last executing test programs: 9.296922923s ago: executing program 1 (id=2613): r0 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r0, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x400c091) memfd_create$auto(&(0x7f0000000000)='!\x00', 0x16) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0x2cbd5d) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 9.234822145s ago: executing program 1 (id=2614): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_settime$auto(0x0, 0x3, 0x0, 0x0) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfd, 0x0, 0xfffffffffffffffd) close_range$auto(0x2, 0x8, 0x0) 8.781225756s ago: executing program 1 (id=2615): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/ep_00/direction\x00', 0x2202, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(0xffffffffffffffff, 0x0, 0x400c091) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 8.61843117s ago: executing program 1 (id=2616): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) epoll_ctl$auto(0x5, 0x1, 0xffffffffffffffff, 0x0) sched_get_priority_min$auto(0x3) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x9d7183, 0x0) socket(0x6, 0x2, 0x80000000) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040c04}, 0xc0804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/uid_map\x00', 0x8081, 0x0) writev$auto(r1, &(0x7f0000000140)={0x0, 0x6}, 0x7) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=r0, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96) openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x800, 0x0) mmap$auto(0x3, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getpid() ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/1/cpuid\x00', 0xad00, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/loop4/size\x00', 0x80, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 5.908011942s ago: executing program 0 (id=2621): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/scsi/device_info\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), r1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0xfffffffffffffffe, 0x200000, 0x0) ioctl$auto(r3, 0x2285, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYRES32], 0x14}, 0x1, 0x0, 0x0, 0x24008804}, 0x2400c8d0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001180)=""/4076, 0xfec) mmap$auto(0x0, 0xff, 0x3, 0xeb1, r0, 0xfffffffffffffc00) r4 = socket(0x1a, 0x800, 0x3) r5 = getsockopt$auto(r4, 0x84, 0x12, 0x0, 0x0) ioctl$auto_MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000080)={&(0x7f0000000040)={0x170, 0x3, 0x80, 0x4, 0x9, 0x2, 0x81, 0xe, 0x7, 0x3, 0x10000, 0x2, 0xffffffff, @iso={0x2, 0x4}, 0x5, 0x0, 0x1, 0xffffffdb}, 0x0, 0x40000000000}) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x2000c001}, 0x85) ioctl$auto(0xc8, 0x800454df, 0x2000000000000acd) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/neigh/veth1_to_team/ucast_solicit\x00', 0x208200, 0x0) unshare$auto(0x40000080) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001700), r6) sendmsg$auto_NETDEV_CMD_DEV_GET(r6, &(0x7f0000001840)={0x0, 0x1d, &(0x7f0000001800)={&(0x7f0000000600)=ANY=[@ANYBLOB="1400a2ef008e927b1ef372ddda2039479667ff11f4dba7d37ac4c1b2a635ea1a31e22a551192a0b4d4a9a1f2c3852d35c718964412c56f454d28a8026e713c7297e90a7c9466ca8b0efc986ed42884985c89b0abba8317031447a2964e90c03589327a1530afabc2c7e3f7d9a26f268fcdeddfbcc5dcf2cb88c5769aff9e37b9f9b4bd0a7ffe3aebb2a89d1dc6abf034782ed2272f3af90a647e00808afc4a0f43466ea780624cbe01ab1b6c1b52226359f8fb15e766c8d5daa4980e4dcdc9a951d506e6ba3c88e09cb8c3c83bf96af379b3e0af9ab5f2cc904aa32a4d20943f7711aef743cc26b551e0a7484b7f1fa4e519d9b0800fcc1d8673ab7b5717c5189d9d482661c587f34293fc90db1d6b3d5de92f883ddab0369749f282e6af11fa9aeaf74b37", @ANYRES16=r7, @ANYBLOB="010326bd7000fedbdf2501000000"], 0x14}, 0x1, 0xf0ffff, 0x0, 0x4005}, 0x28044004) write$auto(0xffffffffffffffff, &(0x7f0000000040)=',\x00^\xa2\x02\x00\x00\x00\x00\x00\xd8l\x00\x00\x00\x00\x00\x00\xb2s\x83\xbd\xc5_%\xc1\xa3\xd0\x95Hq\xf4zG\x01[{\x17\x05I\xe0\xb1d)\x06z8L\xe6&[\xa9X6\x7f\xec\x94\xdal\xa1\xbb\x86\x9c\xc2\xef\x02\r9%\x06\xc5\'b%m_\x96A\"\xdd\xe40\xa7\xc3\x9ah\xf3B\xc2\xec\xf8\r\f[\xe5\x9dK\xe1\x99\x86\xfc\xac\x9f\x8a', 0x1000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYRESHEX=r5, @ANYRESHEX=r4], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) unshare$auto(0x40000080) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r8 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) r9 = io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r8, 0x403c6f2b, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, 0x0, 0x1) read$auto(r8, 0x0, 0x1f40) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyw1\x00', 0x101e81, 0x0) ioctl$auto_TIOCSTI2(r9, 0x545c, 0x0) 5.814258167s ago: executing program 1 (id=2622): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) socket(0x5, 0x3, 0xffff) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) madvise$auto(0x0, 0x200007, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x3, 0x3c) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x800, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x24c802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) close_range$auto(0x2, r4, 0x0) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, 0x0, 0x42000, 0x0) socket(0x2, 0x3, 0x100) write$auto(0xffffffffffffffff, 0x0, 0x7) openat$auto_generic(0xffffffffffffff9c, 0x0, 0x812400, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) ioctl$auto(r0, 0x3, r0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 4.80594212s ago: executing program 3 (id=2626): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) r1 = open(&(0x7f0000000100)='./cgroup\x00', 0x105040, 0x0) r2 = open_by_handle_at$auto(r1, 0x0, 0xffffffff) symlink$auto(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000001200)='./file0\x00') open(&(0x7f0000000000)='./file0\x00', 0x149443, 0x14) mmap$auto(0x7fffffffffffffff, 0x20009, 0xdf, 0xffffffffffffffff, r2, 0x8000) prctl$auto_PR_PAC_RESET_KEYS(0x36, 0x0, 0xffffffffffffffff, 0x9, 0x7) write$auto(0xffffffffffffffff, &(0x7f0000000000)='\'\x00', 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x10011, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) copy_file_range$auto(r0, 0x0, r0, &(0x7f0000000080)=0x8800010, 0x2, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x55) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/yenta_socket/parameters/pwr_irqs_off\x00', 0x50a02, 0x0) r3 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0x1, 0x0, 0x8004) r5 = socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x40000009, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0x1, 0x0, 0xf89, 0x9, 0x837, 0x8}}) sendmsg$auto_MAC802154_HWSIM_CMD_SET_EDGE(r3, &(0x7f0000000880)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000840)={&(0x7f00000008c0)=ANY=[@ANYBLOB="d8020000", @ANYRES16=0x0, @ANYBLOB="000829bd7000fedbdf25060000000800010009000000bc0202809f5c0aeeb3b334f8dc36027b3153df9fb077afcf9782c605b7a36d2f86f3f5393d31d140d0ec2723690f375b3db08a3d907d33c950a1b86b1b25b9f4fe17abce245385634d88f77a4d2b9c6aa612d363f5d11739d14e4fea7fd767747c6affa803429aea35c1deff74b3a09a6eab2c89abdf5bee1000388008007a00", @ANYRES32=0x0, @ANYBLOB="040094800400e58008005100", @ANYRES32=0x0, @ANYBLOB="1c008d8004008b000c00d900050000000000000004002e000400ee8008000c00", @ANYRES32=0x0, @ANYBLOB="6600f18018003a002f6465762f6d4f12d539722f636f6e74726f6c0008002b00463f8a8f3472906bb202460dae92b680682be3916da5ba90edf11e0ea41bac8f621169e2b5a343c2a853c7530d4e3a448290cda8e5f8aa8e9156de1e4b9843dc4b5a64972368bac01fe07179e9382d9be338cf7bb72fcb380a92c4d6da1cff10deef9549a65fce74908df75c33ba3d0cadd0a2085cbc6d5c0c73c09f7549cbb44c23d63ce070defe7e7ff41c5af97e8254b6dc0b4404d0c42605f5c1b298f5a861365652cdd8e61627a40ef578f4427b02c5544641261cb40d73f2b27d0a2a83293d1dbe5f1170dc675d63", @ANYRES32=0x0, @ANYBLOB="04000580040040800400eb804a63a8d681e371c7fd7fb0f96d3151899fd3718134aeedb2bdc8c4c7e9a3d986a997d02348aee2c6ce59666f80f4b1e44a503d0ad7b30000990156801000000066cf17bbb1a3e5bbee00ab43710e17902037c40f159878a90615d2207261e854ce7842ad9ec366daa41864a85d375c2c98a76862e578c661312f26e369f28539d966fcce415db7f243c638d190c247aa6c1b5bf51b3af9ce6179e5d0496421e5855b7b57aca03686b9a3aa8e7bb79a9ebd35fa236ecb44631fd36edc3031b22b7af8dadc0a93ee7cffa344ad78f7faf779c9851abedf0ebc3cb86d82b54814aed82dabf68ce71e5bb873b59701d359751902bad94c2f0f2488804e0ccc63981516e7617fcdd21d320876a5ba58ce590bfa2e7bfc5a8c639107023cd08334f8ab5ffabd7847a8ece64423b52ee0934d61470ba2f18535e74af92cc6063ade225f51e15548a313e108f2f8f0f93f63c3fc0eef6df15984afa002c5b1ccc6ff200cdd581117db7ab738e9ffed7f3ead5818ba69122c97f7d5b677e481d7f7040cd35c2816ed89e2d64812c3eca73c040037800c007d002b5b297da22e2e0014002e0000000000000000000000ffffac141419040021800400bf00040049801400b800ff010000000000000000000000000001000000"], 0x2d8}, 0x1, 0x0, 0x0, 0x1004}, 0x80004) r6 = socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x1, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7, 0x89, 0x26, 0x4, 0x200000000000, 0xfffffffffffff343, 0xfffffffffffffffa, 0x500000000000000, 0x0, 0x0, 0xfffffffffffffffe, 0x6, 0xe, 0x22000, 0x9, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x9, 0xd) r7 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r7, 0xfffffff7effffd04, &(0x7f00000001c0)) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'dummy0\x00'}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) write$auto(r5, 0x0, 0x2fb) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000300), 0x0) 4.537728292s ago: executing program 3 (id=2628): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x3, 0x0, 0x9, 0x0, 0x1f, 0x3}, 0x800009}, 0x9, 0x20000000) r1 = io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) capset$auto(0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) r3 = pidfd_open$auto(0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000200), r4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000280)={'macvlan1\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_CAP_GET2(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r5, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NET_SHAPER_A_CAPS_IFINDEX={0x8, 0x1, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20040400) setns(r3, 0x60020000) ioctl$auto_SNDRV_PCM_IOCTL_DROP2(r3, 0x4143, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) socket(0x2, 0x3, 0x1) lstat$auto(&(0x7f0000000280)='./file0\x00', &(0x7f0000000600)={0x5, 0xd6, 0x80000000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffffffffffe, 0x1, 0xffffffffffff3d4f, 0xfffffffffffffc01, 0x79, 0x172, 0xd0d0, 0xffffffffffffffff}) ioctl$auto_RNDADDENTROPY2(r1, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) 4.434068084s ago: executing program 0 (id=2629): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x309c02, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/9/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0x7) 3.782641496s ago: executing program 0 (id=2630): openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x200000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x4, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setfsgid$auto(0xee01) 2.49893541s ago: executing program 3 (id=2632): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x0, 0x0) sendfile$auto(r1, r0, 0x0, 0x8) 2.281681033s ago: executing program 3 (id=2633): mmap$auto(0x0, 0x202000d, 0x8000000002, 0xeb1, 0xffffffffffffffff, 0x8000) clone$auto(0x1, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x401, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x4}, 0xc) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bdi/43:96/stable_pages_required\x00', 0x0, 0x0) readv$auto(r3, &(0x7f0000000080)={&(0x7f0000001200), 0x4}, 0x4) 2.011011288s ago: executing program 2 (id=2635): close_range$auto(0x2, 0x8, 0x0) 1.858040972s ago: executing program 0 (id=2636): mknod$auto(&(0x7f00000000c0)='./file0\x00', 0x1001, 