last executing test programs: 3.816912026s ago: executing program 3 (id=427): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_cpumask\x00', 0x8002, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/freezer.self_freezing\x00', 0x101080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0xffff, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/partitions\x00', 0x0, 0x0) pread64$auto(r1, 0x0, 0xfffffeff, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r2) 3.585701753s ago: executing program 2 (id=429): r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x28, r0, 0x1, 0x70bd26, 0x25dfdbfd, {0x2, 0x0, 0xfd}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_WIPHY_NAME={0xc, 0x2, '\x14\x00\x00\x00\x00\x00\x00\x00'}]}, 0x28}, 0x1, 0x14000000, 0x0, 0x4004081}, 0x20000084) 3.535628791s ago: executing program 3 (id=430): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = getsockopt$auto_SO_BROADCAST(0xffffffffffffffff, 0xf7f, 0x6, &(0x7f0000000000)='!.##\x00', &(0x7f0000000180)) ioctl$auto_BTRFS_IOC_FORGET_DEV(r0, 0x50009405, &(0x7f00000001c0)={@raw=0xbe, "147f624b05a2b22a62eb108f57b62c1a128c0f4a188dab9dc484db51686adb5a70d52b7f2f66145c31facd1cbb574c587628bd4cd6107b246f8f98fc23c6a864a492955d4c9350848a1d376d48008c8245ef620306a514c0e2f4dccf4932b8161402a453d31f6a2849bd701d53c73b5c87638db257f5ee75b4b2f3050dcd85bdda18e5f6c8f07bcbafc93b528f48baacd00dff67c662817347d58f7e2540061f146deeeb8a8fbea98e59c0ed49ac5898827aaa13b42a504dc9de98747915c70a39df9e7ad1373109c541923589e6364976cd3168fe3d0f085186627bde1577bbf260387eb8ecb5ad8d705de9f1e9b3d50ce454db9cbecf236dffbd3b274b5a7a63d3be027f04c7111ed622df2830ad588ef1d8b6c480b0f0772b5e7f621f8afa59a92859c296e01a7fa3f30f0d0d4337652988adb2b9d680d2c4f9896e1139548670c3598f33ba0f43def8ca1044626e75ca4d2b886f6db26ebb438a587407e59cf70e6cedf804044a4ccbccdcdcfd3e18152f5ac92af75d4deb491679de72f1b13ad5478ed08bb7acfc503580dae5c23583d01fdfecc9207f9e276540cf2328ba7a585937fd6acbda9a3a770277729be4f41177789decd4e0854b9861c08504c89215d7e8ce3473a0ad98f25d1d9e5fe2054a4ba9d3e0a67718ac00f384b74f5c8b24097e30e63af0c374c78f21d0af94486933450a311f8194051592e9e37607542244627393d338575c5a0a51815a01bd5ecf313cadddbb3c6bd4941a5c636b0c884ea266740b25c397ff3ea626070602d43ffbbebc0bddfdc47602432ecedce3bb6b0aba196f0eb714251d210bc979b4518005e41b5b6b0fc0ba793a8e77edd81553ce3a99cf9e7f4a9a41858e1971ac4127fa9995c888259e3436b7366e1344955ec1dd8628581a07056ec537e8196f87ab570af4fb4744f874fb283f8a54cae01cb32f70543eb60b6f65cc5269171d7e5fff4cbe4cc0b76983aaba8d869d8848e496e2c5359251a39e5f9d1c0c6756456dcdd744e82594b2a6bfe3db7877c7fc123c259f8f70b36b3c48ae31875d5cf3eb6b00a32e107f419a079641e51c8233f4c304b4bf7942814ec1eb8166f0b168d76fb3c05cb1d0ccd66fd15cbb399f3730076246721f4d71f5bbcb63d2309c74878bb16ec592873f7514b66118673f808c2cb16b4a7b3be7b560b5183bb231be5829d9de866ecbf23c70779c6f9d37b7d185cdf53a328eeee8ea27931c68c68edad37f2a10fbfcffacbacb80e8c39a0504bddab3156c7c35ab417aee9c979bf14718975e59ec51a37516a71abd59ddc916de121937da400f09b85e96b554a1f5688b20e2df0f814163e46db2ef60268a6c57035008998b834560a7f9a69bcde2110f8d401321db671c7cd28fce473d9dd43d598ef1e576c93281a5a510fb48e7dbfe06451e2e9718ab0b6cd6ec02b6b62ae9d6cc7ec94af64311793125d92ef9ac91b0d99445c4dae30f46ef49f8068950a6a32661094ac22af30e313fc183ebe103e709be8bcb4e657a731ac05e55a5f3b772ec5f89074fce97e565f560d172c6975dd1edde80507a9e442b208fd57520cbbcac16ddcb26fc8ef1d19d2cfb07e80d32aab1769e628303478aff29f0143140478b50d392fb3e53e0d386ea97d901c27ae5911330f337ef7048cb7f5307fb0231066c100177c09722719372aa5dcffbfa6e84469bfa884446d5848d6af5c4a324f0805e5a1c82e97387239ba24e8406edccd92d37c0bafd97160cea312ba3ef96b6982d28e0d5e2b3bba83dcee9f5de3155d635deebc55bc030f9dadc659a0b6f5a84d539077e785ed5ed098115b576a7238c3532cea0fe9f00cfad2112908e57e66be5e86339812b5257a03e735727ea8c4cf5bcf0820dcf87a906bd962806a2767971f6079613acfb781d514111f35ba1fcdecaa15764d9ca817794c536cb4b1d4a2f60cf116520aa1cd2f7ade5d38c195ee6aaa196ceeaad0a3d642b0e4b54a5c9ffe8941e4f661aba9b9d77a0e2af0d1dd8120810f4b4f93bc56a2405b32ec460ccfae654ed07abfbfc3dab30d5e0b77538033ee73833910ecb297be29cf034a1133583e5afd7633e4a1b44c844cd34eb7d5e07d74e695b4abea1a70b5eb902385563e30134ec33ada8dc78433b4eefa2ead19df77dfc71148607e5c708f7692f1645e7a323f175849bd045f0bbed4f6a06169deceb2a4d361493ee6db8c7b0bd18b9782f48f7459c9d9033221dcf6a07464c04df0b11f99a943e12b1b0b6dc71c3bfef7128b2df83f1ee99952e4cc0a51189a21302e998fd2ed37b2ae8bfd96a47d50eb3d196fea3af714157e6a4e0630e0944de57556aa3225b485388faed23a9a9d595a5ff296e8e29452ef5541230954d4d0f916a27781041902f13cf0e962527e1a0f659a95a0c3831bb62841ba3e01c74859818283ad0725e76ed82f695405fffccd90ad1be0ad211891546a2ab3f75b9872c3ad68c2f5f4d8510cf1e087e789c5ab821ef46e197a36986434b1569499ad2717db7b200afd77b7542ba00a46192341aee8fe3bfe3d6e0c2767cafca11ce2beaf97602ef9095e815ab6eaec42399865f724ee9d96217f45a84a0def5d87375c65e0430cdc83422b8d367982f2722e793c6ba37687d34f0e2068c114fae854a3158abba5f5689a40488d095de19071a71d8d7a17f4389f2d20c4c0f9c16760d52d166acc5c201cfaecc0fc54b7143c60aaaac0ae196b36f3e1447e3e0992be2642ca8302b24514bd06cce84279ce361bb8ce245ca5152848ab4cced61c67e4579c0db21efd26efc0780cf4a04b02ddaa54335fa327d57320307e0dc3fe1f6cdb686150e2235e05ddeba10a193d49408ee47f57229a6ff30351dedf61b8789900eb15db5b0069c57984ba31710509d88da1d78b3eface0ad5b2cb7f303e248cb68abfd5a0c3ac672d1f6178fe54ef67e034d38c01e3458d9b64a97eb0cccfae7efbbbc0c8b806e75ae5dbdf641d8daa862f90cac0d460c6f70a7765169cd1e9fe305db403e4e453ce84c35a3573751a93ca7dd478ba547449254f3d7ac7b05f345bf0eec346db042b982c964c81545bf05986d033df8e41e9e19d3561250514ed703444048f44763261a860aa3cf0b539544af9a1fc4ba7f989111e00dcab0e64b538a1019467c3b43641e13c2707a4fdc78648b92302a54a0e7e3de53488e852f0fe658557ad1df2cf12a898515769bcde0f4a3386764d5b2f0eba5eee1e3257215c005b3bad612ff43b4121efc277fe9b80c69eee2c1ffdcb3ef843485d636a0025848254e22cd2f51c1f85202ae22d53969072c1ec4dbb973a157059ed523b8dad9671f6bba68a9d4521564a826b208df019ea32eeaf5b8f973263fdcab4c2519ac0d5ce4c181b12ba71bb3fc02388e72e89a24152e07b264fb00b425633ca2b2aaccd7208d5df00002b7fa4502656593a8e84e4b620bc65a60bf3d3c8b0c1d0ac93bcc711b9cf206b1037d3437e515913badbd7ce52a69b32cd5b828193dac41fe0ff1a869bf086927eff915e422be23f40a54a2384e478f74bb2a397ecd214224294d9300d921afad2f50960e9830dc1ac8ee08ea0ff474d40a23b1f7dbc7761120c889b3354281751342d2429eb2555a8a57063f61c6cb3115d99d41a040c4d9fb3c5ddec980abfef33562607b7ad6fc8ac67c8026d50f2e01d949d065a8ea488b3d0d7ba296c914352b99a6c36aad4c030d1f9bef8696cb6d9dee3835646695b2a43f8682405c118477dd6486699dcd9cb93d911dae691fabfdfcc76ae48bcdf5d5ea87fffdcaf4e14faaa36689da73c9012ff943a787ec0e83f52cf221219f3468bdc010698450a19717e4ed062ab7d682d9e18c4469581bd09cd31aeaf1d17afb02b9cd769f56830d0ad155e4898889b438edfb13fb40d46bfe082ae1cd0f287805e4f2d011f43cd070f883668f45612132b19ff2f406bf80a1e5e69c741c63bc366c102a7a7e78d92e058d1f771031e582094bc7536182ddf2b88ef13d6573d0d34183c5e4dff48654ec1d18a44f6b2c67b17eb06489523bc3e7908b612e5204985cad17ff99b41650e49e469d8d80f3a2e32e93826e02160fbf19d92ab300bee4319b333aa9e96ac46d22ed71cf8394663f62362fe145094d140588c2e6f3eadc0bc16f6f6172aeac1e9ca44d93fa1399c641729e21f97f25ce5b4163419235bb98a218fa9d50b7aaa835d122c0436352b27909dcab907e43630907b23713bb445b93b8ec840b17d3d4618dd38bf58f2a0a6c3272a00aa8704774078f565faa4195ddfc15b33b196e646ebd8ab55e74da11ab4c30d031785c7c168d30ca12d23dcfa4a5a4f883f3b887fb77d822dae0a161d6c3565037a1f36bb1cf1d8601d94e4111b4ee435a98c21577b1e647ba160921881339a00a2d04210e603dcd9dfe2c40d32e5d93d9e94a5c176ca6291d5befa75121ec0abd660e2bac1458bd5609a6d725af0895b0d559ad726f34b50a06fd45f86764508386ab65ade7c76d0ce07330bf0d342216a769c98edb854cad6f6b02e0d09e713bbb7e12c786edd9d1078f3c5d0a87d34d9326e938098d674fb2d1ab1e39e3683a3ef0e00d9b66d56582e9d5f2d61a60226ee2c9cda7d44ef0504d6109fcd7978207df3eb9ed5ac860e0172907362654efb54cd6d04f7a58578fa3853d65e9243730466085905cbf1e1b34ea7a2f9dd268495d49824045074debb4c9140dfdbfc81fc6d371ec49521ddd996fd8761ada5d427348503a57a73a3ac74a540df4c2af59a1ecf644c00ebfbffafbf2990776717a2687889da69fefd0b0cb33c8351d147bcf31f98c8909e554c7ffd2cc9f64e4eb6b9c4b232489a2d912f19f79108b73a38de79fafd4a885de47810bdc4658d6d773c97e523732997392f1e02396875eda8ff955ef0ad75145cc1819df6a53878b9f1c5964146dcd73eabed0df798aea5c533fc263bc8d2533e36cde59e2cdd2ffac12cd7e6bea69ccc14b0b22b7606a6f82e8528f8dc739cd5c0ed0795d49452f257be2068055dcfaa7589ca65820d31583a81834910d8d1327469e370339dce1d87c31a750a02270cdaef457da2d50abac6651357858c391464781009209d79cf4286045773fe247e705a14b162583cd89e850df91b7517bd0a4476ac02fdc1dbd0faa81fa1e829ad0a548236939efcdf63c15b868b8712ca05571d7c0b810cc02cba9d1ae63e987b59ec3281cd706d7571d6b69a92663f11a24a68dbc6b2436b8049986f78fbe8effcf94457d5085dbf8812abb1fd431c6b465203eb67070a936a665fb19273240ed1e3905ea27b996b74b31b1216a77734b106dd9752a5f430ac5aef718c6942379dbd342aa66537e655afa95ec78cadcfc80584045cd07d43911c4d7dc3a37a4cf3cdf6eea9904c441ec02cfe0515c6c360463237aa6b3fafebcb1a59be1bf5ebe4680819f3e78ccc1e517987db6220b45bf840fb8fc9b33757a0e258468a911f2504358981410b6daad15bb0ed81ff971ef3cc89f06dacfa45a37cb37e946f5010d0a308ff760227d439f07401839b7844bd4e5f5d1824c17797c5abfb5a326f6b4626f9789d8d7a074b7f223cc4183f68e14de037a197920a858c310e3602a3c6f319b506bc4c523af495a95b74eb88af2699cbbeecbab62811ed05a0ea5e292e72e565ccbeb3fda2f32ee05ff7bfa40bfead96ace132532026e553bc4438a65ea897d64e9cdec2baa75839f9ea4dba584b81a9b813dc648e3ac31c885ec5dcedda3efc7a3a7"}) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x700) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x302, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x17, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/suspend_stats/fail\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/213, 0xd5) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae71, r2) 3.251129235s ago: executing program 2 (id=432): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/nvme_core/parameters/max_retries\x00', 0x101142, 0x0) socket(0x2, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/freezer.self_freezing\x00', 0x101080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r1) 2.848311933s ago: executing program 2 (id=434): sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/set_event\x00', 0x20001, 0x0) write$auto(r0, &(0x7f0000000040)='nbd\x00', 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x5, 0x10000, 0x1, &(0x7f0000000000)=0x3, 0x8000000000000000, 0x7ff) 2.768794985s ago: executing program 0 (id=436): r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f0000000040)="9b580300cb627b369afc93530400000000000000f8ce3c157f26ea091e532b93d14a22678ef9430400c5006a72a99ca28f6483eb8036d7895b1afa5af4144bf892b6fbd9dc19e774d5879c0e5b30d1ca31878748c5e8f0d25c528efd022c2f103d49e5ffef80991eb2b7fadbf44257c9627c8f7576095b604c553e4477596283473eafac7c6dc7") 2.513132273s ago: executing program 0 (id=437): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) socket(0x1d, 0x2, 0x6) socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0x22100, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0x1d, 0x2, 0x7) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x804c4700, 0x0) 2.319249885s ago: executing program 2 (id=438): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x3, 0x20000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0xf) r2 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r1, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@iter_create={r2, 0x98}, 0x5) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x15, 0x5, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41c8e4d5018fca6b1643fc"], 0xb5c}, 0x1, 0x0, 0x0, 0x48084}, 0x48080) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) bind$auto(r3, &(0x7f0000000080)=@in={0x2, 0x2, @loopback}, 0x6b) sendmsg$auto_OVS_DP_CMD_GET(r3, 0x0, 0x0) rseq$auto(&(0x7f0000000000)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x7ffe, 0x0, 0x6) r4 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x4, 0x386, 0xeb1, r4, 0x8000) nanosleep$auto(0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sendto$auto(0x3, 0x0, 0xe7, 0xfd, 0x0, 0x403) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) 1.962373938s ago: executing program 0 (id=440): request_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000000000)='TIPCv2\x00', &(0x7f00000000c0)='TIPCv2\x00', &(0x7f0000000100)='TIPCv2\x00', 0xfffffffffffffffc) r0 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MON_SET(r3, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000080)={0x14, r4, 0x21, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x85}, 0x4000) sendmsg$auto_TIPC_NL_MON_PEER_GET(r2, &(0x7f0000006140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r0, 0x711, 0x70b52c, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @pid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4405}, 0x4c848) 1.890470363s ago: executing program 3 (id=441): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) socket(0x1d, 0x2, 0x6) socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0x22100, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0x1d, 0x2, 0x7) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x80204705, 0x0) 1.717176147s ago: executing program 0 (id=442): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/nvme_core/parameters/max_retries\x00', 0x101142, 0x0) socket(0x2, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/freezer.self_freezing\x00', 0x101080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r1) 1.716225692s ago: executing program 1 (id=443): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0xc0, &(0x7f0000000000)={{0x0, 0x22, 0x0, 0xa, 0x0, 0x989, 0x1}, 0x3}, 0x9a6, 0xfffffffe) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/035/001\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) epoll_create$auto(0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x5, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x400, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xd, 0x587, 0x7, 0xd, 0x7181, 0x1ffde, 0x40, 0x3, 0x9, 0x9, 0x3, 0x0, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0x0, 