last executing test programs: 6.024601235s ago: executing program 2 (id=2635): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001080)='/proc/sys/kernel/random/boot_id\x00', 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/usbcore/parameters/quirks\x00', 0xc0202, 0x0) write$auto(r0, &(0x7f0000000080)='+\x00', 0x300000000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/netfilter/nf_log/7\x00', 0xe0002, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) r1 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pread64$auto(r1, 0x0, 0x400000000008e1c, 0x7fff) 5.920835326s ago: executing program 3 (id=2636): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/nfs/net/nfs_client/identifier\x00', 0x400, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x10000000000048, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto(0x3, 0x4188aec6, r0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fb0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x84) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) clock_gettime$auto(0xb, &(0x7f0000000540)={0x8001, 0x2}) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r3, 0x5522, 0xf15) ioctl$auto(r3, 0x5523, r3) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x10002, 0x108) write$auto(r2, &(0x7f0000000100)='/d-:\xe7J\x00'/23, 0x1eb0800) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fb, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x11000000, 0xfe, 0x7, 0x200000006d3c, 0x7ff, 0x10, 0xfffffffffffffffd]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 5.91993008s ago: executing program 1 (id=2645): sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000080)='[') preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r1 = socket(0x2b, 0x1, 0x1) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r1, 0x0, 0x20000001) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) socket(0x2b, 0x1, 0x1) recvmmsg$auto(r2, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x80000001}, 0x1}, 0x3, 0x6, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x109402, 0x0) close_range$auto(0x2, 0xa, 0x1100) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x9, 0xfffffff7, 0x0, 0x0, 0x0, 0xffc, 0x8, 0x80000000000000a, 0x40000402, 0x9, 0x9, 0xffffffff80000000, 0xd, 0x6, 0x200000100103}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'pimreg0\x00'}) 5.85050666s ago: executing program 2 (id=2637): socket(0x10, 0x2, 0xf) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440), 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) io_uring_setup$auto(0x1ff, 0x0) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V)\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1z\x88\f\x03\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) syz_clone(0x100, &(0x7f00000001c0)="768cf837c25bcac1415d6636160de3adf15d02b24731b1e105ef07b71ed2b10b42f943cfa7fabb4e66906d84f1499c79585735f808a7e16674a9ad3651c6a75bea9a87d147211e0b165f9be66f00d43855961e17b8352b0b4c0b0f0da725e7edc88adc84757b9ae30870c7677082fa9cf45c162e4f643dda374e14956f192a16c01e56634dd80a02031670252108a27f7765fe175b938975f29880e2c832396a374e437bd427aabdfdf2582f4ebd1b057f7a72c6346e386e81b8cde446e6188eb09c7299e7ef12c73e3e53f4bfcd31c7da8636d6cb114d40b06273cbc0c4a4", 0xdf, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)="44f2b3cfea1a475d0f2c5cb57752cbe4f3b63750fcf0fffb75b19ef2fd294e89e65fac86ca1f623add11a6b83b0b8caaf7643ec5b4c47ddedca8e8460ac896d0b9195607d324fa68fef31d471201bafe008058bc7403467dcd7dffd6ad93924c105465aada22b765201ba33b5856b7baf260d303caaf44cda087051e225feb146731aea0f20700000000000000c63913f7a36b8a35251b462eb544b5ff5a53529172d83362724005caec3b463e8d6680958763ff1f02f794de681a55cf4b1f86927029c8c072de4334568d441190e069896db6eafafce8f331a56dabee3e15ad03289ef66de46548c53a47e2279e46af5e7ee876740aff2c63bcc2e69e9ae1d51ac65d48031cb5bbaafabb9cc38192c297ab1b6ec90443fc4643c6d45bb944d53726f38e0af36916b927954502df058dc3c64e1289d21f6d5f559f31a6b3abaa375039482feb41e5cf37c3085667d008e8c7f81e59f304f2aded8a1c349efc3c2a5e44799755279bfbb8433d01e1e3ee879738165b15f2a0b111fd7a1c7f623ef4cac6e22670a176b14ab748967fe6e23806c1acd977ae4c2665520bc53670a1da6b980c05f18b6016557797b7cf496ebb67328a762d8e67e7ebb1ed013c59b036a5") openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x84c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x800008}, 0x1, 0x20000000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7112}, 0x8) write$auto(0x3, 0x0, 0x63) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0xa, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x3, 0x8, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22640, 0x155) socket(0xa, 0x6, 0x1003b) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 4.594751533s ago: executing program 2 (id=2640): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) unshare$auto(0x40000080) socket(0xa, 0x1, 0x84) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) shmdt$auto(0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x109c40, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) fcntl$auto(0xffffffffffffffff, 0x402, 0x2) 4.405497954s ago: executing program 3 (id=2641): socket(0x10, 0x2, 0xf) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440), 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) io_uring_setup$auto(0x1ff, 0x0) syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V)\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1z\x88\f\x03\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf) syz_clone(0x100, &(0x7f00000001c0)="768cf837c25bcac1415d6636160de3adf15d02b24731b1e105ef07b71ed2b10b42f943cfa7fabb4e66906d84f1499c79585735f808a7e16674a9ad3651c6a75bea9a87d147211e0b165f9be66f00d43855961e17b8352b0b4c0b0f0da725e7edc88adc84757b9ae30870c7677082fa9cf45c162e4f643dda374e14956f192a16c01e56634dd80a02031670252108a27f7765fe175b938975f29880e2c832396a374e437bd427aabdfdf2582f4ebd1b057f7a72c6346e386e81b8cde446e6188eb09c7299e7ef12c73e3e53f4bfcd31c7da8636d6cb114d40b06273cbc0c4a4", 0xdf, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)="44f2b3cfea1a475d0f2c5cb57752cbe4f3b63750fcf0fffb75b19ef2fd294e89e65fac86ca1f623add11a6b83b0b8caaf7643ec5b4c47ddedca8e8460ac896d0b9195607d324fa68fef31d471201bafe008058bc7403467dcd7dffd6ad93924c105465aada22b765201ba33b5856b7baf260d303caaf44cda087051e225feb146731aea0f20700000000000000c63913f7a36b8a35251b462eb544b5ff5a53529172d83362724005caec3b463e8d6680958763ff1f02f794de681a55cf4b1f86927029c8c072de4334568d441190e069896db6eafafce8f331a56dabee3e15ad03289ef66de46548c53a47e2279e46af5e7ee876740aff2c63bcc2e69e9ae1d51ac65d48031cb5bbaafabb9cc38192c297ab1b6ec90443fc4643c6d45bb944d53726f38e0af36916b927954502df058dc3c64e1289d21f6d5f559f31a6b3abaa375039482feb41e5cf37c3085667d008e8c7f81e59f304f2aded8a1c349efc3c2a5e44799755279bfbb8433d01e1e3ee879738165b15f2a0b111fd7a1c7f623ef4cac6e22670a176b14ab748967fe6e23806c1acd977ae4c2665520bc53670a1da6b980c05f18b6016557797b7cf496ebb67328a762d8e67e7ebb1ed013c59b036a5") openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x84c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x800008}, 0x1, 0x20000000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7112}, 0x8) write$auto(0x3, 0x0, 0x63) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0xa, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x3, 0x8, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22640, 0x155) socket(0xa, 0x6, 0x1003b) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 4.155331823s ago: executing program 1 (id=2643): mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) getsockopt$auto(0xffffffffffffffff, 0x114, 0x271f, 0xfffffffffffffffc, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ppoll$auto(0x0, 0x2, 0x0, 0x0, 0x8) read$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffffff, &(0x7f0000000200)=""/238, 0xee) prctl$auto(0x1000000001c, 0x5, 0x100000000, 0x400000000009, 0x3fffffffff) setreuid$auto(0x0, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x8a403, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) prctl$auto_PR_GET_TSC(0x19, 0x7, 0x0, 0x0, 0xe) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/watchdog_thresh\x00', 0x440140, 0x0) read$auto(0x3, 0x0, 0x80) getsockopt$auto_SO_PEERCRED(r1, 0x8, 0x11, &(0x7f0000000040)='\x00', &(0x7f0000000080)=0x3b1) syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) kill$auto(0xffffffffffffffff, 0x9) 3.20243783s ago: executing program 3 (id=2647): r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x111480, 0x0) socket(0x2f, 0x4, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @rand_addr=0x40020000}, 0x55) bpf$auto(0x21, &(0x7f0000000300)=@batch={0xfffffffffffffff9, 0x2, 0x7, 0x4, 0x6, r0, 0x9, 0x2}, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/net/rxrpc/conns\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, r1, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1\x00', 0x20b42, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/serial8250/driver_override\x00', 0x22b42, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000440)='/dev/snd/controlC2\x00', 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/admmidi2\x00', 0x101000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x10, 0x2, 0x0) socket(0x2, 0x6, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) 3.032184734s ago: executing program 0 (id=2649): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001080)='/proc/sys/kernel/random/boot_id\x00', 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/usbcore/parameters/quirks\x00', 0xc0202, 0x0) write$auto(r1, &(0x7f0000000080)='+\x00', 0x300000000000) read$auto(r0, &(0x7f0000000000)='Qdev/t\x00', 0x1) sendfile$auto(0x1, 0x3, 0x0, 0xc01) r2 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pread64$auto(r2, 0x0, 0x400000000008e1c, 0x7fff) 2.829976703s ago: executing program 0 (id=2650): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x1, 0x4) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0xe, 0x2, 0x100000001, 0x1000, 0x0, 0x0, 0x0, 0xfa98, 0x8, 0x7fffffffffffffff, 0x8000000004, 0x100000007fffffff, 0x5, 0x0, 0x7, 0x4, 0x3}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x89fc, &(0x7f0000000040)={'bridge0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r4, 0x1, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4048099}, 0x800) sendmsg$auto_NFSD_CMD_POOL_MODE_SET(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0xac, r4, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_POOL_MODE_MODE={0x5, 0x1, '\x00'}, @NFSD_A_POOL_MODE_MODE={0x32, 0x1, '/sys/devices/platform/i8042/serio0/softrepeat\x00'}, @NFSD_A_POOL_MODE_MODE={0x8, 0x1, '\x06\x00\'k'}, @NFSD_A_POOL_MODE_MODE={0x32, 0x1, '/sys/devices/platform/i8042/serio0/softrepeat\x00'}, @NFSD_A_POOL_MODE_MODE={0xb, 0x1, './\xc7&)/\x00'}, @NFSD_A_POOL_MODE_MODE={0xc, 0x1, '[/-!&@!\x00'}, @NFSD_A_POOL_MODE_MODE={0x6, 0x1, 'f\x00'}]}, 0xac}, 0x1, 0x0, 0x0, 0x80}, 0x50) close_range$auto(0x2, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/id\x00', 0xa2582, 0x0) readv$auto(r5, &(0x7f0000000180)={&(0x7f00000000c0), 0xe4a}, 0x5) r6 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000000440)={0x1c, r6, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NETDEV_A_DEV_IFINDEX={0x8, 0x1, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x28044004) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) getsockopt$auto_SO_PASSCRED(r7, 0x7, 0x10, &(0x7f0000000080)='\x06\x00\'k', &(0x7f00000000c0)=0x4) write$auto(r7, &(0x7f0000000040)='\x06\x00\'k', 0x4) r8 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy3/hwflags\x00', 0x40081, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0xc8, 0x800454dd, 0x5) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0x9, 0x6, 0x3, 0xee98) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000680)=""/167, 0xa7) write$auto(r8, 0x0, 0x4) 2.785129048s ago: executing program 1 (id=2651): syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) open_tree$auto(r0, 0x0, 0x1001) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fb\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x2, 0x0) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="120087"], 0x1ac}}, 0x810) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000180)={0x0, 0x800}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) r3 = socket(0xa, 0x5, 0x84) setsockopt$auto(r3, 0x10000000084, 0x22, 0x0, 0x10) socket(0x848000000015, 0x805, 0x0) io_uring_setup$auto(0x4011, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f00000003c0), 0x80, 0x0) socketpair$auto(0x7, 0x8, 0x2e, 0x0) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x1f00, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r1, @ANYRES8], 0x18}}, 0x80) 2.690711097s ago: executing program 3 (id=2653): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/175, 0xaf) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0xa0942, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x3, 0x6, 0x0, 0x200000000000001, 0x368e, 0x2, {0x100000000, 0x4}, 0xff, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x8000000c, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x50001, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) r3 = socket(0x15, 0x5, 0x0) ustat$auto(0x801, 0x0) sendmsg$auto(r3, &(0x7f0000000180)={0x0, 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r4 = socket(0x11, 0xa, 0x300) r5 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/pcmC1D0c\x00', 0x208000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE_OLD2(r5, 0xc1004110, &(0x7f00000005c0)={0x1, [0xfffffffd, 0x8, 0x4], [{0x3, 0x7, 0x1}, {0x2, 0x6, 0x1, 0x0, 0x1}, {0x78ce, 0xffffffff, 0x1, 0x0, 0x1, 0x1}, {0xffff, 0x4}, {0x27, 0xffff8000, 0x1, 0x1}, {0xe, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x9, 0x5}, {0x1, 0x58, 0x1, 0x0, 0x1, 0x1}, {0x6, 0x5, 0x1}, {0x4, 0x5, 0x0, 0x1, 0x1}, {0x7fff, 0xb5ba, 0x1, 0x0, 0x0, 0x1}, {0x6, 0x10000, 0x1, 0x1, 0x0, 0x1}], 0x3, 0x0, 0xfff, 0xfffffff8, 0xc, 0x2, 0xfff, "4df5e907e32b560cdd704bb39bb33aa2019f56fed001dac60699a912f91b0542365513bda8500111610412f57363e8d89c81e1651f405ffa321e496310e06f2d"}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) bpf$auto(0x0, &(0x7f0000000100)=@query={@target_ifindex=r6, 0x0, 0x8, 0x9, 0x0, @prog_cnt, 0x0, 0x3, 0x5a3522aa, 0xffffffff, 0x9}, 0x6f4) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200) listmount$auto(&(0x7f0000000040)={0x200, @inferred=r0, 0x7f, 0x81, 0x400}, 0x0, 0xf, 0x5) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) write$auto(r7, &(0x7f0000000300)='*o\xd3\xa49\xaf\xa9\xe4\xe17\x12\xb3Z\x17I\x82\xdc\xbeiw\xc1\xd1\x8d\x9b\r\x9aR\xe7\x9f\xd8\xab\x16`f\nT\xaa\xfap \xe6\xdaV\xdeD\x8dR5\xd2\xe58\n\xff\x19+\xeb\xb3+\xf6\xc6\a\x00\x00\x00\xf1A\xa5\x95\x1fk\x1f\xff\x99gP\x9e\x88\x97]\x93\xf4\xdd<\xe7p\x0e\xd4C\xdc\x84\v\xafz\xfd\x81\xa3\xb2\xbb\xa4\xd9\xf2P\xa8\xe9\x8f\x13\xa7\x98\x85\xf8\v\aB\xfc\xfa\x14E\xb8y\x884<\xa7\xffyb\x8a\b\xbb\x1b\x13W\xe3\xf7\xd8\x83\xc9\xd7\x8c', 0x6) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_nlctrl(0x0, r9) sendmsg$auto_CTRL_CMD_GETPOLICY(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x14, r10, 0x301, 0x70b52c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x400c01d}, 0x0) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r8) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x400300, 0x0) 2.601217818s ago: executing program 0 (id=2654): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = syz_clone3(&(0x7f0000000300)={0x100080000, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f00000001c0), {0x36}, &(0x7f0000000200)=""/40, 0x28, &(0x7f0000000240)=""/117, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x9}, 0x58) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={r0, 0x4, 0x4, 0x8009, 0x8, 0xc, 0x66b, 0x4, 0x7ff}, 0x6f4) close_range$auto(0x2, 0xa, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$auto_NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0xde8065d277046c55, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 2.298806207s ago: executing program 2 (id=2655): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munlock$auto(0x9, 0x29b9) getresuid$auto(0x0, 0x0, 0x0) 2.262543553s ago: executing program 0 (id=2656): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x74d) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0xfe) 2.208843392s ago: executing program 3 (id=2657): mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r0, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfffffdef) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x288880, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x108000, 0x800034, 0x200000b) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x7, 0xeb1, 0x405, 0x8000) statmount$auto(0x0, 0x0, 0x227, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) ioperm$auto(0xf, 0x25a50672, 0x40f4) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x1, 0x4) socket(0xa, 0x2, 0x3a) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x3, 0x21) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nbd3\x00', 0x300, 0x0) write$auto(r1, 0x0, 0xeffd) madvise$auto(0x7ff, 0xfffffffffffefffd, 0x15) sysfs$auto(0x2, 0x10000000000002a, 0x0) ioperm$auto(0xd4, 0x3, 0x0) 2.121217798s ago: executing program 0 (id=2658): close_range$auto(0x2, 0xffffffffffffffff, 0x2) r0 = socket(0x2, 0x1, 0x106) socket(0x8, 0xa, 0xa) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x6a) close_range$auto(0x2, r0, 0x400) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x80000000, 0xffffffff, 0x1fc0, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x1000, 0x8, 0x29b, 0x100, 0x7f, 0x0, 0x6, 0x7f}, {0x100, 0x1, 0xb, 0x7, 0x1, 0x40, 0x3, 0x8, 