0x804) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_psample(&(0x7f0000007a40), 0xffffffffffffffff) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r0, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0x14, r1, 0x311, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xf0}, 0x0) (fail_nth: 5) 1.756862806s ago: executing program 2 (id=2637): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/ep_00/direction\x00', 0x2202, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x400c091) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 1.75106919s ago: executing program 3 (id=2638): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfd, 0x0, 0xfffffffffffffffd) close_range$auto(0x2, 0x8, 0x0) 1.3676044s ago: executing program 2 (id=2639): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x309c02, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/9/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0x7) 1.127333058s ago: executing program 3 (id=2640): openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg/0:0:0:0\x00', 0x200, 0x0) r0 = socketcall$auto_SYS_ACCEPT4(0x12, &(0x7f0000000100)=0x1) mmap$auto(0x9, 0x20009, 0x4000000000df, 0xeb1, r0, 0x9) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @multicast2}, 0x6a) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/class/ubi/version\x00', 0x80000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/58, 0x3a) sysfs$auto(0x2, 0x1b, 0x0) fsopen$auto(0x0, 0x1) unshare$auto(0x40000080) r3 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x1, 0x0) writev$auto(r3, &(0x7f0000000bc0)={0x0, 0x80000000006a6f}, 0x3) write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) semctl$auto(0x7, 0x2, 0x13, 0x1) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x5608, 0x7) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r5 = ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(r5, 0x4020ae76, r6) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @local}, 0x58) 1.125696154s ago: executing program 0 (id=2648): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/spi/drivers_autoprobe\x00', 0xca481, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x40100000001) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="1f91f2c388274610e18d5fc5e5bfd9800e9b58", 0x13) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) mmap$auto(0xd, 0x2020009, 0x1, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket(0xa, 0x2, 0x0) sendto$auto(r3, 0x0, 0x402, 0xacf8, &(0x7f0000000040)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1b) capget$auto(0x0, 0xfffffffffffffffe) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40300, 0x0) mmap$auto(0x0, 0x4020009, 0x0, 0xeb1, 0x401, 0x8000) socket(0x1f, 0x800, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptybf\x00', 0x191500, 0x0) mmap$auto(0x0, 0x2020007, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0xf, 0x3, 0x2) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_IOC_PR_REGISTER(r5, 0x401870c8, &(0x7f00000000c0)={0xfffffffeffffffff, 0x5, 0xfff}) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x0, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) unshare$auto(0x40000080) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe\x00', 0x68200, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyed\x00', 0x181802, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000040)) write$auto(r0, &(0x7f0000000140)='\x14\xf4\xb6\xc6\x97\xdb\x18B\f\xef\x1dQZ\xa66\xe7\x06\\\xe0)+\x86\xa7\x9bv\xe1\x18\xf5\x83\b\x11\x19\xdd\x1c', 0x8) setsockopt$auto(0x3, 0x81, 0x1, 0x0, 0x83) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x8, 0x1ff, 0x7c9, 0x25, 0x4909b6f5, 0x1ffde, 0x7, 0x3, 0x20000009, 0x9, 0x3, 0x4, 0x1, 0xb4, 0x9, 0x8, 0x10003, 0x80, 0x3, 0x0, 0xa, 0x22000, 0x200, 0xffffff28, 0x84, 0x0, 0x0, 0x20000, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xffff, 0x10, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0x9) 1.08633759s ago: executing program 1 (id=2641): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xd}, 0x800009}, 0x9, 0x20000000) r1 = io_uring_setup$auto(0x1, 0x0) socket(0x1f, 0x2, 0x200000) sendmsg$auto_NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x4008080) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) capset$auto(0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/hid_cougar/parameters/g6_is_space\x00', 0x129102, 0x0) write$auto(r2, &(0x7f0000000000)='n\xcc', 0x2) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) r4 = pidfd_open$auto(0x1, 0x0) setns(r4, 0x60020000) ioctl$auto_SNDRV_PCM_IOCTL_DROP2(r4, 0x4143, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) socket(0x2, 0x3, 0x1) lstat$auto(&(0x7f0000000280)='./file0\x00', &(0x7f0000000600)={0x4, 0xd6, 0x80000000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffffffffffd, 0x1, 0xffffffffffff3d4f, 0xb64, 0x79, 0x172, 0xd0d0, 0xffffffffffffffff}) ioctl$auto_RNDADDENTROPY2(r1, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) 868.03996ms ago: executing program 2 (id=2642): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r0) sendmsg$auto_TASKSTATS_CMD_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x1c, r1, 0xa05, 0x70bd2b, 0x25dfdbfb, {}, [@TASKSTATS_CMD_ATTR_REGISTER_CPUMASK={0x5, 0x3, '!'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x20000000) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x1, 0x0) write$auto(0x3, 0x0, 0x81) 135.849174ms ago: executing program 0 (id=2643): mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) getsockopt$auto(0x100000006, 0x0, 0x50, 0x0, 0x0) mknod$auto(&(0x7f00000000c0)='./file0\x00', 0x1001, 0x804) nanosleep$auto(&(0x7f0000000000)={0x365, 0x7ff}, &(0x7f0000000040)={0x4, 0x4}) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) r2 = syz_genetlink_get_family_id$auto_psample(&(0x7f0000007a40), 0xffffffffffffffff) socket(0xa, 0x3, 0x3c) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000580)='/proc/thread-self/net/raw6\x00', 0x500, 0x0) pread64$auto(r3, 0x0, 0x202, 0x1000000000000007) r4 = memfd_create$auto(0x0, 0xb) write$auto(r4, 0x0, 0xfdef) ioctl$auto_BTRFS_IOC_SCAN_DEV(r4, 0x50009404, &(0x7f0000000100)={@raw=0x9, "046efcf28ae27118453a0c11f913ea226b5d9af2d8e1fa3f9cc1dc51b9c5abdc31a661eb51b7a02762f337de7e04d1ac3688a453a62d0de2dd4062f6d4ed525efbfbf302c91e45e753bbf1f1b9a2afa05f630d1a6e445be2f6a50358b3725e5a1b766e7bf5d46c21c5224118ab5929f158551d1c78e0cec1e9fb59317e5b2da7e1c3ef1badae0a50368add6733cf6819b27f51c0de4144b18feb8841c7b6a05d35d5e87fb2cfc3f43e9ca66a75fd5bbc1a98da50b1a70eedd268c24cae0958922c98cac7953b5159e61ca48591d8dfdf81142f0ed22862fa5af9eb51d197c83224578cb08a0ccf253f07abe85c4c078578e1507632a8fa689aa343896e7f6a4a37c45297d55df3c3e6b5401b4b63e8bce7118c39f3321ea5b6ec1d5424f72af7bd9771ad19bd7f8a3057f30e3e17e85ce85b772ceac29652b5ecfabd8b014720b7f99f30c96c77b1e70dad3cfc594e3894bfaf42be7b99cd2712a62a57344bc21d2a170e33701b92c473aa9894dc14ee13e81e3862e90f9423f83beeb7caa5018e956a2c7ff19e978c7cc33e773e79468eeefcb7e330ae78fc5b1730345fcd346ac92ed4dfe522afd76e3985577ad1d6b4e4baa1a4af6c7c2fa4fa7064bf75109cd05744b79847ea77c735b4982da63e754850f9a993d034aa055ad3e252f905e5b5612b1553b8078ef00ff535d72e0baec12bd900ade611efa0efe0b9f55cb80d816441c0d909196fd7280b2931e781e5742d742c6945d12f9ab3051fce641baccc9388e7ba3f4142db3b6ee6bd598070123e3c5cedb881ab1321e7386feb6156e8b8ae87f0b7c165bd3173c199723f40d0d6be324d8933d7ac84f452a691b23a242f93df0733249f3e4257b61fb81cf0f02eafb754a0c5635e40b8469575d470ef031071875ad7b9f38976dc8933e9105a8dd37cd8ee73972bca9d744182f1c5d529180234ee4cd1d2e4002d9877e39d183ac71955dac7ecf8b5d4ed4d235fb07611d0329f70bca5ca8db1ce66b9edd025855a30e5d1f9b410c6d488016563fea7b4e406be876d8ea24b6cab8437763f6d59f7ac4bdbfacf45906c2b0ac0adbe7e851f179c535187edfcabfa52cfad69b48f5113299c56c8792fba37c1fcaf1620c5875a480eca620879938633fd72eed42e8de3e0a59112daa46e923e4a090b7de2637c6398a0ddf71ba7601abf6193ffe320482a344130e4287caa86ec09149ec499a5e78ea47f3b9441db6333caa56c43d549cb258849976839154e916635ad70b8e00f47af037b469ca0a10da2bf328555c65d811763bb3ba92ed62863b27dd23ebb89852b70f17a033133f1c4af406ff63f15da19a4051ea61e58af85160e34cd8c8dff725cc80ca4e8d56c5cc29985a5f42bda5f74706f8e3f64d0e66dc1c31de7ada91071f2890c6376fe1d472f562ce162d6b7a2ed707fd675b30b55258f09cf1b8461524916672110c561526deb024fbb96c4b546620d48cba9146402fb79c9db5f50eef5206e2f8012f559aaf1f93160a3e1adb4027e793c94298735f18ee09be8348122cfd945c149f8cb3656e21162758841cdd8d49cbdd2cce2f840a3fa5244a31858f051ad9208d17d4212f003eab8be3e3240b30f3f7fdf9639f52a90890d676384054ef76ecf027874eacca59990f2c224627f0c8b02638a77e10d467e1fe7d5942efd43a1156934883b048c45bd5dd7f4e6ccaac2e62ce9dfd44ffd73397a57e65dd5c5d674a07644bdec212c5263d09c81533a5daadc4cc6aaf62c4f039452fde64c18724de140fa953ff6d521413b3c8ffe4ee567c4f370475860cfafa78a86ee9e174d58512490eca95faae37159071d03b4457075d7633d1da1c0783c8e42f7317402b87a39e95d2c5f9bd51361b5caa87095e3109c0d8ff7b8b8cd3283f920ae02b0b3d497e12d9ed9bc96b779118efae4056f077750556e7f64b3fc753e78d3266c6a3b81724954cc96a80c1d48122813a9421ff242c96c3911b51bc6b8c5c7e70db26eb3c5c6d80b361a204108f3988d4178da7f5ad866303e396eeaddcbc399cbed96636d9829377ac050ccfd10d9832fab2a07f822e0eb1ae93c986c36c130dd8c8b992db51d1a23fb8311bf207223573caa4de6fd9efb69dc56de173821f44700690fd21b7054ae67664f8da6152241d6005e133950c97b019133b63fc03240aa17046267866d3ae953ada82c0cf6c7d36f5f595d79365f1d3f3966ac05d920a1320f5d0932497c1fecacfed1379545e8253cfd0744da09ab4705ebc12d1f6eb22a3ff23970598e706f20f478f723b6bc09f927ebfcba5e1ee8009078b00aa967c2756252a52a16296842d84bc09ed081cf3d7deb13302be797013eb642a8259e9bcae33cfacdddf262d0c9363e047c363aa4a554a774f36a9b4211e13859d73a4310d63de9c8a5c67b3bc2b268816b98d08ea311937b7b1ed8a8bc4fbe6b8c01296c19e926cba4d9286ed91f4501afbc23c48e5845a6288a5f08160e18e1f359b51e37b2a3388c5c9e7b419644adf7ab8be1f0df62ef74953cfb7d8aeab737aa0a889a17c59587d9d9851982e983186c93f6d9b165f9a7b4403a0a7ef2e26b6749b41d457fa688c2eedbbbb9e66383fcedf8b95435814c1172ea934beaaae2262920d13dfd1afb4ae68394e90f138732a59b864a99400936fbf60e9390457c07e199e6d04ba79dcf77f01e932cf57a1f3e25b280f465a353b8abfa2fe241ac4332669baa4aae053e494ccce626d78b363ba859dbf4b39b0f765cf17739efb750ce1cd1432e640babe4acd10bc63ec9dfb1946c0276127d1bda52b495d9d5eba71942d8f8de2923873c21bbe56368adabf36c3686233880bf9fe034a10653b41e6fe98b67637bc148cc67fbae9c5959ced80ff69ee3e171fb467c460430109b8d0ef9791916ddafc4623a0c570e196262b202ab7b03df7fc37145bcdbb3c60fa305c1abf7cc88f52ac6005b7da1491f15b530b1bb41e882dfa00514dcae2e63ec0bbf142aa9e3e8b2600090a96d2c80e2843c592206791c8c7d9dc3551b50be9e3708020db8d4295ce3a4221a895819ec663af75f06aac4dc09de9c246c4c96ad2e9b2fe5c970848f00b67c729f04ac7d87b8bfdf8453594c44340df906958ab6752de1c93582240a2f6bd4e89aefabc04af508cefd8c82f3ab7425811670a58b5414e70b6fd277e4e415047534a957bae4972eeb280911ba897ad8fe8d88074875d6a83053002ae38f681773a5838aefc2153d32dc57e65c8bdd49340873939ddeaf4de06688a8ec37092eaf859ba96c1bb20a0c9592fb886d1f8acac29a1b8ccecbecd146a7b8a7324b6502dd628333689419f19ef5125433dd0f735e95a2d434ede254f3cd44205ae29c598aa5daeecdfb9e77191d7925aede8a7b60a5d68a6b1e541eb78e52f5129720add833bc529510ba670760896a97ee2214fcf4bf62a0838076058f6db2b8c4988387f04984a6e8f064661681f7799302671c812bd59d58f6bcf9809e40d0d91d1d0d8dc82f51fc787b093eb91f013dfe652d17f78c5a30c553759b5bfae3ca075177908fe4b10794db701226308f1f1fc4388bf412738041799a2e485a065561ffd619be42f1ceb19de4ee0fa13f80e050625dd3580b93596b96e702ca095ce90f72d153453145f4092ee22ae4a5eb9f07847142c3aef3abe836b81a38a92904ed3270460ef804520f09c667588867ec6c559180f31cf4fb7c6c5f3edfbc2e8cacccb7637be42a8bc53565c88b9da1e6cc6a2632e8e74715b554c9e2db5fba359994c307888d179957fe3651c43bcf72d374e8d7c213410786effc8b4f6bf26cc45d1b0a7492513fc15f876e0eb8cda146b1ebdc5444bb1299484ec9e2f70a3d6f939c64af12f77afd35160c1cdd932f396dcb2bff38530a314f339a9cc4235788bd46035dc75190cbfe397765d880ee749e0d3ebd80e0ec5e4cf5a226e70c91bec9e4087bcb335fc5cdf37a8d8e144f679460d03470d298e61f08f93f0d13697a400e1e1e4d146257f819daae3e2edeff7f185ca759195163dca