0x3, 0x0, 0x2000, 0x0, 0xe, 0x70624ce5, 0x0, 0x812, 0xffffffffffffffff, 0x4000, 0x0, 0x6, 0xfffffffffffffffc, 0xfffffffffffbfffd, 0x4, 0x1000000000001, 0x10000000000, 0x6, 0x8000000000004, 0xfffffffffffffffb, 0x0, 0x8, 0x0, 0x4, 0xffff, 0x0, 0x2, 0x0, 0x6, 0x5, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0xf, 0xa38, 0x400, 0x3, 0xfffffffffffffffc, 0x2, 0x1, 0x4]}, 0x1fe, 0xd) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000100)={{0x0, 0x1000004, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="13000000", @ANYRES16=0x0, @ANYBLOB="2586"], 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) r2 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="7201"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x48c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r3, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) 1.507221364s ago: executing program 1 (id=444): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) socket(0x1d, 0x2, 0x6) socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0x22100, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0x1d, 0x2, 0x7) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x5453, 0x0) 1.432649483s ago: executing program 0 (id=445): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) socket(0x1d, 0x2, 0x6) socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0x1d, 0x2, 0x7) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0xc0384707, 0x0) 1.33787537s ago: executing program 2 (id=446): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) socket(0x1d, 0x2, 0x6) socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0x22100, 0x0) socket(0xa, 0x1, 0x84) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0x1d, 0x2, 0x7) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0xc0384707, 0x0) 996.565227ms ago: executing program 1 (id=447): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x8000000000000000, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x1, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x40000b, 0x7ffffffd, 0x9b72, 0xffffffffffffffff, 0x9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) mmap$auto(0x200000000000000, 0x400006, 0xdf, 0x12, 0x2, 0x8001) mbind$auto(0x2000, 0x100000004, 0x1fffff000, 0x0, 0x6, 0x2) 985.674081ms ago: executing program 3 (id=448): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/vm/mmap_min_addr\x00', 0x101302, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x840, 0xc) socket(0x1d, 0x2, 0x6) socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x2, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000100), 0x22100, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/enable\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x109500, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0x1d, 0x2, 0x7) socketpair$auto(0x4004, 0xf, 0x4, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x804c4700, 0x0) 812.354737ms ago: executing program 0 (id=449): setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_SMC_NETLINK_GET_FBACK_STATS(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x40000) r0 = socket(0x15, 0x5, 0x0) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x5b7e, 0x0, 0x0, 0x0, 0x7f, 0x7}, 0x3}, 0x6015, 0x3, 0x0) ppoll$auto(&(0x7f0000000340)={r0, 0x0, 0x89}, 0x2, 0x0, 0x0, 0x8) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) epoll_create$auto(0x4) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) r2 = socket(0x11, 0x80003, 0x300) socket(0x25, 0x1, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x4a040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) select$auto(0xc, 0x0, 0x0, &(0x7f00000002c0)={[0x1fd, 0x8, 0x4, 0x1, 0x948b, 0x2, 0x15f4da0b, 0x6, 0x80000000080, 0x1fffe000000000, 0x80000001, 0x5, 0x6d3c, 0x401, 0x2]}, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) mmap$auto(0x0, 0x7fff, 0x3, 0xeb0, 0xfffffffffffffffa, 0x208000) unshare$auto(0x40000080) mmap$auto(0x0, 0x5, 0xe0, 0x8b70, r2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$auto(0xffffffffffffffff, 0x1275, 0xffffffffffffffff) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x1ff, r3, @relative_id=0x13, 0xe600}, 0xf) 483.312589ms ago: executing program 1 (id=450): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x5c, r1, 0x1, 0x70bd2d, 0x25dfdbf9, {0x1, 0x0, 0xfec0}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x10}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x211e789c}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @empty=0x1000000}}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @local}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) 418.444893ms ago: executing program 2 (id=451): socket(0x23, 0x80805, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x89ed, 0xfffffffffffff4e0) r0 = openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x80080, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fedbdf2c048004000a8008000800000000000000", @ANYRES32=r3, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x14) sendfile$auto(r0, r1, &(0x7f0000001c80)=0x9, 0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000480), r4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa2940, 0x0) r5 = socket(0x15, 0x5, 0x0) sendmsg$auto(r5, 0x0, 0x0) sysfs$auto(0x2, 0x26, 0x0) r6 = socket(0x11, 0xa, 0x300) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = socket(0xa, 0x1, 0x84) close_range$auto(r7, r6, 0x2) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) socketpair$auto(0x800, 0x2, 0x8000000000000000, 0x0) r8 = socket(0xa, 0x1, 0x84) getsockopt$auto(r8, 0x0, 0x53, 0x0, &(0x7f0000000040)=0x83) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) r9 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kill$auto(r9, 0x11) 326.407674ms ago: executing program 3 (id=452): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/arp\x00', 0x101000, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x80081, 0x0) socket(0x10, 0x2, 0x0) r2 = socket(0xa, 0x2, 0x0) setsockopt$auto(r2, 0x29, 0x37, 0x0, 0x110) r3 = fcntl$auto_F_SETLK(r0, 0x6, 0xffffffffffffffff) futex$auto(&(0x7f0000000040)=0x10000, 0x1, 0x6, &(0x7f0000000080)={0xa, 0x5}, 0x0, 0x4) write$auto(r3, &(0x7f0000000040)='/proc/thread-self/net/arp\x00', 0x40000000000000) mmap$auto(0x0, 0x20009, 0xe1, 0xeb5, r1, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/dummy_hcd.0/usb1/bDeviceClass\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000240)=""/214, 0xd6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) semctl$auto_IPC_STAT(0x0, 0x2, 0x2, 0x2) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x80) r5 = openat$auto_transaction_log_fops_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x50e01, 0x0) setsockopt$auto_SO_REUSEPORT(r5, 0x9, 0xf, &(0x7f00000000c0)='\x00', 0xb5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) r6 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 251.311546ms ago: executing program 1 (id=453): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x81, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/nvme_core/parameters/max_retries\x00', 0x101142, 0x0) socket(0x2, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/freezer.self_freezing\x00', 0x101080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) socket(0xa, 0x2, 0x0) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x4, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r1) 152.299021ms ago: executing program 3 (id=454): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = semctl$auto_SEM_STAT(0x6, 0xe0bb, 0x12, 0x4) r1 = prctl$auto(0x1000000003b, 0x1, r0, 0x7, 0x7) munlock$auto(0x9, 0x29b9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.throttle.read_iops_device\x00', 0x143680, 0x700) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) prctl$auto(0x29, 0x5, 0x0, 0x0, 0x0) mlock$auto(0x81, 0xffff) r2 = socket(0x1d, 0x3, 0x1) socket(0x2, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000180)={0x0, 0xffffffffffffff81, &(0x7f00000000c0)={0x0, 0x94}, 0x1, 0x0, 0x0, 0x20}, 0x4000851) mmap$auto(0x3, 0x402000b, 0x2000006, 0xeb1, 0x401, 0xfff) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_NL80211_CMD_REGISTER_BEACONS(r1, 0x0, 0x20000000) ioperm$auto(0x2, 0x5, 0xd) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) 0s ago: executing program 1 (id=455): sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/set_event\x00', 0x20001, 0x0) write$auto(r0, &(0x7f0000000040)='nbd\x00', 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.82' (ED25519) to the list of known hosts. [ 89.018414][ T5829] cgroup: Unknown subsys name 'net' [ 89.151332][ T5829] cgroup: Unknown subsys name 'cpuset' [ 89.160832][ T5829] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.041663][ T5829] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.352243][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.360610][ T5854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.369730][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.377644][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.386370][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.390660][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.394292][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.426559][ T5152] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.434718][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.443851][ T5152] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.444994][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.459078][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.468483][ T5152] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.477544][ T5152] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.477551][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.502184][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.513315][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.526873][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.527359][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.542395][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.107002][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 94.121772][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 94.233489][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 94.362584][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.370544][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.378569][ T5841] bridge_slave_0: entered allmulticast mode [ 94.387287][ T5841] bridge_slave_0: entered promiscuous mode [ 94.398170][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.405329][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.413095][ T5841] bridge_slave_1: entered allmulticast mode [ 94.421288][ T5841] bridge_slave_1: entered promiscuous mode [ 94.496964][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 94.510002][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.517288][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.524496][ T5839] bridge_slave_0: entered allmulticast mode [ 94.532081][ T5839] bridge_slave_0: entered promiscuous mode [ 94.566630][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.573790][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.581179][ T5839] bridge_slave_1: entered allmulticast mode [ 94.588813][ T5839] bridge_slave_1: entered promiscuous mode [ 94.599584][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.655152][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.732453][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.757065][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.764294][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.774186][ T5844] bridge_slave_0: entered allmulticast mode [ 94.781816][ T5844] bridge_slave_0: entered promiscuous mode [ 94.799198][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.825725][ T5841] team0: Port device team_slave_0 added [ 94.832218][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.839745][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.847054][ T5844] bridge_slave_1: entered allmulticast mode [ 94.854607][ T5844] bridge_slave_1: entered promiscuous mode [ 94.884450][ T5841] team0: Port device team_slave_1 added [ 94.934738][ T5839] team0: Port device team_slave_0 added [ 94.945647][ T5839] team0: Port device team_slave_1 added [ 95.018176][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.025172][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.051666][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.068332][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.081709][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.091335][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.098907][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.106126][ T5840] bridge_slave_0: entered allmulticast mode [ 95.113889][ T5840] bridge_slave_0: entered promiscuous mode [ 95.138732][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.145790][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.172486][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.199340][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.207036][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.214253][ T5840] bridge_slave_1: entered allmulticast mode [ 95.222056][ T5840] bridge_slave_1: entered promiscuous mode [ 95.229987][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.237606][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.263895][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.315456][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.322791][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.349667][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.365247][ T5844] team0: Port device team_slave_0 added [ 95.374818][ T5844] team0: Port device team_slave_1 added [ 95.398974][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.434166][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.511196][ T5845] Bluetooth: hci0: command tx timeout [ 95.512998][ T5841] hsr_slave_0: entered promiscuous mode [ 95.524594][ T5841] hsr_slave_1: entered promiscuous mode [ 95.532783][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.539869][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.565855][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.587064][ T55] Bluetooth: hci3: command tx timeout [ 95.587070][ T5857] Bluetooth: hci1: command tx timeout [ 95.593820][ T5845] Bluetooth: hci2: command tx timeout [ 95.635096][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.642501][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.669397][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.684573][ T5840] team0: Port device team_slave_0 added [ 95.713749][ T5839] hsr_slave_0: entered promiscuous mode [ 95.720658][ T5839] hsr_slave_1: entered promiscuous mode [ 95.727390][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.735205][ T5839] Cannot create hsr debugfs directory [ 95.751134][ T5840] team0: Port device team_slave_1 added [ 95.895576][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.903071][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.930152][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.953435][ T5844] hsr_slave_0: entered promiscuous mode [ 95.960710][ T5844] hsr_slave_1: entered promiscuous mode [ 95.967127][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.974756][ T5844] Cannot create hsr debugfs directory [ 95.989331][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.996708][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.022825][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.215620][ T5840] hsr_slave_0: entered promiscuous mode [ 96.224571][ T5840] hsr_slave_1: entered promiscuous mode [ 96.231865][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.239677][ T5840] Cannot create hsr debugfs directory [ 96.491421][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.505762][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.532964][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.586133][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.670575][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.683199][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.698813][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.723605][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.804405][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.818456][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.851849][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.862903][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.965800][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.985296][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.003205][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.015240][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.048736][ T850] cfg80211: failed to load regulatory.db [ 97.096966][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.181698][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.195975][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.203333][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.240175][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.247469][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.290739][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.365235][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.390495][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.426297][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.433473][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.468688][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.475842][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.494949][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.512896][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.560172][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.567425][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.579608][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.586813][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.594404][ T5845] Bluetooth: hci0: command tx timeout [ 97.662247][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.667132][ T5845] Bluetooth: hci2: command tx timeout [ 97.672042][ T55] Bluetooth: hci1: command tx timeout [ 97.674292][ T5845] Bluetooth: hci3: command tx timeout [ 97.729549][ T995] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.736778][ T995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.772687][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.779946][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.808869][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.064518][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.215677][ T5841] veth0_vlan: entered promiscuous mode [ 98.267524][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.282914][ T5841] veth1_vlan: entered promiscuous mode [ 98.361959][ T5841] veth0_macvtap: entered promiscuous mode [ 98.400605][ T5841] veth1_macvtap: entered promiscuous mode [ 98.430660][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.455547][ T5839] veth0_vlan: entered promiscuous mode [ 98.495515][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.525296][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.538677][ T5839] veth1_vlan: entered promiscuous mode [ 98.554544][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.590822][ T5840] veth0_vlan: entered promiscuous mode [ 98.617273][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.626158][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.637335][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.646121][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.669101][ T5840] veth1_vlan: entered promiscuous mode [ 98.729413][ T5839] veth0_macvtap: entered promiscuous mode [ 98.765865][ T5839] veth1_macvtap: entered promiscuous mode [ 98.784603][ T5844] veth0_vlan: entered promiscuous mode [ 98.823873][ T5840] veth0_macvtap: entered promiscuous mode [ 98.841949][ T5840] veth1_macvtap: entered promiscuous mode [ 98.862404][ T5844] veth1_vlan: entered promiscuous mode [ 98.890985][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.902419][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.915596][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.965536][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.976628][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.989104][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.000190][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.010940][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.021437][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.033230][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.047033][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.062909][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.073090][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.087285][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.089599][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.106567][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.117993][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.129473][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.139270][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.148261][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.157219][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.165958][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.203959][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.213067][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.224522][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.233314][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.314721][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.325006][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.359616][ T5844] veth0_macvtap: entered promiscuous mode [ 99.383384][ T5844] veth1_macvtap: entered promiscuous mode [ 99.437055][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.448795][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.465337][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.481418][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.492520][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.503372][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.515949][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.530854][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.539695][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.557687][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.568316][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.575512][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.579010][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.609793][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.619850][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.630627][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.642121][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.667900][ T5845] Bluetooth: hci0: command tx timeout [ 99.690061][ T5844] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.726498][ T5844] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.735361][ T5844] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.744177][ T5844] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.753217][ T5845] Bluetooth: hci3: command tx timeout [ 99.758107][ T55] Bluetooth: hci1: command tx timeout [ 99.758691][ T5845] Bluetooth: hci2: command tx timeout [ 99.813185][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.837885][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.921258][ T5905] Invalid ELF header magic: != ELF [ 99.994086][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.017211][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.073537][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.096008][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.238596][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.259757][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.472839][ T5910] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.495674][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.532289][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.662783][ T30] audit: type=1326 audit(1744097946.731:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5913 comm="syz.2.3" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f971ed8d169 code=0x0 [ 101.705472][ T5931] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5'. [ 101.747674][ T5845] Bluetooth: hci0: command tx timeout [ 101.827171][ T5845] Bluetooth: hci2: command tx timeout [ 101.832650][ T5845] Bluetooth: hci1: command tx timeout [ 101.836384][ T5857] Bluetooth: hci3: command tx timeout [ 102.111402][ T5936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8'. [ 102.122998][ T5936] netlink: 354 bytes leftover after parsing attributes in process `syz.0.8'. [ 102.133400][ T5936] Zero length message leads to an empty skb [ 102.707273][ T5940] netlink: 194 bytes leftover after parsing attributes in process `syz.0.9'. [ 102.742901][ T5949] FAULT_INJECTION: forcing a failure. [ 102.742901][ T5949] name failslab, interval 1, probability 0, space 0, times 1 [ 102.853917][ T5949] CPU: 0 UID: 0 PID: 5949 Comm: syz.1.11 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 102.853955][ T5949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 102.853977][ T5949] Call Trace: [ 102.853986][ T5949] [ 102.853999][ T5949] dump_stack_lvl+0x16c/0x1f0 [ 102.854055][ T5949] should_fail_ex+0x512/0x640 [ 102.854088][ T5949] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 102.854134][ T5949] should_failslab+0xc2/0x120 [ 102.854159][ T5949] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 102.854197][ T5949] ? bpf_ksym_find+0x124/0x1c0 [ 102.854230][ T5949] ? __kernfs_new_node+0xd2/0x8a0 [ 102.854277][ T5949] __kernfs_new_node+0xd2/0x8a0 [ 102.854319][ T5949] ? unwind_get_return_address+0x59/0xa0 [ 102.854357][ T5949] ? __pfx___kernfs_new_node+0x10/0x10 [ 102.854414][ T5949] ? find_held_lock+0x2b/0x80 [ 102.854452][ T5949] ? kernfs_root+0xee/0x2a0 [ 102.854507][ T5949] kernfs_new_node+0x13c/0x1e0 [ 102.854545][ T5949] kernfs_create_dir_ns+0x4c/0x1a0 [ 102.854582][ T5949] sysfs_create_dir_ns+0x13a/0x2b0 [ 102.854629][ T5949] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 102.854673][ T5949] ? find_held_lock+0x2b/0x80 [ 102.854719][ T5949] ? nfs_netns_namespace+0xd/0x40 [ 102.854756][ T5949] kobject_add_internal+0x2c4/0x9b0 [ 102.854813][ T5949] kobject_init_and_add+0x11b/0x190 [ 102.854843][ T5949] ? __pfx_kobject_init_and_add+0x10/0x10 [ 102.854895][ T5949] nfs_netns_sysfs_setup+0xf9/0x1f0 [ 102.854936][ T5949] nfs_net_init+0x10a/0x300 [ 102.854980][ T5949] ? __pfx_nfs_net_init+0x10/0x10 [ 102.855020][ T5949] ops_init+0x1df/0x5f0 [ 102.855078][ T5949] setup_net+0x21e/0x850 [ 102.855121][ T5949] ? __pfx_setup_net+0x10/0x10 [ 102.855159][ T5949] ? lockdep_init_map_type+0x5c/0x280 [ 102.855188][ T5949] ? __pfx_down_read_killable+0x10/0x10 [ 102.855237][ T5949] ? debug_mutex_init+0x37/0x70 [ 102.855276][ T5949] copy_net_ns+0x2a6/0x5f0 [ 102.855323][ T5949] create_new_namespaces+0x3ea/0xad0 [ 102.855374][ T5949] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 102.855421][ T5949] ksys_unshare+0x45b/0xa40 [ 102.855467][ T5949] ? __pfx_ksys_unshare+0x10/0x10 [ 102.855511][ T5949] ? xfd_validate_state+0x5d/0x180 [ 102.855547][ T5949] ? rcu_is_watching+0x12/0xc0 [ 102.855592][ T5949] __x64_sys_unshare+0x31/0x40 [ 102.855631][ T5949] do_syscall_64+0xcd/0x260 [ 102.855672][ T5949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.855699][ T5949] RIP: 0033:0x7f84f6b8d169 [ 102.855721][ T5949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.855748][ T5949] RSP: 