T10454] Bluetooth: hci1: command 0x0c1a tx timeout [ 474.146750][T10454] Bluetooth: hci3: command 0x0c1a tx timeout [ 474.152857][T10454] Bluetooth: hci2: command 0x0c1a tx timeout [ 475.732692][T10752] netlink: 28 bytes leftover after parsing attributes in process `syz.3.883'. [ 476.785816][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 476.785870][T10454] Bluetooth: hci0: connection err: -111 [ 477.619959][T10772] __vm_enough_memory: pid: 10772, comm: syz.2.888, bytes: 4503599627366400 not enough memory for the allocation [ 479.639486][T10812] netlink: 4 bytes leftover after parsing attributes in process `syz.3.894'. [ 479.803987][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 479.804040][T10454] Bluetooth: hci0: connection err: -111 [ 482.597150][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 482.597200][T10454] Bluetooth: hci0: connection err: -111 [ 485.293894][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 485.293948][T10454] Bluetooth: hci0: connection err: -111 [ 486.825970][T10919] Invalid ELF header magic: != ELF [ 487.732898][T10923] netlink: 28 bytes leftover after parsing attributes in process `syz.2.912'. [ 487.952872][T10923] geneve1: entered allmulticast mode [ 488.314914][T10947] netlink: 28 bytes leftover after parsing attributes in process `syz.1.915'. [ 488.355807][T10947] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 489.872364][T10981] netlink: 28 bytes leftover after parsing attributes in process `syz.1.923'. [ 489.902106][T10981] veth1_macvtap: left promiscuous mode [ 491.343118][T11007] Invalid ELF header magic: != ELF [ 493.364886][T11021] FAULT_INJECTION: forcing a failure. [ 493.364886][T11021] name failslab, interval 1, probability 0, space 0, times 0 [ 493.384092][T11021] CPU: 1 UID: 0 PID: 11021 Comm: syz.2.929 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 493.384139][T11021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 493.384158][T11021] Call Trace: [ 493.384168][T11021] [ 493.384181][T11021] dump_stack_lvl+0x16c/0x1f0 [ 493.384225][T11021] should_fail_ex+0x512/0x640 [ 493.384260][T11021] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 493.384317][T11021] should_failslab+0xc2/0x120 [ 493.384348][T11021] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 493.384397][T11021] ? __proc_create+0xc3/0x8c0 [ 493.384431][T11021] ? __proc_create+0x2ce/0x8c0 [ 493.384472][T11021] __proc_create+0x2ce/0x8c0 [ 493.384509][T11021] ? __pfx___proc_create+0x10/0x10 [ 493.384563][T11021] ? _raw_write_unlock+0x28/0x50 [ 493.384603][T11021] proc_create_reg+0x7d/0x180 [ 493.384646][T11021] proc_create_net_data+0x8e/0x1b0 [ 493.384686][T11021] ? __pfx_proc_create_net_data+0x10/0x10 [ 493.384726][T11021] ? __pfx_uevent_net_rcv+0x10/0x10 [ 493.384776][T11021] ? __pfx_dev_proc_net_init+0x10/0x10 [ 493.384826][T11021] wext_proc_init+0x53/0x70 [ 493.384865][T11021] dev_proc_net_init+0x10b/0x220 [ 493.384915][T11021] ops_init+0x1df/0x5f0 [ 493.384958][T11021] setup_net+0x21e/0x850 [ 493.385001][T11021] ? __pfx_setup_net+0x10/0x10 [ 493.385037][T11021] ? lockdep_init_map_type+0x5c/0x280 [ 493.385070][T11021] ? __pfx_down_read_killable+0x10/0x10 [ 493.385119][T11021] ? debug_mutex_init+0x37/0x70 [ 493.385165][T11021] copy_net_ns+0x2a6/0x5f0 [ 493.385212][T11021] create_new_namespaces+0x3ea/0xad0 [ 493.385271][T11021] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 493.385323][T11021] ksys_unshare+0x45b/0xa40 [ 493.385375][T11021] ? __pfx_ksys_unshare+0x10/0x10 [ 493.385425][T11021] ? xfd_validate_state+0x5d/0x180 [ 493.385463][T11021] ? rcu_is_watching+0x12/0xc0 [ 493.385510][T11021] __x64_sys_unshare+0x31/0x40 [ 493.385564][T11021] do_syscall_64+0xcd/0x260 [ 493.385605][T11021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.385637][T11021] RIP: 0033:0x7f5b71f8d169 [ 493.385663][T11021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.385694][T11021] RSP: 002b:00007f5b72e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 493.385724][T11021] RAX: ffffffffffffffda RBX: 00007f5b721a5fa0 RCX: 00007f5b71f8d169 [ 493.385745][T11021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 493.385764][T11021] RBP: 00007f5b7200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 493.385784][T11021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 493.385802][T11021] R13: 0000000000000000 R14: 00007f5b721a5fa0 R15: 00007ffdcfd093c8 [ 493.385844][T11021] [ 494.619386][T11042] netlink: 28 bytes leftover after parsing attributes in process `syz.3.933'. [ 495.089795][T11047] usb usb38: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 495.101360][T11047] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 495.402135][T11050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.934'. [ 495.679946][T10454] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 495.680001][T10454] Bluetooth: hci3: connection err: -111 [ 496.786591][T11080] netlink: 28 bytes leftover after parsing attributes in process `syz.2.941'. [ 496.949011][T11080] bond0: (slave bond_slave_1): Releasing backup interface [ 496.986724][T11077] netlink: 8 bytes leftover after parsing attributes in process `syz.0.940'. [ 498.616691][T11110] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 498.623625][T11110] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 498.631342][T11110] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 498.646670][T11110] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 499.600775][ T5851] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 499.600833][ T5851] Bluetooth: hci1: connection err: -111 [ 500.710574][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout [ 500.710595][T10454] Bluetooth: hci2: command 0x0c1a tx timeout [ 500.710643][T10454] Bluetooth: hci1: command 0x0c1a tx timeout [ 500.716766][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 501.582376][T11158] netlink: 28 bytes leftover after parsing attributes in process `syz.0.955'. [ 503.115918][T11184] : Can't lookup blockdev [ 504.797291][T10454] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 504.797342][T10454] Bluetooth: hci2: connection err: -111 [ 506.723592][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.744181][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.149527][T10454] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 508.149568][T10454] Bluetooth: hci3: connection err: -111 [ 508.177917][T11268] netlink: zone id is out of range [ 508.185785][T11268] netlink: zone id is out of range [ 508.191424][T11268] netlink: zone id is out of range [ 508.197468][T11268] netlink: zone id is out of range [ 508.205158][T11268] netlink: zone id is out of range [ 508.210788][T11268] netlink: zone id is out of