6c70efaaa61d3b1db2c275adcdfd3f24873a4b28128927639b9bbe5a035a61034a9f7c19fda92efdf8143085927d8d352bbc9bc056294206054422a310bf24edd52ff94cc506c6813924d9bf254aa48505150faea84f834b04fd65479e8e0ffb7de840fa0d14f35f71b40562c32a67c0251be2c7b65ca5900ef3e6275a6338ea4a8c8f054272beb8bd9aa50e3322cb6c17377c181859e156a27d0ce6615328b880c1fb3fd40076c2a1dc010f2bb1191d89e328be638547d7da9a3e047c8955a6bec302970037564e892e4a570445275ceec1cbae974ae40f4baa6d4c1f059456b344a66ac315df45c902130e94ea224d928fa7c0c799792379b784e1268d8f25413be78468055900ffd0daeeef5c17602d6572e196f995fa6eea0a79b5679013ba27af91381feac347cab8a963d199520d6e878a1f03cefc2378dd661c5bebfd51cc426a614d56673a586881e3a39d578c2f7eb34d4d5deabd6414146da8b636288fb7affd7b7697abe48dba789f2a6660f67ebfc0d26e1b6ea373452a89e05bae10decb8283282bd7bd369ed3bdb9857304669d72191521d74c1f1659887f5999cd331f71b1a621cf3b4e768be1469dc4c47ee25d0b4f044ec31011879aa0e1c280924f7aa967087f13cf51f08271dc979a4fdcab6b560413cd6a0b8098ca13eb1e327f758074aa4a4cd9d4ebe266f528711de95e59f281f5cc9753a1a9dd5bf76ec1ed49436de959462c9dfde661269b9ec3f66ba1f63cecc7eed9b4d42b71929bd63bfd7397e6821b9d30761236d7cc8318e497a155f7c69ec7e227d5d228e5fe4fce11c304b0ee084a139b8bdd799845bf305a594eec21bffa0d98217e09c87bca24c0785b10ad2311e211acdd3d7063b7da2914df12336a3e8114d9927505dd106c58efc0562f9f2915c2a7cf1c0849e124e4d4892d7ffa60574e089b9ea57c412ba4389a5e46b10b3460fe1d847ea97bdb6f04fcab1f3472ed048bdcb47615ce8bf7506ab0b84435d33bef5ad60db54858ac2049660c653b29b5297ccc69169f824f6a2413aeb8db9d2e4c04d14b67265ac956d7172757334b38149ae7b723b0f1f9d52c946e06cbb314cac7674f201d3562911b3883975aa917539d1fe99e25c42db1f07f5b372ee32eec310a435e3a6d76d172e390ef67bc460a78ea1c72fdec0a66e72f09e99d5ccc5a2374a89dcf07678ae68e6862f970911aa11ea58fca1735a35a3ebd0caee959bf91ab6f3b5d611e6672c9faa7acc749a1b087651004efea13d826ecec03a262be2b9fe39d673f6027ebf3cefd054561ae9520e85ab442724b3bc385e87c540aeb5017ce243f8e78f22347c25ad578ed1734361436496956e59c989f9ceefb8c2ef24daaf4c58f5e657bd9543b99606d2c3b08e6dc70dadbc45c112342f41ed77ebeffc0cfb4019b648c0b5fcddf2525ada5aeae8e86980c7f78a64275cdbf2c7ea26fbc36161e0d48d96b678e28434db5bc99e7d16f97eec9999a5c42e95b2b992024ba297ad13f83c6043cc532bf8bf8f02c1885cdaffdfb8bcd206ac4539ead0fa16b3a5c5c360cf8eceb914d4f0699a62ad37a8b184ac5744fd484f0e756f2314cad797625c92be037069be653cd8521243745774ad4b65cf4d597e812e970898d0a8e04ac91400b9eb5a4ce3b8844d7119e236b78f274d8ca0c191090c14f183d66978b0e9bc1276d738ff6047578e518800"}) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r0, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0x14, r2, 0x311, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40408a4}, 0x4000) 135.624197ms ago: executing program 2 (id=2644): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_psample(&(0x7f0000007a40), 0xffffffffffffffff) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r0, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0x14, r1, 0x311, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0xf0}, 0x0) 0s ago: executing program 2 (id=2645): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000800)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x24, r1, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x7be1}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x9775}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) r3 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000140), r2) r4 = getpid() sendmsg$auto_SEG6_CMD_SETHMAC(r2, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000180)={0x528, r3, 0x100, 0x4623, 0x25dfdbfe, {}, [@SEG6_ATTR_HMACINFO={0x50b, 0x7, 0x0, 0x1, [@nested={0x24, 0x4d, 0x0, 0x1, [@typed={0x7, 0xbe, 0x0, 0x0, @str='^\\\x00'}, @typed={0x8, 0x7, 0x0, 0x0, @ipv4=@broadcast}, @typed={0x8, 0x13a, 0x0, 0x0, @u32=0x7}, @typed={0x8, 0x7f, 0x0, 0x0, @ipv4=@private=0xa010102}]}, @generic="ac097453c97e98aaa7367958e7bf71c1de5248a343ec96b3da636ea61d277d316dcbf040b1f25f28a7b4199ee6efbf13f8c8ae638723f656cd709dfd3ba2f1c2bca5", @typed={0x8, 0x91, 0x0, 0x0, @pid=r4}, @generic="89257aab4fbdbf212b951913401259d6acce336e3ce3fee8c3a8903b0ad0dd3567f466e20d6791d56bf656bfa2ece65e21c10a7915f9438e7c7999b9fcc4cf9257d672cf74d66c02099bf7bec9345b730a15a13ba1b4ec39fa4917751c5d44200e74a53d5a4b7db18ff19decaac6ab064810ed9581bbaf591d66522ad4aa8dda5e3a54475222a6bd3b53215c258052bab2706b29db2d15c28608990f75833b88b297ab3ac47082d804d4083d9b22a578d86d978298bc40d363b48d1e1612f6a98a945963ffcaa27a0a20cc7c165d9a524b7a1b8cb623f5bbc4a0542f2fad4eaa8f189028a4", @nested={0x1fe, 0x55, 0x0, 0x1, [@nested={0x4, 0x4b}, @typed={0x8, 0xa8, 0x0, 0x0, @uid=0xee00}, @generic="65e677726a", @typed={0x8, 0xcc, 0x0, 0x0, @ipv4=@local}, @generic="80c0aff8308427698dd1d0a4646bd010076d886bac4cc415aec36b8b1db046843456a0e5fc5f329151dcda485932bf1b1b877d8dd641afc16eaa4b4f8b93bda2a603448ad012d9dfe509295a09da18b9fdde6cc0b333dad3f44dbb622a2d48a926bb0c9ecee1f780cb20cb04d999aa9f", @typed={0xc, 0x130, 0x0, 0x0, @u64=0x4}, @generic="bd69488d419b6dc5de83e0a8af0b6550f827e09aaf26cb1a3587d4e8d15aca53c5160bd909df398d88c2b6e3534a582ebd46adc904ec36c78aac336db3f81bf79413b28fe258045539fad90c1f7480474bf7407cf238293f84fce051904678544067e1428c36389b279c8654608ae0302550f925f46ea287b94049e51888a4235c4be74819b6e8f3d96c3a2852ea6040d3a7c0dee8ae8d83279e1401690bb2f92f4410", @generic="2fdff6d1fa098846648138fd6295fb32a2a98ebfd17eac6b6bd8469eb86c5bc202810322fb5ac62cdf89012d4e78a215eab5e75fc2fe41fbc7646f412ca98a9975e1331984eb38c1bf20fe9b1a477bb07d8fef5d5caf0b7a135b5a760c7bf911b84746fe29665493e0528ff76392a5b7b8cb09fe91554eed66b0cda9b7d2389cd092c63ccfe4d566dc85021e34722c33b3e41a6320f1389a9c7bd47b8100eb6112b71a455ea3d8ddd4490d579abb29f1ce8891c1ad71b75939f0ca24fc148430d44c"]}, @nested={0xb3, 0xce, 0x0, 0x1, [@generic="4c4b92d0271aadc389aad29f5b19f27085ff220c8cc400a43ec7181810879c49e6964283fb53b87a8f0361de0a2c1ae38b4e7376f8a84698096ed1fe7d7eedf03f232fd1d89c2a48aad728154e8d4ced37088f05313cfb539649f49e78bd62ee72c70712d6ffcb47ec8e8132b175e230e6bb5a4bca920e48694fd01c8ef0bf395ce16d51caca706c186005fbfb4dd8cc8d57d7498f1ccb260191e830b8bb3d67bb0497d292e708fa9624dc", @nested={0x4, 0xb4}]}, @nested={0x100, 0x92, 0x0, 0x1, [@generic="f06a178efc22e823d1002bf2f7537ee8f3fccb91bc88107db57dd5effe4c9dd66bf8b7e1768091b256e5dc5797b7ac0b726a5c7d1ca93118abbeab3b504b09d3b9e5a6a8b366a34ca0ecd4740a38d50e48b47a6506f146f08069600629380fac557940bd1c9cd3dbcba8f3e0a19f1f911c8f1ac738c2dbfaa15bfd6444230f4a53c789eebeec49d6b2400ab4258c66c0b52639260b78cf28223b43fcee75f148d9eb4ac4a076f395dbe691734be24c33413a29ea2b87bf36411199236fb40e596e4d349ec1419994e04f7bb2ee1853b3675a5311d5ee505d6891f6807a761b16a8c73c8736fe482fa19d137e40e9bf26932c5913", @typed={0x8, 0xa4, 0x0, 0x0, @ipv4=@multicast1}]}]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5}]}, 0x528}, 0x1, 0x0, 0x0, 0x50}, 0x14) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/make-it-fail\x00', 0x40002, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) ioctl$auto_SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000040)="a24d517214319b63c1fc95c5d48636681ba08b7a031b76581f5703c99e365224c329dd8aebb9d1b618b723dd848a9f6745a9b709b66a3fa52676eb811a3020b28c05c7a2d6e4d8df95cd940dfcc5ba0a4557a111743682") mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) mincore$auto(0x7, 0xc, 0x0) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x58) kernel console output (not intermixed with test programs): ache_alloc_noprof+0x6d/0x3b0 [ 503.261556][T13345] ? __pfx_map_id_range_down+0x10/0x10 [ 503.261588][T13345] ? prepare_creds+0x2c/0x7d0 [ 503.261628][T13345] prepare_creds+0x2c/0x7d0 [ 503.261662][T13345] __sys_setfsgid+0xe3/0x380 [ 503.261695][T13345] do_syscall_64+0xcd/0x230 [ 503.261731][T13345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.261757][T13345] RIP: 0033:0x7fbfa478e969 [ 503.261777][T13345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.261801][T13345] RSP: 002b:00007fbfa55be038 EFLAGS: 00000246 ORIG_RAX: 000000000000007b [ 503.261826][T13345] RAX: ffffffffffffffda RBX: 00007fbfa49b6160 RCX: 00007fbfa478e969 [ 503.261843][T13345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee01 [ 503.261857][T13345] RBP: 00007fbfa55be090 R08: 0000000000000000 R09: 0000000000000000 [ 503.261873][T13345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 503.261888][T13345] R13: 0000000000000000 R14: 00007fbfa49b6160 R15: 00007ffe1f8c2c68 [ 503.261923][T13345] [ 504.321232][T13378] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1926'. [ 504.973042][T13405] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1930'. [ 506.014049][T13415] ovs_: entered promiscuous mode [ 506.426975][T13439] FAULT_INJECTION: forcing a failure. [ 506.426975][T13439] name failslab, interval 1, probability 0, space 0, times 0 [ 506.526346][T13439] CPU: 0 UID: 0 PID: 13439 Comm: syz.3.1933 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 506.526383][T13439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 506.526397][T13439] Call Trace: [ 506.526406][T13439] [ 506.526416][T13439] dump_stack_lvl+0x16c/0x1f0 [ 506.526455][T13439] should_fail_ex+0x512/0x640 [ 506.526488][T13439] ? __kmalloc_noprof+0xbf/0x510 [ 506.526518][T13439] ? lsm_blob_alloc+0x68/0x90 [ 506.526539][T13439] should_failslab+0xc2/0x120 [ 506.526568][T13439] __kmalloc_noprof+0xd2/0x510 [ 506.526601][T13439] lsm_blob_alloc+0x68/0x90 [ 506.526624][T13439] security_prepare_creds+0x30/0x270 [ 506.526659][T13439] prepare_creds+0x56f/0x7d0 [ 506.526696][T13439] __sys_setfsgid+0xe3/0x380 [ 506.526728][T13439] do_syscall_64+0xcd/0x230 [ 506.526764][T13439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.526790][T13439] RIP: 0033:0x7fbfa478e969 [ 506.526810][T13439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.526834][T13439] RSP: 002b:00007fbfa55be038 EFLAGS: 00000246 ORIG_RAX: 000000000000007b [ 506.526858][T13439] RAX: ffffffffffffffda RBX: 00007fbfa49b6160 RCX: 00007fbfa478e969 [ 506.526874][T13439] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee01 [ 506.526888][T13439] RBP: 00007fbfa55be090 R08: 0000000000000000 R09: 0000000000000000 [ 506.526903][T13439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 506.526918][T13439] R13: 0000000000000000 R14: 00007fbfa49b6160 R15: 00007ffe1f8c2c68 [ 506.526952][T13439] [ 507.078068][T13386] Process accounting paused [ 507.211601][T13452] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1938'. [ 507.799291][T13460] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1942'. [ 509.285072][T13488] netlink: 'syz.0.1946': attribute type 1 has an invalid length. [ 509.724273][T13475] zswap: compressor not available [ 510.203219][T13506] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1951'. [ 510.354493][T13509] program syz.1.1952 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 510.539018][T13508] FAULT_INJECTION: forcing a failure. [ 510.539018][T13508] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 510.633330][T13508] CPU: 1 UID: 0 PID: 13508 Comm: syz.2.1950 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 510.633367][T13508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 510.633381][T13508] Call Trace: [ 510.633391][T13508] [ 510.633401][T13508] dump_stack_lvl+0x16c/0x1f0 [ 510.633442][T13508] should_fail_ex+0x512/0x640 [ 510.633481][T13508] _copy_to_user+0x32/0xd0 [ 510.633520][T13508] simple_read_from_buffer+0xcb/0x170 [ 510.633559][T13508] proc_fail_nth_read+0x197/0x270 [ 510.633595][T13508] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 510.633631][T13508] ? rw_verify_area+0xcf/0x680 [ 510.633664][T13508] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 510.633699][T13508] vfs_read+0x1e1/0xc70 [ 510.633728][T13508] ? __pfx___mutex_lock+0x10/0x10 [ 510.633762][T13508] ? __pfx_vfs_read+0x10/0x10 [ 510.633797][T13508] ? __fget_files+0x20e/0x3c0 [ 510.633832][T13508] ksys_read+0x12a/0x240 [ 510.633855][T13508] ? __pfx_ksys_read+0x10/0x10 [ 510.633876][T13508] ? syscall_user_dispatch+0x78/0x140 [ 