002b:00007f84f7a6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 102.855774][ T5949] RAX: ffffffffffffffda RBX: 00007f84f6da5fa0 RCX: 00007f84f6b8d169 [ 102.855793][ T5949] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 102.855809][ T5949] RBP: 00007f84f6c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 102.855826][ T5949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.855841][ T5949] R13: 0000000000000000 R14: 00007f84f6da5fa0 R15: 00007ffdfb9c5188 [ 102.855876][ T5949] [ 102.855890][ T5949] kobject: kobject_add_internal failed for net (error: -12 parent: nfs) [ 103.428508][ T5955] netlink: 93 bytes leftover after parsing attributes in process `syz.0.13'. [ 103.485792][ T5957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14'. [ 103.683606][ T5962] random: crng reseeded on system resumption [ 104.083610][ T30] audit: type=1326 audit(1744097953.140:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5960 comm="syz.2.16" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f971ed8d169 code=0x0 [ 105.062416][ T5982] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input5 [ 105.138448][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.148625][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.482463][ T5990] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24'. [ 106.156688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 106.829692][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.3.27'. [ 107.276517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.287361][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 107.557870][ T6018] netlink: 8 bytes leftover after parsing attributes in process `syz.0.37'. [ 108.104161][ T30] audit: type=1326 audit(1744097957.170:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.1.28" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f84f6b8d169 code=0x0 [ 108.928264][ T6049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.33'. [ 109.692574][ T6072] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 110.445787][ T6085] GUP no longer grows the stack in syz.3.43 (6085): 14000-401000 (4000) [ 110.472766][ T6085] CPU: 1 UID: 0 PID: 6085 Comm: syz.3.43 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 110.472808][ T6085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.472828][ T6085] Call Trace: [ 110.472837][ T6085] [ 110.472848][ T6085] dump_stack_lvl+0x16c/0x1f0 [ 110.472906][ T6085] gup_vma_lookup+0x1d2/0x220 [ 110.472944][ T6085] __get_user_pages+0x234/0x36f0 [ 110.473000][ T6085] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 110.473031][ T6085] ? look_up_lock_class+0x59/0x150 [ 110.473072][ T6085] ? __pfx___get_user_pages+0x10/0x10 [ 110.473115][ T6085] ? process_vm_rw+0x2ff/0x360 [ 110.473148][ T6085] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 110.473172][ T6085] ? do_syscall_64+0xcd/0x260 [ 110.473224][ T6085] __gup_longterm_locked+0x20d/0x1850 [ 110.473272][ T6085] ? __pfx___gup_longterm_locked+0x10/0x10 [ 110.473322][ T6085] pin_user_pages_remote+0xed/0x140 [ 110.473359][ T6085] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 110.473398][ T6085] ? mm_access+0x22d/0x2e0 [ 110.473446][ T6085] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 110.473479][ T6085] ? futex_wait_queue+0x14c/0x220 [ 110.473502][ T6085] ? futex_unqueue+0xba/0x140 [ 110.473544][ T6085] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 110.473573][ T6085] ? iovec_from_user+0xbb/0x140 [ 110.473622][ T6085] ? iovec_from_user+0xbb/0x140 [ 110.473663][ T6085] process_vm_rw+0x2ff/0x360 [ 110.473689][ T6085] ? __pfx_process_vm_rw+0x10/0x10 [ 110.473754][ T6085] ? xfd_validate_state+0x5d/0x180 [ 110.473791][ T6085] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 110.473821][ T6085] ? do_syscall_64+0x91/0x260 [ 110.473857][ T6085] ? lockdep_hardirqs_on+0x7c/0x110 [ 110.473894][ T6085] do_syscall_64+0xcd/0x260 [ 110.473937][ T6085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.473964][ T6085] RIP: 0033:0x7f62def8d169 [ 110.473984][ T6085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.474010][ T6085] RSP: 002b:00007f62dfd06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 110.474033][ T6085] RAX: ffffffffffffffda RBX: 00007f62df1a6080 RCX: 00007f62def8d169 [ 110.474053][ T6085] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000027 [ 110.474069][ T6085] RBP: 00007f62df00e2a0 R08: 0000000000000003 R09: 0000000000000000 [ 110.474085][ T6085] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 110.474103][ T6085] R13: 0000000000000000 R14: 00007f62df1a6080 R15: 00007ffdc8dc5418 [ 110.474141][ T6085] [ 110.742607][ T6090] netlink: 12 bytes leftover after parsing attributes in process `syz.0.44'. [ 111.602044][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 111.706088][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 112.402516][ T6103] Invalid ELF header magic: != ELF [ 112.606579][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.616782][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.625720][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 113.689420][ T6124] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 113.846984][ T6130] netlink: 4 bytes leftover after parsing attributes in process `syz.3.54'. [ 114.218652][ T6138] FAULT_INJECTION: forcing a failure. [ 114.218652][ T6138] name fail_futex, interval 1, probability 0, space 0, times 1 [ 114.311754][ T6138] CPU: 1 UID: 0 PID: 6138 Comm: syz.3.57 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 114.311794][ T6138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 114.311811][ T6138] Call Trace: [ 114.311820][ T6138] [ 114.311831][ T6138] dump_stack_lvl+0x16c/0x1f0 [ 114.311879][ T6138] should_fail_ex+0x512/0x640 [ 114.311925][ T6138] get_futex_key+0x49e/0x1000 [ 114.311970][ T6138] ? __pfx_get_futex_key+0x10/0x10 [ 114.312015][ T6138] ? __pfx___might_resched+0x10/0x10 [ 114.312065][ T6138] futex_wake+0xe7/0x4e0 [ 114.312097][ T6138] ? __pfx_futex_wake+0x10/0x10 [ 114.312136][ T6138] ? lock_acquire+0x179/0x350 [ 114.312167][ T6138] do_futex+0x1e3/0x350 [ 114.312211][ T6138] ? __pfx_do_futex+0x10/0x10 [ 114.312256][ T6138] ? fd_install+0x244/0x750 [ 114.312304][ T6138] __x64_sys_futex+0x1e0/0x4c0 [ 114.312355][ T6138] ? __pfx___x64_sys_futex+0x10/0x10 [ 114.312402][ T6138] ? rcu_is_watching+0x12/0xc0 [ 114.312453][ T6138] do_syscall_64+0xcd/0x260 [ 114.312502][ T6138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.312534][ T6138] RIP: 0033:0x7f62def8d169 [ 114.312557][ T6138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.312586][ T6138] RSP: 002b:00007f62dfd270e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 114.312614][ T6138] RAX: ffffffffffffffda RBX: 00007f62df1a5fa8 RCX: 00007f62def8d169 [ 114.312633][ T6138] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f62df1a5fac [ 114.312651][ T6138] RBP: 00007f62df1a5fa0 R08: 00007f62dfd28000 R09: 0000000000000000 [ 114.312670][ T6138] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f62df1a5fac [ 114.312687][ T6138] R13: 0000000000000000 R14: 00007ffdc8dc5330 R15: 00007ffdc8dc5418 [ 114.312724][ T6138] [ 115.417031][ T6157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.59'. [ 115.445024][ T6141] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 115.465581][ T6157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.59'. [ 116.577970][ T6175] Invalid ELF header magic: != ELF [ 116.618564][ T6185] netlink: 12 bytes leftover after parsing attributes in process `syz.3.65'. [ 118.382973][ T6212] FAULT_INJECTION: forcing a failure. [ 118.382973][ T6212] name failslab, interval 1, probability 0, space 0, times 0 [ 118.431668][ T6212] CPU: 1 UID: 0 PID: 6212 Comm: syz.2.70 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 118.431710][ T6212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 118.431734][ T6212] Call Trace: [ 118.431746][ T6212] [ 118.431758][ T6212] dump_stack_lvl+0x16c/0x1f0 [ 118.431824][ T6212] should_fail_ex+0x512/0x640 [ 118.431861][ T6212] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 118.431913][ T6212] should_failslab+0xc2/0x120 [ 118.431944][ T6212] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 118.431989][ T6212] ? d_instantiate+0x77/0x90 [ 118.432020][ T6212] ? alloc_empty_file+0x55/0x1e0 [ 118.432056][ T6212] alloc_empty_file+0x55/0x1e0 [ 118.432092][ T6212] alloc_file_pseudo+0x13a/0x230 [ 118.432129][ T6212] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 118.432158][ T6212] ? bpf_lsm_socket_post_create+0x9/0x10 [ 118.432208][ T6212] sock_alloc_file+0x50/0x210 [ 118.432251][ T6212] __sys_socketpair+0x34e/0x5a0 [ 118.432286][ T6212] ? __pfx___sys_socketpair+0x10/0x10 [ 118.432317][ T6212] ? xfd_validate_state+0x5d/0x180 [ 118.432354][ T6212] ? rcu_is_watching+0x12/0xc0 [ 118.432400][ T6212] __x64_sys_socketpair+0x96/0x100 [ 118.432431][ T6212] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.432477][ T6212] do_syscall_64+0xcd/0x260 [ 118.432537][ T6212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.432568][ T6212] RIP: 0033:0x7f971ed8d169 [ 118.432599][ T6212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.432630][ T6212] RSP: 002b:00007f971fc3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 118.432662][ T6212] RAX: ffffffffffffffda RBX: 00007f971efa5fa0 RCX: 00007f971ed8d169 [ 118.432683][ T6212] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 118.432702][ T6212] RBP: 00007f971ee0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 118.432721][ T6212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.432738][ T6212] R13: 0000000000000000 R14: 00007f971efa5fa0 R15: 00007ffda19026b8 [ 118.432778][ T6212] [ 120.010652][ T6230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.75'. [ 120.021797][ T6230] netlink: 354 bytes leftover after parsing attributes in process `syz.1.75'. [ 120.170203][ T6237] process 'syz.1.76' launched ':,' with NULL argv: empty string added [ 121.770684][ T6259] netlink: 4 bytes leftover after parsing attributes in process `syz.3.81'. [ 122.337218][ T6271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 122.343433][ T6274] netlink: 28 bytes leftover after parsing attributes in process `syz.0.86'. [ 122.519164][ T6274] team0: Port device team_slave_0 removed [ 123.810958][ T6312] netlink: 36 bytes leftover after parsing attributes in process `syz.0.89'. [ 124.852138][ T6319] debugfs: Directory 'ttyS2' with parent 'caif_serial' already present! [ 127.386689][ T6359] netlink: 29 bytes leftover after parsing attributes in process `syz.0.102'. [ 128.933542][ T6394] Invalid ELF header magic: != ELF [ 129.952002][ T6416] syz.2.114 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 130.191071][ T6419] netlink: 350 bytes leftover after parsing attributes in process `syz.1.115'. [ 130.573759][ T6435] FAULT_INJECTION: forcing a failure. [ 130.573759][ T6435] name failslab, interval 1, probability 0, space 0, times 0 [ 130.672641][ T6435] CPU: 0 UID: 0 PID: 6435 Comm: syz.0.116 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 130.672682][ T6435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 130.672699][ T6435] Call Trace: [ 130.672709][ T6435] [ 130.672721][ T6435] dump_stack_lvl+0x16c/0x1f0 [ 130.672771][ T6435] should_fail_ex+0x512/0x640 [ 130.672807][ T6435] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 130.672859][ T6435] should_failslab+0xc2/0x120 [ 130.672887][ T6435] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 130.672932][ T6435] ? __alloc_skb+0x2b2/0x380 [ 130.672976][ T6435] __alloc_skb+0x2b2/0x380 [ 130.673014][ T6435] ? __pfx___alloc_skb+0x10/0x10 [ 130.673057][ T6435] ? __pfx_sch_direct_xmit+0x10/0x10 [ 130.673097][ T6435] ? find_held_lock+0x2b/0x80 [ 130.673141][ T6435] alloc_skb_with_frags+0xe0/0x860 [ 130.673187][ T6435] ? lockdep_hardirqs_on+0x7c/0x110 [ 130.673229][ T6435] ? __local_bh_enable_ip+0xa4/0x120 [ 130.673268][ T6435] ? __dev_queue_xmit+0x896/0x43e0 [ 130.673306][ T6435] sock_alloc_send_pskb+0x7fb/0x990 [ 130.673358][ T6435] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 130.673397][ T6435] ? __lock_acquire+0x5ca/0x1ba0 [ 130.673437][ T6435] __ip6_append_data+0x2ac9/0x4710 [ 130.673493][ T6435] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 130.673567][ T6435] ? __pfx___ip6_append_data+0x10/0x10 [ 130.673616][ T6435] ? ip6_setup_cork+0xd01/0x15d0 [ 130.673665][ T6435] ip6_make_skb+0x2c8/0x3f0 [ 130.673710][ T6435] ? ip6_dst_check+0x343/0x940 [ 130.673746][ T6435] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 130.673792][ T6435] ? __pfx_ip6_make_skb+0x10/0x10 [ 130.673839][ T6435] ? find_held_lock+0x2b/0x80 [ 130.673889][ T6435] ? sk_dst_check+0x1da/0x540 [ 130.673932][ T6435] ? udpv6_sendmsg+0x24fe/0x3070 [ 130.673962][ T6435] udpv6_sendmsg+0x24fe/0x3070 [ 130.673997][ T6435] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 130.674051][ T6435] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 130.674082][ T6435] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 130.674118][ T6435] ? __lock_acquire+0x5ca/0x1ba0 [ 130.674172][ T6435] ? __lock_acquire+0xaa4/0x1ba0 [ 130.674215][ T6435] ? iovec_from_user+0xbb/0x140 [ 130.674256][ T6435] ? __pfx_aa_sk_perm+0x10/0x10 [ 130.674290][ T6435] ? __import_iovec+0x1c8/0x660 [ 130.674327][ T6435] ? __might_fault+0xe3/0x190 [ 130.674373][ T6435] ? __might_fault+0x13b/0x190 [ 130.674454][ T6435] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 130.674490][ T6435] ? inet6_sendmsg+0x105/0x140 [ 130.674531][ T6435] inet6_sendmsg+0x105/0x140 [ 130.674569][ T6435] ____sys_sendmsg+0x705/0xc70 [ 130.674621][ T6435] ? copy_msghdr_from_user+0x10a/0x160 [ 130.674662][ T6435] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.674719][ T6435] ? kfree+0x252/0x4d0 [ 130.674755][ T6435] ? __pfx__kstrtoull+0x10/0x10 [ 130.674813][ T6435] ___sys_sendmsg+0x134/0x1d0 [ 130.674855][ T6435] ? __pfx____sys_sendmsg+0x10/0x10 [ 130.674931][ T6435] ? __pfx___might_resched+0x10/0x10 [ 130.674985][ T6435] __sys_sendmmsg+0x200/0x420 [ 130.675031][ T6435] ? __pfx___sys_sendmmsg+0x10/0x10 [ 130.675087][ T6435] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 130.675153][ T6435] ? fput+0x70/0xf0 [ 130.675182][ T6435] ? ksys_write+0x1b9/0x240 [ 130.675224][ T6435] ? __pfx_ksys_write+0x10/0x10 [ 130.675275][ T6435] __x64_sys_sendmmsg+0x9c/0x100 [ 130.675316][ T6435] ? lockdep_hardirqs_on+0x7c/0x110 [ 130.675358][ T6435] do_syscall_64+0xcd/0x260 [ 130.675407][ T6435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.675439][ T6435] RIP: 0033:0x7fb33238d169 [ 130.675464][ T6435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.675494][ T6435] RSP: 002b:00007fb3331a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 130.675528][ T6435] RAX: ffffffffffffffda RBX: 00007fb3325a6080 RCX: 00007fb33238d169 [ 130.675547][ T6435] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 130.675565][ T6435] RBP: 00007fb3331a9090 R08: 0000000000000000 R09: 0000000000000000 [ 130.675582][ T6435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.675599][ T6435] R13: 0000000000000001 R14: 00007fb3325a6080 R15: 00007ffd5f25eda8 [ 130.675638][ T6435] [ 134.607255][ T6511] FAULT_INJECTION: forcing a failure. [ 134.607255][ T6511] name failslab, interval 1, probability 0, space 0, times 0 [ 134.620277][ T6511] CPU: 0 UID: 0 PID: 6511 Comm: syz.1.128 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 134.620313][ T6511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 134.620331][ T6511] Call Trace: [ 134.620341][ T6511] [ 134.620353][ T6511] dump_stack_lvl+0x16c/0x1f0 [ 134.620402][ T6511] should_fail_ex+0x512/0x640 [ 134.620443][ T6511] should_failslab+0xc2/0x120 [ 134.620474][ T6511] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 134.620524][ T6511] ? __alloc_skb+0x2b2/0x380 [ 134.620568][ T6511] __alloc_skb+0x2b2/0x380 [ 134.620606][ T6511] ? __pfx___alloc_skb+0x10/0x10 [ 134.620644][ T6511] ? skb_csum_hwoffload_help+0x7c0/0x850 [ 134.620679][ T6511] ? skb_zerocopy_clone+0x2d4/0x6c0 [ 134.620720][ T6511] ? __asan_memcpy+0x3c/0x60 [ 134.620767][ T6511] skb_segment+0x9d7/0x3ef0 [ 134.620833][ T6511] ? __pfx_skb_segment+0x10/0x10 [ 134.620865][ T6511] ? mark_held_locks+0x49/0x80 [ 134.620913][ T6511] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 134.620959][ T6511] tcp_gso_segment+0x3be/0x19e0 [ 134.621008][ T6511] ? __pfx_tcp_wfree+0x10/0x10 [ 134.621041][ T6511] ? __lock_acquire+0x5ca/0x1ba0 [ 134.621084][ T6511] tcp4_gso_segment+0x1ec/0xf20 [ 134.621140][ T6511] ? __pfx_tcp4_gso_segment+0x10/0x10 [ 134.621190][ T6511] inet_gso_segment+0x570/0x1330 [ 134.621234][ T6511] skb_mac_gso_segment+0x2a5/0x650 [ 134.621280][ T6511] ? __pfx_inet_gso_segment+0x10/0x10 [ 134.621309][ T6511] ? __pfx_skb_mac_gso_segment+0x10/0x10 [ 134.621355][ T6511] ? mark_held_locks+0x49/0x80 [ 134.621403][ T6511] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 134.621449][ T6511] __skb_gso_segment+0x36e/0x700 [ 134.621499][ T6511] validate_xmit_skb+0x956/0xfe0 [ 134.621541][ T6511] __dev_queue_xmit+0x71b/0x43e0 [ 134.621590][ T6511] ? ipt_do_table+0xd78/0x1ac0 [ 134.621639][ T6511] ? __pfx___dev_queue_xmit+0x10/0x10 [ 134.621691][ T6511] ? __lock_acquire+0xaa4/0x1ba0 [ 134.621742][ T6511] ? find_held_lock+0x2b/0x80 [ 134.621794][ T6511] ip_finish_output2+0xc38/0x21a0 [ 134.621841][ T6511] ? ip_skb_dst_mtu+0x3e3/0xe90 [ 134.621900][ T6511] ? __pfx_ip_finish_output2+0x10/0x10 [ 134.621942][ T6511] ? ip_skb_dst_mtu+0x496/0xe90 [ 134.621983][ T6511] ? skb_gso_transport_seglen+0x1a5/0x3b0 [ 134.622037][ T6511] __ip_finish_output+0x49e/0x950 [ 134.622097][ T6511] ip_finish_output+0x35/0x380 [ 134.622147][ T6511] ip_output+0x13b/0x2a0 [ 134.622188][ T6511] ? __pfx_ip_output+0x10/0x10 [ 134.622233][ T6511] __ip_queue_xmit+0x1d7d/0x26c0 [ 134.622290][ T6511] ? __pfx_ip_queue_xmit+0x10/0x10 [ 134.622334][ T6511] __tcp_transmit_skb+0x2686/0x3e90 [ 134.622387][ T6511] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 134.622446][ T6511] ? ktime_get+0x200/0x310 [ 134.622490][ T6511] ? lockdep_hardirqs_on+0x7c/0x110 [ 134.622542][ T6511] tcp_write_xmit+0x1274/0x8770 [ 134.622614][ T6511] __tcp_push_pending_frames+0xaf/0x390 [ 134.622655][ T6511] tcp_rcv_established+0x860/0x2180 [ 134.622710][ T6511] ? find_held_lock+0x2b/0x80 [ 134.622750][ T6511] ? __pfx_tcp_rcv_established+0x10/0x10 [ 134.622799][ T6511] ? ipv4_dst_check+0x1a8/0x3b0 [ 134.622856][ T6511] ? __pfx_ipv4_dst_check+0x10/0x10 [ 134.622906][ T6511] tcp_v4_do_rcv+0x5ca/0xa90 [ 134.622939][ T6511] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 134.622967][ T6511] __release_sock+0x31b/0x400 [ 134.623020][ T6511] release_sock+0x5a/0x220 [ 134.623063][ T6511] tcp_recvmsg+0x13a/0x680 [ 134.623146][ T6511] ? __pfx_tcp_recvmsg+0x10/0x10 [ 134.623190][ T6511] ? aa_sk_perm+0x2f4/0xb10 [ 134.623231][ T6511] ? __pfx_tcp_recvmsg+0x10/0x10 [ 134.623260][ T6511] inet_recvmsg+0x12a/0x6a0 [ 134.623286][ T6511] ? __fget_files+0x204/0x3c0 [ 134.623332][ T6511] ? __pfx_inet_recvmsg+0x10/0x10 [ 134.623376][ T6511] sock_recvmsg+0x1b2/0x250 [ 134.623427][ T6511] __sys_recvfrom+0x203/0x310 [ 134.623463][ T6511] ? 0xffffffff81000000 [ 134.623486][ T6511] ? __pfx___sys_recvfrom+0x10/0x10 [ 134.623563][ T6511] ? ksys_write+0x1b9/0x240 [ 134.623605][ T6511] ? __pfx_ksys_write+0x10/0x10 [ 134.623645][ T6511] ? rcu_is_watching+0x12/0xc0 [ 134.623687][ T6511] __x64_sys_recvfrom+0xe0/0x1c0 [ 134.623723][ T6511] ? do_syscall_64+0x91/0x260 [ 134.623768][ T6511] ? lockdep_hardirqs_on+0x7c/0x110 [ 134.623808][ T6511] do_syscall_64+0xcd/0x260 [ 134.623857][ T6511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.623889][ T6511] RIP: 0033:0x7f84f6b8d169 [ 134.623913][ T6511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.623941][ T6511] RSP: 002b:00007f84f7a4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 134.623968][ T6511] RAX: ffffffffffffffda RBX: 00007f84f6da6080 RCX: 00007f84f6b8d169 [ 134.623986][ T6511] RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 [ 134.624003][ T6511] RBP: 00007f84f7a4d090 R08: 0000000000000000 R09: ffffffff81000000 [ 134.624020][ T6511] R10: 0000000000000a00 R11: 0000000000000246 R12: 0000000000000001 [ 134.624036][ T6511] R13: 0000000000000000 R14: 00007f84f6da6080 R15: 00007ffdfb9c5188 [ 134.624082][ T6511] ? 0xffffffff81000000 [ 134.624114][ T6511] [ 137.867428][ T6559] netlink: 28 bytes leftover after parsing attributes in process `syz.1.139'. [ 137.889237][ T6559] veth1_macvtap: left promiscuous mode [ 137.995510][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.006654][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.247975][ T30] audit: type=1800 audit(4294967297.450:5): pid=6553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.138" name=03 dev="tmpfs" ino=227 res=0 errno=0 [ 140.726546][ T6637] netlink: 36 bytes leftover after parsing attributes in process `syz.1.157'. [ 142.525291][ T6699] netlink: 93 bytes leftover after parsing attributes in process `syz.2.171'. [ 142.740670][ T6696] could not allocate digest TFM handle [ 143.541555][ T6721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.176'. [ 143.552257][ T6721] FAULT_INJECTION: forcing a failure. [ 143.552257][ T6721] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 143.569710][ T6721] CPU: 1 UID: 0 PID: 6721 Comm: syz.2.176 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 143.569768][ T6721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 143.569793][ T6721] Call Trace: [ 143.569806][ T6721] [ 143.569821][ T6721] dump_stack_lvl+0x16c/0x1f0 [ 143.569891][ T6721] should_fail_ex+0x512/0x640 [ 143.569955][ T6721] _copy_from_user+0x2e/0xd0 [ 143.570017][ T6721] copy_msghdr_from_user+0x98/0x160 [ 143.570068][ T6721] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 143.570116][ T6721] ? __pfx__kstrtoull+0x10/0x10 [ 143.570172][ T6721] ___sys_sendmsg+0xfe/0x1d0 [ 143.570214][ T6721] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.570274][ T6721] ? find_held_lock+0x2b/0x80 [ 143.570339][ T6721] __sys_sendmmsg+0x200/0x420 [ 143.570384][ T6721] ? __pfx___sys_sendmmsg+0x10/0x10 [ 143.570439][ T6721] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 143.570500][ T6721] ? fput+0x70/0xf0 [ 143.570529][ T6721] ? ksys_write+0x1b9/0x240 [ 143.570571][ T6721] ? __pfx_ksys_write+0x10/0x10 [ 143.570611][ T6721] ? rcu_is_watching+0x12/0xc0 [ 143.570665][ T6721] __x64_sys_sendmmsg+0x9c/0x100 [ 143.570705][ T6721] ? lockdep_hardirqs_on+0x7c/0x110 [ 143.570746][ T6721] do_syscall_64+0xcd/0x260 [ 143.570791][ T6721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.570821][ T6721] RIP: 0033:0x7f971ed8d169 [ 143.570845][ T6721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.570874][ T6721] RSP: 002b:00007f971fc3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 143.570903][ T6721] RAX: ffffffffffffffda RBX: 00007f971efa5fa0 RCX: 00007f971ed8d169 [ 143.570922][ T6721] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 143.570939][ T6721] RBP: 00007f971fc3f090 R08: 0000000000000000 R09: 0000000000000000 [ 143.570956][ T6721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.570972][ T6721] R13: 0000000000000000 R14: 00007f971efa5fa0 R15: 00007ffda19026b8 [ 143.571010][ T6721] [ 143.865954][ T6723] netlink: 4 bytes leftover after parsing attributes in process `syz.0.178'. [ 143.902688][ T6723] netlink: 354 bytes leftover after parsing attributes in process `syz.0.178'. [ 144.203183][ T6734] FAULT_INJECTION: forcing a failure. [ 144.203183][ T6734] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 144.226358][ T6734] CPU: 1 UID: 0 PID: 6734 Comm: syz.3.181 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 144.226400][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 144.226416][ T6734] Call Trace: [ 144.226426][ T6734] [ 144.226438][ T6734] dump_stack_lvl+0x16c/0x1f0 [ 144.226487][ T6734] should_fail_ex+0x512/0x640 [ 144.226528][ T6734] _copy_from_user+0x2e/0xd0 [ 144.226569][ T6734] move_addr_to_kernel+0x65/0x170 [ 144.226599][ T6734] __sys_connect+0xaf/0x170 [ 144.226639][ T6734] ? __pfx___sys_connect+0x10/0x10 [ 144.226689][ T6734] ? __pfx_ksys_write+0x10/0x10 [ 144.226732][ T6734] ? rcu_is_watching+0x12/0xc0 [ 144.226779][ T6734] __x64_sys_connect+0x72/0xb0 [ 144.226811][ T6734] ? lockdep_hardirqs_on+0x7c/0x110 [ 144.226853][ T6734] do_syscall_64+0xcd/0x260 [ 144.226901][ T6734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.226932][ T6734] RIP: 0033:0x7f62def8d169 [ 144.226956][ T6734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.226983][ T6734] RSP: 002b:00007f62dfd06038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 144.227010][ T6734] RAX: ffffffffffffffda RBX: 00007f62df1a6080 RCX: 00007f62def8d169 [ 144.227029][ T6734] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000003 [ 144.227046][ T6734] RBP: 00007f62dfd06090 R08: 0000000000000000 R09: 0000000000000000 [ 144.227063][ T6734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.227080][ T6734] R13: 0000000000000000 R14: 00007f62df1a6080 R15: 00007ffdc8dc5418 [ 144.227117][ T6734] [ 144.700208][ T6740] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 144.726878][ T6740] CIFS mount error: No usable UNC path provided in device string! [ 144.726878][ T6740] [ 144.740386][ T6740] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 145.773800][ T6775] vcan0: tx drop: invalid da for name 0x0000ffef00000000 [ 146.026449][ T6779] netlink: 4 bytes leftover after parsing attributes in process `syz.3.195'. [ 146.039326][ T6779] netlink: 354 bytes leftover after parsing attributes in process `syz.3.195'. [ 147.047107][ T6818] FAULT_INJECTION: forcing a failure. [ 147.047107][ T6818] name failslab, interval 1, probability 0, space 0, times 0 [ 147.060156][ T6818] CPU: 1 UID: 0 PID: 6818 Comm: syz.3.203 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 147.060194][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 147.060211][ T6818] Call Trace: [ 147.060221][ T6818] [ 147.060232][ T6818] dump_stack_lvl+0x16c/0x1f0 [ 147.060280][ T6818] should_fail_ex+0x512/0x640 [ 147.060315][ T6818] ? fs_reclaim_acquire+0xae/0x150 [ 147.060355][ T6818] ? tomoyo_encode2+0x100/0x3e0 [ 147.060403][ T6818] should_failslab+0xc2/0x120 [ 147.060432][ T6818] __kmalloc_noprof+0xd2/0x510 [ 147.060479][ T6818] ? d_absolute_path+0x136/0x1a0 [ 147.060522][ T6818] tomoyo_encode2+0x100/0x3e0 [ 147.060570][ T6818] tomoyo_encode+0x29/0x50 [ 147.060611][ T6818] tomoyo_realpath_from_path+0x18f/0x6e0 [ 147.060668][ T6818] tomoyo_path_number_perm+0x245/0x580 [ 147.060702][ T6818] ? tomoyo_path_number_perm+0x237/0x580 [ 147.060744][ T6818] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 147.060783][ T6818] ? find_held_lock+0x2b/0x80 [ 147.060861][ T6818] ? find_held_lock+0x2b/0x80 [ 147.060900][ T6818] ? hook_file_ioctl_common+0x145/0x410 [ 147.060943][ T6818] ? __fget_files+0x20e/0x3c0 [ 147.060995][ T6818] security_file_ioctl+0x9b/0x240 [ 147.061036][ T6818] __x64_sys_ioctl+0xb7/0x200 [ 147.061077][ T6818] do_syscall_64+0xcd/0x260 [ 147.061127][ T6818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.061158][ T6818] RIP: 0033:0x7f62def8d169 [ 147.061182][ T6818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.061210][ T6818] RSP: 002b:00007f62dfd27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 147.061237][ T6818] RAX: ffffffffffffffda RBX: 00007f62df1a5fa0 RCX: 00007f62def8d169 [ 147.061257][ T6818] RDX: 0000000000000000 RSI: 00000000404c4701 RDI: 0000000000000012 [ 147.061274][ T6818] RBP: 00007f62dfd27090 R08: 0000000000000000 R09: 0000000000000000 [ 147.061292][ T6818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.061308][ T6818] R13: 0000000000000000 R14: 00007f62df1a5fa0 R15: 00007ffdc8dc5418 [ 147.061348][ T6818] [ 147.061381][ T6818] ERROR: Out of memory at tomoyo_realpath_from_path. [ 148.164109][ T6850] zswap: compressor not available [ 