range [ 508.216768][T11268] netlink: zone id is out of range [ 508.226109][T11268] netlink: zone id is out of range [ 508.231824][T11268] netlink: zone id is out of range [ 508.238324][T11268] netlink: zone id is out of range [ 512.040978][T10454] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 512.041016][T10454] Bluetooth: hci2: connection err: -111 [ 513.624571][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 513.624622][T10454] Bluetooth: hci0: connection err: -111 [ 514.718212][T10454] Bluetooth: hci0: Unable to find connection for big 0xd2 [ 515.121614][T11384] syz.3.993 (11384): attempted to duplicate a private mapping with mremap. This is not supported. [ 516.838697][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 516.838753][ T5847] Bluetooth: hci2: connection err: -111 [ 519.535209][T11489] sd 0:0:1:0: PR command failed: 1026 [ 519.546260][T11489] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 519.553067][T11489] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 519.897133][T11496] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1012'. [ 525.457013][T11579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1025'. [ 526.679596][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 526.679638][ T5847] Bluetooth: hci0: connection err: -111 [ 528.441661][T11620] sp0: Synchronizing with TNC [ 528.874215][T11620] net_ratelimit: 22 callbacks suppressed [ 528.874238][T11620] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 532.235776][T11689] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1044'. [ 533.992212][ T5847] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 540.071341][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 540.071382][ T5847] Bluetooth: hci1: connection err: -111 [ 543.490349][T11891] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1078'. [ 544.145743][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 544.145782][ T5847] Bluetooth: hci1: connection err: -111 [ 545.428171][T11932] [U] [ 545.430975][T11932] [U] [ 545.433746][T11932] [U] [ 545.436465][T11932] [U] [ 545.439569][T11932] [U] [ 545.442291][T11932] [U] [ 545.445007][T11932] [U] [ 545.447728][T11932] [U] [ 545.464382][T11932] [U] [ 545.467160][T11932] [U] [ 545.469873][T11932] [U] [ 545.472606][T11932] [U] [ 545.525297][T11932] [U] [ 545.528186][T11932] [U] [ 545.530961][T11932] [U] [ 545.533675][T11932] [U] [ 545.619954][T11932] [U] [ 545.622770][T11932] [U] [ 545.625538][T11932] [U] [ 545.628302][T11932] [U] [ 545.645402][T11932] [U] [ 545.648201][T11932] [U] [ 545.650962][T11932] [U] [ 545.653724][T11932] [U] [ 545.667019][T11932] [U] [ 545.669821][T11932] [U] [ 545.672588][T11932] [U] [ 545.675341][T11932] [U] [ 545.696602][T11932] [U] [ 545.699400][T11932] [U] [ 545.702161][T11932] [U] [ 545.704905][T11932] [U] [ 545.759844][T11932] [U] [ 545.762648][T11932] [U] [ 545.765407][T11932] [U] [ 545.768160][T11932] [U] [ 545.796576][T11932] [U] [ 545.799328][T11932] [U] [ 545.802068][T11932] [U] [ 545.804822][T11932] [U] [ 545.811804][T11932] [U] [ 545.814594][T11932] [U] [ 545.817350][T11932] [U] [ 545.820103][T11932] [U] [ 545.825612][T11932] [U] [ 545.828393][T11932] [U] [ 545.831148][T11932] [U] [ 545.833883][T11932] [U] [ 545.847404][T11939] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1086'. [ 545.862035][T11932] [U] [ 545.864789][T11932] [U] [ 545.867510][T11932] [U] [ 545.870221][T11932] [U] [ 545.875199][T11932] [U] [ 545.877979][T11932] [U] [ 545.880745][T11932] [U] [ 545.883501][T11932] [U] [ 545.890863][T11932] [U] [ 545.893646][T11932] [U] [ 545.896399][T11932] [U] [ 545.899154][T11932] [U] [ 545.904196][T11932] [U] [ 545.906961][T11932] [U] [ 545.909791][T11932] [U] [ 545.912554][T11932] [U] [ 545.935278][T11932] [U] [ 545.938073][T11932] [U] [ 545.940830][T11932] [U] [ 545.943597][T11932] [U] [ 545.962458][T11932] [U] [ 545.965251][T11932] [U] [ 545.968005][T11932] [U] [ 545.970753][T11932] [U] [ 545.985253][T11932] [U] [ 545.988049][T11932] [U] [ 545.990809][T11932] [U] [ 545.993565][T11932] [U] [ 546.005383][T11932] [U] [ 546.008144][T11932] [U] [ 546.010859][T11932] [U] [ 546.013572][T11932] [U] [ 546.033167][T11932] [U] [ 546.035918][T11932] [U] [ 546.038661][T11932] [U] [ 546.041389][T11932] [U] [ 546.055299][T11932] [U] [ 546.058096][T11932] [U] [ 546.060856][T11932] [U] [ 546.063606][T11932] [U] [ 546.069579][T11932] [U] [ 546.072317][T11932] [U] [ 546.075031][T11932] [U] [ 546.077757][T11932] [U] [ 546.093939][T11932] [U] [ 546.096702][T11932] [U] [ 546.099417][T11932] [U] [ 546.102132][T11932] [U] [ 546.121771][T11932] [U] [ 546.124562][T11932] [U] [ 546.127309][T11932] [U] [ 546.130055][T11932] [U] [ 546.136578][T11932] [U] [ 546.139364][T11932] [U] [ 546.142112][T11932] [U] [ 546.144845][T11932] [U] [ 546.161433][T11932] [U] [ 546.164225][T11932] [U] [ 546.166985][T11932] [U] [ 546.169749][T11932] [U] [ 546.193085][T11932] [U] [ 546.195874][T11932] [U] [ 546.198623][T11932] [U] [ 546.201355][T11932] [U] [ 546.206906][T11932] [U] [ 546.209694][T11932] [U] [ 546.212426][T11932] [U] [ 546.215163][T11932] [U] [ 546.250573][T11932] [U] [ 546.253380][T11932] [U] [ 546.256139][T11932] [U] [ 546.258897][T11932] [U] [ 546.950925][T11927] [U] [ 548.255543][ T5847] Bluetooth: hci2: unexpected subevent 0x01 length: 4 < 18 [ 555.874466][ T30] audit: type=1326 audit(4294967324.670:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12114 comm="syz.2.1118" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5b71f8d169 code=0x0 [ 556.085597][T12129] bridge0: port 3(vlan1) entered blocking state [ 556.122919][T12129] bridge0: port 3(vlan1) entered disabled state [ 556.155778][T12129] vlan1: entered allmulticast mode [ 556.213788][T12129] veth0_vlan: entered allmulticast mode [ 556.278212][T12129] vlan1: entered promiscuous mode [ 556.347228][T12129] bridge0: port 3(vlan1) entered blocking state [ 556.353717][T12129] bridge0: port 3(vlan1) entered forwarding state [ 556.484687][T12133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1121'. [ 556.641832][T12140] syz.3.1120 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 556.757913][T12142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.769664][T12142] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 556.882449][T12145] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1122'. [ 558.518167][ T5847] Bluetooth: hci1: ISO packet too small [ 560.879102][ T30] audit: type=1800 audit(4294967337.562:16): pid=12194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1132" name="dbroot" dev="configfs" ino=36083 res=0 errno=0 [ 562.005594][ T5847] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 562.284372][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 