510.633921][T13508] do_syscall_64+0xcd/0x230 [ 510.633958][T13508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.633983][T13508] RIP: 0033:0x7f3a65b8d37c [ 510.634003][T13508] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 510.634027][T13508] RSP: 002b:00007f3a639d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 510.634052][T13508] RAX: ffffffffffffffda RBX: 00007f3a65db6160 RCX: 00007f3a65b8d37c [ 510.634069][T13508] RDX: 000000000000000f RSI: 00007f3a639d50a0 RDI: 0000000000000005 [ 510.634085][T13508] RBP: 00007f3a639d5090 R08: 0000000000000000 R09: 0000000000000000 [ 510.634099][T13508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.634114][T13508] R13: 0000000000000000 R14: 00007f3a65db6160 R15: 00007fffe6b21c98 [ 510.634148][T13508] [ 510.913996][T13511] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1954'. [ 513.027324][T13533] Process accounting resumed [ 513.069148][T13538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78408 [ 513.086124][T13538] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 513.097651][T13538] memcg:ffff888012bc8d81 [ 513.103968][T13538] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 513.129684][T13538] page_type: f5(slab) [ 513.140014][T13538] raw: 00fff00000000040 ffff888140e8f640 0000000000000000 dead000000000001 [ 513.148856][T13538] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888012bc8d81 [ 513.157583][T13538] head: 00fff00000000040 ffff888140e8f640 0000000000000000 dead000000000001 [ 513.166330][T13538] head: 0000000000000000 00000000000c000c 00000000f5000000 ffff888012bc8d81 [ 513.191814][T13538] head: 00fff00000000002 ffffea0001e10201 00000000ffffffff 00000000ffffffff [ 513.243414][T13538] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 513.252228][T13538] page dumped because: unmovable page [ 513.261369][T13538] page_owner tracks the page as allocated [ 513.275635][T13538] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5495, tgid 5495 (dhcpcd), ts 57099591281, free_ts 28350435270 [ 513.304428][T13538] post_alloc_hook+0x181/0x1b0 [ 513.309252][T13538] get_page_from_freelist+0x135c/0x3920 [ 513.314968][T13538] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 513.340505][T13538] alloc_pages_mpol+0x1fb/0x550 [ 513.365722][T13538] new_slab+0x244/0x340 [ 513.369939][T13538] ___slab_alloc+0xd9c/0x1940 [ 513.377657][T13538] __slab_alloc.constprop.0+0x56/0xb0 [ 513.383259][T13538] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 513.389031][T13538] proc_alloc_inode+0x25/0x200 [ 513.393873][T13538] alloc_inode+0x61/0x240 [ 513.398232][T13538] new_inode+0x22/0x1c0 [ 513.402519][T13538] proc_sys_make_inode+0x47/0x5c0 [ 513.407586][T13538] proc_sys_lookup+0x282/0x410 [ 513.412419][T13538] lookup_open.isra.0+0x4da/0x1580 [ 513.417589][T13538] path_openat+0x905/0x2d40 [ 513.422922][T13538] do_filp_open+0x20b/0x470 [ 513.427478][T13538] page last free pid 1 tgid 1 stack trace: [ 513.433498][T13538] __free_frozen_pages+0x69d/0xff0 [ 513.438665][T13538] free_contig_range+0x135/0x3f0 [ 513.444185][T13538] destroy_args+0x66f/0x830 [ 513.448740][T13538] debug_vm_pgtable+0x130e/0x2d50 [ 513.453859][T13538] do_one_initcall+0x120/0x6e0 [ 513.458666][T13538] kernel_init_freeable+0x5c2/0x900 [ 513.464621][T13538] kernel_init+0x1c/0x2b0 [ 513.468998][T13538] ret_from_fork+0x48/0x80 [ 513.476586][T13538] ret_from_fork_asm+0x1a/0x30 [ 513.501394][T13539] can: request_module (can-proto-0) failed. [ 513.679407][ T5831] Bluetooth: hci0: unexpected event 0x3d length: 726 > 14 [ 513.798189][T13558] netlink: 26 bytes leftover after parsing attributes in process `syz.0.1963'. [ 513.828557][T13558] openvswitch: netlink: Tunnel attr 5638 out of range max 16 [ 514.263683][T13564] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1964'. [ 514.589054][T13573] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1967'. [ 514.762160][T13578] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1968'. [ 515.633709][T13592] netlink: 'syz.1.1969': attribute type 11 has an invalid length. [ 518.394104][T13630] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1977'. [ 519.478734][T13644] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1979'. [ 519.957667][T13648] vhci_hcd: invalid port number 255 [ 519.984930][T13648] vhci_hcd: default hub control req: 0306 v0001 i00ff l1 [ 521.814596][T13678] ima: policy update failed [ 521.821777][ T30] audit: type=1802 audit(6042066739.079:5): pid=13678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.1986" res=0 errno=0 [ 522.563199][T13685] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1987'. [ 522.971905][T13696] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1991'. [ 524.285664][T13728] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1998'. [ 525.235310][T13756] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2004'. [ 525.929453][T13767] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2007'. [ 526.268160][T13751] kexec: Could not allocate control_code_buffer [ 526.393211][ T30] audit: type=1326 audit(6042066743.649:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13770 comm="syz.0.2009" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f13a5d8e969 code=0x0 [ 527.640320][T13803] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2017'. [ 527.797582][T13812] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2018'. [ 529.594465][T13851] can: request_module (can-proto-3) failed. [ 529.794127][T13846] can: request_module (can-proto-3) failed. [ 529.932306][T13855] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2027'. [ 530.577654][T13869] netlink: 'syz.2.2030': attribute type 19 has an invalid length. [ 530.590632][T13869] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2030'. [ 530.623505][T13871] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2029'. [ 531.711957][T13882] netlink: 'syz.1.2034': attribute type 1 has an invalid length. [ 531.761911][T13884] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2033'. [ 532.652822][T13899] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2039'. [ 533.975015][T13937] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2049'. [ 534.735480][T13952] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2051'. [ 535.566053][T13978] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2059'. [ 536.054666][T13996] netlink: 'syz.0.2060': attribute type 1 has an invalid length. [ 536.554383][T14010] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2065'. [ 537.213376][T14020] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2068'. [ 537.406984][T14030] netlink: 'syz.0.2070': attribute type 16 has an invalid length. [ 537.416475][T14030] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2070'. [ 537.476939][T14030] veth1_macvtap: left promiscuous mode [ 538.019813][T14031] Process accounting resumed [ 538.647152][T14056] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2076'. [ 538.993890][T14063] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2078'. [ 539.234445][T14067] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2080'. [ 540.121154][T14077] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2082'. [ 540.270883][ T30] audit: type=1804 audit(6042066757.509:7): pid=14073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2081" name="/newroot/513/file0" dev="tmpfs" ino=2757 res=1 errno=0 [ 542.159298][T14112] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2090'. [ 542.222637][T14110] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2089'. [ 543.933495][T14125] Process accounting paused [ 544.473880][T14168] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2100'. [ 544.670531][T14171] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2102'. [ 545.668845][T14187] synth uevent: /bus/hid/drivers/zeroplus: unknown uevent action string [ 547.132174][T14208] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 547.194534][T14211] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2112'. [ 547.403767][T14217] ICMPv6: process `syz.1.2114' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 550.283465][T14283] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2126'. [ 551.741000][T14299] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2131'. [ 551.811928][T14305] netlink: 'syz.3.2133': attribute type 19 has an invalid length. [ 551.830027][T14305] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2133'. [ 551.918129][T14310] ubi: mtd0 is already attached to ubi0 [ 551.959851][T14308] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2142'. [ 552.868955][T14333] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2139'. [ 554.664800][T14356] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2145'. [ 554.935884][T14364] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2148'. [ 555.567207][T14376] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2149'. [ 555.608105][T14378] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2150'. [ 556.177451][T14393] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2154'. [ 557.553772][T14407] ovs_: entered promiscuous mode [ 558.143661][T14427] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2163'. [ 558.698983][T14438] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2166'. [ 559.091806][T14445] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2168'. [ 560.194629][T14460] FAULT_INJECTION: forcing a failure. [ 560.194629][T14460] name failslab, interval 1, probability 0, space 0, times 0 [ 560.218937][T14460] CPU: 0 UID: 0 PID: 14460 Comm: syz.0.2179 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 560.218977][T14460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 560.219017][T14460] Call Trace: [ 560.219027][T14460] [ 560.219038][T14460] dump_stack_lvl+0x16c/0x1f0 [ 560.219082][T14460] should_fail_ex+0x512/0x640 [ 560.219116][T14460] ? __kmalloc_noprof+0xbf/0x510 [ 560.219148][T14460] ? drm_atomic_state_init+0xe4/0x320 [ 560.219181][T14460] should_failslab+0xc2/0x120 [ 560.219212][T14460] __kmalloc_noprof+0xd2/0x510 [ 560.219250][T14460] drm_atomic_state_init+0xe4/0x320 [ 560.219283][T14460] ? __kasan_kmalloc+0xaa/0xb0 [ 560.219312][T14460] drm_atomic_state_alloc+0xd3/0x120 [ 560.219349][T14460] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 560.219383][T14460] ? __pfx___might_resched+0x10/0x10 [ 560.219413][T14460] ? rcu_is_watching+0x12/0xc0 [ 560.219440][T14460] ? trace_contention_end+0xdd/0x130 [ 560.219474][T14460] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 560.219551][T14460] drm_client_modeset_commit_locked+0x14d/0x580 [ 560.219592][T14460] drm_client_modeset_commit+0x4f/0x80 [ 560.219625][T14460] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 560.219657][T14460] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 560.219694][T14460] drm_fbdev_client_restore+0x2c/0x40 [ 560.219729][T14460] drm_client_dev_restore+0x1f3/0x2a0 [ 560.219770][T14460] drm_release+0x2c4/0x360 [ 560.219804][T14460] ? __pfx_drm_release+0x10/0x10 [ 560.219831][T14460] __fput+0x402/0xb70 [ 560.219872][T14460] task_work_run+0x14d/0x240 [ 560.219911][T14460] ? __pfx_task_work_run+0x10/0x10 [ 560.219947][T14460] ? __pfx___do_sys_close_range+0x10/0x10 [ 560.219972][T14460] ? rcu_is_watching+0x12/0xc0 [ 560.220014][T14460] syscall_exit_to_user_mode+0x27b/0x2a0 [ 560.220054][T14460] do_syscall_64+0xda/0x230 [ 560.220094][T14460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.220120][T14460] RIP: 0033:0x7f13a5d8e969 [ 560.220141][T14460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 560.220166][T14460] RSP: 002b:00007f13a6ce2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 560.220191][T14460] RAX: 0000000000000000 RBX: 00007f13a5fb5fa0 RCX: 00007f13a5d8e969 [ 560.220210][T14460] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 560.220227][T14460] RBP: 00007f13a5e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 