0x100000000}}) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2181, 0x0) setresuid$auto(0x0, 0x8, 0x8000) fanotify_init$auto(0x200, 0x1) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7ff, 0x4000000000df, 0xeb1, r1, 0xe0) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setns(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x15, r2, 0x9) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) keyctl$auto(0x20000000000001c, 0xffffffffffffffff, 0x363, 0xa, 0x8000000000000007) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000140)='/dev/usbmon5\x00', 0x2080, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="ea12e528ded30ff1309c8b1613007984cb"], 0x14}}, 0x4000080) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/hid_cougar/parameters/g6_is_space\x00', 0x129102, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000002c00), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r5, &(0x7f0000004480)={0x0, 0x0, &(0x7f0000004440)={&(0x7f0000003dc0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027a57000fddbdf250300000004f2ac8f01800c1ae2da901750336bd8"], 0x24}, 0x1, 0x0, 0x0, 0x20000840}, 0x840) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) 1.801761191s ago: executing program 1 (id=2659): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000001080)='/proc/sys/kernel/random/boot_id\x00', 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/usbcore/parameters/quirks\x00', 0xc0202, 0x0) write$auto(r1, &(0x7f0000000080)='+\x00', 0x300000000000) read$auto(r0, &(0x7f0000000000)='Qdev/t\x00', 0x1) sendfile$auto(0x1, 0x3, 0x0, 0xc01) r2 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) pread64$auto(r2, 0x0, 0x400000000008e1c, 0x7fff) 1.43749703s ago: executing program 1 (id=2660): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/nfs/net/nfs_client/identifier\x00', 0x400, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x10000000000048, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto(0x3, 0x4188aec6, r0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fb0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x84) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) clock_gettime$auto(0xb, &(0x7f0000000540)={0x8001, 0x2}) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r3, 0x5522, 0xf15) ioctl$auto(r3, 0x5523, r3) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x10002, 0x108) write$auto(r2, &(0x7f0000000100)='/d-:\xe7J\x00'/23, 0x1eb0800) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fb, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x11000000, 0xfe, 0x7, 0x200000006d3c, 0x7ff, 0x10, 0xfffffffffffffffd]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 972.743904ms ago: executing program 0 (id=2661): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x800, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) pipe2$auto(0x0, 0x80) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) mmap$auto(0x0, 0x400008, 0x15fc1db0, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0x6, 0x11, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0xa, 0x0) clone$auto(0x400000000000007, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) io_uring_register$auto(0x2, 0x9, 0x0, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) mount_setattr$auto(r1, 0x0, 0x0, &(0x7f0000000640)={0x6, 0x9}, 0x283) ioctl$auto_MEMUNLOCK(r1, 0x40084d06, &(0x7f0000000040)={0x3, 0x2}) mlockall$auto(0x7) read$auto(0xffffffffffffffff, 0x0, 0x20) write$auto(0xffffffffffffffff, 0x0, 0x2081) 289.524986ms ago: executing program 2 (id=2662): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "3d64dc8bff7fff7f610000000024"}, 0x55) r0 = socket(0x1, 0x5, 0x0) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/net/dev_snmp6/macsec0\x00', 0x0, 0x0) lseek$auto(r1, 0x5, 0x0) getsockname$auto(r0, 0x0, 0x0) 277.505841ms ago: executing program 3 (id=2663): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffe, 0x1ff, 0x7, 0x1f, 0x7181, 0x1ffde, 0x7, 0x3, 0x9, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x4, 0x0, 0xa, 0x22000, 0x200, 0x0, 0x84}, 0x1fe, 0xd) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/029/001\x00', 0xa002, 0x0) ioctl$auto_USBDEVFS_CLAIMINTERFACE(r0, 0x8004550f, &(0x7f0000000400)=0xfffff000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYBLOB="1000af16d89982111af03ef4b14cc75d9820f5a776cdc038e63cfffa77424b2c67bf60e79172ac6ae2dafdd3dd95"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='U'], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc6}, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0x3, 0x0) 134.751198ms ago: executing program 1 (id=2664): openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/tracing_cpumask\x00', 0x8042, 0x0) mmap$auto(0x0, 0xe984, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x6, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0xa6200, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) socket(0xa, 0x2, 0x3a) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x9, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 0s ago: executing program 2 (id=2665): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = syz_clone3(&(0x7f0000000300)={0x100080000, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f00000001c0), {0x36}, &(0x7f0000000200)=""/40, 0x28, &(0x7f0000000240)=""/117, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x9}, 0x58) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={r0, 0x4, 0x4, 0x8009, 0x8, 0xc, 0x66b, 0x4, 0x7ff}, 0x6f4) close_range$auto(0x2, 0xa, 0x0) openat$auto_safesetid_gid_file_fops_securityfs(0xffffffffffffff9c, &(0x7f0000000000), 0x8202, 0x0) sendmsg$auto_NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0xde8065d277046c55, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) kernel console output (not intermixed with test programs): 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 856.426400][T15283] RSP: 002b:00007fad6f606038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 856.426429][T15283] RAX: ffffffffffffffda RBX: 00007fad6e9a5fa0 RCX: 00007fad6e78d169 [ 856.426449][T15283] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 856.426470][T15283] RBP: 00007fad6e80e990 R08: 0000000000000000 R09: 0000000000000000 [ 856.426489][T15283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.426508][T15283] R13: 0000000000000000 R14: 00007fad6e9a5fa0 R15: 00007ffee883c7e8 [ 856.426550][T15283] [ 856.710342][ C1] vkms_vblank_simulate: vblank timer overrun [ 856.810317][T15289] random: crng reseeded on system resumption [ 858.217035][T15303] Setting dangerous option i915.mitigations - tainting kernel [ 863.131108][T15361] random: crng reseeded on system resumption [ 863.207730][T15368] Setting dangerous option i915.mitigations - tainting kernel [ 867.527602][T15408] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2105'. [ 868.126907][T15419] Setting dangerous option i915.mitigations - tainting kernel [ 868.472361][T15431] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2108'. [ 868.528811][T15424] netlink: 13 bytes leftover after parsing attributes in process `syz.2.2108'. [ 869.046279][T15433] random: crng reseeded on system resumption [ 870.296225][T15457] netlink: 'syz.0.2115': attribute type 1 has an invalid length. [ 870.501399][T15452] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 870.647871][T15460] FAULT_INJECTION: forcing a failure. [ 870.647871][T15460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 870.765707][T15460] CPU: 1 UID: 0 PID: 15460 Comm: syz.1.2116 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 870.765757][T15460] Tainted: [U]=USER [ 870.765768][T15460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 870.765786][T15460] Call Trace: [ 870.765796][T15460] [ 870.765809][T15460] dump_stack_lvl+0x16c/0x1f0 [ 870.765866][T15460] should_fail_ex+0x512/0x640 [ 870.765926][T15460] _copy_from_user+0x2e/0xd0 [ 870.765969][T15460] copy_msghdr_from_user+0x98/0x160 [ 870.766012][T15460] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 870.766076][T15460] ___sys_sendmsg+0xfe/0x1d0 [ 870.766121][T15460] ? __pfx____sys_sendmsg+0x10/0x10 [ 870.766214][T15460] __sys_sendmsg+0x16d/0x220 [ 870.766259][T15460] ? __pfx___sys_sendmsg+0x10/0x10 [ 870.766314][T15460] ? rcu_is_watching+0x12/0xc0 [ 870.766367][T15460] do_syscall_64+0xcd/0x260 [ 870.766419][T15460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.766451][T15460] RIP: 0033:0x7f57a838d169 [ 870.766476][T15460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 870.766508][T15460] RSP: 002b:00007f57a61f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 870.766538][T15460] RAX: ffffffffffffffda RBX: 00007f57a85a5fa0 RCX: 00007f57a838d169 [ 870.766559][T15460] RDX: 0000000000000080 RSI: 0000200000001ac0 RDI: 0000000000000003 [ 870.766579][T15460] RBP: 00007f57a61f6090 R08: 0000000000000000 R09: 0000000000000000 [ 870.766598][T15460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 870.766617][T15460] R13: 0000000000000000 R14: 00007f57a85a5fa0 R15: 00007ffd9fcb3998 [ 870.766657][T15460] [ 870.944551][ C1] vkms_vblank_simulate: vblank timer overrun [ 871.294231][T15464] Setting dangerous option i915.mitigations - tainting kernel [ 871.402667][T15467] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2118'. [ 873.137772][T15485] FAULT_INJECTION: forcing a failure. [ 873.137772][T15485] name failslab, interval 1, probability 0, space 0, times 0 [ 873.217983][T15485] CPU: 1 UID: 0 PID: 15485 Comm: syz.3.2122 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 873.218032][T15485] Tainted: [U]=USER [ 873.218041][T15485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 873.218057][T15485] Call Trace: [ 873.218066][T15485] [ 873.218077][T15485] dump_stack_lvl+0x16c/0x1f0 [ 873.218121][T15485] should_fail_ex+0x512/0x640 [ 873.218180][T15485] ? __kmalloc_noprof+0xbf/0x510 [ 873.218222][T15485] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 873.218252][T15485] should_failslab+0xc2/0x120 [ 873.218277][T15485] __kmalloc_noprof+0xd2/0x510 [ 873.218314][T15485] ? __pfx___mutex_trylock_common+0x10/0x10 [ 873.218350][T15485] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 873.218386][T15485] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 873.218415][T15485] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 873.218449][T15485] ? __pfx___mutex_lock+0x10/0x10 [ 873.218487][T15485] ? genl_get_cmd+0x194/0x580 [ 873.218538][T15485] ? __local_bh_enable_ip+0xa4/0x120 [ 873.218574][T15485] ? __dev_queue_xmit+0x896/0x43e0 [ 873.218601][T15485] ? __radix_tree_lookup+0x21f/0x2c0 [ 873.218643][T15485] genl_rcv_msg+0x55c/0x800 [ 873.218674][T15485] ? __pfx_genl_rcv_msg+0x10/0x10 [ 873.218700][T15485] ? __pfx___dev_queue_xmit+0x10/0x10 [ 873.218742][T15485] ? __pfx_ctrl_getfamily+0x10/0x10 [ 873.218771][T15485] ? __lock_acquire+0xaa4/0x1ba0 [ 873.218819][T15485] netlink_rcv_skb+0x16a/0x440 [ 873.218857][T15485] ? __pfx_genl_rcv_msg+0x10/0x10 [ 873.218885][T15485] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 873.218940][T15485] ? __pfx_down_read+0x10/0x10 [ 873.218965][T15485] ? netlink_deliver_tap+0x1ae/0xd30 [ 873.219007][T15485] genl_rcv+0x28/0x40 [ 873.219046][T15485] netlink_unicast+0x53a/0x7f0 [ 873.219089][T15485] ? __pfx_netlink_unicast+0x10/0x10 [ 873.219137][T15485] netlink_sendmsg+0x8d1/0xdd0 [ 873.219182][T15485] ? __pfx_netlink_sendmsg+0x10/0x10 [ 873.219233][T15485] __sys_sendto+0x495/0x510 [ 873.219265][T15485] ? __pfx___sys_sendto+0x10/0x10 [ 873.219307][T15485] ? count_memcg_events_mm.constprop.0+0x138/0x340 [ 873.219351][T15485] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 873.219390][T15485] __x64_sys_sendto+0xe0/0x1c0 [ 873.219420][T15485] ? do_syscall_64+0x91/0x260 [ 873.219463][T15485] ? lockdep_hardirqs_on+0x7c/0x110 [ 873.219499][T15485] do_syscall_64+0xcd/0x260 [ 873.219540][T15485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.219567][T15485] RIP: 0033:0x7fc3fe98effc [ 873.219587][T15485] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 873.219613][T15485] RSP: 002b:00007fc3ff7aeec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 873.219638][T15485] RAX: ffffffffffffffda RBX: 00007fc3ff7aefc0 RCX: 00007fc3fe98effc [ 873.219656][T15485] RDX: 0000000000000024 RSI: 00007fc3ff7af010 RDI: 0000000000000004 [ 873.219672][T15485] RBP: 0000000000000000 R08: 00007fc3ff7aef14 R09: 000000000000000c [ 873.219689][T15485] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 873.219703][T15485] R13: 00007fc3ff7aef68 R14: 00007fc3ff7af010 R15: 0000000000000000 [ 873.219736][T15485] [ 873.537039][ C1] vkms_vblank_simulate: vblank timer overrun [ 875.331174][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.337676][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 876.055864][T15520] random: crng reseeded on system resumption [ 876.346702][T15523] Setting dangerous option i915.mitigations - tainting kernel [ 877.756223][T15553] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2135'. [ 879.495932][T15567] svc: failed to register nfsdv3 RPC service (errno 111). [ 879.516025][T15567] svc: failed to register nfsaclv3 RPC service (errno 111). [ 879.807972][T15587] Setting dangerous option i915.mitigations - tainting kernel [ 880.798135][T15596] random: crng reseeded on system resumption [ 882.463348][T15608] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2147'. [ 883.660299][T15628] openvswitch: netlink: IP tunnel TTL not specified. [ 884.292844][T15651] Setting dangerous option i915.mitigations - tainting kernel [ 884.842045][T15661] random: crng reseeded on system resumption [ 885.007746][T15654] virtio-fs: tag <(null)> not found [ 885.833896][T15687] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2161'. [ 886.629595][T15745] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2163'. [ 888.330392][T15819] Setting dangerous option i915.mitigations - tainting kernel [ 889.760707][T15851] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2173'. [ 890.726327][T15883] random: crng reseeded on system resumption [ 891.326133][T15906] Setting dangerous option i915.mitigations - tainting kernel [ 892.267773][T15953] FAULT_INJECTION: forcing a failure. [ 892.267773][T15953] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 892.345695][T15953] CPU: 0 UID: 0 PID: 15953 Comm: syz.0.2184 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 892.345744][T15953] Tainted: [U]=USER [ 892.345754][T15953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 892.345772][T15953] Call Trace: [ 892.345783][T15953] [ 892.345794][T15953] dump_stack_lvl+0x16c/0x1f0 [ 892.345842][T15953] should_fail_ex+0x512/0x640 [ 892.345884][T15953] _copy_to_user+0x32/0xd0 [ 892.345924][T15953] simple_read_from_buffer+0xcb/0x170 [ 892.345971][T15953] proc_fail_nth_read+0x197/0x270 [ 892.346015][T15953] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 892.346060][T15953] ? rw_verify_area+0xcf/0x680 [ 892.346095][T15953] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 892.346137][T15953] vfs_read+0x1de/0xc70 [ 892.346184][T15953] ? __pfx___mutex_lock+0x10/0x10 [ 892.346232][T15953] ? __pfx_vfs_read+0x10/0x10 [ 892.346285][T15953] ? __fget_files+0x20e/0x3c0 [ 892.346351][T15953] ksys_read+0x12a/0x240 [ 892.346393][T15953] ? __pfx_ksys_read+0x10/0x10 [ 892.346449][T15953] do_syscall_64+0xcd/0x260 [ 892.346498][T15953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.346529][T15953] RIP: 0033:0x7fad6e78bb7c [ 892.346555][T15953] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 892.346585][T15953] RSP: 002b:00007fad6f606030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 892.346614][T15953] RAX: ffffffffffffffda RBX: 00007fad6e9a5fa0 RCX: 00007fad6e78bb7c [ 892.346635][T15953] RDX: 000000000000000f RSI: 00007fad6f6060a0 RDI: 0000000000000003 [ 892.346653][T15953] RBP: 00007fad6f606090 R08: 0000000000000000 R09: 0000000000000000 [ 892.346672][T15953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 892.346690][T15953] R13: 0000000000000001 R14: 00007fad6e9a5fa0 R15: 00007ffee883c7e8 [ 892.346729][T15953] [ 892.895526][T15973] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2185'. [ 893.227943][T15988] FAULT_INJECTION: forcing a failure. [ 893.227943][T15988] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 893.276619][T15988] CPU: 0 UID: 0 PID: 15988 Comm: syz.1.2188 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 893.276669][T15988] Tainted: [U]=USER [ 893.276679][T15988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 893.276697][T15988] Call Trace: [ 893.276707][T15988] [ 893.276720][T15988] dump_stack_lvl+0x16c/0x1f0 [ 893.276768][T15988] should_fail_ex+0x512/0x640 [ 893.276809][T15988] _copy_to_user+0x32/0xd0 [ 893.276852][T15988] cpuid_read+0x1d7/0x360 [ 893.276906][T15988] ? __pfx_cpuid_read+0x10/0x10 [ 893.276954][T15988] ? __pfx_cpuid_smp_cpuid+0x10/0x10 [ 893.277002][T15988] ? iovec_from_user+0xbb/0x140 [ 893.277054][T15988] ? bpf_lsm_file_permission+0x9/0x10 [ 893.277095][T15988] ? security_file_permission+0x71/0x210 [ 893.277140][T15988] ? __pfx_cpuid_read+0x10/0x10 [ 893.277189][T15988] vfs_readv+0x6bc/0x8a0 [ 893.277246][T15988] ? __pfx_vfs_readv+0x10/0x10 [ 893.277314][T15988] ? __fget_files+0x20e/0x3c0 [ 893.277362][T15988] ? __fget_files+0x160/0x3c0 [ 893.277417][T15988] ? do_readv+0x132/0x330 [ 893.277453][T15988] do_readv+0x132/0x330 [ 893.277492][T15988] ? __pfx_do_readv+0x10/0x10 [ 893.277530][T15988] ? rcu_is_watching+0x12/0xc0 [ 893.277609][T15988] do_syscall_64+0xcd/0x260 [ 893.277660][T15988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 893.277693][T15988] RIP: 0033:0x7f57a838d169 [ 893.277719][T15988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 