562.291389][ T5847] Bluetooth: hci1: connection err: -111 [ 564.473687][T12223] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1137'. [ 566.956630][T12262] netlink: 93 bytes leftover after parsing attributes in process `syz.1.1142'. [ 567.098472][T12255] Process accounting resumed [ 568.152350][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.162857][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.481482][ T30] audit: type=1800 audit(4294967347.262:17): pid=12320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1151" name="file0" dev="tmpfs" ino=1524 res=0 errno=0 [ 573.247232][ T5847] Bluetooth: hci3: unexpected subevent 0x01 length: 4 < 18 [ 573.280170][ T30] audit: type=1800 audit(4294967358.075:18): pid=12370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1159" name="dbroot" dev="configfs" ino=35799 res=0 errno=0 [ 577.847365][T12440] [U] [ 577.850173][T12440] [U] [ 577.852936][T12440] [U] [ 577.855699][T12440] [U] [ 577.902597][T12440] [U] [ 577.905405][T12440] [U] [ 577.908168][T12440] [U] [ 577.910937][T12440] [U] [ 577.973471][T12440] [U] [ 577.976250][T12440] [U] [ 577.978979][T12440] [U] [ 577.981691][T12440] [U] [ 578.051747][T12440] [U] [ 578.054572][T12440] [U] [ 578.057311][T12440] [U] [ 578.060023][T12440] [U] [ 578.125611][T12440] [U] [ 578.128374][T12440] [U] [ 578.131088][T12440] [U] [ 578.133805][T12440] [U] [ 578.210160][T12440] [U] [ 578.212964][T12440] [U] [ 578.215700][T12440] [U] [ 578.218439][T12440] [U] [ 578.352464][T12440] [U] [ 578.355272][T12440] [U] [ 578.358037][T12440] [U] [ 578.360786][T12440] [U] [ 578.365102][T12440] [U] [ 578.367884][T12440] [U] [ 578.370626][T12440] [U] [ 578.373350][T12440] [U] [ 578.379144][T12440] [U] [ 578.381926][T12440] [U] [ 578.384680][T12440] [U] [ 578.387436][T12440] [U] [ 578.394152][T12440] [U] [ 578.396953][T12440] [U] [ 578.399702][T12440] [U] [ 578.402453][T12440] [U] [ 578.406473][T12440] [U] [ 578.409254][T12440] [U] [ 578.412010][T12440] [U] [ 578.414769][T12440] [U] [ 578.517345][T12440] [U] [ 578.520258][T12440] [U] [ 578.523003][T12440] [U] [ 578.525755][T12440] [U] [ 578.574832][T12440] [U] [ 578.577625][T12440] [U] [ 578.580386][T12440] [U] [ 578.583137][T12440] [U] [ 578.646546][T12440] [U] [ 578.649385][T12440] [U] [ 578.652136][T12440] [U] [ 578.654903][T12440] [U] [ 578.706629][T12440] [U] [ 578.709429][T12440] [U] [ 578.712180][T12440] [U] [ 578.714936][T12440] [U] [ 578.760873][T12440] [U] [ 578.763631][T12440] [U] [ 578.766360][T12440] [U] [ 578.769111][T12440] [U] [ 578.775439][T12440] [U] [ 578.778224][T12440] [U] [ 578.780974][T12440] [U] [ 578.783707][T12440] [U] [ 578.791942][T12440] [U] [ 578.794722][T12440] [U] [ 578.797478][T12440] [U] [ 578.800213][T12440] [U] [ 578.830092][T12440] [U] [ 578.832899][T12440] [U] [ 578.835634][T12440] [U] [ 578.838373][T12440] [U] [ 578.844827][T12440] [U] [ 578.847599][T12440] [U] [ 578.850355][T12440] [U] [ 578.853097][T12440] [U] [ 578.857106][T12440] [U] [ 578.859912][T12440] [U] [ 578.862661][T12440] [U] [ 578.865418][T12440] [U] [ 578.875312][T12440] [U] [ 578.878077][T12440] [U] [ 578.880821][T12440] [U] [ 578.883569][T12440] [U] [ 578.916513][T12440] [U] [ 578.919279][T12440] [U] [ 578.923297][T12440] [U] [ 578.926020][T12440] [U] [ 578.959960][T12440] [U] [ 578.962731][T12440] [U] [ 578.965444][T12440] [U] [ 578.968155][T12440] [U] [ 579.008660][T12440] [U] [ 579.011405][T12440] [U] [ 579.014139][T12440] [U] [ 579.016907][T12440] [U] [ 579.040077][T12440] [U] [ 586.352458][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 586.352514][ T5847] Bluetooth: hci2: connection err: -111 [ 588.408231][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 588.408282][ T5847] Bluetooth: hci3: connection err: -111 [ 589.249056][T12639] could not allocate digest TFM handle binfmt_misc [ 589.940125][T12646] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1208'. [ 590.131953][ T5847] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 590.132011][ T5847] Bluetooth: hci1: connection err: -111 [ 592.269192][T12675] mkiss: ax0: crc mode is auto. [ 593.166350][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 593.166402][ T5847] Bluetooth: hci2: connection err: -111 [ 594.754511][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 594.754565][ T5847] Bluetooth: hci0: connection err: -111 [ 595.830398][T12761] snd_aloop snd_aloop.0: control 16781581:65539:6:'x?F/zF˷fC:7 is already present [ 599.151571][T12800] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1234'. [ 602.656287][ T5847] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 602.656342][ T5847] Bluetooth: hci2: connection err: -111 [ 603.239097][T12849] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 603.245781][T12849] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 603.262718][T12849] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 603.308237][T12849] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 604.634307][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 605.266581][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout [ 605.272643][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 605.346292][T10454] Bluetooth: hci3: command 0x0c1a tx timeout [ 605.538558][T12887] sctp: [Deprecated]: syz.1.1249 (pid 12887) Use of int in maxseg socket option. [ 605.538558][T12887] Use struct sctp_assoc_value instead [ 606.796451][T10454] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 606.796506][T10454] Bluetooth: hci1: connection err: -111 [ 611.118995][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 611.119045][T10454] Bluetooth: hci0: connection err: -111 [ 611.994489][T12994] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1269'. [ 612.213793][T12994] bond0: (slave bond_slave_1): Releasing backup interface [ 614.037922][T13033] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1274'. [ 615.372821][T13041] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1275'. [ 615.399115][T13041] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 615.902652][T13045] could not allocate digest TFM handle [ 616.623859][T13056] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1277'. [ 617.617837][T13069] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1281'. [ 619.402963][T10454] Bluetooth: hci1: unexpected event 0x1d length: 6 > 5 [ 620.067749][T10454] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 620.074830][T10454] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 620.092184][T10454] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 620.092269][T10454] Bluetooth: hci2: Malformed LE Event: 0x0d [ 620.954464][T13126] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1288'. [ 