560.220242][T14460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 560.220259][T14460] R13: 0000000000000000 R14: 00007f13a5fb5fa0 R15: 00007fff6699d1d8 [ 560.220298][T14460] [ 560.492162][T14466] random: crng reseeded on system resumption [ 560.819424][T14476] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2174'. [ 560.988095][T14474] ovs_: entered promiscuous mode [ 561.028149][T14480] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2175'. [ 561.681925][T14492] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2178'. [ 562.457378][T14509] FAULT_INJECTION: forcing a failure. [ 562.457378][T14509] name failslab, interval 1, probability 0, space 0, times 0 [ 562.478993][T14509] CPU: 1 UID: 0 PID: 14509 Comm: syz.3.2185 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 562.479034][T14509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 562.479050][T14509] Call Trace: [ 562.479060][T14509] [ 562.479070][T14509] dump_stack_lvl+0x16c/0x1f0 [ 562.479115][T14509] should_fail_ex+0x512/0x640 [ 562.479151][T14509] ? __kmalloc_noprof+0xbf/0x510 [ 562.479184][T14509] ? drm_atomic_state_init+0xe4/0x320 [ 562.479219][T14509] should_failslab+0xc2/0x120 [ 562.479254][T14509] __kmalloc_noprof+0xd2/0x510 [ 562.479292][T14509] drm_atomic_state_init+0xe4/0x320 [ 562.479325][T14509] ? __kasan_kmalloc+0xaa/0xb0 [ 562.479354][T14509] drm_atomic_state_alloc+0xd3/0x120 [ 562.479390][T14509] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 562.479424][T14509] ? __pfx___might_resched+0x10/0x10 [ 562.479456][T14509] ? rcu_is_watching+0x12/0xc0 [ 562.479482][T14509] ? trace_contention_end+0xdd/0x130 [ 562.479516][T14509] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 562.479592][T14509] drm_client_modeset_commit_locked+0x14d/0x580 [ 562.479632][T14509] drm_client_modeset_commit+0x4f/0x80 [ 562.479665][T14509] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 562.479697][T14509] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 562.479735][T14509] drm_fbdev_client_restore+0x2c/0x40 [ 562.479772][T14509] drm_client_dev_restore+0x1f3/0x2a0 [ 562.479823][T14509] drm_release+0x2c4/0x360 [ 562.479859][T14509] ? __pfx_drm_release+0x10/0x10 [ 562.479888][T14509] __fput+0x402/0xb70 [ 562.479929][T14509] task_work_run+0x14d/0x240 [ 562.479969][T14509] ? __pfx_task_work_run+0x10/0x10 [ 562.480007][T14509] ? __pfx___do_sys_close_range+0x10/0x10 [ 562.480033][T14509] ? rcu_is_watching+0x12/0xc0 [ 562.480120][T14509] syscall_exit_to_user_mode+0x27b/0x2a0 [ 562.480168][T14509] do_syscall_64+0xda/0x230 [ 562.480209][T14509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.480238][T14509] RIP: 0033:0x7fbfa478e969 [ 562.480260][T14509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 562.480286][T14509] RSP: 002b:00007fbfa5600038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 562.480312][T14509] RAX: 0000000000000000 RBX: 00007fbfa49b5fa0 RCX: 00007fbfa478e969 [ 562.480335][T14509] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 562.480350][T14509] RBP: 00007fbfa4810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 562.480365][T14509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 562.480381][T14509] R13: 0000000000000000 R14: 00007fbfa49b5fa0 R15: 00007ffe1f8c2c68 [ 562.480415][T14509] [ 562.776249][T14509] random: crng reseeded on system resumption [ 562.812597][T14515] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2187'. [ 562.917666][T14519] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2190'. [ 562.946267][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.952866][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.334559][T14534] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2193'. [ 563.467494][T14537] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2194'. [ 563.576796][T14538] Invalid ELF header magic: != ELF [ 564.859502][T14559] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2207'. [ 564.984680][T14565] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2199'. [ 565.498255][T14576] FAULT_INJECTION: forcing a failure. [ 565.498255][T14576] name failslab, interval 1, probability 0, space 0, times 0 [ 565.541520][T14576] CPU: 0 UID: 0 PID: 14576 Comm: syz.2.2202 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 565.541558][T14576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 565.541575][T14576] Call Trace: [ 565.541585][T14576] [ 565.541596][T14576] dump_stack_lvl+0x16c/0x1f0 [ 565.541640][T14576] should_fail_ex+0x512/0x640 [ 565.541676][T14576] ? __kmalloc_noprof+0xbf/0x510 [ 565.541707][T14576] ? drm_atomic_state_init+0xe4/0x320 [ 565.541742][T14576] should_failslab+0xc2/0x120 [ 565.541775][T14576] __kmalloc_noprof+0xd2/0x510 [ 565.541819][T14576] drm_atomic_state_init+0xe4/0x320 [ 565.541855][T14576] ? __kasan_kmalloc+0xaa/0xb0 [ 565.541884][T14576] drm_atomic_state_alloc+0xd3/0x120 [ 565.541919][T14576] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 565.541954][T14576] ? __pfx___might_resched+0x10/0x10 [ 565.541986][T14576] ? rcu_is_watching+0x12/0xc0 [ 565.542008][T14576] ? trace_contention_end+0xdd/0x130 [ 565.542042][T14576] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 565.542114][T14576] drm_client_modeset_commit_locked+0x14d/0x580 [ 565.542151][T14576] drm_client_modeset_commit+0x4f/0x80 [ 565.542185][T14576] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 565.542216][T14576] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 565.542253][T14576] drm_fbdev_client_restore+0x2c/0x40 [ 565.542288][T14576] drm_client_dev_restore+0x1f3/0x2a0 [ 565.542328][T14576] drm_release+0x2c4/0x360 [ 565.542361][T14576] ? __pfx_drm_release+0x10/0x10 [ 565.542390][T14576] __fput+0x402/0xb70 [ 565.542431][T14576] task_work_run+0x14d/0x240 [ 565.542470][T14576] ? __pfx_task_work_run+0x10/0x10 [ 565.542508][T14576] ? __pfx___do_sys_close_range+0x10/0x10 [ 565.542534][T14576] ? rcu_is_watching+0x12/0xc0 [ 565.542566][T14576] syscall_exit_to_user_mode+0x27b/0x2a0 [ 565.542605][T14576] do_syscall_64+0xda/0x230 [ 565.542645][T14576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.542672][T14576] RIP: 0033:0x7f3a65b8e969 [ 565.542694][T14576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.542718][T14576] RSP: 002b:00007f3a66912038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 565.542744][T14576] RAX: 0000000000000000 RBX: 00007f3a65db5fa0 RCX: 00007f3a65b8e969 [ 565.542761][T14576] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 565.542777][T14576] RBP: 00007f3a65c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 565.542794][T14576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 565.542810][T14576] R13: 0000000000000000 R14: 00007f3a65db5fa0 R15: 00007fffe6b21c98 [ 565.542857][T14576] [ 566.038065][T14576] random: crng reseeded on system resumption [ 566.820221][T14597] netlink: 'syz.1.2210': attribute type 11 has an invalid length. [ 566.865582][T14597] netlink: 'syz.1.2210': attribute type 11 has an invalid length. [ 566.898435][T14597] netlink: 'syz.1.2210': attribute type 11 has an invalid length. [ 566.948373][T14602] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2209'. [ 567.418328][T14606] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078402400 pfn:0x78400 [ 567.459221][T14606] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 567.528029][T14606] memcg:ffff88802edfdf01 [ 567.581192][T14606] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 567.589772][T14606] page_type: f5(slab) [ 567.661840][T14606] raw: 00fff00000000240 ffff888141aaadc0 ffffea0001ebee10 ffffea0000dd6010 [ 567.749560][T14606] raw: ffff888078402400 0000000000150013 00000000f5000000 ffff88802edfdf01 [ 567.860311][T14609] could not allocate digest TFM handle binfmt_misc [ 567.868371][T14606] head: 00fff00000000240 ffff888141aaadc0 ffffea0001ebee10 ffffea0000dd6010 [ 567.931207][T14606] head: ffff888078402400 0000000000150013 00000000f5000000 ffff88802edfdf01 [ 568.056212][T14606] head: 00fff00000000003 ffffea0001e10001 00000000ffffffff 00000000ffffffff [ 568.128250][T14606] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 568.149013][T14616] random: crng reseeded on system resumption [ 568.250452][T14606] page dumped because: unmovable page [ 568.316249][T14606] page_owner tracks the page as allocated [ 568.337324][T14606] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5200, tgid 5200 (udevd), ts 55911700554, free_ts 28350383400 [ 568.363342][T14606] post_alloc_hook+0x181/0x1b0 [ 568.368167][T14606] get_page_from_freelist+0x135c/0x3920 [ 568.390440][T14606] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 568.402429][T14606] alloc_pages_mpol+0x1fb/0x550 [ 568.407925][T14606] new_slab+0x244/0x340 [ 568.420366][T14606] ___slab_alloc+0xd9c/0x1940 [ 568.427716][T14606] __slab_alloc.constprop.0+0x56/0xb0 [ 568.455570][T14606] kmem_cache_alloc_lru_noprof+0xf4/0x3b0 [ 568.480429][T14606] sock_alloc_inode+0x25/0x1c0 [ 568.488297][T14606] alloc_inode+0x61/0x240 [ 568.500424][T14606] sock_alloc+0x40/0x280 [ 568.504726][T14606] __sock_create+0xc1/0x8d0 [ 568.529849][T14606] __sys_socket+0x14d/0x260 [ 568.540008][T14606] __x64_sys_socket+0x72/0xb0 [ 568.556588][T14606] do_syscall_64+0xcd/0x230 [ 568.565737][T14606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.573856][T14606] page last free pid 1 tgid 1 stack trace: [ 568.579700][T14606] __free_frozen_pages+0x69d/0xff0 [ 568.585094][T14606] free_contig_range+0x135/0x3f0 [ 568.594624][T14606] destroy_args+0x66f/0x830 [ 568.599408][T14606] debug_vm_pgtable+0x130e/0x2d50 [ 568.604552][T14606] do_one_initcall+0x120/0x6e0 [ 568.617731][T14606] kernel_init_freeable+0x5c2/0x900 [ 568.624730][T14606] kernel_init+0x1c/0x2b0 [ 568.629518][T14606] ret_from_fork+0x48/0x80 [ 568.634524][T14606] ret_from_fork_asm+0x1a/0x30 [ 569.132120][T14645] snd_virmidi snd_virmidi.0: control 61678:131081:44:y>o[kd:0 is already present [ 569.145129][T14609] Process accounting paused [ 571.452587][T14704] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2230'. [ 574.827458][T14757] Process accounting resumed [ 575.344189][T14785] snd_virmidi snd_virmidi.0: control 61678:131081:44:y>o[kd:0 is already present [ 578.200855][T14828] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2269'. [ 578.222182][T14829] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2267'. [ 579.685681][T14853] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2283'. [ 581.211122][T14875] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2288'. [ 582.095336][T14885] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2282'. [ 582.117362][T14886] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2281'. [ 583.892825][T14903] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2295'. [ 584.589230][T14909] i2c i2c-0: delete_device: Can't parse I2C address [ 585.264927][T14929] vivid-009: ================= START STATUS ================= [ 585.272708][T14929] vivid-009: Enable Output Cropping: true [ 585.278533][T14929] vivid-009: Enable Output Composing: true [ 585.284469][T14929] vivid-009: Enable Output Scaler: true [ 585.300562][T14929] vivid-009: Tx RGB Quantization Range: Automatic [ 585.307058][T14929] vivid-009: Transmit Mode: HDMI [ 585.312333][T14929] vivid-009: Hotplug Present: 0x00000000 [ 585.354925][T14929] vivid-009: RxSense Present: 0x00000000 [ 585.363387][T14929] vivid-009: EDID Present: 0x00000000 [ 585.368848][T14929] vivid-009: ================== END STATUS ================== [ 585.992406][T14942] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2294'. [ 587.304250][T14959] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2301'. [ 589.457261][T15000] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2309'. [ 589.649730][T14997] vivid-009: ================= START STATUS ================= [ 589.663063][T14997] vivid-009: Enable Output Cropping: true [ 589.674259][T14997] vivid-009: Enable Output Composing: true [ 589.704301][T14997] vivid-009: Enable Output Scaler: true [ 589.710051][T14997] vivid-009: Tx RGB Quantization Range: Automatic [ 589.725519][T14997] vivid-009: Transmit Mode: HDMI [ 589.732435][T14997] vivid-009: Hotplug Present: 0x00000000 [ 589.738248][T14997] vivid-009: RxSense Present: 0x00000000 [ 589.744617][T14997] vivid-009: EDID Present: 0x00000000 [ 589.750649][T14997] vivid-009: ================== END STATUS ================== [ 590.495650][T15018] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2314'. [ 590.608301][T15020] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2315'. [ 591.135987][T15031] netlink: 'syz.2.2316': attribute type 11 has an invalid length. [ 591.181532][T15031] netlink: 'syz.2.2316': attribute type 11 has an invalid length. [ 591.233849][T15031] netlink: 'syz.2.2316': attribute type 11 has an invalid length. [ 592.262736][T15053] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2318'. [ 593.006154][T15050] random: crng reseeded on system resumption [ 594.034751][T15093] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2323'. [ 595.154516][T15108] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 595.163246][T15108] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 595.185092][T15108] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 595.204785][T15108] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 595.212704][T15108] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 595.319418][T15112] netlink: 'syz.0.2329': attribute type 11 has an invalid length. [ 595.333462][T15113] FAULT_INJECTION: forcing a failure. [ 595.333462][T15113] name failslab, interval 1, probability 0, space 0, times 0 [ 595.353873][T15112] netlink: 'syz.0.2329': attribute type 11 has an invalid length. [ 595.366493][T15113] CPU: 0 UID: 0 PID: 15113 Comm: syz.1.2330 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 595.366530][T15113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 595.366544][T15113] Call Trace: [ 595.366554][T15113] [ 595.366564][T15113] dump_stack_lvl+0x16c/0x1f0 [ 595.366605][T15113] should_fail_ex+0x512/0x640 [ 595.366640][T15113] ? __kmalloc_noprof+0xbf/0x510 [ 595.366672][T15113] ? drm_atomic_state_init+0xe4/0x320 [ 595.366704][T15113] should_failslab+0xc2/0x120 [ 595.366736][T15113] __kmalloc_noprof+0xd2/0x510 [ 595.366775][T15113] drm_atomic_state_init+0xe4/0x320 [ 595.366808][T15113] ? __kasan_kmalloc+0xaa/0xb0 [ 595.366837][T15113] drm_atomic_state_alloc+0xd3/0x120 [ 595.366873][T15113] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 595.366908][T15113] ? __pfx___might_resched+0x10/0x10 [ 595.366940][T15113] ? rcu_is_watching+0x12/0xc0 [ 595.366964][T15113] ? trace_contention_end+0xdd/0x130 [ 595.366998][T15113] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 595.367071][T15113] drm_client_modeset_commit_locked+0x14d/0x580 [ 595.367109][T15113] drm_client_modeset_commit+0x4f/0x80 [ 595.367142][T15113] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 595.367174][T15113] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 595.367213][T15113] drm_fbdev_client_restore+0x2c/0x40 [ 595.367258][T15113] drm_client_dev_restore+0x1f3/0x2a0 [ 595.367299][T15113] drm_release+0x2c4/0x360 [ 595.367333][T15113] ? __pfx_drm_release+0x10/0x10 [ 595.367361][T15113] __fput+0x402/0xb70 [ 595.367401][T15113] task_work_run+0x14d/0x240 [ 595.367439][T15113] ? __pfx_task_work_run+0x10/0x10 [ 595.367475][T15113] ? __pfx___do_sys_close_range+0x10/0x10 [ 595.367500][T15113] ? rcu_is_watching+0x12/0xc0 [ 595.367532][T15113] syscall_exit_to_user_mode+0x27b/0x2a0 [ 595.367570][T15113] do_syscall_64+0xda/0x230 [ 595.367609][T15113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 595.367637][T15113] RIP: 0033:0x7ff54f78e969 [ 595.367659][T15113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 595.367684][T15113] RSP: 002b:00007ff55050f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 595.367711][T15113] RAX: 0000000000000000 RBX: 00007ff54f9b5fa0 RCX: 00007ff54f78e969 [ 595.367729][T15113] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 595.367746][T15113] RBP: 00007ff54f810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 595.367763][T15113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.367780][T15113] R13: 0000000000000000 R14: 00007ff54f9b5fa0 R15: 00007ffd1ee78518 [ 595.367822][T15113] [ 595.667319][T15112] netlink: 'syz.0.2329': attribute type 11 has an invalid length. [ 596.142382][T15135] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2334'. [ 596.237521][T15107] chnl_net:caif_netlink_parms(): no params data found [ 596.524425][T15133] Invalid ELF header magic: != ELF [ 597.025772][T15107] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.035633][T15107] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.072038][T15107] bridge_slave_0: entered allmulticast mode [ 597.082347][T15107] bridge_slave_0: entered promiscuous mode [ 597.122202][T15107] bridge0: port 2(bridge_slave_1) entered blocking state [ 597.129448][T15107] bridge0: port 2(bridge_slave_1) entered disabled state [ 597.138300][T15107] bridge_slave_1: entered allmulticast mode [ 597.172411][T15107] bridge_slave_1: entered promiscuous mode [ 597.264533][ T5831] Bluetooth: hci4: command tx timeout [ 597.326719][T15107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 597.505743][T15107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 597.728406][T15107] team0: Port device team_slave_0 added [ 597.811928][T15107] team0: Port device team_slave_1 added [ 597.950807][T15107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 597.972215][T15107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.034854][T15107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 598.124281][T15107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 598.142067][T15107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.179483][T15107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 598.279204][T15107] hsr_slave_0: entered promiscuous mode [ 598.286385][T15107] hsr_slave_1: entered promiscuous mode [ 598.293835][T15107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 598.302883][T15107] Cannot create hsr debugfs directory [ 598.499053][T15185] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2338'. [ 598.608973][T15107] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.811771][T15107] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.965991][T15107] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.126028][T15107] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.340453][ T5831] Bluetooth: hci4: command tx timeout [ 599.406103][T15107] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 599.461468][T15107] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 599.546532][T15107] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 599.567677][T15107] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 599.925103][T15107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 599.939060][T15186] Process accounting resumed [ 599.959790][T15107] 8021q: adding VLAN 0 to HW filter on device team0 [ 599.977168][ T6801] bridge0: port 1(bridge_slave_0) entered blocking state [ 599.984374][ T6801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 600.025235][ T6801] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.032502][ T6801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 600.060854][T15197] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2342'. [ 600.241393][T15203] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2344'. [ 600.643668][T15107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 601.009022][T15107] veth0_vlan: entered promiscuous mode [ 601.093809][T15107] veth1_vlan: entered promiscuous mode [ 601.243308][T15107] veth0_macvtap: entered promiscuous mode [ 601.256134][T15107] veth1_macvtap: entered promiscuous mode [ 601.282239][T15107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 601.298516][T15216] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2346'. [ 601.321257][T15107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 601.338192][T15107] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.352406][T15107] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.364311][T15107] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.376405][T15107] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.423323][ T5831] Bluetooth: hci4: command tx timeout [ 601.518684][T15222] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2348'. [ 601.797388][ T6739] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.820995][ T6739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.904524][ T6736] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.913896][ T6736] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 602.058926][T15227] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2357'. [ 602.965235][T15237] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2350'. [ 602.995928][T15237] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 603.018421][T15237] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 603.046985][T15237] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 603.057903][T15237] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 603.500890][ T5831] Bluetooth: hci4: command tx timeout [ 604.049704][T15252] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2354'. [ 604.080227][T15253] netlink: 'syz.0.2353': attribute type 19 has an invalid length. [ 604.139479][T15253] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2353'. [ 605.413164][T15269] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2356'. [ 605.785717][T15246] Process accounting paused [ 605.864544][T15273] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2358'. [ 606.467602][T15287] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2364'. [ 607.592684][T15302] FAULT_INJECTION: forcing a failure. [ 607.592684][T15302] name failslab, interval 1, probability 0, space 0, times 0 [ 607.631901][T15302] CPU: 0 UID: 0 PID: 15302 Comm: syz.2.2366 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 607.631941][T15302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 607.631957][T15302] Call Trace: [ 607.631966][T15302] [ 607.631977][T15302] dump_stack_lvl+0x16c/0x1f0 [ 607.632018][T15302] should_fail_ex+0x512/0x640 [ 607.632052][T15302] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 607.632084][T15302] should_failslab+0xc2/0x120 [ 607.632116][T15302] __kmalloc_cache_noprof+0x6a/0x3e0 [ 607.632150][T15302] ? ww_mutex_lock+0x37/0x160 [ 607.632183][T15302] ? vkms_plane_duplicate_state+0x45/0x130 [ 607.632217][T15302] ? modeset_lock+0x114/0x6e0 [ 607.632244][T15302] vkms_plane_duplicate_state+0x45/0x130 [ 607.632281][T15302] drm_atomic_get_plane_state+0x20e/0x590 [ 607.632315][T15302] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 607.632346][T15302] ? __pfx___might_resched+0x10/0x10 [ 607.632384][T15302] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 607.632463][T15302] drm_client_modeset_commit_locked+0x14d/0x580 [ 607.632504][T15302] drm_client_modeset_commit+0x4f/0x80 [ 607.632538][T15302] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 607.632571][T15302] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 607.632610][T15302] drm_fbdev_client_restore+0x2c/0x40 [ 607.632647][T15302] drm_client_dev_restore+0x1f3/0x2a0 [ 607.632688][T15302] drm_release+0x2c4/0x360 [ 607.632722][T15302] ? __pfx_drm_release+0x10/0x10 [ 607.632751][T15302] __fput+0x402/0xb70 [ 607.632793][T15302] task_work_run+0x14d/0x240 [ 607.632834][T15302] ? __pfx_task_work_run+0x10/0x10 [ 607.632871][T15302] ? __pfx___do_sys_close_range+0x10/0x10 [ 607.632912][T15302] syscall_exit_to_user_mode+0x27b/0x2a0 [ 607.632952][T15302] do_syscall_64+0xda/0x230 [ 607.632993][T15302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.633021][T15302] RIP: 0033:0x7f3a65b8e969 [ 