893.277749][T15988] RSP: 002b:00007f57a61f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 893.277785][T15988] RAX: ffffffffffffffda RBX: 00007f57a85a5fa0 RCX: 00007f57a838d169 [ 893.277807][T15988] RDX: 0000000000000003 RSI: 0000200000000680 RDI: 0000000000000003 [ 893.277827][T15988] RBP: 00007f57a61f6090 R08: 0000000000000000 R09: 0000000000000000 [ 893.277846][T15988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 893.277865][T15988] R13: 0000000000000000 R14: 00007f57a85a5fa0 R15: 00007ffd9fcb3998 [ 893.277906][T15988] [ 893.767673][T16012] type: 4278190080 invalid [ 894.136211][T16032] Setting dangerous option i915.mitigations - tainting kernel [ 895.019630][T16061] random: crng reseeded on system resumption [ 897.951791][T16203] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2204'. [ 898.462178][T16235] random: crng reseeded on system resumption [ 902.061744][T16404] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2216'. [ 904.494119][T16494] random: crng reseeded on system resumption [ 908.506167][T16656] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2227'. [ 912.116191][T16767] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2239'. [ 912.562342][T16783] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2241'. [ 912.735448][T16791] random: crng reseeded on system resumption [ 917.380247][T16912] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2250'. [ 920.599842][T16978] random: crng reseeded on system resumption [ 924.625260][T17136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2268'. [ 924.891981][T17136] .SR: entered promiscuous mode [ 926.535028][T17199] delete_channel: no stack [ 927.371351][T17214] FAULT_INJECTION: forcing a failure. [ 927.371351][T17214] name failslab, interval 1, probability 0, space 0, times 0 [ 927.450629][T17214] CPU: 0 UID: 0 PID: 17214 Comm: syz.0.2284 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 927.450683][T17214] Tainted: [U]=USER [ 927.450694][T17214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 927.450713][T17214] Call Trace: [ 927.450724][T17214] [ 927.450736][T17214] dump_stack_lvl+0x16c/0x1f0 [ 927.450798][T17214] should_fail_ex+0x512/0x640 [ 927.450835][T17214] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 927.450890][T17214] should_failslab+0xc2/0x120 [ 927.450921][T17214] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 927.450972][T17214] ? __alloc_skb+0x2b2/0x380 [ 927.451020][T17214] __alloc_skb+0x2b2/0x380 [ 927.451060][T17214] ? __pfx___alloc_skb+0x10/0x10 [ 927.451106][T17214] ? __lock_acquire+0xaa4/0x1ba0 [ 927.451164][T17214] netlink_alloc_large_skb+0x69/0x130 [ 927.451216][T17214] netlink_sendmsg+0x6a1/0xdd0 [ 927.451272][T17214] ? __pfx_netlink_sendmsg+0x10/0x10 [ 927.451338][T17214] ____sys_sendmsg+0xa95/0xc70 [ 927.451370][T17214] ? copy_msghdr_from_user+0x10a/0x160 [ 927.451413][T17214] ? __pfx_____sys_sendmsg+0x10/0x10 [ 927.451463][T17214] ___sys_sendmsg+0x134/0x1d0 [ 927.451509][T17214] ? __pfx____sys_sendmsg+0x10/0x10 [ 927.451603][T17214] __sys_sendmsg+0x16d/0x220 [ 927.451653][T17214] ? __pfx___sys_sendmsg+0x10/0x10 [ 927.451708][T17214] ? rcu_is_watching+0x12/0xc0 [ 927.451762][T17214] do_syscall_64+0xcd/0x260 [ 927.451819][T17214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 927.451853][T17214] RIP: 0033:0x7fad6e78d169 [ 927.451878][T17214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 927.451908][T17214] RSP: 002b:00007fad6f606038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 927.451937][T17214] RAX: ffffffffffffffda RBX: 00007fad6e9a5fa0 RCX: 00007fad6e78d169 [ 927.451958][T17214] RDX: 0000000000080000 RSI: 0000200000001dc0 RDI: 0000000000000003 [ 927.451978][T17214] RBP: 00007fad6f606090 R08: 0000000000000000 R09: 0000000000000000 [ 927.451997][T17214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 927.452015][T17214] R13: 0000000000000000 R14: 00007fad6e9a5fa0 R15: 00007ffee883c7e8 [ 927.452055][T17214] [ 929.396771][T17274] FAULT_INJECTION: forcing a failure. [ 929.396771][T17274] name failslab, interval 1, probability 0, space 0, times 0 [ 929.549947][T17274] CPU: 1 UID: 0 PID: 17274 Comm: syz.3.2294 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 929.550003][T17274] Tainted: [U]=USER [ 929.550015][T17274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 929.550034][T17274] Call Trace: [ 929.550046][T17274] [ 929.550059][T17274] dump_stack_lvl+0x16c/0x1f0 [ 929.550114][T17274] should_fail_ex+0x512/0x640 [ 929.550153][T17274] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 929.550213][T17274] should_failslab+0xc2/0x120 [ 929.550245][T17274] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 929.550301][T17274] ? __kthread_create_on_node+0x186/0x3f0 [ 929.550363][T17274] kvasprintf+0xbc/0x160 [ 929.550405][T17274] ? __pfx_kvasprintf+0x10/0x10 [ 929.550464][T17274] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 929.550497][T17274] __kthread_create_on_node+0x186/0x3f0 [ 929.550550][T17274] ? __pfx___mutex_trylock_common+0x10/0x10 [ 929.550585][T17274] ? __pfx___kthread_create_on_node+0x10/0x10 [ 929.550671][T17274] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 929.550708][T17274] kthread_create_on_node+0xc7/0x100 [ 929.550764][T17274] ? __pfx_kthread_create_on_node+0x10/0x10 [ 929.550828][T17274] ? mark_held_locks+0x49/0x80 [ 929.550879][T17274] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 929.550924][T17274] ? lockdep_hardirqs_on+0x7c/0x110 [ 929.550978][T17274] dvb_frontend_open+0xf47/0x1730 [ 929.551024][T17274] ? __pfx_dvb_frontend_open+0x10/0x10 [ 929.551061][T17274] dvb_device_open+0x26d/0x3b0 [ 929.551098][T17274] ? __pfx_dvb_device_open+0x10/0x10 [ 929.551133][T17274] chrdev_open+0x231/0x6a0 [ 929.551185][T17274] ? __pfx_apparmor_file_open+0x10/0x10 [ 929.551228][T17274] ? __pfx_chrdev_open+0x10/0x10 [ 929.551285][T17274] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 929.551342][T17274] do_dentry_open+0x741/0x1c10 [ 929.551391][T17274] ? __pfx_chrdev_open+0x10/0x10 [ 929.551452][T17274] vfs_open+0x82/0x3f0 [ 929.551492][T17274] path_openat+0x1e5e/0x2d40 [ 929.551559][T17274] ? __pfx_path_openat+0x10/0x10 [ 929.551620][T17274] do_filp_open+0x20b/0x470 [ 929.551683][T17274] ? __pfx_do_filp_open+0x10/0x10 [ 929.551765][T17274] ? alloc_fd+0x471/0x7d0 [ 929.551826][T17274] do_sys_openat2+0x11b/0x1d0 [ 929.551862][T17274] ? __pfx_do_sys_openat2+0x10/0x10 [ 929.551915][T17274] __x64_sys_openat+0x174/0x210 [ 929.551953][T17274] ? __pfx___x64_sys_openat+0x10/0x10 [ 929.551992][T17274] ? rcu_is_watching+0x12/0xc0 [ 929.552044][T17274] do_syscall_64+0xcd/0x260 [ 929.552096][T17274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.552130][T17274] RIP: 0033:0x7fc3fe98d169 [ 929.552158][T17274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 929.552190][T17274] RSP: 002b:00007fc3ff76e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 929.552233][T17274] RAX: ffffffffffffffda RBX: 00007fc3feba6160 RCX: 00007fc3fe98d169 [ 929.552256][T17274] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 929.552277][T17274] RBP: 00007fc3fea0e990 R08: 0000000000000000 R09: 0000000000000000 [ 929.552298][T17274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 929.552317][T17274] R13: 0000000000000000 R14: 00007fc3feba6160 R15: 00007ffe0c523dc8 [ 929.552360][T17274] [ 929.552408][T17274] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 930.749941][T17303] random: crng reseeded on system resumption [ 931.077197][T17315] FAULT_INJECTION: forcing a failure. [ 931.077197][T17315] name failslab, interval 1, probability 0, space 0, times 0 [ 931.123583][T17315] CPU: 0 UID: 0 PID: 17315 Comm: syz.0.2298 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 931.123635][T17315] Tainted: [U]=USER [ 931.123646][T17315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 931.123664][T17315] Call Trace: [ 931.123674][T17315] [ 931.123686][T17315] dump_stack_lvl+0x16c/0x1f0 [ 931.123737][T17315] should_fail_ex+0x512/0x640 [ 931.123780][T17315] should_failslab+0xc2/0x120 [ 931.123810][T17315] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 931.123860][T17315] ? skb_clone+0x190/0x3f0 [ 931.123908][T17315] skb_clone+0x190/0x3f0 [ 931.123951][T17315] netlink_deliver_tap+0xabd/0xd30 [ 931.124006][T17315] netlink_unicast+0x5df/0x7f0 [ 931.124059][T17315] ? __pfx_netlink_unicast+0x10/0x10 [ 931.124113][T17315] ? __lock_acquire+0xaa4/0x1ba0 [ 931.124171][T17315] netlink_sendmsg+0x8d1/0xdd0 [ 931.124239][T17315] ? __pfx_netlink_sendmsg+0x10/0x10 [ 931.124307][T17315] ____sys_sendmsg+0xa95/0xc70 [ 931.124344][T17315] ? copy_msghdr_from_user+0x10a/0x160 [ 931.124385][T17315] ? __pfx_____sys_sendmsg+0x10/0x10 [ 931.124436][T17315] ___sys_sendmsg+0x134/0x1d0 [ 931.124480][T17315] ? __pfx____sys_sendmsg+0x10/0x10 [ 931.124572][T17315] __sys_sendmsg+0x16d/0x220 [ 931.124615][T17315] ? __pfx___sys_sendmsg+0x10/0x10 [ 931.124670][T17315] ? rcu_is_watching+0x12/0xc0 [ 931.124721][T17315] do_syscall_64+0xcd/0x260 [ 931.124772][T17315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.124803][T17315] RIP: 0033:0x7fad6e78d169 [ 931.124828][T17315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 931.124859][T17315] RSP: 002b:00007fad6f606038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 931.124889][T17315] RAX: ffffffffffffffda RBX: 00007fad6e9a5fa0 RCX: 00007fad6e78d169 [ 931.124910][T17315] RDX: 0000000000000080 RSI: 0000200000001ac0 RDI: 0000000000000004 [ 931.124930][T17315] RBP: 00007fad6f606090 R08: 0000000000000000 R09: 0000000000000000 [ 931.124949][T17315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 931.124967][T17315] R13: 0000000000000000 R14: 00007fad6e9a5fa0 R15: 00007ffee883c7e8 [ 931.125008][T17315] [ 931.366933][T17315] netlink: 'syz.0.2298': attribute type 1 has an invalid length. [ 931.692415][T17334] netlink: 'syz.3.2300': attribute type 1 has an invalid length. [ 932.274100][T17353] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2302'. [ 933.826971][T17411] delete_channel: no stack [ 933.848121][T17396] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2305'. [ 935.980614][T17487] netlink: 'syz.2.2313': attribute type 1 has an invalid length. [ 936.758247][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.764625][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.782704][T17531] FAULT_INJECTION: forcing a failure. [ 936.782704][T17531] name failslab, interval 1, probability 0, space 0, times 0 [ 936.816125][T17531] CPU: 0 UID: 0 PID: 17531 Comm: syz.1.2319 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 936.816184][T17531] Tainted: [U]=USER [ 936.816195][T17531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 936.816221][T17531] Call Trace: [ 936.816232][T17531] [ 936.816244][T17531] dump_stack_lvl+0x16c/0x1f0 [ 936.816295][T17531] should_fail_ex+0x512/0x640 [ 936.816337][T17531] should_failslab+0xc2/0x120 [ 936.816367][T17531] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 936.816418][T17531] ? dst_alloc+0x99/0x1a0 [ 936.816460][T17531] dst_alloc+0x99/0x1a0 [ 936.816500][T17531] rt_dst_alloc+0x35/0x3a0 [ 936.816549][T17531] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 936.816600][T17531] ip_route_output_key_hash+0x137/0x2e0 [ 936.816636][T17531] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 936.816683][T17531] ? __pfx_crng_fast_key_erasure+0x10/0x10 [ 936.816724][T17531] ip_route_output_flow+0x27/0x150 [ 936.816761][T17531] sctp_v4_get_dst+0x41e/0x1340 [ 936.816810][T17531] ? crng_make_state+0x46e/0x6d0 [ 936.816843][T17531] ? lockdep_hardirqs_on+0x7c/0x110 [ 936.816889][T17531] ? crng_make_state+0x48e/0x6d0 [ 936.816932][T17531] ? __pfx_sctp_v4_get_dst+0x10/0x10 [ 936.817000][T17531] ? __pfx_sctp_generate_proto_unreach_event+0x10/0x10 [ 936.817062][T17531] ? lockdep_init_map_type+0x5c/0x280 [ 936.817101][T17531] ? sctp_transport_route+0x12f/0x350 [ 936.817139][T17531] sctp_transport_route+0x12f/0x350 [ 936.817190][T17531] sctp_assoc_add_peer+0x741/0x1550 [ 936.817235][T17531] sctp_connect_new_asoc+0x208/0x790 [ 936.817278][T17531] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 936.817317][T17531] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 936.817376][T17531] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 936.817423][T17531] sctp_sendmsg+0x15f9/0x1ee0 [ 936.817455][T17531] ? __lock_acquire+0x5ca/0x1ba0 [ 936.817519][T17531] ? __pfx_sctp_sendmsg+0x10/0x10 [ 936.817563][T17531] ? __pfx___might_resched+0x10/0x10 [ 936.817628][T17531] ? __pfx_aa_sk_perm+0x10/0x10 [ 936.817672][T17531] ? __pfx_sctp_sendmsg+0x10/0x10 [ 936.817711][T17531] inet_sendmsg+0x119/0x140 [ 936.817746][T17531] ____sys_sendmsg+0x973/0xc70 [ 936.817782][T17531] ? __pfx_____sys_sendmsg+0x10/0x10 [ 936.817820][T17531] ? __pfx__kstrtoull+0x10/0x10 [ 936.817879][T17531] ___sys_sendmsg+0x134/0x1d0 [ 936.817926][T17531] ? __pfx____sys_sendmsg+0x10/0x10 [ 936.817992][T17531] ? find_held_lock+0x2b/0x80 [ 936.818060][T17531] __sys_sendmmsg+0x200/0x420 [ 936.818109][T17531] ? __pfx___sys_sendmmsg+0x10/0x10 [ 936.818174][T17531] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 936.818242][T17531] ? fput+0x70/0xf0 [ 936.818274][T17531] ? ksys_write+0x1b9/0x240 [ 936.818318][T17531] ? __pfx_ksys_write+0x10/0x10 [ 936.818361][T17531] ? rcu_is_watching+0x12/0xc0 [ 936.818408][T17531] __x64_sys_sendmmsg+0x9c/0x100 [ 936.818451][T17531] ? lockdep_hardirqs_on+0x7c/0x110 [ 936.818496][T17531] do_syscall_64+0xcd/0x260 [ 936.818548][T17531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.818581][T17531] RIP: 0033:0x7f57a838d169 [ 936.818607][T17531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 936.818640][T17531] RSP: 002b:00007f57a61f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 936.818670][T17531] RAX: ffffffffffffffda RBX: 00007f57a85a5fa0 RCX: 00007f57a838d169 [ 936.818692][T17531] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 936.818712][T17531] RBP: 00007f57a61f6090 R08: 0000000000000000 R09: 0000000000000000 [ 936.818730][T17531] R10: 0000000000020311 R11: 0000000000000246 R12: 0000000000000001 [ 936.818761][T17531] R13: 0000000000000000 R14: 00007f57a85a5fa0 R15: 00007ffd9fcb3998 [ 936.818802][T17531] [ 939.352782][T17648] FAULT_INJECTION: forcing a failure. [ 939.352782][T17648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 939.416285][T17648] CPU: 0 UID: 0 PID: 17648 Comm: syz.3.2324 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 939.416337][T17648] Tainted: [U]=USER [ 939.416348][T17648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 939.416367][T17648] Call Trace: [ 939.416378][T17648] [ 939.416390][T17648] dump_stack_lvl+0x16c/0x1f0 [ 939.416441][T17648] should_fail_ex+0x512/0x640 [ 939.416485][T17648] _copy_from_user+0x2e/0xd0 [ 939.416527][T17648] copy_msghdr_from_user+0x98/0x160 [ 939.416571][T17648] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 939.416622][T17648] ? kfree+0x252/0x4d0 [ 939.416661][T17648] ? __pfx__kstrtoull+0x10/0x10 [ 939.416719][T17648] ___sys_sendmsg+0xfe/0x1d0 [ 939.416765][T17648] ? __pfx____sys_sendmsg+0x10/0x10 [ 939.416845][T17648] ? __pfx___might_resched+0x10/0x10 [ 939.416901][T17648] __sys_sendmmsg+0x200/0x420 [ 939.416956][T17648] ? __pfx___sys_sendmmsg+0x10/0x10 [ 939.417014][T17648] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 939.417082][T17648] ? fput+0x70/0xf0 [ 939.417113][T17648] ? ksys_write+0x1b9/0x240 [ 939.417158][T17648] ? __pfx_ksys_write+0x10/0x10 [ 939.417200][T17648] ? rcu_is_watching+0x12/0xc0 [ 939.417248][T17648] __x64_sys_sendmmsg+0x9c/0x100 [ 939.417291][T17648] ? lockdep_hardirqs_on+0x7c/0x110 [ 939.417336][T17648] do_syscall_64+0xcd/0x260 [ 939.417388][T17648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.417420][T17648] RIP: 0033:0x7fc3fe98d169 [ 939.417446][T17648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 939.417478][T17648] RSP: 002b:00007fc3ff7b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 939.417509][T17648] RAX: ffffffffffffffda RBX: 00007fc3feba5fa0 RCX: 00007fc3fe98d169 [ 939.417530][T17648] RDX: 0000000080000002 RSI: 00002000000001c0 RDI: 0000000000000003 [ 939.417550][T17648] RBP: 00007fc3ff7b0090 R08: 0000000000000000 R09: 0000000000000000 [ 939.417570][T17648] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000002 [ 939.417590][T17648] R13: 0000000000000000 R14: 00007fc3feba5fa0 R15: 00007ffe0c523dc8 [ 939.417630][T17648] [ 940.201280][T17686] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2327'. [ 940.210725][T17687] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2327'. [ 940.232926][T17686] veth0_macvtap: entered allmulticast mode [ 940.439114][ T30] audit: type=1326 audit(6039537798.843:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17689 comm="syz.3.2329" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc3fe98d169 code=0x0 [ 941.970583][T17733] FAULT_INJECTION: forcing a failure. [ 941.970583][T17733] name failslab, interval 1, probability 0, space 0, times 0 [ 942.005740][T17733] CPU: 1 UID: 0 PID: 17733 Comm: syz.2.2334 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 942.005791][T17733] Tainted: [U]=USER [ 942.005802][T17733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 942.005821][T17733] Call Trace: [ 942.005831][T17733] [ 942.005843][T17733] dump_stack_lvl+0x16c/0x1f0 [ 942.005892][T17733] should_fail_ex+0x512/0x640 [ 942.005928][T17733] ? fs_reclaim_acquire+0xae/0x150 [ 942.005966][T17733] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 942.006009][T17733] should_failslab+0xc2/0x120 [ 942.006039][T17733] __kmalloc_noprof+0xd2/0x510 [ 942.006095][T17733] tomoyo_realpath_from_path+0xc2/0x6e0 [ 942.006142][T17733] ? tomoyo_profile+0x47/0x60 [ 942.006192][T17733] tomoyo_path_number_perm+0x245/0x580 [ 942.006225][T17733] ? tomoyo_path_number_perm+0x237/0x580 [ 942.006263][T17733] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 942.006301][T17733] ? find_held_lock+0x2b/0x80 [ 942.006377][T17733] ? find_held_lock+0x2b/0x80 [ 942.006414][T17733] ? hook_file_ioctl_common+0x145/0x410 [ 942.006457][T17733] ? __fget_files+0x20e/0x3c0 [ 942.006527][T17733] security_file_ioctl+0x9b/0x240 [ 942.006565][T17733] __x64_sys_ioctl+0xb7/0x200 [ 942.006603][T17733] do_syscall_64+0xcd/0x260 [ 942.006649][T17733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.006677][T17733] RIP: 0033:0x7f707db8d169 [ 942.006701][T17733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 942.006729][T17733] RSP: 002b:00007f707e937038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 942.006757][T17733] RAX: ffffffffffffffda RBX: 00007f707dda5fa0 RCX: 00007f707db8d169 [ 942.006777][T17733] RDX: 0000000000000000 RSI: 000000000000125d RDI: 0000000000000003 [ 942.006794][T17733] RBP: 00007f707e937090 R08: 0000000000000000 R09: 0000000000000000 [ 942.006811][T17733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 942.006829][T17733] R13: 0000000000000000 R14: 00007f707dda5fa0 R15: 00007ffc8eb95118 [ 942.006865][T17733] [ 942.006876][T17733] ERROR: Out of memory at tomoyo_realpath_from_path. [ 943.147821][T17753] FAULT_INJECTION: forcing a failure. [ 943.147821][T17753] name failslab, interval 1, probability 0, space 0, times 0 [ 943.198227][T17753] CPU: 1 UID: 0 PID: 17753 Comm: syz.2.2341 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 943.198281][T17753] Tainted: [U]=USER [ 943.198293][T17753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 943.198312][T17753] Call Trace: [ 943.198323][T17753] [ 943.198336][T17753] dump_stack_lvl+0x16c/0x1f0 [ 943.198400][T17753] should_fail_ex+0x512/0x640 [ 943.198437][T17753] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 943.198486][T17753] should_failslab+0xc2/0x120 [ 943.198518][T17753] __kmalloc_cache_noprof+0x6a/0x3e0 [ 943.198563][T17753] ? snd_card_file_add+0x52/0x330 [ 943.198621][T17753] snd_card_file_add+0x52/0x330 [ 943.198678][T17753] snd_pcm_oss_open+0x1cf/0x1400 [ 943.198732][T17753] ? lockdep_hardirqs_on+0x7c/0x110 [ 943.198784][T17753] ? find_held_lock+0x2b/0x80 [ 943.198840][T17753] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 943.198901][T17753] ? __lock_acquire+0xaa4/0x1ba0 [ 943.198949][T17753] ? __lock_acquire+0xaa4/0x1ba0 [ 943.199001][T17753] ? do_raw_spin_lock+0x12c/0x2b0 [ 943.199037][T17753] ? soundcore_open+0x35a/0x580 [ 943.199079][T17753] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 943.199129][T17753] soundcore_open+0x409/0x580 [ 943.199171][T17753] ? __pfx_soundcore_open+0x10/0x10 [ 943.199212][T17753] chrdev_open+0x231/0x6a0 [ 943.199256][T17753] ? __pfx_apparmor_file_open+0x10/0x10 [ 943.199295][T17753] ? __pfx_chrdev_open+0x10/0x10 [ 943.199343][T17753] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 943.199406][T17753] do_dentry_open+0x741/0x1c10 [ 943.199469][T17753] ? __pfx_chrdev_open+0x10/0x10 [ 943.199525][T17753] vfs_open+0x82/0x3f0 [ 943.199563][T17753] path_openat+0x1e5e/0x2d40 [ 943.199623][T17753] ? __pfx_path_openat+0x10/0x10 [ 943.199681][T17753] do_filp_open+0x20b/0x470 [ 943.199728][T17753] ? __pfx_do_filp_open+0x10/0x10 [ 943.199821][T17753] ? alloc_fd+0x471/0x7d0 [ 943.199879][T17753] do_sys_openat2+0x11b/0x1d0 [ 943.199914][T17753] ? __pfx_do_sys_openat2+0x10/0x10 [ 943.199954][T17753] ? __fget_files+0x20e/0x3c0 [ 943.200008][T17753] __x64_sys_openat+0x174/0x210 [ 943.200044][T17753] ? __pfx___x64_sys_openat+0x10/0x10 [ 943.200078][T17753] ? ksys_write+0x1b9/0x240 [ 943.200122][T17753] ? rcu_is_watching+0x12/0xc0 [ 943.200173][T17753] do_syscall_64+0xcd/0x260 [ 943.200232][T17753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.200265][T17753] RIP: 0033:0x7f707db8d169 [ 943.200291][T17753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.200323][T17753] RSP: 002b:00007f707e937038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 943.200354][T17753] RAX: ffffffffffffffda RBX: 00007f707dda5fa0 RCX: 00007f707db8d169 [ 943.200383][T17753] RDX: 0000000000020b43 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 943.200404][T17753] RBP: 00007f707e937090 R08: 0000000000000000 R09: 0000000000000000 [ 943.200425][T17753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 943.200444][T17753] R13: 0000000000000000 R14: 00007f707dda5fa0 R15: 00007ffc8eb95118 [ 943.200485][T17753] [ 946.757597][T17875] FAULT_INJECTION: forcing a failure. [ 946.757597][T17875] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 946.792195][T17875] CPU: 1 UID: 0 PID: 17875 Comm: syz.0.2350 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 946.792247][T17875] Tainted: [U]=USER [ 946.792258][T17875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 946.792277][T17875] Call Trace: [ 946.792288][T17875] [ 946.792300][T17875] dump_stack_lvl+0x16c/0x1f0 [ 946.792350][T17875] should_fail_ex+0x512/0x640 [ 946.792390][T17875] _copy_to_user+0x32/0xd0 [ 946.792433][T17875] simple_read_from_buffer+0xcb/0x170 [ 946.792479][T17875] proc_fail_nth_read+0x197/0x270 [ 946.792524][T17875] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 946.792570][T17875] ? rw_verify_area+0xcf/0x680 [ 946.792608][T17875] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 946.792653][T17875] vfs_read+0x1de/0xc70 [ 946.792700][T17875] ? __pfx___mutex_lock+0x10/0x10 [ 946.792747][T17875] ? __pfx_vfs_read+0x10/0x10 [ 946.792800][T17875] ? __fget_files+0x20e/0x3c0 [ 946.792856][T17875] ksys_read+0x12a/0x240 [ 946.792899][T17875] ? __pfx_ksys_read+0x10/0x10 [ 946.792951][T17875] ? rcu_is_watching+0x12/0xc0 [ 946.792998][T17875] do_syscall_64+0xcd/0x260 [ 946.793045][T17875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.793076][T17875] RIP: 0033:0x7fad6e78bb7c [ 946.793099][T17875] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 946.793138][T17875] RSP: 002b:00007fad6f5e5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 946.793166][T17875] RAX: ffffffffffffffda RBX: 00007fad6e9a6080 RCX: 00007fad6e78bb7c [ 946.793187][T17875] RDX: 000000000000000f RSI: 00007fad6f5e50a0 RDI: 0000000000000004 [ 946.793206][T17875] RBP: 00007fad6f5e5090 R08: 0000000000000000 R09: 0000000000000000 [ 946.793225][T17875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 946.793244][T17875] R13: 0000000000000000 R14: 00007fad6e9a6080 R15: 00007ffee883c7e8 [ 946.793282][T17875] [ 947.276212][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 947.316589][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 947.345882][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 947.398217][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 947.406225][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 949.466354][T12800] Bluetooth: hci4: command tx timeout [ 949.694336][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 950.122616][T18029] netlink: 'syz.1.2358': attribute type 10 has an invalid length. [ 950.126565][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 950.165686][T18029] netlink: 230 bytes leftover after parsing attributes in process `syz.1.2358'. [ 950.387112][T18029] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 950.640327][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 950.739708][T17876] chnl_net:caif_netlink_parms(): no params data found [ 951.209418][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 951.546091][T12800] Bluetooth: hci4: command tx timeout [ 951.824732][T17876] bridge0: port 1(bridge_slave_0) entered blocking state [ 951.863526][T17876] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.886913][T17876] bridge_slave_0: entered allmulticast mode [ 951.938450][T17876] bridge_slave_0: entered promiscuous mode [ 952.111095][T17876] bridge0: port 2(bridge_slave_1) entered blocking state [ 952.153657][T17876] bridge0: port 2(bridge_slave_1) entered disabled state [ 952.186224][T17876] bridge_slave_1: entered allmulticast mode [ 952.198912][T17876] bridge_slave_1: entered promiscuous mode [ 952.542401][T17876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 952.585080][T17876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 952.786731][ T13] bridge_slave_1: left allmulticast mode [ 952.792633][ T13] bridge_slave_1: left promiscuous mode [ 952.826671][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 953.018510][ T13] bridge_slave_0: left allmulticast mode [ 953.048189][ T13] bridge_slave_0: left promiscuous mode [ 953.055494][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 953.625717][T12800] Bluetooth: hci4: command tx timeout [ 954.566910][T18226] random: crng reseeded on system resumption [ 955.592985][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 955.657032][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 955.701938][ T13] bond0 (unregistering): Released all slaves [ 955.708388][T12800] Bluetooth: hci4: command tx timeout [ 955.888446][T17876] team0: Port device team_slave_0 added [ 955.968490][T17876] team0: Port device team_slave_1 added [ 956.527943][T17876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 956.545663][T17876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 956.645592][T17876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 957.336443][T17876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 957.343459][T17876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 957.445652][T17876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 957.776399][ T13] hsr_slave_0: left promiscuous mode [ 957.806281][ T13] hsr_slave_1: left promiscuous mode [ 957.812394][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 957.835398][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 957.870610][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 958.015043][ T13] veth1_macvtap: left promiscuous mode [ 958.065808][ T13] veth0_macvtap: left promiscuous mode [ 958.071621][ T13] veth1_vlan: left promiscuous mode [ 958.116971][ T13] veth0_vlan: left promiscuous mode [ 960.812838][ T13] team0 (unregistering): Port device team_slave_1 removed [ 960.985016][ T13] team0 (unregistering): Port device team_slave_0 removed [ 963.280805][T17876] hsr_slave_0: entered promiscuous mode [ 963.318874][T17876] hsr_slave_1: entered promiscuous mode [ 963.325071][T17876] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 963.354568][T17876] Cannot create hsr debugfs directory [ 965.673571][T18519] FAULT_INJECTION: forcing a failure. [ 965.673571][T18519] name failslab, interval 1, probability 0, space 0, times 0 [ 965.728627][T18519] CPU: 1 UID: 0 PID: 18519 Comm: syz.0.2380 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 965.728680][T18519] Tainted: [U]=USER [ 965.728691][T18519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 965.728709][T18519] Call Trace: [ 965.728720][T18519] [ 965.728732][T18519] dump_stack_lvl+0x16c/0x1f0 [ 965.728786][T18519] should_fail_ex+0x512/0x640 [ 965.728822][T18519] ? fs_reclaim_acquire+0xae/0x150 [ 965.728864][T18519] ? tomoyo_encode2+0x100/0x3e0 [ 965.728905][T18519] should_failslab+0xc2/0x120 [ 965.728936][T18519] __kmalloc_noprof+0xd2/0x510 [ 965.728993][T18519] tomoyo_encode2+0x100/0x3e0 [ 965.729043][T18519] tomoyo_encode+0x29/0x50 [ 965.729095][T18519] tomoyo_realpath_from_path+0x18f/0x6e0 [ 965.729152][T18519] tomoyo_check_open_permission+0x2ab/0x3c0 [ 965.729194][T18519] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 965.729276][T18519] ? do_raw_spin_lock+0x12c/0x2b0 [ 965.729326][T18519] tomoyo_file_open+0x6b/0x90 [ 965.729379][T18519] security_file_open+0x84/0x1e0 [ 965.729424][T18519] do_dentry_open+0x596/0x1c10 [ 965.729482][T18519] vfs_open+0x82/0x3f0 [ 965.729522][T18519] path_openat+0x1e5e/0x2d40 [ 965.729585][T18519] ? __pfx_path_openat+0x10/0x10 [ 965.729659][T18519] do_filp_open+0x20b/0x470 [ 965.729708][T18519] ? __pfx_do_filp_open+0x10/0x10 [ 965.729787][T18519] ? alloc_fd+0x471/0x7d0 [ 965.729843][T18519] do_sys_openat2+0x11b/0x1d0 [ 965.729877][T18519] ? __pfx_do_sys_openat2+0x10/0x10 [ 965.729917][T18519] ? __fget_files+0x20e/0x3c0 [ 965.729970][T18519] __x64_sys_openat+0x174/0x210 [ 965.730005][T18519] ? __pfx___x64_sys_openat+0x10/0x10 [ 965.730039][T18519] ? ksys_write+0x1b9/0x240 [ 965.730088][T18519] ? rcu_is_watching+0x12/0xc0 [ 965.730142][T18519] do_syscall_64+0xcd/0x260 [ 965.730193][T18519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 965.730225][T18519] RIP: 0033:0x7fad6e78d169 [ 965.730252][T18519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 965.730284][T18519] RSP: 002b:00007fad6f606038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 965.730314][T18519] RAX: ffffffffffffffda RBX: 00007fad6e9a5fa0 RCX: 00007fad6e78d169 [ 965.730335][T18519] RDX: 0000000000020540 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 965.730356][T18519] RBP: 00007fad6f606090 R08: 0000000000000000 R09: 0000000000000000 [ 965.730375][T18519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 965.730394][T18519] R13: 0000000000000000 R14: 00007fad6e9a5fa0 R15: 00007ffee883c7e8 [ 965.730436][T18519] [ 965.730468][T18519] ERROR: Out of memory at tomoyo_realpath_from_path. [ 966.676565][T18547] FAULT_INJECTION: forcing a failure. [ 966.676565][T18547] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 966.729831][T18547] CPU: 0 UID: 0 PID: 18547 Comm: syz.0.2382 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 966.729885][T18547] Tainted: [U]=USER [ 966.729897][T18547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 966.729917][T18547] Call Trace: [ 966.729928][T18547] [ 966.729942][T18547] dump_stack_lvl+0x16c/0x1f0 [ 966.730007][T18547] should_fail_ex+0x512/0x640 [ 966.730051][T18547] _copy_to_user+0x32/0xd0 [ 966.730096][T18547] simple_read_from_buffer+0xcb/0x170 [ 966.730144][T18547] proc_fail_nth_read+0x197/0x270 [ 966.730192][T18547] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 966.730240][T18547] ? rw_verify_area+0xcf/0x680 [ 966.730283][T18547] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 966.730329][T18547] vfs_read+0x1de/0xc70 [ 966.730378][T18547] ? __pfx___mutex_lock+0x10/0x10 [ 966.730427][T18547] ? __pfx_vfs_read+0x10/0x10 [ 966.730482][T18547] ? __fget_files+0x20e/0x3c0 [ 966.730539][T18547] ksys_read+0x12a/0x240 [ 966.730583][T18547] ? __pfx_ksys_read+0x10/0x10 [ 966.730624][T18547] ? rcu_is_watching+0x12/0xc0 [ 966.730675][T18547] do_syscall_64+0xcd/0x260 [ 966.730726][T18547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 966.730760][T18547] RIP: 0033:0x7fad6e78bb7c [ 966.730785][T18547] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 966.730817][T18547] RSP: 002b:00007fad6f606030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 966.730848][T18547] RAX: ffffffffffffffda RBX: 00007fad6e9a5fa0 RCX: 00007fad6e78bb7c [ 966.730870][T18547] RDX: 000000000000000f RSI: 00007fad6f6060a0 RDI: 0000000000000004 [ 966.730890][T18547] RBP: 00007fad6f606090 R08: 0000000000000000 R09: 0000000000000000 [ 966.730910][T18547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 966.730929][T18547] R13: 0000000000000000 R14: 00007fad6e9a5fa0 R15: 00007ffee883c7e8 [ 966.730990][T18547] [ 967.715088][T17876] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 967.768562][T17876] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 968.019896][T17876] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 968.149479][T17876] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 968.666910][T17876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 968.750299][T17876] 8021q: adding VLAN 0 to HW filter on device team0 [ 968.801069][T11310] bridge0: port 1(bridge_slave_0) entered blocking state [ 968.808391][T11310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 968.828875][T11310] bridge0: port 2(bridge_slave_1) entered blocking state [ 968.836100][T11310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 968.909984][T17876] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 968.972382][T17876] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 969.307176][T18550] FAULT_INJECTION: forcing a failure. [ 969.307176][T18550] name failslab, interval 1, probability 0, space 0, times 0 [ 969.396524][T18550] CPU: 0 UID: 0 PID: 18550 Comm: syz.0.2384 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 969.396577][T18550] Tainted: [U]=USER [ 969.396588][T18550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 969.396607][T18550] Call Trace: [ 969.396618][T18550] [ 969.396630][T18550] dump_stack_lvl+0x16c/0x1f0 [ 969.396680][T18550] should_fail_ex+0x512/0x640 [ 969.396714][T18550] ? __kmalloc_node_noprof+0xc5/0x500 [ 969.396765][T18550] should_failslab+0xc2/0x120 [ 969.396795][T18550] __kmalloc_node_noprof+0xd8/0x500 [ 969.396844][T18550] ? __vmalloc_node_range_noprof+0x3eb/0x1540 [ 969.396892][T18550] __vmalloc_node_range_noprof+0x3eb/0x1540 [ 969.396946][T18550] ? n_tty_open+0x1a/0x170 [ 969.396984][T18550] ? __ldsem_down_write_nested+0x10e/0x850 [ 969.397022][T18550] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 969.397074][T18550] ? n_tty_open+0x1a/0x170 [ 969.397108][T18550] vzalloc_noprof+0x6b/0x90 [ 969.397146][T18550] ? n_tty_open+0x1a/0x170 [ 969.397177][T18550] ? __pfx_n_tty_open+0x10/0x10 [ 969.397209][T18550] n_tty_open+0x1a/0x170 [ 969.397240][T18550] ? __pfx_n_tty_open+0x10/0x10 [ 969.397272][T18550] tty_ldisc_open+0x9c/0x120 [ 969.397333][T18550] tty_ldisc_setup+0x40/0x100 [ 969.397381][T18550] tty_init_dev.part.0+0x1ec/0x500 [ 969.397419][T18550] tty_open+0xa50/0xf90 [ 969.397459][T18550] ? __pfx_tty_open+0x10/0x10 [ 969.397491][T18550] ? chrdev_open+0x10b/0x6a0 [ 969.397551][T18550] ? __pfx_tty_open+0x10/0x10 [ 969.397583][T18550] chrdev_open+0x231/0x6a0 [ 969.397649][T18550] ? __pfx_apparmor_file_open+0x10/0x10 [ 969.397693][T18550] ? __pfx_chrdev_open+0x10/0x10 [ 969.397749][T18550] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 969.397804][T18550] do_dentry_open+0x741/0x1c10 [ 969.397853][T18550] ? __pfx_chrdev_open+0x10/0x10 [ 969.397914][T18550] vfs_open+0x82/0x3f0 [ 969.397954][T18550] path_openat+0x1e5e/0x2d40 [ 969.398019][T18550] ? __pfx_path_openat+0x10/0x10 [ 969.398081][T18550] do_filp_open+0x20b/0x470 [ 969.398131][T18550] ? __pfx_do_filp_open+0x10/0x10 [ 969.398213][T18550] ? alloc_fd+0x471/0x7d0 [ 969.398272][T18550] do_sys_openat2+0x11b/0x1d0 [ 969.398308][T18550] ? __pfx_do_sys_openat2+0x10/0x10 [ 969.398362][T18550] __x64_sys_openat+0x174/0x210 [ 969.398399][T18550] ? __pfx___x64_sys_openat+0x10/0x10 [ 969.398439][T18550] ? rcu_is_watching+0x12/0xc0 [ 969.398494][T18550] do_syscall_64+0xcd/0x260 [ 969.398553][T18550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 969.398588][T18550] RIP: 0033:0x7fad6e78d169 [ 969.398615][T18550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 969.398648][T18550] RSP: 002b:00007fad6f606038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 969.398679][T18550] RAX: ffffffffffffffda RBX: 00007fad6e9a5fa0 RCX: 00007fad6e78d169 [ 969.398701][T18550] RDX: 000000000004001f RSI: 0000200000000040 RDI: ffffffffffffff9c [ 969.398722][T18550] RBP: 00007fad6e80e990 R08: 0000000000000000 R09: 0000000000000000 [ 969.398743][T18550] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 969.398764][T18550] R13: 0000000000000000 R14: 00007fad6e9a5fa0 R15: 00007ffee883c7e8 [ 969.398808][T18550] [ 969.398823][T18550] warn_alloc: 1 callbacks suppressed [ 969.398851][T18550] syz.0.2384: vmalloc error: size 12288, failed to allocated page array size 24, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 969.911831][T18550] CPU: 0 UID: 0 PID: 18550 Comm: syz.0.2384 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 969.911881][T18550] Tainted: [U]=USER [ 969.911892][T18550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 969.911910][T18550] Call Trace: [ 969.911920][T18550] [ 969.911932][T18550] dump_stack_lvl+0x16c/0x1f0 [ 969.911983][T18550] warn_alloc+0x248/0x3a0 [ 969.912031][T18550] ? __pfx_warn_alloc+0x10/0x10 [ 969.912073][T18550] ? dump_stack_lvl+0x185/0x1f0 [ 969.912128][T18550] ? rcu_is_watching+0x12/0xc0 [ 969.912167][T18550] ? __kmalloc_node_noprof+0x23b/0x500 [ 969.912224][T18550] __vmalloc_node_range_noprof+0x1110/0x1540 [ 969.912281][T18550] ? n_tty_open+0x1a/0x170 [ 969.912319][T18550] ? __ldsem_down_write_nested+0x10e/0x850 [ 969.912377][T18550] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 969.912433][T18550] ? n_tty_open+0x1a/0x170 [ 969.912471][T18550] vzalloc_noprof+0x6b/0x90 [ 969.912511][T18550] ? n_tty_open+0x1a/0x170 [ 969.912545][T18550] ? __pfx_n_tty_open+0x10/0x10 [ 969.912586][T18550] n_tty_open+0x1a/0x170 [ 969.912622][T18550] ? __pfx_n_tty_open+0x10/0x10 [ 969.912657][T18550] tty_ldisc_open+0x9c/0x120 [ 969.912703][T18550] tty_ldisc_setup+0x40/0x100 [ 969.912752][T18550] tty_init_dev.part.0+0x1ec/0x500 [ 969.912789][T18550] tty_open+0xa50/0xf90 [ 969.912829][T18550] ? __pfx_tty_open+0x10/0x10 [ 969.912862][T18550] ? chrdev_open+0x10b/0x6a0 [ 969.912918][T18550] ? __pfx_tty_open+0x10/0x10 [ 969.912949][T18550] chrdev_open+0x231/0x6a0 [ 969.912998][T18550] ? __pfx_apparmor_file_open+0x10/0x10 [ 969.913039][T18550] ? __pfx_chrdev_open+0x10/0x10 [ 969.913093][T18550] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 969.913146][T18550] do_dentry_open+0x741/0x1c10 [ 969.913193][T18550] ? __pfx_chrdev_open+0x10/0x10 [ 969.913253][T18550] vfs_open+0x82/0x3f0 [ 969.913291][T18550] path_openat+0x1e5e/0x2d40 [ 969.913354][T18550] ? __pfx_path_openat+0x10/0x10 [ 969.913413][T18550] do_filp_open+0x20b/0x470 [ 969.913460][T18550] ? __pfx_do_filp_open+0x10/0x10 [ 969.913548][T18550] ? alloc_fd+0x471/0x7d0 [ 969.913617][T18550] do_sys_openat2+0x11b/0x1d0 [ 969.913650][T18550] ? __pfx_do_sys_openat2+0x10/0x10 [ 969.913718][T18550] __x64_sys_openat+0x174/0x210 [ 969.913755][T18550] ? __pfx___x64_sys_openat+0x10/0x10 [ 969.913794][T18550] ? rcu_is_watching+0x12/0xc0 [ 969.913844][T18550] do_syscall_64+0xcd/0x260 [ 969.913896][T18550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 969.913928][T18550] RIP: 0033:0x7fad6e78d169 [ 969.913953][T18550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 969.913985][T18550] RSP: 002b:00007fad6f606038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 969.914020][T18550] RAX: ffffffffffffffda RBX: 00007fad6e9a5fa0 RCX: 00007fad6e78d169 [ 969.914040][T18550] RDX: 000000000004001f RSI: 0000200000000040 RDI: ffffffffffffff9c [ 969.914060][T18550] RBP: 00007fad6e80e990 R08: 0000000000000000 R09: 0000000000000000 [ 969.914078][T18550] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 969.914097][T18550] R13: 0000000000000000 R14: 00007fad6e9a5fa0 R15: 00007ffee883c7e8 [ 969.914138][T18550] [ 969.914152][T18550] Mem-Info: [ 970.283170][T18550] active_anon:33062 inactive_anon:0 isolated_anon:0 [ 970.283170][T18550] active_file:11072 inactive_file:48497 isolated_file:0 [ 970.283170][T18550] unevictable:768 dirty:1400 writeback:0 [ 970.283170][T18550] slab_reclaimable:12120 slab_unreclaimable:95492 [ 970.283170][T18550] mapped:35142 shmem:13152 pagetables:1128 [ 970.283170][T18550] sec_pagetables:0 bounce:0 [ 970.283170][T18550] kernel_misc_reclaimable:0 [ 970.283170][T18550] free:1296306 free_pcp:1887 free_cma:0 [ 970.495790][T18550] Node 0 active_anon:134248kB inactive_anon:0kB active_file:44288kB inactive_file:193912kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142268kB dirty:5600kB writeback:0kB shmem:52448kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:10532kB pagetables:4312kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 970.533894][T17876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 970.633957][T18550] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2560kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 970.752373][T18550] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 970.884050][ T30] audit: type=1800 audit(6039537829.293:14): pid=18641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2387" name="lu_gp_id" dev="configfs" ino=224035 res=0 errno=0 [ 970.920775][T17876] veth0_vlan: entered promiscuous mode [ 970.936635][T18550] lowmem_reserve[]: 0 2482 2483 2483 2483 [ 970.942520][T18550] Node 0 DMA32 free:1262084kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:139020kB inactive_anon:0kB active_file:44288kB inactive_file:192340kB unevictable:1536kB writepending:5632kB present:3129332kB managed:2541668kB mlocked:0kB bounce:0kB free_pcp:644kB local_pcp:628kB free_cma:0kB [ 971.013051][T17876] veth1_vlan: entered promiscuous mode [ 971.066062][T18550] lowmem_reserve[]: 0 0 1 1 1 [ 971.071975][T18550] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1580kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 971.232465][T18550] lowmem_reserve[]: 0 0 0 0 0 [ 971.270577][T18550] Node 1 Normal free:3908752kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 971.412952][T18550] lowmem_reserve[]: 0 0 0 0 0 [ 971.526260][T18550] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 971.652343][T18650] random: crng reseeded on system resumption [ 971.672358][T18550] Node 0 DMA32: 393*4kB (UME) 244*8kB (UE) 35*16kB (UME) 231*32kB (UME) 675*64kB (UME) 282*128kB (UME) 153*256kB (UM) 116*512kB (UME) 67*1024kB (UME) 18*2048kB (UME) 225*4096kB (UM) = 1216404kB [ 971.773059][T17876] veth0_macvtap: entered promiscuous mode [ 971.788230][T18550] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 971.801520][T17876] veth1_macvtap: entered promiscuous mode [ 971.859973][T18550] Node 1 Normal: 226*4kB (UM) 71*8kB (UME) 33*16kB (UME) 178*32kB (UME) 98*64kB (UME) 34*128kB (UME) 17*256kB (UM) 8*512kB (UM) 9*1024kB (UM) 3*2048kB (U) 944*4096kB (ME) = 3908752kB [ 971.946978][T18550] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 971.963597][T17876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 972.025612][T17876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 972.035488][T17876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 972.045568][T18550] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 972.075639][T17876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 972.115581][T17876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 972.118636][T18550] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 972.135587][T17876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 972.197355][T18550] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 972.246112][T17876] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 972.278433][T17876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 972.315842][T17876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 972.325928][T18550] 87206 total pagecache pages [ 972.330647][T18550] 0 pages in swap cache [ 972.334826][T18550] Free swap = 124996kB [ 972.355571][T17876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 972.381500][T17876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 972.435628][T18550] Total swap = 124996kB [ 972.435751][T17876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 972.440680][T18550] 2097051 pages RAM [ 972.474939][T18550] 0 pages HighMem/MovableOnly [ 972.479950][T18550] 429592 pages reserved [ 972.491377][T18550] 0 pages cma reserved [ 972.504998][T17876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 972.505171][T18550] tty tty26: ldisc open failed (-12), clearing slot 25 [ 972.537623][T17876] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 972.554492][T18641] pty pty202: ldisc open failed (-12), clearing slot 202 [ 972.823197][T17876] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 972.864958][T17876] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 972.908834][T17876] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 972.935606][T17876] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.481978][T11309] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 974.509792][T11309] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 974.805587][T11311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 974.855784][T11311] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 975.136476][T18753] FAULT_INJECTION: forcing a failure. [ 975.136476][T18753] name failslab, interval 1, probability 0, space 0, times 0 [ 975.309907][T18753] CPU: 1 UID: 0 PID: 18753 Comm: syz.3.2397 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 975.309959][T18753] Tainted: [U]=USER [ 975.309970][T18753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 975.309988][T18753] Call Trace: [ 975.309999][T18753] [ 975.310012][T18753] dump_stack_lvl+0x16c/0x1f0 [ 975.310063][T18753] should_fail_ex+0x512/0x640 [ 975.310111][T18753] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 975.310177][T18753] should_failslab+0xc2/0x120 [ 975.310207][T18753] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 975.310256][T18753] ? __alloc_skb+0x2b2/0x380 [ 975.310303][T18753] __alloc_skb+0x2b2/0x380 [ 975.310340][T18753] ? __pfx___alloc_skb+0x10/0x10 [ 975.310385][T18753] ? __lock_acquire+0xaa4/0x1ba0 [ 975.310442][T18753] netlink_alloc_large_skb+0x69/0x130 [ 975.310491][T18753] netlink_sendmsg+0x6a1/0xdd0 [ 975.310544][T18753] ? __pfx_netlink_sendmsg+0x10/0x10 [ 975.310606][T18753] ____sys_sendmsg+0xa95/0xc70 [ 975.310638][T18753] ? copy_msghdr_from_user+0x10a/0x160 [ 975.310679][T18753] ? __pfx_____sys_sendmsg+0x10/0x10 [ 975.310728][T18753] ___sys_sendmsg+0x134/0x1d0 [ 975.310772][T18753] ? __pfx____sys_sendmsg+0x10/0x10 [ 975.310862][T18753] __sys_sendmsg+0x16d/0x220 [ 975.310904][T18753] ? __pfx___sys_sendmsg+0x10/0x10 [ 975.310956][T18753] ? rcu_is_watching+0x12/0xc0 [ 975.311006][T18753] do_syscall_64+0xcd/0x260 [ 975.311057][T18753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 975.311096][T18753] RIP: 0033:0x7fc3fe98d169 [ 975.311120][T18753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 975.311151][T18753] RSP: 002b:00007fc3ff7b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 975.311180][T18753] RAX: ffffffffffffffda RBX: 00007fc3feba5fa0 RCX: 00007fc3fe98d169 [ 975.311201][T18753] RDX: 0000000000000080 RSI: 0000200000001ac0 RDI: 0000000000000003 [ 975.311220][T18753] RBP: 00007fc3ff7b0090 R08: 0000000000000000 R09: 0000000000000000 [ 975.311238][T18753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 975.311256][T18753] R13: 0000000000000000 R14: 00007fc3feba5fa0 R15: 00007ffe0c523dc8 [ 975.311295][T18753] [ 977.987487][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 978.000118][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 978.009086][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 978.027014][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 978.035644][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 979.127488][T18805] chnl_net:caif_netlink_parms(): no params data found [ 979.581145][T18991] random: crng reseeded on system resumption [ 979.641314][T18805] bridge0: port 1(bridge_slave_0) entered blocking state [ 979.671036][T18805] bridge0: port 1(bridge_slave_0) entered disabled state [ 979.688321][T18805] bridge_slave_0: entered allmulticast mode [ 979.720122][T18805] bridge_slave_0: entered promiscuous mode [ 979.757020][T18805] bridge0: port 2(bridge_slave_1) entered blocking state [ 979.764604][T18805] bridge0: port 2(bridge_slave_1) entered disabled state [ 979.910092][T18805] bridge_slave_1: entered allmulticast mode [ 979.937747][T18805] bridge_slave_1: entered promiscuous mode [ 980.128534][T12800] Bluetooth: hci3: command tx timeout [ 980.333513][T18805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 980.560180][T18805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 980.989053][T18805] team0: Port device team_slave_0 added [ 981.077040][T18805] team0: Port device team_slave_1 added [ 981.383436][T18805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 981.397997][T18805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 981.494328][T18805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 981.538383][T18805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 981.545389][T18805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 981.618140][T18805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 982.138769][T18805] hsr_slave_0: entered promiscuous mode [ 982.145475][T18805] hsr_slave_1: entered promiscuous mode [ 982.194899][T12800] Bluetooth: hci3: command tx timeout [ 982.206440][T18805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 982.260079][T18805] Cannot create hsr debugfs directory [ 983.481362][T18805] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.980721][T18805] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 984.271288][T12800] Bluetooth: hci3: command tx timeout [ 984.526390][T19257] netlink: 'syz.2.2416': attribute type 2 has an invalid length. [ 984.608073][T18805] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 984.895209][T19259] FAULT_INJECTION: forcing a failure. [ 984.895209][T19259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 984.977474][T19259] CPU: 0 UID: 0 PID: 19259 Comm: syz.3.2418 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 984.977527][T19259] Tainted: [U]=USER [ 984.977538][T19259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 984.977558][T19259] Call Trace: [ 984.977569][T19259] [ 984.977587][T19259] dump_stack_lvl+0x16c/0x1f0 [ 984.977657][T19259] should_fail_ex+0x512/0x640 [ 984.977701][T19259] _copy_to_user+0x32/0xd0 [ 984.977745][T19259] crtc_crc_read+0x86e/0xb00 [ 984.977805][T19259] ? __pfx_crtc_crc_read+0x10/0x10 [ 984.977850][T19259] ? __pfx_aa_file_perm+0x10/0x10 [ 984.977895][T19259] ? __pfx_autoremove_wake_function+0x10/0x10 [ 984.977979][T19259] full_proxy_read+0x13c/0x200 [ 984.978014][T19259] ? __pfx_full_proxy_read+0x10/0x10 [ 984.978052][T19259] vfs_read+0x1de/0xc70 [ 984.978103][T19259] ? __pfx___mutex_lock+0x10/0x10 [ 984.978151][T19259] ? __pfx_vfs_read+0x10/0x10 [ 984.978207][T19259] ? __fget_files+0x20e/0x3c0 [ 984.978267][T19259] ksys_read+0x12a/0x240 [ 984.978310][T19259] ? __pfx_ksys_read+0x10/0x10 [ 984.978352][T19259] ? rcu_is_watching+0x12/0xc0 [ 984.978405][T19259] do_syscall_64+0xcd/0x260 [ 984.978458][T19259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.978490][T19259] RIP: 0033:0x7fc3fe98d169 [ 984.978516][T19259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 984.978548][T19259] RSP: 002b:00007fc3ff7b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 984.978579][T19259] RAX: ffffffffffffffda RBX: 00007fc3feba5fa0 RCX: 00007fc3fe98d169 [ 984.978601][T19259] RDX: 0000000000000049 RSI: 0000200000000040 RDI: 0000000000000003 [ 984.978621][T19259] RBP: 00007fc3ff7b0090 R08: 0000000000000000 R09: 0000000000000000 [ 984.978648][T19259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 984.978668][T19259] R13: 0000000000000000 R14: 00007fc3feba5fa0 R15: 00007ffe0c523dc8 [ 984.978709][T19259] [ 985.181891][ C0] vkms_vblank_simulate: vblank timer overrun [ 985.563491][T18805] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.239712][T18805] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 986.312116][T18805] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 986.346279][T12800] Bluetooth: hci3: command tx timeout [ 986.364188][T18805] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 