622.469793][T13140] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1293'. [ 622.625053][T10454] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 622.625105][T10454] Bluetooth: hci1: connection err: -111 [ 625.341220][T13186] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1300'. [ 626.305483][T13211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1305'. [ 626.416804][T13206] could not allocate digest TFM handle binfmt_misc [ 629.591159][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.597769][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.316057][T13269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1314'. [ 632.012471][T13297] sctp: [Deprecated]: syz.3.1322 (pid 13297) Use of int in maxseg socket option. [ 632.012471][T13297] Use struct sctp_assoc_value instead [ 633.699467][T13330] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1330'. [ 633.948206][T13334] Process accounting resumed [ 634.554955][T13352] FAULT_INJECTION: forcing a failure. [ 634.554955][T13352] name failslab, interval 1, probability 0, space 0, times 0 [ 634.595380][T13352] CPU: 1 UID: 0 PID: 13352 Comm: syz.2.1334 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 634.595439][T13352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 634.595457][T13352] Call Trace: [ 634.595467][T13352] [ 634.595484][T13352] dump_stack_lvl+0x16c/0x1f0 [ 634.595530][T13352] should_fail_ex+0x512/0x640 [ 634.595565][T13352] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 634.595614][T13352] should_failslab+0xc2/0x120 [ 634.595643][T13352] __kmalloc_cache_noprof+0x6a/0x3e0 [ 634.595677][T13352] ? single_open+0x4d/0x1f0 [ 634.595707][T13352] ? __pfx_snd_info_seq_show+0x10/0x10 [ 634.595738][T13352] single_open+0x4d/0x1f0 [ 634.595766][T13352] snd_info_text_entry_open+0x175/0x2a0 [ 634.595801][T13352] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 634.595833][T13352] ? trace_kmem_cache_alloc+0x28/0xc0 [ 634.595858][T13352] ? __pfx_apparmor_file_open+0x10/0x10 [ 634.595887][T13352] ? proc_reg_open+0x21d/0x610 [ 634.595910][T13352] ? __pfx_snd_info_text_entry_open+0x10/0x10 [ 634.595953][T13352] proc_reg_open+0x286/0x610 [ 634.595978][T13352] do_dentry_open+0x741/0x1c10 [ 634.596014][T13352] ? __pfx_proc_reg_open+0x10/0x10 [ 634.596042][T13352] vfs_open+0x82/0x3f0 [ 634.596070][T13352] path_openat+0x1e5e/0x2d40 [ 634.596126][T13352] ? __pfx_path_openat+0x10/0x10 [ 634.596183][T13352] do_filp_open+0x20b/0x470 [ 634.596229][T13352] ? __pfx_do_filp_open+0x10/0x10 [ 634.596309][T13352] ? alloc_fd+0x471/0x7d0 [ 634.596369][T13352] do_sys_openat2+0x11b/0x1d0 [ 634.596404][T13352] ? __pfx_do_sys_openat2+0x10/0x10 [ 634.596455][T13352] __x64_sys_openat+0x174/0x210 [ 634.596492][T13352] ? __pfx___x64_sys_openat+0x10/0x10 [ 634.596530][T13352] ? rcu_is_watching+0x12/0xc0 [ 634.596574][T13352] do_syscall_64+0xcd/0x260 [ 634.596603][T13352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.596627][T13352] RIP: 0033:0x7f5b71f8d169 [ 634.596645][T13352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 634.596666][T13352] RSP: 002b:00007f5b72e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 634.596687][T13352] RAX: ffffffffffffffda RBX: 00007f5b721a5fa0 RCX: 00007f5b71f8d169 [ 634.596702][T13352] RDX: 00000000001c1080 RSI: 0000200000001080 RDI: ffffffffffffff9c [ 634.596716][T13352] RBP: 00007f5b7200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 634.596730][T13352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 634.596743][T13352] R13: 0000000000000000 R14: 00007f5b721a5fa0 R15: 00007ffdcfd093c8 [ 634.596771][T13352] [ 636.934095][T10454] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 636.934155][T10454] Bluetooth: hci1: connection err: -111 [ 638.282216][T10454] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 638.282251][T10454] Bluetooth: hci3: connection err: -111 [ 638.436112][T13418] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1346'. [ 642.024446][T13487] FAULT_INJECTION: forcing a failure. [ 642.024446][T13487] name failslab, interval 1, probability 0, space 0, times 0 [ 642.064793][T13487] CPU: 0 UID: 0 PID: 13487 Comm: syz.2.1359 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 642.064836][T13487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 642.064852][T13487] Call Trace: [ 642.064861][T13487] [ 642.064873][T13487] dump_stack_lvl+0x16c/0x1f0 [ 642.064932][T13487] should_fail_ex+0x512/0x640 [ 642.064967][T13487] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 642.065022][T13487] should_failslab+0xc2/0x120 [ 642.065053][T13487] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 642.065105][T13487] ? sk_prot_alloc+0x60/0x2a0 [ 642.065154][T13487] sk_prot_alloc+0x60/0x2a0 [ 642.065200][T13487] sk_alloc+0x36/0xc20 [ 642.065235][T13487] inet6_create+0x381/0x1300 [ 642.065270][T13487] ? inet6_create+0x7f/0x1300 [ 642.065317][T13487] __sock_create+0x335/0x8d0 [ 642.065374][T13487] inet_ctl_sock_create+0x94/0x230 [ 642.065415][T13487] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 642.065460][T13487] ? __pfx_dccp_v6_init_net+0x10/0x10 [ 642.065487][T13487] dccp_v6_init_net+0x63/0x90 [ 642.065525][T13487] ops_init+0x1df/0x5f0 [ 642.065564][T13487] setup_net+0x21e/0x850 [ 642.065603][T13487] ? __pfx_setup_net+0x10/0x10 [ 642.065634][T13487] ? lockdep_init_map_type+0x5c/0x280 [ 642.065663][T13487] ? __pfx_down_read_killable+0x10/0x10 [ 642.065707][T13487] ? debug_mutex_init+0x37/0x70 [ 642.065747][T13487] copy_net_ns+0x2a6/0x5f0 [ 642.065792][T13487] create_new_namespaces+0x3ea/0xad0 [ 642.065842][T13487] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 642.065889][T13487] ksys_unshare+0x45b/0xa40 [ 642.065934][T13487] ? __pfx_ksys_unshare+0x10/0x10 [ 642.065979][T13487] ? ksys_write+0x1b9/0x240 [ 642.066031][T13487] __x64_sys_unshare+0x31/0x40 [ 642.066074][T13487] do_syscall_64+0xcd/0x260 [ 642.066111][T13487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.066140][T13487] RIP: 0033:0x7f5b71f8d169 [ 642.066164][T13487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 642.066196][T13487] RSP: 002b:00007f5b72e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 642.066223][T13487] RAX: ffffffffffffffda RBX: 00007f5b721a5fa0 RCX: 00007f5b71f8d169 [ 642.066242][T13487] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 642.066260][T13487] RBP: 00007f5b7200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 642.066278][T13487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 642.066295][T13487] R13: 0000000000000000 R14: 00007f5b721a5fa0 R15: 00007ffdcfd093c8 [ 642.066342][T13487] [ 643.014080][T10454] Bluetooth: hci1: unexpected event 0x04 length: 459 > 10 [ 643.014139][T10454] Bluetooth: hci1: connection err: -111 [ 643.729244][T13510] tipc: Started in network mode [ 643.734253][T13510] tipc: Node identity ee00, cluster identity 4711 [ 643.741476][T13510] tipc: Node number set to 60928 [ 644.657501][T13547] synth uevent: /module/ipv6: unknown uevent action string [ 646.312993][T13558] could not allocate digest TFM handle [ 646.870634][T13569] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1377'. [ 648.547668][T10454] Bluetooth: hci1: unexpected event 0x1d length: 1 < 5 [ 648.590923][T10454] Bluetooth: hci0: ISO packet too small [ 651.918236][T13643] Invalid ELF header magic: != ELF [ 652.050647][T13645] could not allocate digest TFM handle [ 652.601331][T13645] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1382'. [ 652.746401][T13653] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1383'. [ 652.814270][T13653] geneve1: entered allmulticast mode [ 653.892632][T13665] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1393'. [ 653.902110][T13665] netlink: 13700 bytes leftover after parsing attributes in process `syz.0.1393'. [ 656.445145][T13706] Invalid ELF header magic: != ELF [ 656.611423][T13714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1395'. [ 656.630634][T13713] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1392'. [ 656.697047][T13705] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1392'. [ 657.137173][T13705] netlink: 134 bytes leftover after parsing attributes in process `syz.0.1392'. [ 662.179703][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 662.179760][T10454] Bluetooth: hci0: connection err: -111 [ 663.751689][T13802] CIFS: VFS: Unsupported security flags: 0x200 [ 665.319259][T10454] Bluetooth: hci0: unexpected subevent 0x01 length: 4 < 18 [ 667.663464][T10454] Bluetooth: hci2: ISO packet too small [ 667.677160][T13864] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1430'. [ 668.159218][T13875] FAULT_INJECTION: forcing a failure. [ 668.159218][T13875] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 668.201561][T13875] CPU: 1 UID: 0 PID: 13875 Comm: syz.2.1424 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 668.201605][T13875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 668.201623][T13875] Call Trace: [ 668.201633][T13875] [ 668.201645][T13875] dump_stack_lvl+0x16c/0x1f0 [ 668.201687][T13875] should_fail_ex+0x512/0x640 [ 668.201728][T13875] strncpy_from_user+0x3b/0x2e0 [ 668.201765][T13875] getname_flags.part.0+0x8b/0x540 [ 668.201802][T13875] getname_flags+0x93/0xf0 [ 668.201845][T13875] do_sys_openat2+0xb8/0x1d0 [ 668.201879][T13875] ? __pfx_do_sys_openat2+0x10/0x10 [ 668.201922][T13875] __x64_sys_openat+0x174/0x210 [ 668.201956][T13875] ? __pfx___x64_sys_openat+0x10/0x10 [ 668.201995][T13875] ? rcu_is_watching+0x12/0xc0 [ 668.202048][T13875] do_syscall_64+0xcd/0x260 [ 668.202098][T13875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.202130][T13875] RIP: 0033:0x7f5b71f8d169 [ 668.202154][T13875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.202185][T13875] RSP: 002b:00007f5b72e3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 668.202215][T13875] RAX: ffffffffffffffda RBX: 00007f5b721a6080 RCX: 00007f5b71f8d169 [ 668.202237][T13875] RDX: 0000000000008c00 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 668.202256][T13875] RBP: 00007f5b7200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 668.202274][T13875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 668.202293][T13875] R13: 0000000000000000 R14: 00007f5b721a6080 R15: 00007ffdcfd093c8 [ 668.202334][T13875] [ 668.606889][T10454] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 668.606939][T10454] Bluetooth: hci2: connection err: -111 [ 669.179159][T13888] FAULT_INJECTION: forcing a failure. [ 669.179159][T13888] name fail_futex, interval 1, probability 0, space 0, times 1 [ 669.198873][T13888] CPU: 0 UID: 0 PID: 13888 Comm: syz.2.1426 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 669.198920][T13888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 669.198948][T13888] Call Trace: [ 669.198959][T13888] [ 669.198971][T13888] dump_stack_lvl+0x16c/0x1f0 [ 669.199015][T13888] should_fail_ex+0x512/0x640 [ 669.199057][T13888] get_futex_key+0x49e/0x1000 [ 669.199110][T13888] ? __pfx_get_futex_key+0x10/0x10 [ 669.199155][T13888] ? __pfx___schedule+0x10/0x10 [ 669.199185][T13888] ? psi_group_change+0x6dc/0xd20 [ 669.199228][T13888] futex_wait_setup+0x78/0x290 [ 669.199271][T13888] __futex_wait+0x266/0x3c0 [ 669.199308][T13888] ? __pfx___futex_wait+0x10/0x10 [ 669.199350][T13888] ? __pfx_futex_wake_mark+0x10/0x10 [ 669.199401][T13888] futex_wait+0xe8/0x380 [ 669.199433][T13888] ? __pfx_futex_wait+0x10/0x10 [ 669.199480][T13888] ? up_write+0x1b2/0x520 [ 669.199521][T13888] do_futex+0x229/0x350 [ 669.199570][T13888] ? __pfx_do_futex+0x10/0x10 [ 669.199620][T13888] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 669.199679][T13888] __x64_sys_futex+0x1e0/0x4c0 [ 669.199733][T13888] ? __pfx___x64_sys_futex+0x10/0x10 [ 669.199785][T13888] ? rcu_is_watching+0x12/0xc0 [ 669.199839][T13888] do_syscall_64+0xcd/0x260 [ 669.199880][T13888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.199913][T13888] RIP: 0033:0x7f5b71f8d169 [ 669.199949][T13888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.199982][T13888] RSP: 002b:00007f5b72e5d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 669.200015][T13888] RAX: ffffffffffffffda RBX: 00007f5b721a5fa8 RCX: 00007f5b71f8d169 [ 669.200037][T13888] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5b721a5fa8 [ 669.200057][T13888] RBP: 00007f5b721a5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 669.200077][T13888] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5b721a5fac [ 669.200098][T13888] R13: 0000000000000000 R14: 00007ffdcfd092e0 R15: 00007ffdcfd093c8 [ 669.200139][T13888] [ 671.296698][T13909] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1431'. [ 671.915636][T13940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1435'. [ 673.329292][T13962] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1440'. [ 673.483853][T13964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1441'. [ 674.256865][T13975] netlink: 'syz.1.1443': attribute type 1 has an invalid length. [ 674.272753][T13975] netlink: 13 bytes leftover after parsing attributes in process `syz.1.1443'. [ 674.510976][T13980] Invalid ELF header magic: != ELF [ 674.534207][T13974] Process accounting resumed [ 674.742176][T13984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1445'. [ 674.838142][T13983] busy [ 677.106900][T10454] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 677.106991][T10454] Bluetooth: hci0: connection err: -111 [ 679.666565][T14052] netlink: 