148.620166][ T6869] FAULT_INJECTION: forcing a failure. [ 148.620166][ T6869] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 148.768536][ T6869] CPU: 0 UID: 0 PID: 6869 Comm: syz.0.213 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 148.768582][ T6869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.768602][ T6869] Call Trace: [ 148.768613][ T6869] [ 148.768625][ T6869] dump_stack_lvl+0x16c/0x1f0 [ 148.768678][ T6869] should_fail_ex+0x512/0x640 [ 148.768722][ T6869] should_fail_alloc_page+0xe7/0x130 [ 148.768756][ T6869] prepare_alloc_pages+0x3c2/0x610 [ 148.768818][ T6869] ? rcu_is_watching+0x12/0xc0 [ 148.768862][ T6869] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 148.768920][ T6869] ? do_raw_spin_lock+0x12c/0x2b0 [ 148.768968][ T6869] ? find_held_lock+0x2b/0x80 [ 148.769017][ T6869] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 148.769070][ T6869] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 148.769112][ T6869] ? stack_depot_save_flags+0x3e6/0xa50 [ 148.769161][ T6869] ? kasan_save_stack+0x42/0x60 [ 148.769213][ T6869] ? __lock_acquire+0xaa4/0x1ba0 [ 148.769240][ T6869] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 148.769276][ T6869] ? policy_nodemask+0xea/0x4e0 [ 148.769332][ T6869] alloc_pages_mpol+0x1fb/0x550 [ 148.769364][ T6869] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 148.769391][ T6869] ? __page_table_check_ptes_set+0x1ae/0x420 [ 148.769445][ T6869] ? find_held_lock+0x2b/0x80 [ 148.769492][ T6869] alloc_pages_noprof+0x131/0x390 [ 148.769523][ T6869] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 148.769566][ T6869] get_free_pages_noprof+0xc/0x40 [ 148.769599][ T6869] kasan_populate_vmalloc_pte+0x2d/0x160 [ 148.769645][ T6869] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 148.769690][ T6869] __apply_to_page_range+0x5f9/0xd30 [ 148.769734][ T6869] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 148.769783][ T6869] ? __pfx___apply_to_page_range+0x10/0x10 [ 148.769823][ T6869] ? alloc_vmap_area+0x872/0x2970 [ 148.769864][ T6869] alloc_vmap_area+0x919/0x2970 [ 148.769914][ T6869] ? __pfx_alloc_vmap_area+0x10/0x10 [ 148.769969][ T6869] __get_vm_area_node+0x1a7/0x300 [ 148.770017][ T6869] __vmalloc_node_range_noprof+0x277/0x1540 [ 148.770061][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 148.770119][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 148.770171][ T6869] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 148.770232][ T6869] __kvmalloc_node_noprof+0x2ff/0x600 [ 148.770280][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 148.770325][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 148.770376][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 148.770417][ T6869] __do_sys_listmount+0x1c2/0xed0 [ 148.770468][ T6869] ? __x64_sys_futex+0x1e0/0x4c0 [ 148.770514][ T6869] ? __x64_sys_futex+0x1e9/0x4c0 [ 148.770561][ T6869] ? __pfx___do_sys_listmount+0x10/0x10 [ 148.770605][ T6869] ? xfd_validate_state+0x5d/0x180 [ 148.770657][ T6869] do_syscall_64+0xcd/0x260 [ 148.770709][ T6869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.770742][ T6869] RIP: 0033:0x7fb33238d169 [ 148.770769][ T6869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.770799][ T6869] RSP: 002b:00007fb333188038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 148.770829][ T6869] RAX: ffffffffffffffda RBX: 00007fb3325a6160 RCX: 00007fb33238d169 [ 148.770850][ T6869] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 148.770870][ T6869] RBP: 00007fb33240e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 148.770889][ T6869] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 148.770906][ T6869] R13: 0000000000000000 R14: 00007fb3325a6160 R15: 00007ffd5f25eda8 [ 148.770954][ T6869] [ 149.123728][ C0] vkms_vblank_simulate: vblank timer overrun [ 149.206722][ T6869] syz.0.213: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 149.325698][ T6869] CPU: 1 UID: 0 PID: 6869 Comm: syz.0.213 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 149.325744][ T6869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 149.325764][ T6869] Call Trace: [ 149.325774][ T6869] [ 149.325787][ T6869] dump_stack_lvl+0x16c/0x1f0 [ 149.325840][ T6869] warn_alloc+0x248/0x3a0 [ 149.325902][ T6869] ? __pfx_warn_alloc+0x10/0x10 [ 149.325952][ T6869] ? kfree+0x2b6/0x4d0 [ 149.326002][ T6869] ? __get_vm_area_node+0x1e5/0x300 [ 149.326050][ T6869] __vmalloc_node_range_noprof+0xd31/0x1540 [ 149.326107][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 149.326160][ T6869] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 149.326221][ T6869] __kvmalloc_node_noprof+0x2ff/0x600 [ 149.326268][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 149.326313][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 149.326363][ T6869] ? __do_sys_listmount+0x1c2/0xed0 [ 149.326403][ T6869] __do_sys_listmount+0x1c2/0xed0 [ 149.326455][ T6869] ? __x64_sys_futex+0x1e0/0x4c0 [ 149.326498][ T6869] ? __x64_sys_futex+0x1e9/0x4c0 [ 149.326547][ T6869] ? __pfx___do_sys_listmount+0x10/0x10 [ 149.326590][ T6869] ? xfd_validate_state+0x5d/0x180 [ 149.326643][ T6869] do_syscall_64+0xcd/0x260 [ 149.326692][ T6869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.326724][ T6869] RIP: 0033:0x7fb33238d169 [ 149.326750][ T6869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.326781][ T6869] RSP: 002b:00007fb333188038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 149.326811][ T6869] RAX: ffffffffffffffda RBX: 00007fb3325a6160 RCX: 00007fb33238d169 [ 149.326831][ T6869] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 149.326859][ T6869] RBP: 00007fb33240e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 149.326878][ T6869] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 149.326896][ T6869] R13: 0000000000000000 R14: 00007fb3325a6160 R15: 00007ffd5f25eda8 [ 149.326937][ T6869] [ 149.343896][ T6869] Mem-Info: [ 149.343943][ T6869] active_anon:7927 inactive_anon:0 isolated_anon:0 [ 149.343943][ T6869] active_file:13978 inactive_file:38522 isolated_file:0 [ 149.343943][ T6869] unevictable:768 dirty:466 writeback:0 [ 149.343943][ T6869] slab_reclaimable:9833 slab_unreclaimable:94569 [ 149.343943][ T6869] mapped:25119 shmem:2283 pagetables:846 [ 149.343943][ T6869] sec_pagetables:0 bounce:0 [ 149.343943][ T6869] kernel_misc_reclaimable:0 [ 149.343943][ T6869] free:1340075 free_pcp:1152 free_cma:0 [ 149.344030][ T6869] Node 0 active_anon:31708kB inactive_anon:0kB active_file:55912kB inactive_file:154080kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100476kB dirty:1860kB writeback:0kB shmem:7596kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11264kB pagetables:3384kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 149.344119][ T6869] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 149.344206][ T6869] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 149.344296][ T6869] lowmem_reserve[]: 0 2482 2483 2483 2483 [ 149.344360][ T6869] Node 0 DMA32 free:1437792kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:31660kB inactive_anon:0kB active_file:55912kB inactive_file:152516kB unevictable:1536kB writepending:1860kB present:3129332kB managed:2541688kB mlocked:0kB bounce:0kB free_pcp:4588kB local_pcp:3360kB free_cma:0kB [ 149.344451][ T6869] lowmem_reserve[]: 0 0 1 1 1 [ 149.344511][ T6869] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1564kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:8kB free_cma:0kB [ 149.344597][ T6869] lowmem_reserve[]: 0 0 0 0 0 [ 149.344658][ T6869] Node 1 Normal free:3907136kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 149.344747][ T6869] lowmem_reserve[]: 0 0 0 0 0 [ 149.344806][ T6869] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 149.345011][ T6869] Node 0 DMA32: 4*4kB (ME) 2*8kB (UM) 608*16kB (UME) 560*32kB (UME) 456*64kB (UME) 106*128kB (UM) 87*256kB (UM) 37*512kB (UME) 11*1024kB (M) 6*2048kB (M) 318*4096kB (M) = 1437728kB [ 149.345287][ T6869] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 149.345472][ T6869] Node 1 Normal: 196*4kB (UM) 68*8kB (UME) 47*16kB (UME) 190*32kB (UME) 92*64kB (UME) 29*128kB (UME) 19*256kB (UME) 9*512kB (UME) 7*1024kB (UME) 1*2048kB (U) 945*4096kB (M) = 3907168kB [ 149.345767][ T6869] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 149.345793][ T6869] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 149.345820][ T6869] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 149.345847][ T6869] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 149.345872][ T6869] 54793 total pagecache pages [ 149.345885][ T6869] 10 pages in swap cache [ 149.345896][ T6869] Free swap = 124996kB [ 149.345908][ T6869] Total swap = 124996kB [ 149.345921][ T6869] 2097051 pages RAM [ 149.345938][ T6869] 0 pages HighMem/MovableOnly [ 149.345949][ T6869] 429587 pages reserved [ 149.345960][ T6869] 0 pages cma reserved [ 150.504802][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.617034][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.769166][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.033967][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.067613][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.148674][ C0] vkms_vblank_simulate: vblank timer overrun [ 151.669681][ T6906] tty tty1: ldisc open failed (-12), clearing slot 0 [ 153.344463][ T6952] openvswitch: netlink: Flow actions attr not present in new flow. [ 153.993083][ T6972] capability: warning: `syz.1.232' uses 32-bit capabilities (legacy support in use) [ 154.023573][ T6972] syz.1.232 (6972): /proc/6966/oom_adj is deprecated, please use /proc/6966/oom_score_adj instead. [ 154.648246][ T6984] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 154.901447][ T6986] FAULT_INJECTION: forcing a failure. [ 154.901447][ T6986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.941784][ T6986] CPU: 1 UID: 0 PID: 6986 Comm: syz.1.235 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 154.941824][ T6986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 154.941841][ T6986] Call Trace: [ 154.941851][ T6986] [ 154.941862][ T6986] dump_stack_lvl+0x16c/0x1f0 [ 154.941908][ T6986] should_fail_ex+0x512/0x640 [ 154.941950][ T6986] _copy_from_user+0x2e/0xd0 [ 154.941989][ T6986] gsmld_ioctl+0xae8/0x1550 [ 154.942032][ T6986] ? __pfx_gsmld_ioctl+0x10/0x10 [ 154.942074][ T6986] ? __ldsem_down_read_nested+0xf3/0x8d0 [ 154.942117][ T6986] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 154.942167][ T6986] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 154.942209][ T6986] ? __pfx_gsmld_ioctl+0x10/0x10 [ 154.942242][ T6986] tty_ioctl+0x6f6/0x1610 [ 154.942292][ T6986] ? __pfx_tty_ioctl+0x10/0x10 [ 154.942352][ T6986] ? find_held_lock+0x2b/0x80 [ 154.942391][ T6986] ? hook_file_ioctl_common+0x145/0x410 [ 154.942435][ T6986] ? __fget_files+0x20e/0x3c0 [ 154.942486][ T6986] ? __pfx_tty_ioctl+0x10/0x10 [ 154.942537][ T6986] __x64_sys_ioctl+0x190/0x200 [ 154.942578][ T6986] do_syscall_64+0xcd/0x260 [ 154.942626][ T6986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.942656][ T6986] RIP: 0033:0x7f84f6b8d169 [ 154.942680][ T6986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.942715][ T6986] RSP: 002b:00007f84f7a6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 154.942744][ T6986] RAX: ffffffffffffffda RBX: 00007f84f6da5fa0 RCX: 00007f84f6b8d169 [ 154.942763][ T6986] RDX: 0000000000000000 RSI: 0000000040204706 RDI: 0000000000000012 [ 154.942780][ T6986] RBP: 00007f84f7a6e090 R08: 0000000000000000 R09: 0000000000000000 [ 154.942797][ T6986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.942814][ T6986] R13: 0000000000000000 R14: 00007f84f6da5fa0 R15: 00007ffdfb9c5188 [ 154.942853][ T6986] [ 155.288268][ T6989] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 155.649067][ T7000] netlink: 330 bytes leftover after parsing attributes in process `syz.2.239'. [ 155.649176][ T6993] FAULT_INJECTION: forcing a failure. [ 155.649176][ T6993] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.672180][ T7000] : renamed from bond0 (while UP) [ 155.680925][ T6993] CPU: 0 UID: 0 PID: 6993 Comm: syz.0.237 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 155.680969][ T6993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 155.680988][ T6993] Call Trace: [ 155.680998][ T6993] [ 155.681011][ T6993] dump_stack_lvl+0x16c/0x1f0 [ 155.681063][ T6993] should_fail_ex+0x512/0x640 [ 155.681105][ T6993] _copy_to_user+0x32/0xd0 [ 155.681147][ T6993] io_uring_setup+0x14d1/0x2090 [ 155.681183][ T6993] ? __pfx_io_uring_setup+0x10/0x10 [ 155.681225][ T6993] ? __pfx___might_resched+0x10/0x10 [ 155.681289][ T6993] ? rcu_is_watching+0x12/0xc0 [ 155.681336][ T6993] __x64_sys_io_uring_setup+0xc2/0x170 [ 155.681368][ T6993] do_syscall_64+0xcd/0x260 [ 155.681417][ T6993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.681449][ T6993] RIP: 0033:0x7fb33238d169 [ 155.681473][ T6993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.681503][ T6993] RSP: 002b:00007fb3331ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 155.681530][ T6993] RAX: ffffffffffffffda RBX: 00007fb3325a5fa0 RCX: 00007fb33238d169 [ 155.681548][ T6993] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000040000002c55 [ 155.681565][ T6993] RBP: 00007fb33240e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 155.681582][ T6993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.681598][ T6993] R13: 0000000000000000 R14: 00007fb3325a5fa0 R15: 00007ffd5f25eda8 [ 155.681646][ T6993] [ 157.128907][ T7039] syz.3.248 uses obsolete (PF_INET,SOCK_PACKET) [ 158.180175][ T7068] program syz.3.251 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 159.153044][ T7098] bridge0: port 3(team0) entered blocking state [ 159.182127][ T7098] bridge0: port 3(team0) entered disabled state [ 159.203361][ T7098] team0: entered allmulticast mode [ 159.220971][ T7098] team_slave_0: entered allmulticast mode [ 159.239659][ T7098] team_slave_1: entered allmulticast mode [ 159.259986][ T7098] team0: entered promiscuous mode [ 159.276479][ T7098] team_slave_0: entered promiscuous mode [ 159.296795][ T7098] team_slave_1: entered promiscuous mode [ 159.311991][ T7098] bridge0: port 3(team0) entered blocking state [ 159.318677][ T7098] bridge0: port 3(team0) entered forwarding state [ 163.090899][ T30] audit: type=1326 audit(4294967320.320:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7196 comm="syz.3.278" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f62def8d169 code=0x0 [ 164.122996][ T7212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.282'. [ 164.177854][ T7212] netlink: 354 bytes leftover after parsing attributes in process `syz.1.282'. [ 166.417395][ T7261] vcan0: tx drop: invalid da for name 0x0000fffd00000000 [ 167.321379][ T7268] debugfs: Directory 'ttyS2' with parent 'caif_serial' already present! [ 171.148260][ T7344] FAULT_INJECTION: forcing a failure. [ 171.148260][ T7344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.490986][ T7344] CPU: 0 UID: 0 PID: 7344 Comm: syz.2.316 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 171.491027][ T7344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 171.491045][ T7344] Call Trace: [ 171.491054][ T7344] [ 171.491065][ T7344] dump_stack_lvl+0x16c/0x1f0 [ 171.491124][ T7344] should_fail_ex+0x512/0x640 [ 171.491166][ T7344] _copy_from_user+0x2e/0xd0 [ 171.491206][ T7344] copy_msghdr_from_user+0x98/0x160 [ 171.491248][ T7344] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 171.491296][ T7344] ? kfree+0x252/0x4d0 [ 171.491333][ T7344] ? __pfx__kstrtoull+0x10/0x10 [ 171.491390][ T7344] ___sys_sendmsg+0xfe/0x1d0 [ 171.491434][ T7344] ? __pfx____sys_sendmsg+0x10/0x10 [ 171.491512][ T7344] ? __pfx___might_resched+0x10/0x10 [ 171.491564][ T7344] __sys_sendmmsg+0x200/0x420 [ 171.491610][ T7344] ? __pfx___sys_sendmmsg+0x10/0x10 [ 171.491665][ T7344] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 171.491729][ T7344] ? fput+0x70/0xf0 [ 171.491757][ T7344] ? ksys_write+0x1b9/0x240 [ 171.491800][ T7344] ? __pfx_ksys_write+0x10/0x10 [ 171.491841][ T7344] ? rcu_is_watching+0x12/0xc0 [ 171.491887][ T7344] __x64_sys_sendmmsg+0x9c/0x100 [ 171.491928][ T7344] ? lockdep_hardirqs_on+0x7c/0x110 [ 171.491970][ T7344] do_syscall_64+0xcd/0x260 [ 171.492019][ T7344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.492050][ T7344] RIP: 0033:0x7f971ed8d169 [ 171.492074][ T7344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.492110][ T7344] RSP: 002b:00007f971fc1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 171.492137][ T7344] RAX: ffffffffffffffda RBX: 00007f971efa6080 RCX: 00007f971ed8d169 [ 171.492157][ T7344] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 171.492174][ T7344] RBP: 00007f971fc1e090 R08: 0000000000000000 R09: 0000000000000000 [ 171.492191][ T7344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.492208][ T7344] R13: 0000000000000001 R14: 00007f971efa6080 R15: 00007ffda19026b8 [ 171.492246][ T7344] [ 174.764938][ T7414] netlink: 8 bytes leftover after parsing attributes in process `syz.0.327'. [ 176.524719][ T7435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.330'. [ 177.100425][ T7449] FAULT_INJECTION: forcing a failure. [ 177.100425][ T7449] name failslab, interval 1, probability 0, space 0, times 0 [ 177.207451][ T7449] CPU: 1 UID: 0 PID: 7449 Comm: syz.3.333 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 177.207496][ T7449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 177.207514][ T7449] Call Trace: [ 177.207524][ T7449] [ 177.207536][ T7449] dump_stack_lvl+0x16c/0x1f0 [ 177.207587][ T7449] should_fail_ex+0x512/0x640 [ 177.207631][ T7449] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 177.207681][ T7449] should_failslab+0xc2/0x120 [ 177.207712][ T7449] __kmalloc_cache_noprof+0x6a/0x3e0 [ 177.207755][ T7449] ? mark_held_locks+0x49/0x80 [ 177.207806][ T7449] ? ovs_ct_limit_cmd_set+0x30a/0xa90 [ 177.207847][ T7449] ovs_ct_limit_cmd_set+0x30a/0xa90 [ 177.207891][ T7449] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 177.207929][ T7449] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 177.207985][ T7449] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 177.208045][ T7449] genl_family_rcv_msg_doit+0x206/0x2f0 [ 177.208097][ T7449] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 177.208148][ T7449] ? trace_cap_capable+0x18d/0x200 [ 177.208185][ T7449] ? bpf_lsm_capable+0x9/0x10 [ 177.208230][ T7449] ? security_capable+0x7e/0x260 [ 177.208261][ T7449] ? ns_capable+0xd7/0x110 [ 177.208303][ T7449] genl_rcv_msg+0x55c/0x800 [ 177.208338][ T7449] ? __pfx_genl_rcv_msg+0x10/0x10 [ 177.208367][ T7449] ? __pfx___dev_queue_xmit+0x10/0x10 [ 177.208403][ T7449] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 177.208441][ T7449] ? __lock_acquire+0xaa4/0x1ba0 [ 177.208480][ T7449] netlink_rcv_skb+0x16a/0x440 [ 177.208527][ T7449] ? __pfx_genl_rcv_msg+0x10/0x10 [ 177.208559][ T7449] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 177.208636][ T7449] ? __pfx_down_read+0x10/0x10 [ 177.208688][ T7449] ? netlink_deliver_tap+0x1ae/0xd30 [ 177.208740][ T7449] genl_rcv+0x28/0x40 [ 177.208787][ T7449] netlink_unicast+0x53a/0x7f0 [ 177.208840][ T7449] ? __pfx_netlink_unicast+0x10/0x10 [ 177.208886][ T7449] ? __build_skb_around+0x278/0x3b0 [ 177.208921][ T7449] ? __build_skb+0x6e/0x90 [ 177.208959][ T7449] ? is_vmalloc_addr+0x30/0x40 [ 177.209013][ T7449] netlink_sendmsg+0x8d1/0xdd0 [ 177.209067][ T7449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.209128][ T7449] ____sys_sendmsg+0xa95/0xc70 [ 177.209183][ T7449] ? copy_msghdr_from_user+0x10a/0x160 [ 177.209224][ T7449] ? __pfx_____sys_sendmsg+0x10/0x10 [ 177.209295][ T7449] ___sys_sendmsg+0x134/0x1d0 [ 177.209339][ T7449] ? __pfx____sys_sendmsg+0x10/0x10 [ 177.209434][ T7449] __sys_sendmsg+0x16d/0x220 [ 177.209477][ T7449] ? __pfx___sys_sendmsg+0x10/0x10 [ 177.209518][ T7449] ? __x64_sys_futex+0x1e0/0x4c0 [ 177.209577][ T7449] ? rcu_is_watching+0x12/0xc0 [ 177.209634][ T7449] do_syscall_64+0xcd/0x260 [ 177.209685][ T7449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.209718][ T7449] RIP: 0033:0x7f62def8d169 [ 177.209744][ T7449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.209774][ T7449] RSP: 002b:00007f62dfd27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.209804][ T7449] RAX: ffffffffffffffda RBX: 00007f62df1a5fa0 RCX: 00007f62def8d169 [ 177.209825][ T7449] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000005 [ 177.209844][ T7449] RBP: 00007f62df00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 177.209862][ T7449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.209880][ T7449] R13: 0000000000000000 R14: 00007f62df1a5fa0 R15: 00007ffdc8dc5418 [ 177.209920][ T7449] [ 178.375175][ T30] audit: type=1800 audit(4294967335.570:7): pid=7455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.335" name="features" dev="configfs" ino=14265 res=0 errno=0 [ 182.682937][ T7528] debugfs: Directory 'ttyS2' with parent 'caif_serial' already present! [ 183.643807][ T7562] FAULT_INJECTION: forcing a failure. [ 183.643807][ T7562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.688439][ T7562] CPU: 1 UID: 0 PID: 7562 Comm: syz.1.358 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 183.688481][ T7562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 183.688499][ T7562] Call Trace: [ 183.688510][ T7562] [ 183.688521][ T7562] dump_stack_lvl+0x16c/0x1f0 [ 183.688571][ T7562] should_fail_ex+0x512/0x640 [ 183.688613][ T7562] _copy_from_iter+0x2a4/0x15b0 [ 183.688661][ T7562] ? __pfx__copy_from_iter+0x10/0x10 [ 183.688710][ T7562] ? mark_held_locks+0x49/0x80 [ 183.688760][ T7562] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 183.688807][ T7562] j1939_sk_sendmsg+0x7f2/0x13d0 [ 183.688857][ T7562] ? __might_fault+0x51/0x190 [ 183.688913][ T7562] ? __pfx_j1939_sk_sendmsg+0x10/0x10 [ 183.688964][ T7562] __sys_sendto+0x495/0x510 [ 183.689001][ T7562] ? __pfx___sys_sendto+0x10/0x10 [ 183.689073][ T7562] ? ksys_write+0x1b9/0x240 [ 183.689117][ T7562] ? __pfx_ksys_write+0x10/0x10 [ 183.689157][ T7562] ? rcu_is_watching+0x12/0xc0 [ 183.689200][ T7562] __x64_sys_sendto+0xe0/0x1c0 [ 183.689242][ T7562] ? do_syscall_64+0x91/0x260 [ 183.689286][ T7562] ? lockdep_hardirqs_on+0x7c/0x110 [ 183.689326][ T7562] do_syscall_64+0xcd/0x260 [ 183.689380][ T7562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.689411][ T7562] RIP: 0033:0x7f84f6b8d169 [ 183.689434][ T7562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.689462][ T7562] RSP: 002b:00007f84f7a6e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 183.689489][ T7562] RAX: ffffffffffffffda RBX: 00007f84f6da5fa0 RCX: 00007f84f6b8d169 [ 183.689506][ T7562] RDX: 0000000006fffff9 RSI: 0000000000000000 RDI: 0000000000000003 [ 183.689523][ T7562] RBP: 00007f84f7a6e090 R08: 0000200000000440 R09: 0000000000000036 [ 183.689540][ T7562] R10: 00000000fffffff8 R11: 0000000000000246 R12: 0000000000000002 [ 183.689557][ T7562] R13: 0000000000000000 R14: 00007f84f6da5fa0 R15: 00007ffdfb9c5188 [ 183.689594][ T7562] [ 184.893294][ C1] vcan0: j1939_tp_rxtimer: 0xffff888023760800: rx timeout, send abort [ 184.903385][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888023760800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 186.619370][ T7626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.373'. [ 186.837914][ T7631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.376'. [ 187.904721][ T7663] vcan0: tx drop: invalid da for name 0x0003ffff00000000 [ 188.245183][ T7648] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 188.271449][ T7648] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 188.301970][ T7648] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 188.328393][ T7648] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 188.334575][ T7648] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 188.367006][ T7648] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 188.377339][ T7648] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 188.383541][ T7648] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 188.392693][ T7648] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 188.417762][ T7648] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 188.426402][ T7648] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 188.441076][ T7648] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 188.848341][ T7690] netlink: 8 bytes leftover after parsing attributes in process `syz.0.389'. [ 190.037789][ T7722] FAULT_INJECTION: forcing a failure. [ 190.037789][ T7722] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.065992][ T7722] CPU: 1 UID: 0 PID: 7722 Comm: syz.3.398 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 190.066033][ T7722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 190.066051][ T7722] Call Trace: [ 190.066061][ T7722] [ 190.066072][ T7722] dump_stack_lvl+0x16c/0x1f0 [ 190.066122][ T7722] should_fail_ex+0x512/0x640 [ 190.066164][ T7722] _copy_to_user+0x32/0xd0 [ 190.066210][ T7722] simple_read_from_buffer+0xcb/0x170 [ 190.066256][ T7722] proc_fail_nth_read+0x197/0x270 [ 190.066300][ T7722] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 190.066346][ T7722] ? rw_verify_area+0xcf/0x680 [ 190.066381][ T7722] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 190.066424][ T7722] vfs_read+0x1de/0xc70 [ 190.066470][ T7722] ? __pfx___mutex_lock+0x10/0x10 [ 190.066514][ T7722] ? __pfx_vfs_read+0x10/0x10 [ 190.066566][ T7722] ? __fget_files+0x20e/0x3c0 [ 190.066624][ T7722] ksys_read+0x12a/0x240 [ 190.066663][ T7722] ? __pfx_ksys_read+0x10/0x10 [ 190.066725][ T7722] do_syscall_64+0xcd/0x260 [ 190.066775][ T7722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.066806][ T7722] RIP: 0033:0x7f62def8bb7c [ 190.066830][ T7722] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 190.066859][ T7722] RSP: 002b:00007f62dfd27030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 190.066887][ T7722] RAX: ffffffffffffffda RBX: 00007f62df1a5fa0 RCX: 00007f62def8bb7c [ 190.066906][ T7722] RDX: 000000000000000f RSI: 00007f62dfd270a0 RDI: 0000000000000016 [ 190.066923][ T7722] RBP: 00007f62dfd27090 R08: 0000000000000000 R09: 0000000000000000 [ 190.066940][ T7722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.066958][ T7722] R13: 0000000000000000 R14: 00007f62df1a5fa0 R15: 00007ffdc8dc5418 [ 190.066997][ T7722] [ 190.253286][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 190.389162][ T5857] Bluetooth: hci2: command 0x0c1a tx timeout [ 190.395280][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout [ 190.466383][ T5857] Bluetooth: hci3: command 0x0c1a tx timeout [ 190.899784][ T7739] debugfs: Directory 'ttyS2' with parent 'caif_serial' already present! [ 190.974164][ T7750] FAULT_INJECTION: forcing a failure. [ 190.974164][ T7750] name failslab, interval 1, probability 0, space 0, times 0 [ 191.104130][ T7750] CPU: 0 UID: 0 PID: 7750 Comm: syz.0.405 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 191.104170][ T7750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 191.104188][ T7750] Call Trace: [ 191.104197][ T7750] [ 191.104208][ T7750] dump_stack_lvl+0x16c/0x1f0 [ 191.104258][ T7750] should_fail_ex+0x512/0x640 [ 191.104292][ T7750] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 191.104343][ T7750] should_failslab+0xc2/0x120 [ 191.104372][ T7750] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 191.104418][ T7750] ? __alloc_skb+0x2b2/0x380 [ 191.104462][ T7750] __alloc_skb+0x2b2/0x380 [ 191.104507][ T7750] ? __pfx___alloc_skb+0x10/0x10 [ 191.104549][ T7750] ? __pfx_sch_direct_xmit+0x10/0x10 [ 191.104589][ T7750] ? find_held_lock+0x2b/0x80 [ 191.104638][ T7750] alloc_skb_with_frags+0xe0/0x860 [ 191.104683][ T7750] ? lockdep_hardirqs_on+0x7c/0x110 [ 191.104725][ T7750] ? __local_bh_enable_ip+0xa4/0x120 [ 191.104764][ T7750] ? __dev_queue_xmit+0x896/0x43e0 [ 191.104801][ T7750] sock_alloc_send_pskb+0x7fb/0x990 [ 191.104852][ T7750] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 191.104891][ T7750] ? __lock_acquire+0x5ca/0x1ba0 [ 191.104933][ T7750] __ip6_append_data+0x2ac9/0x4710 [ 191.104989][ T7750] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 191.105052][ T7750] ? __pfx___ip6_append_data+0x10/0x10 [ 191.105100][ T7750] ? ip6_setup_cork+0xd01/0x15d0 [ 191.105150][ T7750] ip6_make_skb+0x2c8/0x3f0 [ 191.105198][ T7750] ? ip6_dst_check+0x343/0x940 [ 191.105260][ T7750] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 191.105305][ T7750] ? __pfx_ip6_make_skb+0x10/0x10 [ 191.105353][ T7750] ? find_held_lock+0x2b/0x80 [ 191.105402][ T7750] ? sk_dst_check+0x1da/0x540 [ 191.105446][ T7750] ? udpv6_sendmsg+0x24fe/0x3070 [ 191.105476][ T7750] udpv6_sendmsg+0x24fe/0x3070 [ 191.105513][ T7750] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 191.105570][ T7750] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 191.105607][ T7750] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 191.105645][ T7750] ? __lock_acquire+0x5ca/0x1ba0 [ 191.105700][ T7750] ? __lock_acquire+0xaa4/0x1ba0 [ 191.105744][ T7750] ? iovec_from_user+0xbb/0x140 [ 191.105784][ T7750] ? __pfx_aa_sk_perm+0x10/0x10 [ 191.105819][ T7750] ? __import_iovec+0x1c8/0x660 [ 191.105856][ T7750] ? __might_fault+0xe3/0x190 [ 191.105901][ T7750] ? __might_fault+0x13b/0x190 [ 191.105948][ T7750] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 191.105985][ T7750] ? inet6_sendmsg+0x105/0x140 [ 191.106018][ T7750] inet6_sendmsg+0x105/0x140 [ 191.106055][ T7750] ____sys_sendmsg+0x705/0xc70 [ 191.106107][ T7750] ? copy_msghdr_from_user+0x10a/0x160 [ 191.106147][ T7750] ? __pfx_____sys_sendmsg+0x10/0x10 [ 191.106206][ T7750] ? kfree+0x252/0x4d0 [ 191.106239][ T7750] ? __pfx__kstrtoull+0x10/0x10 [ 191.106294][ T7750] ___sys_sendmsg+0x134/0x1d0 [ 191.106334][ T7750] ? __pfx____sys_sendmsg+0x10/0x10 [ 191.106399][ T7750] ? __pfx___might_resched+0x10/0x10 [ 191.106442][ T7750] __sys_sendmmsg+0x200/0x420 [ 191.106484][ T7750] ? __pfx___sys_sendmmsg+0x10/0x10 [ 191.106539][ T7750] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 191.106611][ T7750] ? fput+0x70/0xf0 [ 191.106641][ T7750] ? ksys_write+0x1b9/0x240 [ 191.106683][ T7750] ? __pfx_ksys_write+0x10/0x10 [ 191.106733][ T7750] __x64_sys_sendmmsg+0x9c/0x100 [ 191.106774][ T7750] ? lockdep_hardirqs_on+0x7c/0x110 [ 191.106816][ T7750] do_syscall_64+0xcd/0x260 [ 191.106864][ T7750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.106896][ T7750] RIP: 0033:0x7fb33238d169 [ 191.106920][ T7750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.106947][ T7750] RSP: 002b:00007fb3331a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.106975][ T7750] RAX: ffffffffffffffda RBX: 00007fb3325a6080 RCX: 00007fb33238d169 [ 191.106996][ T7750] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 191.107013][ T7750] RBP: 00007fb3331a9090 R08: 0000000000000000 R09: 0000000000000000 [ 191.107031][ T7750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.107049][ T7750] R13: 0000000000000001 R14: 00007fb3325a6080 R15: 00007ffd5f25eda8 [ 191.107088][ T7750] [ 192.306940][ T5857] Bluetooth: hci0: command 0x0c1a tx timeout [ 192.466335][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout [ 192.466403][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 192.546638][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 192.904566][ T7789] vivid-010: ================= START STATUS ================= [ 192.918798][ T7789] vivid-010: Generate PTS: true [ 192.924013][ T7789] vivid-010: Generate SCR: true [ 192.945090][ T7789] tpg source WxH: 640x360 (Y'CbCr) [ 192.950634][ T7789] tpg field: 1 [ 192.954057][ T7789] tpg crop: (0,0)/640x360 [ 192.974260][ T7789] tpg compose: (0,0)/640x360 [ 192.997156][ T7789] tpg colorspace: 8 [ 193.001035][ T7789] tpg transfer function: 0/0 [ 193.006378][ T7789] tpg Y'CbCr encoding: 0/0 [ 193.027682][ T7789] tpg quantization: 0/0 [ 193.048066][ T7789] tpg RGB range: 0/2 [ 193.065714][ T7789] vivid-010: ================== END STATUS ================== [ 194.386458][ T55] Bluetooth: hci0: command 0x0c1a tx timeout [ 194.546388][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 194.547872][ T5857] Bluetooth: hci1: command 0x0c1a tx timeout [ 194.631525][ T5857] Bluetooth: hci3: command 0x0c1a tx timeout [ 196.247828][ T7906] netlink: 338 bytes leftover after parsing attributes in process `syz.1.443'. [ 196.258799][ T7906] netlink: 338 bytes leftover after parsing attributes in process `syz.1.443'. [ 196.270444][ T7906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.443'. [ 197.904987][ T7944] ================================================================== [ 197.913137][ T7944] BUG: KASAN: slab-use-after-free in dvb_frontend_release+0x4ca/0x5b0 [ 197.921365][ T7944] Read of size 4 at addr ffff88814468ba3c by task syz.2.451/7944 [ 197.929129][ T7944] [ 197.931490][ T7944] CPU: 1 UID: 0 PID: 7944 Comm: syz.2.451 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 197.931527][ T7944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 197.931544][ T7944] Call Trace: [ 197.931555][ T7944] [ 197.931566][ T7944] dump_stack_lvl+0x116/0x1f0 [ 197.931614][ T7944] print_report+0xc3/0x670 [ 197.931663][ T7944] ? __virt_addr_valid+0x5e/0x590 [ 197.931709][ T7944] ? __phys_addr+0xc6/0x150 [ 197.931756][ T7944] ? dvb_frontend_release+0x4ca/0x5b0 [ 197.931805][ T7944] kasan_report+0xe0/0x110 [ 197.931841][ T7944] ? dvb_frontend_release+0x4ca/0x5b0 [ 197.931896][ T7944] dvb_frontend_release+0x4ca/0x5b0 [ 197.931947][ T7944] ? __pfx_dvb_frontend_release+0x10/0x10 [ 197.931997][ T7944] __fput+0x3ff/0xb70 [ 197.932031][ T7944] task_work_run+0x14d/0x240 [ 197.932067][ T7944] ? __pfx_task_work_run+0x10/0x10 [ 197.932101][ T7944] ? __pfx___do_sys_close_range+0x10/0x10 [ 197.932150][ T7944] ? xfd_validate_state+0x5d/0x180 [ 197.932187][ T7944] syscall_exit_to_user_mode+0x27b/0x2a0 [ 197.932234][ T7944] do_syscall_64+0xda/0x260 [ 197.932281][ T7944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.932313][ T7944] RIP: 0033:0x7f971ed8d169 [ 197.932336][ T7944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.932366][ T7944] RSP: 002b:00007ffda1902818 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 197.932394][ T7944] RAX: 0000000000000000 RBX: 00000000000303ba RCX: 00007f971ed8d169 [ 197.932413][ T7944] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 197.932430][ T7944] RBP: 00007f971efa7ba0 R08: 0000000000000001 R09: 0000001ea1902b0f [ 197.932448][ T7944] R10: 00007f971ec00000 R11: 0000000000000246 R12: 00007f971efa616c [ 197.932466][ T7944] R13: 00007f971efa6160 R14: ffffffffffffffff R15: 00007ffda1902930 [ 197.932495][ T7944] [ 197.932506][ T7944] [ 198.121630][ T7944] Allocated by task 1: [ 198.125714][ T7944] kasan_save_stack+0x33/0x60 [ 198.130434][ T7944] kasan_save_track+0x14/0x30 [ 198.135139][ T7944] __kasan_kmalloc+0xaa/0xb0 [ 198.139757][ T7944] dvb_register_device+0x1e4/0x2370 [ 198.144973][ T7944] dvb_register_frontend+0x5a6/0x880 [ 198.150295][ T7944] vidtv_bridge_probe+0x459/0xa90 [ 198.155354][ T7944] platform_probe+0xff/0x1f0 [ 198.159969][ T7944] really_probe+0x23e/0xa90 [ 198.164507][ T7944] __driver_probe_device+0x1de/0x440 [ 198.169826][ T7944] driver_probe_device+0x4c/0x1b0 [ 198.174884][ T7944] __driver_attach+0x283/0x580 [ 198.179692][ T7944] bus_for_each_dev+0x13b/0x1d0 [ 198.184567][ T7944] bus_add_driver+0x2e9/0x690 [ 198.189294][ T7944] driver_register+0x15c/0x4b0 [ 198.194101][ T7944] vidtv_bridge_init+0x45/0x80 [ 198.198933][ T7944] do_one_initcall+0x120/0x6e0 [ 198.203754][ T7944] kernel_init_freeable+0x5c2/0x900 [ 198.208995][ T7944] kernel_init+0x1c/0x2b0 [ 198.213350][ T7944] ret_from_fork+0x45/0x80 [ 198.217799][ T7944] ret_from_fork_asm+0x1a/0x30 [ 198.222597][ T7944] [ 198.224930][ T7944] Freed by task 7944: [ 198.228922][ T7944] kasan_save_stack+0x33/0x60 [ 198.233639][ T7944] kasan_save_track+0x14/0x30 [ 198.238389][ T7944] kasan_save_free_info+0x3b/0x60 [ 198.243459][ T7944] __kasan_slab_free+0x51/0x70 [ 198.248253][ T7944] kfree+0x2b6/0x4d0 [ 198.252178][ T7944] dvb_device_put.part.0+0x60/0x90 [ 198.257313][ T7944] dvb_generic_release+0xe2/0x160 [ 198.262354][ T7944] dvb_frontend_release+0x13d/0x5b0 [ 198.267585][ T7944] __fput+0x3ff/0xb70 [ 198.271582][ T7944] task_work_run+0x14d/0x240 [ 198.276193][ T7944] syscall_exit_to_user_mode+0x27b/0x2a0 [ 198.281856][ T7944] do_syscall_64+0xda/0x260 [ 198.286389][ T7944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.292303][ T7944] [ 198.294635][ T7944] The buggy address belongs to the object at ffff88814468ba00 [ 198.294635][ T7944] which belongs to the cache kmalloc-256 of size 256 [ 198.308707][ T7944] The buggy address is located 60 bytes inside of [ 198.308707][ T7944] freed 256-byte region [ffff88814468ba00, ffff88814468bb00) [ 198.322438][ T7944] [ 198.324784][ T7944] The buggy address belongs to the physical page: [ 198.331231][ T7944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14468a [ 198.340100][ T7944] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 198.348616][ T7944] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 198.356292][ T7944] page_type: f5(slab) [ 198.360290][ T7944] raw: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 198.368917][ T7944] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 198.377553][ T7944] head: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 198.386245][ T7944] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 198.394936][ T7944] head: 057ff00000000001 ffffea000511a281 00000000ffffffff 00000000ffffffff [ 198.403626][ T7944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 198.412305][ T7944] page dumped because: kasan: bad access detected [ 198.418738][ T7944] page_owner tracks the page as allocated [ 198.424486][ T7944] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 24604058166, free_ts 0 [ 198.444310][ T7944] post_alloc_hook+0x181/0x1b0 [ 198.449111][ T7944] get_page_from_freelist+0x1193/0x39b0 [ 198.454688][ T7944] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 198.460614][ T7944] alloc_pages_mpol+0x1fb/0x550 [ 198.465479][ T7944] new_slab+0x23c/0x330 [ 198.469667][ T7944] ___slab_alloc+0xd9c/0x1940 [ 198.474375][ T7944] __slab_alloc.constprop.0+0x56/0xb0 [ 198.479776][ T7944] __kmalloc_cache_noprof+0xfb/0x3e0 [ 198.485087][ T7944] bus_add_driver+0x92/0x690 [ 198.489704][ T7944] driver_register+0x15c/0x4b0 [ 198.494486][ T7944] usb_register_driver+0x216/0x4d0 [ 198.499617][ T7944] do_one_initcall+0x120/0x6e0 [ 198.504412][ T7944] kernel_init_freeable+0x5c2/0x900 [ 198.509649][ T7944] kernel_init+0x1c/0x2b0 [ 198.513998][ T7944] ret_from_fork+0x45/0x80 [ 198.518432][ T7944] ret_from_fork_asm+0x1a/0x30 [ 198.523227][ T7944] page_owner free stack trace missing [ 198.528611][ T7944] [ 198.530943][ T7944] Memory state around the buggy address: [ 198.536591][ T7944] ffff88814468b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 198.544757][ T7944] ffff88814468b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 198.552864][ T7944] >ffff88814468ba00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 198.560947][ T7944] ^ [ 198.566883][ T7944] ffff88814468ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 198.574972][ T7944] ffff88814468bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 198.583048][ T7944] ================================================================== [ 198.610459][ T7944] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 198.617732][ T7944] CPU: 0 UID: 0 PID: 7944 Comm: syz.2.451 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 198.627932][ T7944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 198.638036][ T7944] Call Trace: [ 198.641348][ T7944] [ 198.644311][ T7944] dump_stack_lvl+0x3d/0x1f0 [ 198.648967][ T7944] panic+0x71c/0x800 [ 198.652906][ T7944] ? __pfx_panic+0x10/0x10 [ 198.657369][ T7944] ? rcu_is_watching+0x12/0xc0 [ 198.662182][ T7944] ? irqentry_exit+0x3b/0x90 [ 198.666829][ T7944] ? lockdep_hardirqs_on+0x7c/0x110 [ 198.672087][ T7944] ? preempt_schedule_thunk+0x16/0x30 [ 198.677503][ T7944] ? dvb_frontend_release+0x4ca/0x5b0 [ 198.682938][ T7944] ? preempt_schedule_common+0x44/0xc0 [ 198.688453][ T7944] ? check_panic_on_warn+0x1f/0xb0 [ 198.693603][ T7944] ? dvb_frontend_release+0x4ca/0x5b0 [ 198.699017][ T7944] check_panic_on_warn+0xab/0xb0 [ 198.703976][ T7944] end_report+0x107/0x170 [ 198.708342][ T7944] kasan_report+0xee/0x110 [ 198.712777][ T7944] ? dvb_frontend_release+0x4ca/0x5b0 [ 198.718193][ T7944] dvb_frontend_release+0x4ca/0x5b0 [ 198.723428][ T7944] ? __pfx_dvb_frontend_release+0x10/0x10 [ 198.729182][ T7944] __fput+0x3ff/0xb70 [ 198.733183][ T7944] task_work_run+0x14d/0x240 [ 198.737799][ T7944] ? __pfx_task_work_run+0x10/0x10 [ 198.742933][ T7944] ? __pfx___do_sys_close_range+0x10/0x10 [ 198.748686][ T7944] ? xfd_validate_state+0x5d/0x180 [ 198.753833][ T7944] syscall_exit_to_user_mode+0x27b/0x2a0 [ 198.759499][ T7944] do_syscall_64+0xda/0x260 [ 198.764035][ T7944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.769953][ T7944] RIP: 0033:0x7f971ed8d169 [ 198.774394][ T7944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.794029][ T7944] RSP: 002b:00007ffda1902818 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 198.802477][ T7944] RAX: 0000000000000000 RBX: 00000000000303ba RCX: 00007f971ed8d169 [ 198.810482][ T7944] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 198.818483][ T7944] RBP: 00007f971efa7ba0 R08: 0000000000000001 R09: 0000001ea1902b0f [ 198.826473][ T7944] R10: 00007f971ec00000 R11: 0000000000000246 R12: 00007f971efa616c [ 198.834485][ T7944] R13: 00007f971efa6160 R14: ffffffffffffffff R15: 00007ffda1902930 [ 198.842487][ T7944] [ 198.845657][ T7944] Kernel Offset: disabled [ 198.849998][ T7944] Rebooting in 86400 seconds..