986.451153][T18805] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 986.822760][T18805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 986.907235][T18805] 8021q: adding VLAN 0 to HW filter on device team0 [ 986.947796][T11311] bridge0: port 1(bridge_slave_0) entered blocking state [ 986.955019][T11311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 987.013748][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 987.021099][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 987.499357][T19301] random: crng reseeded on system resumption [ 987.993627][T18805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 988.215172][T18805] veth0_vlan: entered promiscuous mode [ 988.229382][T18805] veth1_vlan: entered promiscuous mode [ 988.427439][T18805] veth0_macvtap: entered promiscuous mode [ 988.482593][T18805] veth1_macvtap: entered promiscuous mode [ 988.566158][T18805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 988.625634][T18805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 988.665826][T18805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 988.696684][T18805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 988.721260][T18805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 988.749045][T18805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 988.785671][T18805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 988.820252][T18805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 988.861549][T18805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 988.942223][T18805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 988.976758][T18805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 988.993743][T18805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 989.036626][T18805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 989.067878][T18805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 989.079977][T18805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 989.135574][T18805] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 989.165851][T18805] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 989.191442][T18805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 989.273937][T18805] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 989.295612][T18805] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 989.355798][T18805] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 989.364586][T18805] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 990.098751][T17981] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 990.135880][T17981] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 990.271995][T11310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 990.309777][T11310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 992.426660][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 992.446646][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 992.457552][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 992.481563][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 992.495877][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 993.720551][T19425] chnl_net:caif_netlink_parms(): no params data found [ 993.938173][T19566] random: crng reseeded on system resumption [ 994.593267][ T5842] Bluetooth: hci1: command tx timeout [ 994.682836][T19425] bridge0: port 1(bridge_slave_0) entered blocking state [ 994.715839][T19425] bridge0: port 1(bridge_slave_0) entered disabled state [ 994.723221][T19425] bridge_slave_0: entered allmulticast mode [ 994.777697][T19425] bridge_slave_0: entered promiscuous mode [ 994.797138][T19425] bridge0: port 2(bridge_slave_1) entered blocking state [ 994.813860][T19425] bridge0: port 2(bridge_slave_1) entered disabled state [ 994.850137][T19425] bridge_slave_1: entered allmulticast mode [ 994.877421][T19425] bridge_slave_1: entered promiscuous mode [ 995.243103][T19425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 995.587979][T19425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 996.027777][T19425] team0: Port device team_slave_0 added [ 996.087077][T19425] team0: Port device team_slave_1 added [ 996.383862][T19425] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 996.396187][T19425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 996.422843][T19425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 996.673144][ T5842] Bluetooth: hci1: command tx timeout [ 996.741828][T19425] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 996.761937][T19425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 996.861920][T19425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 997.197604][T19425] hsr_slave_0: entered promiscuous mode [ 997.217290][T19425] hsr_slave_1: entered promiscuous mode [ 997.223733][T19425] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 997.247445][T19425] Cannot create hsr debugfs directory [ 998.216638][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.223025][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.388455][T19425] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.641650][T19425] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.762009][ T5842] Bluetooth: hci1: command tx timeout [ 999.062462][T19425] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.284735][T19425] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 999.589435][T19886] netlink: 'syz.1.2441': attribute type 1 has an invalid length. [ 999.841901][T19425] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 999.883362][T19425] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 999.922829][T19425] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 999.970281][T19425] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1000.634617][T19425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1000.825836][ T5842] Bluetooth: hci1: command tx timeout [ 1001.128536][T19425] 8021q: adding VLAN 0 to HW filter on device team0 [ 1001.247756][T11311] bridge0: port 1(bridge_slave_0) entered blocking state [ 1001.254984][T11311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1001.311661][T11311] bridge0: port 2(bridge_slave_1) entered blocking state [ 1001.318948][T11311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1002.340748][T19970] random: crng reseeded on system resumption [ 1002.639666][T19425] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1002.913229][T19425] veth0_vlan: entered promiscuous mode [ 1002.973102][T19425] veth1_vlan: entered promiscuous mode [ 1003.275076][T19425] veth0_macvtap: entered promiscuous mode [ 1003.488380][T19425] veth1_macvtap: entered promiscuous mode [ 1003.679177][T20005] Setting dangerous option i915.mitigations - tainting kernel [ 1003.890122][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1003.943072][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.975620][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1003.990347][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.003391][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1004.034282][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.055373][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1004.094996][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.125611][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1004.145892][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.192990][T19425] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1004.220187][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1004.255587][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.285574][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1004.315553][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.325411][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1004.395883][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.428164][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1004.440119][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.455572][T19425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1004.480594][T19425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.507441][T19425] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1004.560378][T19425] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1004.605607][T19425] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1004.614380][T19425] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1004.655635][T19425] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1004.703744][T20033] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2449'. [ 1005.314190][ T3499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1005.373002][ T3499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1005.812995][T11314] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1005.853448][T11314] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1006.215189][T20109] FAULT_INJECTION: forcing a failure. [ 1006.215189][T20109] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.296083][T20109] CPU: 0 UID: 0 PID: 20109 Comm: syz.2.2450 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1006.296129][T20109] Tainted: [U]=USER [ 1006.296138][T20109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1006.296161][T20109] Call Trace: [ 1006.296170][T20109] [ 1006.296180][T20109] dump_stack_lvl+0x16c/0x1f0 [ 1006.296225][T20109] should_fail_ex+0x512/0x640 [ 1006.296254][T20109] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1006.296302][T20109] should_failslab+0xc2/0x120 [ 1006.296327][T20109] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1006.296371][T20109] ? __kthread_create_on_node+0x186/0x3f0 [ 1006.296417][T20109] kvasprintf+0xbc/0x160 [ 1006.296450][T20109] ? __pfx_kvasprintf+0x10/0x10 [ 1006.296495][T20109] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 1006.296520][T20109] __kthread_create_on_node+0x186/0x3f0 [ 1006.296560][T20109] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1006.296586][T20109] ? __pfx___kthread_create_on_node+0x10/0x10 [ 1006.296644][T20109] ? __pfx_dvb_frontend_thread+0x10/0x10 [ 1006.296671][T20109] kthread_create_on_node+0xc7/0x100 [ 1006.296711][T20109] ? __pfx_kthread_create_on_node+0x10/0x10 [ 1006.296758][T20109] ? mark_held_locks+0x49/0x80 [ 1006.296797][T20109] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1006.296830][T20109] ? lockdep_hardirqs_on+0x7c/0x110 [ 1006.296871][T20109] dvb_frontend_open+0xf47/0x1730 [ 1006.296906][T20109] ? __pfx_dvb_frontend_open+0x10/0x10 [ 1006.296934][T20109] dvb_device_open+0x26d/0x3b0 [ 1006.296960][T20109] ? __pfx_dvb_device_open+0x10/0x10 [ 1006.296986][T20109] chrdev_open+0x231/0x6a0 [ 1006.297025][T20109] ? __pfx_apparmor_file_open+0x10/0x10 [ 1006.297058][T20109] ? __pfx_chrdev_open+0x10/0x10 [ 1006.297118][T20109] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1006.297170][T20109] do_dentry_open+0x741/0x1c10 [ 1006.297210][T20109] ? __pfx_chrdev_open+0x10/0x10 [ 1006.297259][T20109] vfs_open+0x82/0x3f0 [ 1006.297293][T20109] path_openat+0x1e5e/0x2d40 [ 1006.297347][T20109] ? __pfx_path_openat+0x10/0x10 [ 1006.297397][T20109] do_filp_open+0x20b/0x470 [ 1006.297438][T20109] ? __pfx_do_filp_open+0x10/0x10 [ 1006.297504][T20109] ? alloc_fd+0x471/0x7d0 [ 1006.297553][T20109] do_sys_openat2+0x11b/0x1d0 [ 1006.297581][T20109] ? __pfx_do_sys_openat2+0x10/0x10 [ 1006.297628][T20109] __x64_sys_openat+0x174/0x210 [ 1006.297676][T20109] ? __pfx___x64_sys_openat+0x10/0x10 [ 1006.297709][T20109] ? rcu_is_watching+0x12/0xc0 [ 1006.297754][T20109] do_syscall_64+0xcd/0x260 [ 1006.297815][T20109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.297844][T20109] RIP: 0033:0x7fc295d8d169 [ 1006.297868][T20109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1006.297896][T20109] RSP: 002b:00007fc296b51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1006.297923][T20109] RAX: ffffffffffffffda RBX: 00007fc295fa6160 RCX: 00007fc295d8d169 [ 1006.297942][T20109] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1006.297959][T20109] RBP: 00007fc295e0e990 R08: 0000000000000000 R09: 0000000000000000 [ 1006.297976][T20109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1006.297993][T20109] R13: 0000000000000000 R14: 00007fc295fa6160 R15: 00007ffc75b515b8 [ 1006.298030][T20109] [ 1006.298082][T20109] i2c i2c-0: dvb_frontend_start: failed to start kthread (-12) [ 1008.254257][T20161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2452'. [ 1008.431132][T20128] FAULT_INJECTION: forcing a failure. [ 1008.431132][T20128] name failslab, interval 1, probability 0, space 0, times 0 [ 1008.477486][T12800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1008.488663][T12800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1008.497188][T20128] CPU: 1 UID: 0 PID: 20128 Comm: syz.3.2430 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1008.497243][T20128] Tainted: [U]=USER [ 1008.497256][T20128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1008.497275][T20128] Call Trace: [ 1008.497287][T20128] [ 1008.497300][T20128] dump_stack_lvl+0x16c/0x1f0 [ 1008.497360][T20128] should_fail_ex+0x512/0x640 [ 1008.497397][T20128] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 1008.497450][T20128] should_failslab+0xc2/0x120 [ 1008.497482][T20128] __kmalloc_cache_node_noprof+0x6d/0x420 [ 1008.497532][T20128] ? __get_vm_area_node+0x101/0x300 [ 1008.497578][T20128] __get_vm_area_node+0x101/0x300 [ 1008.497625][T20128] __vmalloc_node_range_noprof+0x277/0x1540 [ 1008.497688][T20128] ? n_tty_open+0x1a/0x170 [ 1008.497739][T20128] ? n_tty_open+0x1a/0x170 [ 1008.497780][T20128] ? __ldsem_down_write_nested+0x10e/0x850 [ 1008.497821][T20128] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1008.497880][T20128] ? n_tty_open+0x1a/0x170 [ 1008.497917][T20128] vzalloc_noprof+0x6b/0x90 [ 1008.497969][T20128] ? n_tty_open+0x1a/0x170 [ 1008.498004][T20128] ? __pfx_n_tty_open+0x10/0x10 [ 1008.498039][T20128] n_tty_open+0x1a/0x170 [ 1008.498075][T20128] ? __pfx_n_tty_open+0x10/0x10 [ 1008.498110][T20128] tty_ldisc_open+0x9c/0x120 [ 1008.498156][T20128] tty_ldisc_setup+0x40/0x100 [ 1008.498207][T20128] tty_init_dev.part.0+0x1ec/0x500 [ 1008.498246][T20128] tty_open+0xa50/0xf90 [ 1008.498287][T20128] ? __pfx_tty_open+0x10/0x10 [ 1008.498321][T20128] ? chrdev_open+0x10b/0x6a0 [ 1008.498380][T20128] ? __pfx_tty_open+0x10/0x10 [ 1008.498413][T20128] chrdev_open+0x231/0x6a0 [ 1008.498464][T20128] ? __pfx_apparmor_file_open+0x10/0x10 [ 1008.498507][T20128] ? __pfx_chrdev_open+0x10/0x10 [ 1008.498562][T20128] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1008.498619][T20128] do_dentry_open+0x741/0x1c10 [ 1008.498669][T20128] ? __pfx_chrdev_open+0x10/0x10 [ 1008.498731][T20128] vfs_open+0x82/0x3f0 [ 1008.498771][T20128] path_openat+0x1e5e/0x2d40 [ 1008.498859][T20128] ? __pfx_path_openat+0x10/0x10 [ 1008.498915][T20128] do_filp_open+0x20b/0x470 [ 1008.498967][T20128] ? __pfx_do_filp_open+0x10/0x10 [ 1008.499042][T20128] ? alloc_fd+0x471/0x7d0 [ 1008.499099][T20128] do_sys_openat2+0x11b/0x1d0 [ 1008.499132][T20128] ? __pfx_do_sys_openat2+0x10/0x10 [ 1008.499180][T20128] __x64_sys_openat+0x174/0x210 [ 1008.499214][T20128] ? __pfx___x64_sys_openat+0x10/0x10 [ 1008.499249][T20128] ? rcu_is_watching+0x12/0xc0 [ 1008.499299][T20128] do_syscall_64+0xcd/0x260 [ 1008.499349][T20128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.499380][T20128] RIP: 0033:0x7fba7158d169 [ 1008.499405][T20128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1008.499435][T20128] RSP: 002b:00007fba724a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1008.499464][T20128] RAX: ffffffffffffffda RBX: 00007fba717a5fa0 RCX: 00007fba7158d169 [ 1008.499484][T20128] RDX: 000000000004001f RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1008.499504][T20128] RBP: 00007fba7160e990 R08: 0000000000000000 R09: 0000000000000000 [ 1008.499522][T20128] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 1008.499540][T20128] R13: 0000000000000000 R14: 00007fba717a5fa0 R15: 00007fff94ee6288 [ 1008.499578][T20128] [ 1008.499594][T20128] syz.3.2430: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1008.565714][T12800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1008.620500][T20128] ,cpuset= [ 1008.739349][T12800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1008.874150][T12800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1008.897300][T20128] /,mems_allowed=0-1 [ 1008.902489][T20128] CPU: 0 UID: 0 PID: 20128 Comm: syz.3.2430 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1008.902555][T20128] Tainted: [U]=USER [ 1008.902566][T20128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1008.902585][T20128] Call Trace: [ 1008.902595][T20128] [ 1008.902608][T20128] dump_stack_lvl+0x16c/0x1f0 [ 1008.902658][T20128] warn_alloc+0x248/0x3a0 [ 1008.902721][T20128] ? __pfx_warn_alloc+0x10/0x10 [ 1008.902772][T20128] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 1008.902828][T20128] ? __kasan_kmalloc+0x8a/0xb0 [ 1008.902887][T20128] ? __get_vm_area_node+0x1e5/0x300 [ 1008.902934][T20128] __vmalloc_node_range_noprof+0xd31/0x1540 [ 1008.902992][T20128] ? n_tty_open+0x1a/0x170 [ 1008.903032][T20128] ? __ldsem_down_write_nested+0x10e/0x850 [ 1008.903071][T20128] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1008.903125][T20128] ? n_tty_open+0x1a/0x170 [ 1008.903161][T20128] vzalloc_noprof+0x6b/0x90 [ 1008.903201][T20128] ? n_tty_open+0x1a/0x170 [ 1008.903234][T20128] ? __pfx_n_tty_open+0x10/0x10 [ 1008.903265][T20128] n_tty_open+0x1a/0x170 [ 1008.903297][T20128] ? __pfx_n_tty_open+0x10/0x10 [ 1008.903332][T20128] tty_ldisc_open+0x9c/0x120 [ 1008.903378][T20128] tty_ldisc_setup+0x40/0x100 [ 1008.903424][T20128] tty_init_dev.part.0+0x1ec/0x500 [ 