'syz.0.1457': attribute type 1 has an invalid length. [ 679.680213][T14052] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1457'. [ 679.869816][T14057] openvswitch: netlink: IP tunnel dst address not specified [ 679.929374][T14057] FAULT_INJECTION: forcing a failure. [ 679.929374][T14057] name failslab, interval 1, probability 0, space 0, times 0 [ 679.942506][T14057] CPU: 1 UID: 0 PID: 14057 Comm: syz.2.1459 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 679.942572][T14057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 679.942601][T14057] Call Trace: [ 679.942616][T14057] [ 679.942628][T14057] dump_stack_lvl+0x16c/0x1f0 [ 679.942668][T14057] should_fail_ex+0x512/0x640 [ 679.942704][T14057] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 679.942755][T14057] should_failslab+0xc2/0x120 [ 679.942786][T14057] __kmalloc_cache_noprof+0x6a/0x3e0 [ 679.942830][T14057] ? snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 679.942887][T14057] snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 679.942935][T14057] ? preempt_count_sub+0x145/0x160 [ 679.943000][T14057] ? trace_contention_end+0xdd/0x130 [ 679.943034][T14057] ? __mutex_lock+0x1ca/0xb90 [ 679.943076][T14057] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 679.943126][T14057] ? __pfx___mutex_lock+0x10/0x10 [ 679.943176][T14057] ? find_held_lock+0x2b/0x80 [ 679.943222][T14057] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 679.943275][T14057] snd_pcm_oss_ioctl+0x31aa/0x37a0 [ 679.943322][T14057] ? find_held_lock+0x2b/0x80 [ 679.943360][T14057] ? hook_file_ioctl_common+0x145/0x410 [ 679.943393][T14057] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 679.943442][T14057] ? __fget_files+0x20e/0x3c0 [ 679.943494][T14057] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 679.943542][T14057] __x64_sys_ioctl+0x190/0x200 [ 679.943584][T14057] do_syscall_64+0xcd/0x260 [ 679.943626][T14057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 679.943659][T14057] RIP: 0033:0x7f5b71f8d169 [ 679.943686][T14057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 679.943719][T14057] RSP: 002b:00007f5b72e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 679.943750][T14057] RAX: ffffffffffffffda RBX: 00007f5b721a5fa0 RCX: 00007f5b71f8d169 [ 679.943771][T14057] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 000000000000000b [ 679.943792][T14057] RBP: 00007f5b7200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 679.943811][T14057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 679.943831][T14057] R13: 0000000000000000 R14: 00007f5b721a5fa0 R15: 00007ffdcfd093c8 [ 679.943873][T14057] [ 680.237118][T14058] Process accounting resumed [ 682.691543][T14098] Invalid ELF header magic: != ELF [ 684.064839][T10454] Bluetooth: hci1: unexpected subevent 0x01 length: 4 < 18 [ 684.492808][T10454] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 687.447394][T14163] nbd: must specify at least one socket [ 687.577708][T14168] ptrace attach of "./syz-executor exec"[5836] was attempted by "./syz-executor exec"[14168] [ 687.664249][T14171] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1480'. [ 691.047779][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.054411][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 697.771898][T14297] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 697.778136][T14297] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 697.827872][T14297] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 697.871475][T14297] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 699.202893][T10454] Bluetooth: hci0: command 0x0c1a tx timeout [ 699.842156][T10454] Bluetooth: hci2: command 0x0c1a tx timeout [ 699.842289][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 699.925438][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout [ 699.991304][T14338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1511'. [ 703.032780][T14382] delete_channel: no stack [ 703.491560][T14388] FAULT_INJECTION: forcing a failure. [ 703.491560][T14388] name failslab, interval 1, probability 0, space 0, times 0 [ 703.536568][T14388] CPU: 0 UID: 0 PID: 14388 Comm: syz.2.1521 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 703.536616][T14388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 703.536636][T14388] Call Trace: [ 703.536647][T14388] [ 703.536660][T14388] dump_stack_lvl+0x16c/0x1f0 [ 703.536704][T14388] should_fail_ex+0x512/0x640 [ 703.536738][T14388] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 703.536796][T14388] should_failslab+0xc2/0x120 [ 703.536829][T14388] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 703.536882][T14388] ? __alloc_skb+0x2b2/0x380 [ 703.536916][T14388] ? bpf_lsm_capable+0x9/0x10 [ 703.536980][T14388] __alloc_skb+0x2b2/0x380 [ 703.537014][T14388] ? __pfx___alloc_skb+0x10/0x10 [ 703.537048][T14388] ? genl_rcv_msg+0x4bb/0x800 [ 703.537104][T14388] netlink_ack+0x15d/0xb80 [ 703.537145][T14388] ? __lock_acquire+0xaa4/0x1ba0 [ 703.537185][T14388] netlink_rcv_skb+0x347/0x440 [ 703.537224][T14388] ? __pfx_genl_rcv_msg+0x10/0x10 [ 703.537274][T14388] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 703.537332][T14388] ? __pfx_down_read+0x10/0x10 [ 703.537375][T14388] ? netlink_deliver_tap+0x1ae/0xd30 [ 703.537419][T14388] genl_rcv+0x28/0x40 [ 703.537458][T14388] netlink_unicast+0x53a/0x7f0 [ 703.537504][T14388] ? __pfx_netlink_unicast+0x10/0x10 [ 703.537540][T14388] ? __lock_acquire+0xaa4/0x1ba0 [ 703.537582][T14388] netlink_sendmsg+0x8d1/0xdd0 [ 703.537629][T14388] ? __pfx_netlink_sendmsg+0x10/0x10 [ 703.537686][T14388] ____sys_sendmsg+0xa95/0xc70 [ 703.537734][T14388] ? copy_msghdr_from_user+0x10a/0x160 [ 703.537769][T14388] ? __pfx_____sys_sendmsg+0x10/0x10 [ 703.537821][T14388] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 703.537864][T14388] ___sys_sendmsg+0x134/0x1d0 [ 703.537903][T14388] ? __pfx____sys_sendmsg+0x10/0x10 [ 703.538001][T14388] __sys_sendmsg+0x16d/0x220 [ 703.538040][T14388] ? __pfx___sys_sendmsg+0x10/0x10 [ 703.538076][T14388] ? __x64_sys_futex+0x1e0/0x4c0 [ 703.538137][T14388] ? rcu_is_watching+0x12/0xc0 [ 703.538190][T14388] do_syscall_64+0xcd/0x260 [ 703.538233][T14388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.538267][T14388] RIP: 0033:0x7f5b71f8d169 [ 703.538293][T14388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.538325][T14388] RSP: 002b:00007f5b72e3c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 703.538357][T14388] RAX: ffffffffffffffda RBX: 00007f5b721a6080 RCX: 00007f5b71f8d169 [ 703.538378][T14388] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004 [ 703.538398][T14388] RBP: 00007f5b7200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 