607.633044][T15302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.633071][T15302] RSP: 002b:00007f3a66912038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 607.633097][T15302] RAX: 0000000000000000 RBX: 00007f3a65db5fa0 RCX: 00007f3a65b8e969 [ 607.633115][T15302] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 607.633138][T15302] RBP: 00007f3a65c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 607.633156][T15302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 607.633173][T15302] R13: 0000000000000000 R14: 00007f3a65db5fa0 R15: 00007fffe6b21c98 [ 607.633212][T15302] [ 608.341653][T15315] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2373'. [ 608.351614][T15316] FAULT_INJECTION: forcing a failure. [ 608.351614][T15316] name failslab, interval 1, probability 0, space 0, times 0 [ 608.374537][T15316] CPU: 1 UID: 0 PID: 15316 Comm: syz.0.2380 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 608.374576][T15316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 608.374592][T15316] Call Trace: [ 608.374602][T15316] [ 608.374613][T15316] dump_stack_lvl+0x16c/0x1f0 [ 608.374657][T15316] should_fail_ex+0x512/0x640 [ 608.374691][T15316] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 608.374723][T15316] should_failslab+0xc2/0x120 [ 608.374754][T15316] __kmalloc_cache_noprof+0x6a/0x3e0 [ 608.374780][T15316] ? ww_mutex_lock+0x37/0x160 [ 608.374827][T15316] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 608.374869][T15316] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 608.374899][T15316] drm_atomic_get_crtc_state+0x171/0x450 [ 608.374937][T15316] drm_atomic_get_plane_state+0x436/0x590 [ 608.374977][T15316] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 608.375013][T15316] ? __pfx___might_resched+0x10/0x10 [ 608.375051][T15316] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 608.375127][T15316] drm_client_modeset_commit_locked+0x14d/0x580 [ 608.375169][T15316] drm_client_modeset_commit+0x4f/0x80 [ 608.375202][T15316] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 608.375233][T15316] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 608.375271][T15316] drm_fbdev_client_restore+0x2c/0x40 [ 608.375308][T15316] drm_client_dev_restore+0x1f3/0x2a0 [ 608.375347][T15316] drm_release+0x2c4/0x360 [ 608.375381][T15316] ? __pfx_drm_release+0x10/0x10 [ 608.375410][T15316] __fput+0x402/0xb70 [ 608.375452][T15316] task_work_run+0x14d/0x240 [ 608.375491][T15316] ? __pfx_task_work_run+0x10/0x10 [ 608.375529][T15316] ? __pfx___do_sys_close_range+0x10/0x10 [ 608.375554][T15316] ? rcu_is_watching+0x12/0xc0 [ 608.375588][T15316] syscall_exit_to_user_mode+0x27b/0x2a0 [ 608.375626][T15316] do_syscall_64+0xda/0x230 [ 608.375665][T15316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.375693][T15316] RIP: 0033:0x7f13a5d8e969 [ 608.375715][T15316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.375741][T15316] RSP: 002b:00007f13a6ce2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 608.375766][T15316] RAX: 0000000000000000 RBX: 00007f13a5fb5fa0 RCX: 00007f13a5d8e969 [ 608.375784][T15316] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 608.375807][T15316] RBP: 00007f13a5e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 608.375824][T15316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.375841][T15316] R13: 0000000000000000 R14: 00007f13a5fb5fa0 R15: 00007fff6699d1d8 [ 608.375880][T15316] [ 609.198719][T15332] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2377'. [ 610.652107][T15351] FAULT_INJECTION: forcing a failure. [ 610.652107][T15351] name failslab, interval 1, probability 0, space 0, times 0 [ 610.690515][T15351] CPU: 1 UID: 0 PID: 15351 Comm: syz.2.2385 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 610.690553][T15351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 610.690569][T15351] Call Trace: [ 610.690579][T15351] [ 610.690611][T15351] dump_stack_lvl+0x16c/0x1f0 [ 610.690651][T15351] should_fail_ex+0x512/0x640 [ 610.690685][T15351] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 610.690715][T15351] should_failslab+0xc2/0x120 [ 610.690746][T15351] __kmalloc_cache_noprof+0x6a/0x3e0 [ 610.690771][T15351] ? ww_mutex_lock+0x37/0x160 [ 610.690806][T15351] ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 610.690844][T15351] vkms_atomic_crtc_duplicate_state+0x78/0x1d0 [ 610.690873][T15351] drm_atomic_get_crtc_state+0x171/0x450 [ 610.690911][T15351] drm_atomic_get_plane_state+0x436/0x590 [ 610.690952][T15351] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 610.690989][T15351] ? __pfx___might_resched+0x10/0x10 [ 610.691028][T15351] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 610.691102][T15351] drm_client_modeset_commit_locked+0x14d/0x580 [ 610.691138][T15351] drm_client_modeset_commit+0x4f/0x80 [ 610.691168][T15351] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 610.691198][T15351] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 610.691231][T15351] drm_fbdev_client_restore+0x2c/0x40 [ 610.691261][T15351] drm_client_dev_restore+0x1f3/0x2a0 [ 610.691301][T15351] drm_release+0x2c4/0x360 [ 610.691340][T15351] ? __pfx_drm_release+0x10/0x10 [ 610.691373][T15351] __fput+0x402/0xb70 [ 610.691421][T15351] task_work_run+0x14d/0x240 [ 610.691468][T15351] ? __pfx_task_work_run+0x10/0x10 [ 610.691517][T15351] ? __pfx___do_sys_close_range+0x10/0x10 [ 610.691545][T15351] ? rcu_is_watching+0x12/0xc0 [ 610.691580][T15351] syscall_exit_to_user_mode+0x27b/0x2a0 [ 610.691634][T15351] do_syscall_64+0xda/0x230 [ 610.691683][T15351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.691714][T15351] RIP: 0033:0x7f3a65b8e969 [ 610.691740][T15351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.691773][T15351] RSP: 002b:00007f3a66912038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 610.691803][T15351] RAX: 0000000000000000 RBX: 00007f3a65db5fa0 RCX: 00007f3a65b8e969 [ 610.691822][T15351] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 610.691843][T15351] RBP: 00007f3a65c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 610.691864][T15351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.691883][T15351] R13: 0000000000000000 R14: 00007f3a65db5fa0 R15: 00007fffe6b21c98 [ 610.691924][T15351] [ 611.031809][T15108] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 611.042879][T15108] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 611.051460][T15108] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 611.060371][T15108] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 611.079296][T15108] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 611.659243][ T8872] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 611.785969][T15369] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2397'. [ 611.977793][T15377] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2391'. [ 612.172360][T15353] chnl_net:caif_netlink_parms(): no params data found [ 612.555229][T15353] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.567385][T15353] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.579457][T15353] bridge_slave_0: entered allmulticast mode [ 612.592603][T15353] bridge_slave_0: entered promiscuous mode [ 612.690890][T15353] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.702752][T15353] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.710210][T15353] bridge_slave_1: entered allmulticast mode [ 612.718482][T15353] bridge_slave_1: entered promiscuous mode [ 612.837452][T15353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 612.854114][T15353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 612.924402][T15353] team0: Port device team_slave_0 added [ 612.942266][T15353] team0: Port device team_slave_1 added [ 612.976986][T15353] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 612.984366][T15353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.012641][T15353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 613.025031][T15353] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 613.032368][T15353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.058995][T15353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 613.098771][T15353] hsr_slave_0: entered promiscuous mode [ 613.105513][T15353] hsr_slave_1: entered promiscuous mode [ 613.112161][T15353] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 613.119896][T15353] Cannot create hsr debugfs directory [ 613.224136][T15353] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.275586][T15353] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.314483][T15353] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.341555][ T5831] Bluetooth: hci2: command tx timeout [ 613.386497][T15353] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.497507][T15353] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 613.508860][T15353] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 613.521978][T15353] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 613.532822][T15353] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 613.598513][T15353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 613.625056][T15353] 8021q: adding VLAN 0 to HW filter on device team0 [ 613.642873][ T6797] bridge0: port 1(bridge_slave_0) entered blocking state [ 613.650742][ T6797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 613.666412][T13639] bridge0: port 2(bridge_slave_1) entered blocking state [ 613.673536][T13639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 613.853608][T15353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 613.902543][T15353] veth0_vlan: entered promiscuous mode [ 613.913626][T15353] veth1_vlan: entered promiscuous mode [ 613.943280][T15353] veth0_macvtap: entered promiscuous mode [ 613.953157][T15353] veth1_macvtap: entered promiscuous mode [ 613.970218][T15353] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 613.987731][T15353] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 614.000018][T15353] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.008884][T15353] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.017673][T15353] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.026417][T15353] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.100276][ T6797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.108448][ T6797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.149400][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.158380][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.323685][T15397] FAULT_INJECTION: forcing a failure. [ 614.323685][T15397] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.336973][T15397] CPU: 1 UID: 0 PID: 15397 Comm: syz.2.2401 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 614.337006][T15397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 614.337020][T15397] Call Trace: [ 614.337028][T15397] [ 614.337038][T15397] dump_stack_lvl+0x16c/0x1f0 [ 614.337076][T15397] should_fail_ex+0x512/0x640 [ 614.337114][T15397] _copy_to_user+0x32/0xd0 [ 614.337157][T15397] simple_read_from_buffer+0xcb/0x170 [ 614.337193][T15397] proc_fail_nth_read+0x197/0x270 [ 614.337226][T15397] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 614.337260][T15397] ? rw_verify_area+0xcf/0x680 [ 614.337293][T15397] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 614.337326][T15397] vfs_read+0x1e1/0xc70 [ 614.337357][T15397] ? __pfx_vfs_read+0x10/0x10 [ 614.337377][T15397] ? blk_finish_plug+0x53/0xa0 [ 614.337406][T15397] ? madvise_do_behavior+0x13d/0x3b0 [ 614.337437][T15397] ? __pfx___might_resched+0x10/0x10 [ 614.337470][T15397] ? __up_read+0x1f8/0x750 [ 614.337505][T15397] ? __pfx___up_read+0x10/0x10 [ 614.337544][T15397] ? madvise_unlock+0xf6/0x190 [ 614.337579][T15397] ksys_read+0x12a/0x240 [ 614.337603][T15397] ? __pfx_ksys_read+0x10/0x10 [ 614.337624][T15397] ? madvise_unlock+0xf6/0x190 [ 614.337663][T15397] do_syscall_64+0xcd/0x230 [ 