1008.903454][T20128] tty_open+0xa50/0xf90 [ 1008.903490][T20128] ? __pfx_tty_open+0x10/0x10 [ 1008.903517][T20128] ? chrdev_open+0x10b/0x6a0 [ 1008.903564][T20128] ? __pfx_tty_open+0x10/0x10 [ 1008.903591][T20128] chrdev_open+0x231/0x6a0 [ 1008.903634][T20128] ? __pfx_apparmor_file_open+0x10/0x10 [ 1008.903671][T20128] ? __pfx_chrdev_open+0x10/0x10 [ 1008.903730][T20128] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1008.903780][T20128] do_dentry_open+0x741/0x1c10 [ 1008.903834][T20128] ? __pfx_chrdev_open+0x10/0x10 [ 1008.903880][T20128] vfs_open+0x82/0x3f0 [ 1008.903913][T20128] path_openat+0x1e5e/0x2d40 [ 1008.903968][T20128] ? __pfx_path_openat+0x10/0x10 [ 1008.904015][T20128] do_filp_open+0x20b/0x470 [ 1008.904073][T20128] ? __pfx_do_filp_open+0x10/0x10 [ 1008.904145][T20128] ? alloc_fd+0x471/0x7d0 [ 1008.904194][T20128] do_sys_openat2+0x11b/0x1d0 [ 1008.904224][T20128] ? __pfx_do_sys_openat2+0x10/0x10 [ 1008.904268][T20128] __x64_sys_openat+0x174/0x210 [ 1008.904301][T20128] ? __pfx___x64_sys_openat+0x10/0x10 [ 1008.904335][T20128] ? rcu_is_watching+0x12/0xc0 [ 1008.904382][T20128] do_syscall_64+0xcd/0x260 [ 1008.904427][T20128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.904458][T20128] RIP: 0033:0x7fba7158d169 [ 1008.904480][T20128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1008.904510][T20128] RSP: 002b:00007fba724a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1008.904537][T20128] RAX: ffffffffffffffda RBX: 00007fba717a5fa0 RCX: 00007fba7158d169 [ 1008.904556][T20128] RDX: 000000000004001f RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1008.904574][T20128] RBP: 00007fba7160e990 R08: 0000000000000000 R09: 0000000000000000 [ 1008.904592][T20128] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 1008.904611][T20128] R13: 0000000000000000 R14: 00007fba717a5fa0 R15: 00007fff94ee6288 [ 1008.904645][T20128] [ 1008.975708][T20128] Mem-Info: [ 1009.267461][T20128] active_anon:37081 inactive_anon:0 isolated_anon:0 [ 1009.267461][T20128] active_file:7358 inactive_file:52208 isolated_file:0 [ 1009.267461][T20128] unevictable:768 dirty:1712 writeback:0 [ 1009.267461][T20128] slab_reclaimable:12245 slab_unreclaimable:104102 [ 1009.267461][T20128] mapped:36369 shmem:18583 pagetables:789 [ 1009.267461][T20128] sec_pagetables:0 bounce:0 [ 1009.267461][T20128] kernel_misc_reclaimable:0 [ 1009.267461][T20128] free:1280714 free_pcp:5608 free_cma:0 [ 1009.405293][T20128] Node 0 active_anon:149724kB inactive_anon:0kB active_file:29432kB inactive_file:208756kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:145576kB dirty:6844kB writeback:0kB shmem:72472kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10920kB pagetables:3256kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1009.465988][T20175] usbip-vudc usbip-vudc.0: gadget not bound [ 1009.507196][T20128] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2560kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1009.606324][T20128] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1009.706278][T20128] lowmem_reserve[]: 0 2482 2483 2483 2483 [ 1009.712168][T20128] Node 0 DMA32 free:1186784kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:160576kB inactive_anon:0kB active_file:29432kB inactive_file:207176kB unevictable:1536kB writepending:6840kB present:3129332kB managed:2541668kB mlocked:0kB bounce:0kB free_pcp:21880kB local_pcp:15552kB free_cma:0kB [ 1009.808673][T20128] lowmem_reserve[]: 0 0 1 1 1 [ 1009.813505][T20128] Node 0 Normal free:16kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1580kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1009.910390][T20128] lowmem_reserve[]: 0 0 0 0 0 [ 1009.941253][T20128] Node 1 Normal free:3908496kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 1010.055931][T20128] lowmem_reserve[]: 0 0 0 0 0 [ 1010.176690][T20128] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1010.385153][T20128] Node 0 DMA32: 53*4kB (E) 36*8kB (UE) 2*16kB (E) 192*32kB (UM) 782*64kB (UME) 389*128kB (UME) 206*256kB (UM) 96*512kB (UME) 60*1024kB (UME) 19*2048kB (UME) 218*4096kB (UM) = 1201684kB [ 1010.506160][T20128] Node 0 Normal: 0*4kB 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1010.546818][T20128] Node 1 Normal: 2*4kB (UM) 25*8kB (UME) 33*16kB (UME) 178*32kB (UME) 98*64kB (UME) 34*128kB (UME) 17*256kB (UM) 8*512kB (UM) 9*1024kB (UM) 3*2048kB (U) 944*4096kB (ME) = 3907488kB [ 1010.579338][T20128] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1010.601165][T20128] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1010.651708][T20128] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1010.663061][T20128] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1010.682997][T20128] 78729 total pagecache pages [ 1010.694501][T20128] 0 pages in swap cache [ 1010.699666][T20128] Free swap = 124996kB [ 1010.703880][T20128] Total swap = 124996kB [ 1010.711608][T20128] 2097051 pages RAM [ 1010.718736][T20128] 0 pages HighMem/MovableOnly [ 1010.723666][T20128] 429592 pages reserved [ 1010.733691][T20128] 0 pages cma reserved [ 1010.742625][T20128] tty tty26: ldisc open failed (-12), clearing slot 25 [ 1010.968677][T20162] chnl_net:caif_netlink_parms(): no params data found [ 1011.066205][T12800] Bluetooth: hci0: command tx timeout [ 1011.083547][T20348] random: crng reseeded on system resumption [ 1011.785085][T20162] bridge0: port 1(bridge_slave_0) entered blocking state [ 1011.792656][T20162] bridge0: port 1(bridge_slave_0) entered disabled state [ 1011.801504][T20162] bridge_slave_0: entered allmulticast mode [ 1011.810827][T20162] bridge_slave_0: entered promiscuous mode [ 1011.855699][T20162] bridge0: port 2(bridge_slave_1) entered blocking state [ 1011.862855][T20162] bridge0: port 2(bridge_slave_1) entered disabled state [ 1011.871407][T20162] bridge_slave_1: entered allmulticast mode [ 1011.880080][T20162] bridge_slave_1: entered promiscuous mode [ 1012.020503][T20162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1012.036498][T20162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1012.131643][T20162] team0: Port device team_slave_0 added [ 1012.150643][T20162] team0: Port device team_slave_1 added [ 1012.237635][T20162] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1012.244951][T20162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1012.290535][T20162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1012.311670][T20162] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1012.329628][T20162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1012.368432][T20162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1012.407102][T20542] Setting dangerous option i915.mitigations - tainting kernel [ 1012.557640][T20162] hsr_slave_0: entered promiscuous mode [ 1012.578289][T20162] hsr_slave_1: entered promiscuous mode [ 1012.584649][T20162] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1012.605750][T20162] Cannot create hsr debugfs directory [ 1012.942251][T20615] random: crng reseeded on system resumption [ 1013.149189][T12800] Bluetooth: hci0: command tx timeout [ 1013.299253][ T30] audit: type=1800 audit(6039537879.712:15): pid=20636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2459" name="dbroot" dev="configfs" ino=236846 res=0 errno=0 [ 1013.393501][T20162] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.437348][T20649] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^$6' [ 1013.561037][T20162] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.834687][T20162] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1013.959479][T20162] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1014.393710][T20162] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1014.410264][T20162] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1014.430258][T20162] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1014.557870][T20162] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1015.225868][T12800] Bluetooth: hci0: command tx timeout [ 1015.506354][T20162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1015.655273][T20162] 8021q: adding VLAN 0 to HW filter on device team0 [ 1015.707972][T11314] bridge0: port 1(bridge_slave_0) entered blocking state [ 1015.715175][T11314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1015.947372][T11314] bridge0: port 2(bridge_slave_1) entered blocking state [ 1015.954601][T11314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1016.823701][T20162] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1016.877305][T20162] veth0_vlan: entered promiscuous mode [ 1016.902087][T20162] veth1_vlan: entered promiscuous mode [ 1016.991108][T20162] veth0_macvtap: entered promiscuous mode [ 1017.056671][T20162] veth1_macvtap: entered promiscuous mode [ 1017.085885][T20804] random: crng reseeded on system resumption [ 1017.209403][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.236069][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.255570][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.275549][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.287466][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.305781][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.305849][T12800] Bluetooth: hci0: command tx timeout [ 1017.333147][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.389918][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.446432][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.492288][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.525901][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1017.575538][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.615004][T20162] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1017.697439][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1017.738251][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.765590][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1017.828076][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.876552][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1017.909929][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.929214][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1017.961036][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1017.987953][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1018.017835][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1018.084138][T20162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1018.127359][T20162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1018.149728][T20162] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1018.274387][T20162] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1018.304890][T20162] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1018.325562][T20162] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1018.340528][T20162] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1019.266715][T17981] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1019.274590][T17981] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1019.462716][T11310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1019.490719][T11310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1021.434319][T20983] blktrace: Concurrent blktraces are not allowed on loop2 [ 1022.427840][T21038] FAULT_INJECTION: forcing a failure. [ 1022.427840][T21038] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.477743][T21038] CPU: 1 UID: 0 PID: 21038 Comm: syz.1.2496 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1022.477797][T21038] Tainted: [U]=USER [ 1022.477810][T21038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1022.477829][T21038] Call Trace: [ 1022.477840][T21038] [ 1022.477853][T21038] dump_stack_lvl+0x16c/0x1f0 [ 1022.477908][T21038] should_fail_ex+0x512/0x640 [ 1022.477946][T21038] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1022.477998][T21038] should_failslab+0xc2/0x120 [ 1022.478031][T21038] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1022.478077][T21038] ? vgem_open+0x43/0xe0 [ 1022.478118][T21038] vgem_open+0x43/0xe0 [ 1022.478151][T21038] ? __pfx_vgem_open+0x10/0x10 [ 1022.478183][T21038] drm_file_alloc+0x57a/0x9a0 [ 1022.478242][T21038] drm_open_helper+0x204/0x550 [ 1022.478300][T21038] drm_open+0x1a0/0x3e0 [ 1022.478351][T21038] ? __pfx_drm_open+0x10/0x10 [ 1022.478402][T21038] drm_stub_open+0x20c/0x380 [ 1022.478457][T21038] ? __pfx_drm_stub_open+0x10/0x10 [ 1022.478509][T21038] chrdev_open+0x231/0x6a0 [ 1022.478559][T21038] ? __pfx_apparmor_file_open+0x10/0x10 [ 1022.478601][T21038] ? __pfx_chrdev_open+0x10/0x10 [ 1022.478657][T21038] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1022.478717][T21038] do_dentry_open+0x741/0x1c10 [ 1022.478766][T21038] ? __pfx_chrdev_open+0x10/0x10 [ 1022.478826][T21038] vfs_open+0x82/0x3f0 [ 1022.478876][T21038] path_openat+0x1e5e/0x2d40 [ 1022.478936][T21038] ? __pfx_path_openat+0x10/0x10 [ 1022.478993][T21038] do_filp_open+0x20b/0x470 [ 1022.479041][T21038] ? __pfx_do_filp_open+0x10/0x10 [ 1022.479118][T21038] ? alloc_fd+0x471/0x7d0 [ 1022.479175][T21038] do_sys_openat2+0x11b/0x1d0 [ 1022.479210][T21038] ? __pfx_do_sys_openat2+0x10/0x10 [ 1022.479261][T21038] __x64_sys_openat+0x174/0x210 [ 1022.479297][T21038] ? __pfx___x64_sys_openat+0x10/0x10 [ 1022.479335][T21038] ? rcu_is_watching+0x12/0xc0 [ 1022.479383][T21038] do_syscall_64+0xcd/0x260 [ 1022.479450][T21038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1022.479483][T21038] RIP: 0033:0x7f3d0b98d169 [ 1022.479510][T21038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1022.479543][T21038] RSP: 002b:00007f3d0c7a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1022.479586][T21038] RAX: ffffffffffffffda RBX: 00007f3d0bba5fa0 RCX: 00007f3d0b98d169 [ 1022.479607][T21038] RDX: 0000000000000800 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1022.479626][T21038] RBP: 00007f3d0ba0e990 R08: 0000000000000000 R09: 0000000000000000 [ 1022.479645][T21038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1022.479663][T21038] R13: 0000000000000000 R14: 00007f3d0bba5fa0 R15: 00007fffd20b8268 [ 1022.479701][T21038] [ 1022.806359][T21040] random: crng reseeded on system resumption [ 1023.998258][T21076] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 1024.559145][T21104] random: crng reseeded on system resumption [ 1026.005660][T21176] delete_channel: no stack [ 1026.187313][T21191] random: crng reseeded on system resumption [ 1027.434845][T21183] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1029.485866][T21285] random: crng reseeded on system resumption [ 1032.719694][T21440] FAULT_INJECTION: forcing a failure. [ 1032.719694][T21440] name failslab, interval 1, probability 0, space 0, times 0 [ 1032.846328][T21440] CPU: 1 UID: 0 PID: 21440 Comm: syz.0.2539 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1032.846384][T21440] Tainted: [U]=USER [ 1032.846396][T21440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1032.846416][T21440] Call Trace: [ 1032.846428][T21440] [ 1032.846442][T21440] dump_stack_lvl+0x16c/0x1f0 [ 1032.846496][T21440] should_fail_ex+0x512/0x640 [ 1032.846533][T21440] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1032.846581][T21440] should_failslab+0xc2/0x120 [ 1032.846612][T21440] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1032.846657][T21440] ? snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 1032.846722][T21440] snd_pcm_oss_change_params_locked+0x247/0x3b40 [ 1032.846778][T21440] ? preempt_count_sub+0x125/0x160 [ 1032.846828][T21440] ? trace_contention_end+0xdd/0x130 [ 1032.846863][T21440] ? __mutex_lock+0x1ca/0xb90 [ 1032.846913][T21440] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1032.846982][T21440] ? __pfx___mutex_lock+0x10/0x10 [ 1032.847047][T21440] ? find_held_lock+0x2b/0x80 [ 1032.847097][T21440] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 1032.847140][T21440] snd_pcm_oss_ioctl+0x31aa/0x37a0 [ 1032.847173][T21440] ? find_held_lock+0x2b/0x80 [ 1032.847213][T21440] ? hook_file_ioctl_common+0x145/0x410 [ 1032.847251][T21440] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1032.847289][T21440] ? __fget_files+0x20e/0x3c0 [ 1032.847344][T21440] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1032.847381][T21440] __x64_sys_ioctl+0x190/0x200 [ 1032.847425][T21440] do_syscall_64+0xcd/0x260 [ 1032.847476][T21440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.847508][T21440] RIP: 0033:0x7ff0e458d169 [ 1032.847535][T21440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1032.847567][T21440] RSP: 002b:00007ff0e53a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1032.847604][T21440] RAX: ffffffffffffffda RBX: 00007ff0e47a6080 RCX: 00007ff0e458d169 [ 1032.847628][T21440] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000006 [ 1032.847649][T21440] RBP: 00007ff0e460e990 R08: 0000000000000000 R09: 0000000000000000 [ 1032.847670][T21440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1032.847690][T21440] R13: 0000000000000000 R14: 00007ff0e47a6080 R15: 00007fff7b17ff68 [ 1032.847733][T21440] [ 1032.847946][T21459] netlink: 'syz.3.2540': attribute type 1 has an invalid length. [ 1033.696786][T21463] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1033.713743][T21463] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1033.896282][T21463] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1034.165181][T21463] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1034.182002][T21463] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1034.226846][T21463] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1034.277714][T21463] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1034.283763][T21463] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1034.368034][T21463] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1034.413640][T21463] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1034.439671][T21463] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1034.467336][T21463] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1034.514996][T21498] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1034.658766][T21536] FAULT_INJECTION: forcing a failure. [ 1034.658766][T21536] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1034.706404][T21536] CPU: 1 UID: 0 PID: 21536 Comm: syz.0.2546 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1034.706453][T21536] Tainted: [U]=USER [ 1034.706464][T21536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1034.706483][T21536] Call Trace: [ 1034.706494][T21536] [ 1034.706506][T21536] dump_stack_lvl+0x16c/0x1f0 [ 1034.706557][T21536] should_fail_ex+0x512/0x640 [ 1034.706599][T21536] should_fail_alloc_page+0xe7/0x130 [ 1034.706632][T21536] prepare_alloc_pages+0x3c2/0x610 [ 1034.706670][T21536] ? rcu_is_watching+0x12/0xc0 [ 1034.706714][T21536] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1034.706765][T21536] ? kasan_save_stack+0x33/0x60 [ 1034.706820][T21536] ? __lock_acquire+0xaa4/0x1ba0 [ 1034.706874][T21536] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1034.706939][T21536] ? __lock_acquire+0x5ca/0x1ba0 [ 1034.706992][T21536] ? __lock_acquire+0x5ca/0x1ba0 [ 1034.707041][T21536] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1034.707078][T21536] ? policy_nodemask+0xea/0x4e0 [ 1034.707132][T21536] alloc_pages_mpol+0x1fb/0x550 [ 1034.707164][T21536] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1034.707202][T21536] ? __lock_acquire+0x5ca/0x1ba0 [ 1034.707259][T21536] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1034.707297][T21536] vma_alloc_folio_noprof+0xed/0x1e0 [ 1034.707332][T21536] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1034.707381][T21536] do_pte_missing+0x223d/0x3fb0 [ 1034.707438][T21536] __handle_mm_fault+0x103d/0x2a40 [ 1034.707495][T21536] ? __pfx___handle_mm_fault+0x10/0x10 [ 1034.707537][T21536] ? __pte_offset_map_lock+0x155/0x2f0 [ 1034.707573][T21536] ? find_held_lock+0x2b/0x80 [ 1034.707610][T21536] ? find_held_lock+0x2b/0x80 [ 1034.707694][T21536] handle_mm_fault+0x3fe/0xad0 [ 1034.707748][T21536] __get_user_pages+0x771/0x36f0 [ 1034.707800][T21536] ? __pfx_mt_find+0x10/0x10 [ 1034.707854][T21536] ? __pfx___get_user_pages+0x10/0x10 [ 1034.707911][T21536] populate_vma_page_range+0x278/0x3a0 [ 1034.707959][T21536] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1034.708002][T21536] ? __pfx_find_vma_intersection+0x10/0x10 [ 1034.708043][T21536] ? do_mmap+0x69c/0x11b0 [ 1034.708087][T21536] __mm_populate+0x1d8/0x380 [ 1034.708132][T21536] ? __pfx___mm_populate+0x10/0x10 [ 1034.708184][T21536] ? up_write+0x1b2/0x520 [ 1034.708223][T21536] vm_mmap_pgoff+0x362/0x450 [ 1034.708266][T21536] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1034.708308][T21536] ? __fget_files+0x20e/0x3c0 [ 1034.708368][T21536] ksys_mmap_pgoff+0x7d/0x5c0 [ 1034.708405][T21536] ? __pfx_ksys_write+0x10/0x10 [ 1034.708449][T21536] ? rcu_is_watching+0x12/0xc0 [ 1034.708491][T21536] __x64_sys_mmap+0x125/0x190 [ 1034.708535][T21536] do_syscall_64+0xcd/0x260 [ 1034.708587][T21536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1034.708619][T21536] RIP: 0033:0x7ff0e458d169 [ 1034.708645][T21536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1034.708676][T21536] RSP: 002b:00007ff0e53a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1034.708707][T21536] RAX: ffffffffffffffda RBX: 00007ff0e47a6080 RCX: 00007ff0e458d169 [ 1034.708728][T21536] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 1034.708749][T21536] RBP: 00007ff0e53a0090 R08: 0000000000000002 R09: 0000000800008000 [ 1034.708770][T21536] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000002 [ 1034.708801][T21536] R13: 0000000000000000 R14: 00007ff0e47a6080 R15: 00007fff7b17ff68 [ 1034.708842][T21536] [ 1035.132330][T21543] netlink: 'syz.1.2549': attribute type 1 has an invalid length. [ 1035.465740][T12800] Bluetooth: hci4: command 0x0c1a tx timeout [ 1035.823989][T21582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2551'. [ 1035.907325][T21585] FAULT_INJECTION: forcing a failure. [ 1035.907325][T21585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1036.016898][T21585] CPU: 0 UID: 0 PID: 21585 Comm: syz.3.2552 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1036.016947][T21585] Tainted: [U]=USER [ 1036.016957][T21585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1036.016974][T21585] Call Trace: [ 1036.016985][T21585] [ 1036.016996][T21585] dump_stack_lvl+0x16c/0x1f0 [ 1036.017050][T21585] should_fail_ex+0x512/0x640 [ 1036.017090][T21585] _copy_to_user+0x32/0xd0 [ 1036.017131][T21585] simple_read_from_buffer+0xcb/0x170 [ 1036.017175][T21585] proc_fail_nth_read+0x197/0x270 [ 1036.017217][T21585] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1036.017260][T21585] ? rw_verify_area+0xcf/0x680 [ 1036.017294][T21585] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1036.017336][T21585] vfs_read+0x1de/0xc70 [ 1036.017397][T21585] ? __pfx___mutex_lock+0x10/0x10 [ 1036.017444][T21585] ? __pfx_vfs_read+0x10/0x10 [ 1036.017497][T21585] ? __fget_files+0x20e/0x3c0 [ 1036.017540][T21585] ? folio_pte_batch.constprop.0+0x780/0x790 [ 1036.017587][T21585] ksys_read+0x12a/0x240 [ 1036.017628][T21585] ? __pfx_ksys_read+0x10/0x10 [ 1036.017668][T21585] ? madvise_unlock+0xc6/0x190 [ 1036.017729][T21585] do_syscall_64+0xcd/0x260 [ 1036.017782][T21585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1036.017815][T21585] RIP: 0033:0x7fba7158bb7c [ 1036.017841][T21585] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1036.017873][T21585] RSP: 002b:00007fba724a5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1036.017904][T21585] RAX: ffffffffffffffda RBX: 00007fba717a5fa0 RCX: 00007fba7158bb7c [ 1036.017925][T21585] RDX: 000000000000000f RSI: 00007fba724a50a0 RDI: 0000000000000004 [ 1036.017948][T21585] RBP: 00007fba724a5090 R08: 0000000000000000 R09: 0000000000000000 [ 1036.017967][T21585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1036.017987][T21585] R13: 0000000000000000 R14: 00007fba717a5fa0 R15: 00007fff94ee6288 [ 1036.018036][T21585] [ 1036.320652][T12800] Bluetooth: hci3: command 0x0c1a tx timeout [ 1036.345625][T12800] Bluetooth: hci1: command 0x0c1a tx timeout [ 1036.428207][T12800] Bluetooth: hci0: command 0x0c1a tx timeout [ 1036.739280][T21601] delete_channel: no stack [ 1036.797522][T21604] random: crng reseeded on system resumption [ 1037.550050][T12800] Bluetooth: hci4: command 0x0c1a tx timeout [ 1038.356125][T12800] Bluetooth: hci3: command 0x0c1a tx timeout [ 1038.413109][T21679] FAULT_INJECTION: forcing a failure. [ 1038.413109][T21679] name failslab, interval 1, probability 0, space 0, times 0 [ 1038.426702][T12800] Bluetooth: hci1: command 0x0c1a tx timeout [ 1038.519288][T12800] Bluetooth: hci0: command 0x0c1a tx timeout [ 1038.605174][T21679] CPU: 1 UID: 0 PID: 21679 Comm: syz.2.2562 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1038.605232][T21679] Tainted: [U]=USER [ 1038.605245][T21679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1038.605265][T21679] Call Trace: [ 1038.605277][T21679] [ 1038.605291][T21679] dump_stack_lvl+0x16c/0x1f0 [ 1038.605346][T21679] should_fail_ex+0x512/0x640 [ 1038.605385][T21679] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1038.605438][T21679] should_failslab+0xc2/0x120 [ 1038.605476][T21679] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1038.605521][T21679] ? __asan_memcpy+0x3c/0x60 [ 1038.605563][T21679] ? sctp_transport_new+0xa8/0x7b0 [ 1038.605617][T21679] sctp_transport_new+0xa8/0x7b0 [ 1038.605664][T21679] sctp_assoc_add_peer+0x2e3/0x1550 [ 1038.605713][T21679] sctp_connect_new_asoc+0x208/0x790 [ 1038.605758][T21679] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1038.605801][T21679] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 1038.605868][T21679] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 1038.605919][T21679] sctp_sendmsg+0x15f9/0x1ee0 [ 1038.605956][T21679] ? __lock_acquire+0x5ca/0x1ba0 [ 1038.606026][T21679] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1038.606070][T21679] ? __pfx___might_resched+0x10/0x10 [ 1038.606139][T21679] ? __pfx_aa_sk_perm+0x10/0x10 [ 1038.606186][T21679] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1038.606228][T21679] inet_sendmsg+0x119/0x140 [ 1038.606266][T21679] ____sys_sendmsg+0x973/0xc70 [ 1038.606306][T21679] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1038.606348][T21679] ? __pfx__kstrtoull+0x10/0x10 [ 1038.606412][T21679] ___sys_sendmsg+0x134/0x1d0 [ 1038.606462][T21679] ? __pfx____sys_sendmsg+0x10/0x10 [ 1038.606533][T21679] ? find_held_lock+0x2b/0x80 [ 1038.606615][T21679] __sys_sendmmsg+0x200/0x420 [ 1038.606668][T21679] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1038.606734][T21679] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1038.606806][T21679] ? fput+0x70/0xf0 [ 1038.606840][T21679] ? ksys_write+0x1b9/0x240 [ 1038.606888][T21679] ? __pfx_ksys_write+0x10/0x10 [ 1038.606933][T21679] ? rcu_is_watching+0x12/0xc0 [ 1038.606984][T21679] __x64_sys_sendmmsg+0x9c/0x100 [ 1038.607031][T21679] ? lockdep_hardirqs_on+0x7c/0x110 [ 1038.607080][T21679] do_syscall_64+0xcd/0x260 [ 1038.607135][T21679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1038.607171][T21679] RIP: 0033:0x7fc295d8d169 [ 1038.607217][T21679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1038.607250][T21679] RSP: 002b:00007fc296b93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1038.607282][T21679] RAX: ffffffffffffffda RBX: 00007fc295fa5fa0 RCX: 00007fc295d8d169 [ 1038.607304][T21679] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000003 [ 1038.607324][T21679] RBP: 00007fc296b93090 R08: 0000000000000000 R09: 0000000000000000 [ 1038.607345][T21679] R10: 0000000000020311 R11: 0000000000000246 R12: 0000000000000002 [ 1038.607364][T21679] R13: 0000000000000000 R14: 00007fc295fa5fa0 R15: 00007ffc75b515b8 [ 1038.607408][T21679] [ 1039.091667][T21683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2563'. [ 1039.437581][ T30] audit: type=1800 audit(6039537905.852:16): pid=21687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2565" name="discovery_nqn" dev="configfs" ino=239221 res=0 errno=0 [ 1039.633130][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout [ 1040.433916][T12800] Bluetooth: hci3: command 0x0c1a tx timeout [ 1040.516210][T12800] Bluetooth: hci1: command 0x0c1a tx timeout [ 1040.595774][T12800] Bluetooth: hci0: command 0x0c1a tx timeout [ 1042.261147][T21791] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2574'. [ 1042.355112][T21791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2574'. [ 1042.427361][T21798] netlink: 'syz.2.2577': attribute type 16 has an invalid length. [ 1042.485658][T21798] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2577'. [ 1042.530038][T21798] veth1_macvtap: left promiscuous mode [ 1045.006794][T21887] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2588'. [ 1047.357382][T21967] Process accounting resumed [ 1049.250489][T22085] device-mapper: ioctl: Unable to rename non-existent device, to uuid #dZC [ 1049.250489][T22085] bo8}'̨&r]I69%({hv81 [ 1049.250489][T22085] աcOe)n_ףrI"u"2Y8Fѹ7J-{ ={@LL| [ 1051.573734][T22150] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1051.574059][T22150] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1051.574402][T22150] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1051.649010][T22150] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1052.144394][T22194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2629'. [ 1053.225777][T12800] Bluetooth: hci4: command 0x0c1a tx timeout [ 1053.625854][T12800] Bluetooth: hci1: command 0x0c1a tx timeout [ 1053.632294][T12800] Bluetooth: hci3: command 0x0c1a tx timeout [ 1053.706077][T12800] Bluetooth: hci0: command 0x0c1a tx timeout [ 1054.612691][T22272] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2632'. [ 1054.637114][T22272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2632'. [ 1058.125367][T22405] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2651'. [ 1059.632496][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.639587][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.771685][T22477] BUG: unable to handle page fault for address: ffffffffffffffff [ 1060.779466][T22477] #PF: supervisor read access in kernel mode [ 1060.785476][T22477] #PF: error_code(0x0000) - not-present page [ 1060.791484][T22477] PGD e186067 P4D e186067 PUD e188067 PMD 0 [ 1060.797545][T22477] Oops: Oops: 0000 [#1] SMP KASAN PTI [ 1060.802943][T22477] CPU: 1 UID: 0 PID: 22477 Comm: syz.1.2664 Tainted: G U 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(full) [ 1060.816600][T22477] Tainted: [U]=USER [ 1060.820411][T22477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1060.830480][T22477] RIP: 0010:dvb_device_open+0x11b/0x3b0 [ 1060.836085][T22477] Code: 18 4d 85 ed 0f 84 0e 02 00 00 e8 30 41 f2 f9 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 3d 02 00 00 <49> 8b 7d 00 e8 7c 3e dc f9 31 ff 89 c3 89 c6 e8 e1 3b f2 f9 84 db [ 1060.855806][T22477] RSP: 0018:ffffc90001587920 EFLAGS: 00010246 [ 1060.861899][T22477] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc900123e5000 [ 1060.869891][T22477] RDX: 1fffffffffffffff RSI: ffffffff87c8fb90 RDI: ffff888144684618 [ 1060.877899][T22477] RBP: ffff888144684600 R08: 0000000000000001 R09: fffffbfff1f42ed9 [ 1060.885995][T22477] R10: ffffffff8fa176cf R11: 0000000000000000 R12: ffff888033da9c00 [ 1060.893988][T22477] R13: ffffffffffffffff R14: ffff88802a755668 R15: ffff888033da9c48 [ 1060.901978][T22477] FS: 00007f3d0c7a96c0(0000) GS:ffff888124ab9000(0000) knlGS:0000000000000000 [ 1060.910934][T22477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1060.917541][T22477] CR2: ffffffffffffffff CR3: 000000003fa18000 CR4: 00000000003526f0 [ 1060.925619][T22477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1060.933605][T22477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1060.941592][T22477] Call Trace: [ 1060.944885][T22477] [ 1060.947830][T22477] ? __pfx_dvb_device_open+0x10/0x10 [ 1060.953142][T22477] chrdev_open+0x231/0x6a0 [ 1060.957600][T22477] ? __pfx_apparmor_file_open+0x10/0x10 [ 1060.963179][T22477] ? __pfx_chrdev_open+0x10/0x10 [ 1060.968158][T22477] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1060.974957][T22477] do_dentry_open+0x741/0x1c10 [ 1060.979756][T22477] ? __pfx_chrdev_open+0x10/0x10 [ 1060.984737][T22477] vfs_open+0x82/0x3f0 [ 1060.988921][T22477] path_openat+0x1e5e/0x2d40 [ 1060.993551][T22477] ? __pfx_path_openat+0x10/0x10 [ 1060.998528][T22477] do_filp_open+0x20b/0x470 [ 1061.003067][T22477] ? __pfx_do_filp_open+0x10/0x10 [ 1061.008141][T22477] ? alloc_fd+0x471/0x7d0 [ 1061.012509][T22477] do_sys_openat2+0x11b/0x1d0 [ 1061.017244][T22477] ? __pfx_do_sys_openat2+0x10/0x10 [ 1061.022465][T22477] ? __pfx_do_sys_openat2+0x10/0x10 [ 1061.027696][T22477] ? __pfx___might_resched+0x10/0x10 [ 1061.033015][T22477] __x64_sys_openat+0x174/0x210 [ 1061.037899][T22477] ? __pfx___x64_sys_openat+0x10/0x10 [ 1061.043301][T22477] ? rcu_is_watching+0x12/0xc0 [ 1061.048099][T22477] do_syscall_64+0xcd/0x260 [ 1061.052639][T22477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.058562][T22477] RIP: 0033:0x7f3d0b98d169 [ 1061.063001][T22477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1061.082672][T22477] RSP: 002b:00007f3d0c7a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1061.091113][T22477] RAX: ffffffffffffffda RBX: 00007f3d0bba5fa0 RCX: 00007f3d0b98d169 [ 1061.099102][T22477] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1061.107094][T22477] RBP: 00007f3d0ba0e990 R08: 0000000000000000 R09: 0000000000000000 [ 1061.115188][T22477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1061.123175][T22477] R13: 0000000000000000 R14: 00007f3d0bba5fa0 R15: 00007fffd20b8268 [ 1061.131171][T22477] [ 1061.134200][T22477] Modules linked in: [ 1061.138108][T22477] CR2: ffffffffffffffff [ 1061.142278][T22477] ---[ end trace 0000000000000000 ]--- [ 1061.147775][T22477] RIP: 0010:dvb_device_open+0x11b/0x3b0 [ 1061.153349][T22477] Code: 18 4d 85 ed 0f 84 0e 02 00 00 e8 30 41 f2 f9 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 3d 02 00 00 <49> 8b 7d 00 e8 7c 3e dc f9 31 ff 89 c3 89 c6 e8 e1 3b f2 f9 84 db [ 1061.172986][T22477] RSP: 0018:ffffc90001587920 EFLAGS: 00010246 [ 1061.179085][T22477] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc900123e5000 [ 1061.187077][T22477] RDX: 1fffffffffffffff RSI: ffffffff87c8fb90 RDI: ffff888144684618 [ 1061.195068][T22477] RBP: ffff888144684600 R08: 0000000000000001 R09: fffffbfff1f42ed9 [ 1061.203056][T22477] R10: ffffffff8fa176cf R11: 0000000000000000 R12: ffff888033da9c00 [ 1061.211047][T22477] R13: ffffffffffffffff R14: ffff88802a755668 R15: ffff888033da9c48 [ 1061.219055][T22477] FS: 00007f3d0c7a96c0(0000) GS:ffff888124ab9000(0000) knlGS:0000000000000000 [ 1061.228010][T22477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1061.234701][T22477] CR2: ffffffffffffffff CR3: 000000003fa18000 CR4: 00000000003526f0 [ 1061.242692][T22477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1061.250677][T22477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1061.258685][T22477] Kernel panic - not syncing: Fatal exception [ 1061.265016][T22477] Kernel Offset: disabled [ 1061.269351][T22477] Rebooting in 86400 seconds..