703.538417][T14388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.538436][T14388] R13: 0000000000000000 R14: 00007f5b721a6080 R15: 00007ffdcfd093c8 [ 703.538477][T14388] [ 704.325650][T14397] Invalid ELF header magic: != ELF [ 704.570699][T14402] FAULT_INJECTION: forcing a failure. [ 704.570699][T14402] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 704.626172][T14402] CPU: 0 UID: 0 PID: 14402 Comm: syz.2.1524 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 704.626216][T14402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 704.626232][T14402] Call Trace: [ 704.626241][T14402] [ 704.626251][T14402] dump_stack_lvl+0x16c/0x1f0 [ 704.626289][T14402] should_fail_ex+0x512/0x640 [ 704.626325][T14402] should_fail_alloc_page+0xe7/0x130 [ 704.626354][T14402] prepare_alloc_pages+0x3c2/0x610 [ 704.626387][T14402] ? rcu_is_watching+0x12/0xc0 [ 704.626425][T14402] __alloc_frozen_pages_noprof+0x18d/0x2370 [ 704.626475][T14402] ? cgroup_rstat_updated+0x2a/0xb20 [ 704.626518][T14402] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 704.626572][T14402] ? __lock_acquire+0x5ca/0x1ba0 [ 704.626599][T14402] ? __lock_acquire+0x5ca/0x1ba0 [ 704.626621][T14402] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 704.626652][T14402] ? policy_nodemask+0xea/0x4e0 [ 704.626679][T14402] alloc_pages_mpol+0x1fb/0x550 [ 704.626704][T14402] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 704.626729][T14402] ? __lock_acquire+0x5ca/0x1ba0 [ 704.626758][T14402] folio_alloc_mpol_noprof+0x36/0x2f0 [ 704.626790][T14402] vma_alloc_folio_noprof+0xed/0x1e0 [ 704.626819][T14402] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 704.626868][T14402] do_pte_missing+0x223d/0x3fb0 [ 704.626919][T14402] __handle_mm_fault+0x103d/0x2a40 [ 704.626967][T14402] ? __pfx___handle_mm_fault+0x10/0x10 [ 704.627003][T14402] ? __pte_offset_map_lock+0x155/0x2f0 [ 704.627033][T14402] ? find_held_lock+0x2b/0x80 [ 704.627064][T14402] ? find_held_lock+0x2b/0x80 [ 704.627118][T14402] handle_mm_fault+0x3fe/0xad0 [ 704.627162][T14402] __get_user_pages+0x771/0x36f0 [ 704.627203][T14402] ? __pfx_mt_find+0x10/0x10 [ 704.627236][T14402] ? __pfx___get_user_pages+0x10/0x10 [ 704.627282][T14402] populate_vma_page_range+0x278/0x3a0 [ 704.627318][T14402] ? __pfx_populate_vma_page_range+0x10/0x10 [ 704.627352][T14402] ? __pfx_find_vma_intersection+0x10/0x10 [ 704.627386][T14402] ? do_mmap+0x69c/0x11b0 [ 704.627420][T14402] __mm_populate+0x1d8/0x380 [ 704.627456][T14402] ? __pfx___mm_populate+0x10/0x10 [ 704.627493][T14402] ? up_write+0x1b2/0x520 [ 704.627523][T14402] vm_mmap_pgoff+0x362/0x450 [ 704.627558][T14402] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 704.627596][T14402] ? __x64_sys_futex+0x1e0/0x4c0 [ 704.627632][T14402] ? __x64_sys_futex+0x1e9/0x4c0 [ 704.627673][T14402] ksys_mmap_pgoff+0x7d/0x5c0 [ 704.627704][T14402] ? rcu_is_watching+0x12/0xc0 [ 704.627759][T14402] __x64_sys_mmap+0x125/0x190 [ 704.627795][T14402] do_syscall_64+0xcd/0x260 [ 704.627828][T14402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 704.627855][T14402] RIP: 0033:0x7f5b71f8d169 [ 704.627886][T14402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 704.627915][T14402] RSP: 002b:00007f5b72e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 704.627944][T14402] RAX: ffffffffffffffda RBX: 00007f5b721a5fa0 RCX: 00007f5b71f8d169 [ 704.627963][T14402] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 704.627981][T14402] RBP: 00007f5b7200e2a0 R08: 0000000000000002 R09: 0000000000008000 [ 704.627999][T14402] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 704.628017][T14402] R13: 0000000000000000 R14: 00007f5b721a5fa0 R15: 00007ffdcfd093c8 [ 704.628055][T14402] [ 713.486431][T14512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1542'. [ 714.756874][ T5847] Bluetooth: hci3: unexpected event 0x04 length: 459 > 10 [ 714.756934][ T5847] Bluetooth: hci3: connection err: -111 [ 717.443714][ T5847] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 720.193795][T10454] Bluetooth: hci2: unexpected event 0x04 length: 459 > 10 [ 720.193850][T10454] Bluetooth: hci2: connection err: -111 [ 722.042462][T10454] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 722.413742][T14657] Invalid ELF header magic: != ELF [ 723.398548][ T5847] Bluetooth: hci0: unexpected event 0x04 length: 459 > 10 [ 723.398604][ T5847] Bluetooth: hci0: connection err: -111 [ 728.488662][T14830] FAULT_INJECTION: forcing a failure. [ 728.488662][T14830] name failslab, interval 1, probability 0, space 0, times 0 [ 728.507372][T14830] CPU: 0 UID: 0 PID: 14830 Comm: syz.2.1626 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 728.507418][T14830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 728.507437][T14830] Call Trace: [ 728.507448][T14830] [ 728.507459][T14830] dump_stack_lvl+0x16c/0x1f0 [ 728.507501][T14830] should_fail_ex+0x512/0x640 [ 728.507536][T14830] ? __kmalloc_noprof+0xbf/0x510 [ 728.507606][T14830] ? lsm_blob_alloc+0x68/0x90 [ 728.507652][T14830] should_failslab+0xc2/0x120 [ 728.507685][T14830] __kmalloc_noprof+0xd2/0x510 [ 728.507743][T14830] lsm_blob_alloc+0x68/0x90 [ 728.507804][T14830] security_sk_alloc+0x30/0x270 [ 728.507839][T14830] sk_prot_alloc+0x1c7/0x2a0 [ 728.507887][T14830] sk_alloc+0x36/0xc20 [ 728.507921][T14830] __netlink_create+0x5e/0x2c0 [ 728.507955][T14830] __netlink_kernel_create+0xed/0x750 [ 728.507997][T14830] ? __pfx___netlink_kernel_create+0x10/0x10 [ 728.508052][T14830] uevent_net_init+0xf8/0x350 [ 728.508097][T14830] ? __pfx_uevent_net_init+0x10/0x10 [ 728.508144][T14830] ? __pfx_uevent_net_rcv+0x10/0x10 [ 728.508202][T14830] ? __pfx_uevent_net_init+0x10/0x10 [ 728.508245][T14830] ops_init+0x1df/0x5f0 [ 728.508289][T14830] setup_net+0x21e/0x850 [ 728.508332][T14830] ? __pfx_setup_net+0x10/0x10 [ 728.508368][T14830] ? lockdep_init_map_type+0x5c/0x280 [ 728.508405][T14830] ? __pfx_down_read_killable+0x10/0x10 [ 728.508455][T14830] ? debug_mutex_init+0x37/0x70 [ 728.508502][T14830] copy_net_ns+0x2a6/0x5f0 [ 728.508549][T14830] create_new_namespaces+0x3ea/0xad0 [ 728.508609][T14830] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 728.508661][T14830] ksys_unshare+0x45b/0xa40 [ 728.508715][T14830] ? __pfx_ksys_unshare+0x10/0x10 [ 728.508773][T14830] ? xfd_validate_state+0x5d/0x180 [ 728.508813][T14830] ? rcu_is_watching+0x12/0xc0 [ 728.508865][T14830] __x64_sys_unshare+0x31/0x40 [ 728.508917][T14830] do_syscall_64+0xcd/0x260 [ 728.508957][T14830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.508991][T14830] RIP: 0033:0x7f5b71f8d169 [ 728.509016][T14830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 728.509048][T14830] RSP: 002b:00007f5b72e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 728.509080][T14830] RAX: ffffffffffffffda RBX: 00007f5b721a5fa0 RCX: 00007f5b71f8d169 [ 728.509101][T14830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 728.509121][T14830] RBP: 00007f5b7200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 728.509141][T14830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 728.509161][T14830] R13: 0000000000000000 R14: 00007f5b721a5fa0 R15: 00007ffdcfd093c8 [ 728.509204][T14830] [ 728.510494][T14830] kobject_uevent: unable to create netlink socket! [ 728.923103][T14834] FAULT_INJECTION: forcing a failure. [ 728.923103][T14834] name fail_futex, interval 1, probability 0, space 0, times 0 [ 729.027764][T14834] CPU: 1 UID: 0 PID: 14834 Comm: syz.2.1626 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 729.027814][T14834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 729.027834][T14834] Call Trace: [ 729.027845][T14834] [ 729.027857][T14834] dump_stack_lvl+0x16c/0x1f0 [ 729.027901][T14834] should_fail_ex+0x512/0x640 [ 729.027941][T14834] get_futex_key+0x49e/0x1000 [ 729.027995][T14834] ? __pfx_get_futex_key+0x10/0x10 [ 729.028039][T14834] ? kfree+0x252/0x4d0 [ 729.028092][T14834] futex_wake+0xe7/0x4e0 [ 729.028137][T14834] ? __pfx_futex_wake+0x10/0x10 [ 729.028168][T14834] ? __pfx_vfs_writev+0x10/0x10 [ 729.028212][T14834] ? do_writev+0x218/0x330 [ 729.028279][T14834] do_futex+0x1e3/0x350 [ 729.028325][T14834] ? __pfx_do_futex+0x10/0x10 [ 729.028370][T14834] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 729.028419][T14834] __x64_sys_futex+0x1e0/0x4c0 [ 729.028468][T14834] ? fput+0x70/0xf0 [ 729.028499][T14834] ? __pfx___x64_sys_futex+0x10/0x10 [ 729.028544][T14834] ? __pfx_do_writev+0x10/0x10 [ 729.028584][T14834] ? rcu_is_watching+0x12/0xc0 [ 729.028637][T14834] do_syscall_64+0xcd/0x260 [ 729.028676][T14834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 729.028720][T14834] RIP: 0033:0x7f5b71f8d169 [ 729.028746][T14834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 729.028779][T14834] RSP: 002b:00007f5b72e1b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 729.028810][T14834] RAX: ffffffffffffffda RBX: 00007f5b721a6168 RCX: 00007f5b71f8d169 [ 729.028832][T14834] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5b721a616c [ 729.028853][T14834] RBP: 00007f5b721a6160 R08: 00007f5b72e5e000 R09: 0000000000000000 [ 729.028874][T14834] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f5b721a616c [ 729.028894][T14834] R13: 0000000000000000 R14: 00007ffdcfd092e0 R15: 00007ffdcfd093c8 [ 729.028935][T14834] [ 729.947172][ T5847] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 731.060499][T14875] Invalid ELF header magic: != ELF [ 731.875693][T14898] nbd: couldn't find device at index 33904 [ 732.737057][T14928] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI [ 732.749025][T14928] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 732.757482][T14928] CPU: 1 UID: 0 PID: 14928 Comm: syz.2.1658 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 732.769257][T14928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 732.779357][T14928] RIP: 0010:__do_sys_mremap+0x1392/0x15c0 [ 732.785155][T14928] Code: 0f 85 45 02 00 00 48 8b 04 24 c6 84 24 70 01 00 00 01 48 01 85 68 02 00 00 eb 9a e8 38 2a b0 ff 48 b8 04 00 00 00 00 fc ff df <80> 38 00 0f 85 a7 01 00 00 48 8b 2c 25 20 00 00 00 31 ff 81 e5 00 [ 732.804811][T14928] RSP: 0018:ffffc900045b7d20 EFLAGS: 00010287 [ 732.810925][T14928] RAX: dffffc0000000004 RBX: ffff88801b474600 RCX: ffffc9000c692000 [ 732.818946][T14928] RDX: 0000000000080000 RSI: ffffffff820b1598 RDI: 0000000000000007 [ 732.826962][T14928] RBP: ffff88805abdd280 R08: 0000000000000007 R09: 0000000000000000 [ 732.834972][T14928] R10: 0000000010000000 R11: 0000000000000000 R12: 0000000000003000 [ 732.842967][T14928] R13: 1ffff920008b6faa R14: 0000000000000000 R15: ffff88801b474770 [ 732.850956][T14928] FS: 00007f5b72e5d6c0(0000) GS:ffff888124ac1000(0000) knlGS:0000000000000000 [ 732.859908][T14928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 732.866517][T14928] CR2: 0000001b30a1cff8 CR3: 000000005a66a000 CR4: 00000000003526f0 [ 732.874511][T14928] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 732.882512][T14928] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 732.890502][T14928] Call Trace: [ 732.893797][T14928] [ 732.896744][T14928] ? __pfx___do_sys_mremap+0x10/0x10 [ 732.902081][T14928] ? __x64_sys_futex+0x1e0/0x4c0 [ 732.907060][T14928] ? rcu_is_watching+0x12/0xc0 [ 732.911853][T14928] do_syscall_64+0xcd/0x260 [ 732.916388][T14928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.922302][T14928] RIP: 0033:0x7f5b71f8d169 [ 732.926746][T14928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 732.946381][T14928] RSP: 002b:00007f5b72e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 732.954815][T14928] RAX: ffffffffffffffda RBX: 00007f5b721a5fa0 RCX: 00007f5b71f8d169 [ 732.962804][T14928] RDX: 0000000000003fd6 RSI: 0000000000000007 RDI: 0000000000000000 [ 732.970785][T14928] RBP: 00007f5b7200e2a0 R08: 000000001ffffffe R09: 0000000000000000 [ 732.978772][T14928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 732.986776][T14928] R13: 0000000000000000 R14: 00007f5b721a5fa0 R15: 00007ffdcfd093c8 [ 732.994781][T14928] [ 732.997812][T14928] Modules linked in: [ 733.002290][T14928] ---[ end trace 0000000000000000 ]--- [ 733.017125][T14928] RIP: 0010:__do_sys_mremap+0x1392/0x15c0 [ 733.023107][T14928] Code: 0f 85 45 02 00 00 48 8b 04 24 c6 84 24 70 01 00 00 01 48 01 85 68 02 00 00 eb 9a e8 38 2a b0 ff 48 b8 04 00 00 00 00 fc ff df <80> 38 00 0f 85 a7 01 00 00 48 8b 2c 25 20 00 00 00 31 ff 81 e5 00 [ 733.071405][T14928] RSP: 0018:ffffc900045b7d20 EFLAGS: 00010287 [ 733.079954][T14928] RAX: dffffc0000000004 RBX: ffff88801b474600 RCX: ffffc9000c692000 [ 733.089707][T14928] RDX: 0000000000080000 RSI: ffffffff820b1598 RDI: 0000000000000007 [ 733.098026][T14928] RBP: ffff88805abdd280 R08: 0000000000000007 R09: 0000000000000000 [ 733.108142][T14928] R10: 0000000010000000 R11: 0000000000000000 R12: 0000000000003000 [ 733.117822][T14928] R13: 1ffff920008b6faa R14: 0000000000000000 R15: ffff88801b474770 [ 733.127162][T14928] FS: 00007f5b72e5d6c0(0000) GS:ffff8881249c1000(0000) knlGS:0000000000000000 [ 733.137912][T14928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 733.150535][T14928] CR2: 0000000000010004 CR3: 000000005a66a000 CR4: 00000000003526f0 [ 733.162315][T14928] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 733.170416][T14928] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 733.179965][T14928] Kernel panic - not syncing: Fatal exception [ 733.186397][T14928] Kernel Offset: disabled [ 733.190729][T14928] Rebooting in 86400 seconds..