614.337700][T15397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.337725][T15397] RIP: 0033:0x7f3a65b8d37c [ 614.337744][T15397] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 614.337767][T15397] RSP: 002b:00007f3a639f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 614.337791][T15397] RAX: ffffffffffffffda RBX: 00007f3a65db6080 RCX: 00007f3a65b8d37c [ 614.337809][T15397] RDX: 000000000000000f RSI: 00007f3a639f60a0 RDI: 0000000000000004 [ 614.337825][T15397] RBP: 00007f3a639f6090 R08: 0000000000000000 R09: 0000000000000000 [ 614.337838][T15397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 614.337852][T15397] R13: 0000000000000000 R14: 00007f3a65db6080 R15: 00007fffe6b21c98 [ 614.337889][T15397] [ 615.206870][T15416] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2396'. [ 615.423955][ T5831] Bluetooth: hci2: command tx timeout [ 615.800145][T15428] FAULT_INJECTION: forcing a failure. [ 615.800145][T15428] name failslab, interval 1, probability 0, space 0, times 0 [ 615.820494][T15428] CPU: 0 UID: 0 PID: 15428 Comm: syz.3.2403 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 615.820534][T15428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 615.820550][T15428] Call Trace: [ 615.820559][T15428] [ 615.820570][T15428] dump_stack_lvl+0x16c/0x1f0 [ 615.820619][T15428] should_fail_ex+0x512/0x640 [ 615.820656][T15428] ? __kmalloc_noprof+0xbf/0x510 [ 615.820689][T15428] ? lsm_blob_alloc+0x68/0x90 [ 615.820711][T15428] should_failslab+0xc2/0x120 [ 615.820744][T15428] __kmalloc_noprof+0xd2/0x510 [ 615.820778][T15428] lsm_blob_alloc+0x68/0x90 [ 615.820804][T15428] security_sk_alloc+0x30/0x270 [ 615.820837][T15428] sk_prot_alloc+0x1c7/0x2a0 [ 615.820879][T15428] sk_alloc+0x36/0xc20 [ 615.820908][T15428] __netlink_create+0x5e/0x2c0 [ 615.820935][T15428] ? __wake_up+0x3f/0x60 [ 615.820968][T15428] netlink_create+0x39e/0x620 [ 615.820997][T15428] ? __pfx_rtnetlink_bind+0x10/0x10 [ 615.821030][T15428] __sock_create+0x338/0x8d0 [ 615.821076][T15428] __sys_socket+0x14d/0x260 [ 615.821115][T15428] ? __pfx___sys_socket+0x10/0x10 [ 615.821161][T15428] __x64_sys_socket+0x72/0xb0 [ 615.821195][T15428] ? lockdep_hardirqs_on+0x7c/0x110 [ 615.821231][T15428] do_syscall_64+0xcd/0x230 [ 615.821268][T15428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.821295][T15428] RIP: 0033:0x7f2f5e58e969 [ 615.821318][T15428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.821344][T15428] RSP: 002b:00007f2f5f4ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 615.821369][T15428] RAX: ffffffffffffffda RBX: 00007f2f5e7b6080 RCX: 00007f2f5e58e969 [ 615.821388][T15428] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000010 [ 615.821411][T15428] RBP: 00007f2f5e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 615.821428][T15428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 615.821445][T15428] R13: 0000000000000000 R14: 00007f2f5e7b6080 R15: 00007ffc50c38898 [ 615.821481][T15428] [ 616.671047][T15448] FAULT_INJECTION: forcing a failure. [ 616.671047][T15448] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 616.686991][T15448] CPU: 0 UID: 0 PID: 15448 Comm: syz.0.2411 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 616.687024][T15448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 616.687037][T15448] Call Trace: [ 616.687046][T15448] [ 616.687056][T15448] dump_stack_lvl+0x16c/0x1f0 [ 616.687095][T15448] should_fail_ex+0x512/0x640 [ 616.687142][T15448] _copy_to_user+0x32/0xd0 [ 616.687179][T15448] simple_read_from_buffer+0xcb/0x170 [ 616.687216][T15448] proc_fail_nth_read+0x197/0x270 [ 616.687251][T15448] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 616.687287][T15448] ? rw_verify_area+0xcf/0x680 [ 616.687320][T15448] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 616.687354][T15448] vfs_read+0x1e1/0xc70 [ 616.687381][T15448] ? __pfx___mutex_lock+0x10/0x10 [ 616.687413][T15448] ? __pfx_vfs_read+0x10/0x10 [ 616.687447][T15448] ? __fget_files+0x20e/0x3c0 [ 616.687481][T15448] ksys_read+0x12a/0x240 [ 616.687505][T15448] ? __pfx_ksys_read+0x10/0x10 [ 616.687539][T15448] do_syscall_64+0xcd/0x230 [ 616.687575][T15448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.687599][T15448] RIP: 0033:0x7f3ba038d37c [ 616.687619][T15448] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 616.687642][T15448] RSP: 002b:00007f3ba11ca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 616.687666][T15448] RAX: ffffffffffffffda RBX: 00007f3ba05b5fa0 RCX: 00007f3ba038d37c [ 616.687683][T15448] RDX: 000000000000000f RSI: 00007f3ba11ca0a0 RDI: 0000000000000003 [ 616.687699][T15448] RBP: 00007f3ba11ca090 R08: 0000000000000000 R09: 0000000000000000 [ 616.687715][T15448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 616.687729][T15448] R13: 0000000000000001 R14: 00007f3ba05b5fa0 R15: 00007fffcea5c698 [ 616.687763][T15448] [ 617.500425][ T5831] Bluetooth: hci2: command tx timeout [ 617.599278][T15108] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 617.608698][T15108] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 617.617029][T15108] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 617.625315][T15108] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 617.633489][T15108] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 618.686073][T15465] chnl_net:caif_netlink_parms(): no params data found [ 619.002251][T15465] bridge0: port 1(bridge_slave_0) entered blocking state [ 619.009385][T15465] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.020194][T15465] bridge_slave_0: entered allmulticast mode [ 619.029767][T15465] bridge_slave_0: entered promiscuous mode [ 619.121644][T15465] bridge0: port 2(bridge_slave_1) entered blocking state [ 619.157275][T15465] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.177732][T15465] bridge_slave_1: entered allmulticast mode [ 619.193672][T15465] bridge_slave_1: entered promiscuous mode [ 619.324270][T15465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 619.372504][T15465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 619.457968][T15465] team0: Port device team_slave_0 added [ 619.484084][T15465] team0: Port device team_slave_1 added [ 619.564502][T15465] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 619.576585][T15465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.602605][T15108] Bluetooth: hci2: command tx timeout [ 619.615817][T15465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 619.628535][T15465] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 619.635745][T15465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.664655][T15108] Bluetooth: hci0: command tx timeout [ 619.671184][T15465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 619.766757][T15465] hsr_slave_0: entered promiscuous mode [ 619.773931][T15465] hsr_slave_1: entered promiscuous mode [ 619.780232][T15465] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 619.789366][T15465] Cannot create hsr debugfs directory [ 620.174426][T15465] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.304488][T15465] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.438381][T15465] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.632578][T15465] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.901191][T15527] synth uevent: /bus/cec: unknown uevent action string [ 621.598991][T15465] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 621.671997][T15465] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 621.740760][T15108] Bluetooth: hci0: command tx timeout [ 622.058514][T15465] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 622.131860][T15465] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 622.427392][T15465] 8021q: adding VLAN 0 to HW filter on device bond0 [ 622.468682][T15465] 8021q: adding VLAN 0 to HW filter on device team0 [ 622.484243][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 622.491532][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 622.530354][T13639] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.537549][T13639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 622.918269][T15465] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 623.014747][T15465] veth0_vlan: entered promiscuous mode [ 623.028928][T15465] veth1_vlan: entered promiscuous mode [ 623.082861][T15465] veth0_macvtap: entered promiscuous mode [ 623.117944][T15465] veth1_macvtap: entered promiscuous mode [ 623.137750][T15465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.173798][T15465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.197306][T15465] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 623.219375][T15465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.250253][T15465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.285965][T15465] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 623.426377][T15465] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.452206][T15465] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.479528][T15465] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.498768][T15465] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.822303][T15108] Bluetooth: hci0: command tx timeout [ 623.907301][ T6747] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.940417][ T6747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.133975][ T6739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.161473][ T6739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.388706][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.395242][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.825771][ T9588] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 625.901400][T15108] Bluetooth: hci0: command tx timeout [ 625.932651][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 625.979291][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 625.993391][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 626.002823][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 626.013767][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 626.179958][T15618] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input17 [ 627.386273][T15610] chnl_net:caif_netlink_parms(): no params data found [ 627.539619][T15610] bridge0: port 1(bridge_slave_0) entered blocking state [ 627.547061][T15610] bridge0: port 1(bridge_slave_0) entered disabled state [ 627.554837][T15610] bridge_slave_0: entered allmulticast mode [ 627.563242][T15610] bridge_slave_0: entered promiscuous mode [ 627.584498][T15610] bridge0: port 2(bridge_slave_1) entered blocking state [ 627.594908][T15610] bridge0: port 2(bridge_slave_1) entered disabled state [ 627.603711][T15610] bridge_slave_1: entered allmulticast mode [ 627.611904][T15610] bridge_slave_1: entered promiscuous mode [ 627.693417][T15610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 627.714661][T15610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 627.782510][T15610] team0: Port device team_slave_0 added [ 627.852821][T15610] team0: Port device team_slave_1 added [ 627.885168][T15647] FAULT_INJECTION: forcing a failure. [ 627.885168][T15647] name failslab, interval 1, probability 0, space 0, times 0 [ 627.900242][T15647] CPU: 1 UID: 0 PID: 15647 Comm: syz.3.2464 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 627.900275][T15647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 627.900290][T15647] Call Trace: [ 627.900302][T15647] [ 627.900312][T15647] dump_stack_lvl+0x16c/0x1f0 [ 627.900352][T15647] should_fail_ex+0x512/0x640 [ 627.900390][T15647] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 627.900419][T15647] ? __pfx_filemap_map_pages+0x10/0x10 [ 627.900446][T15647] should_failslab+0xc2/0x120 [ 627.900474][T15647] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 627.900502][T15647] ? ptlock_alloc+0x1f/0x70 [ 627.900527][T15647] ? __pfx_filemap_map_pages+0x10/0x10 [ 627.900555][T15647] ptlock_alloc+0x1f/0x70 [ 627.900579][T15647] pte_alloc_one+0x6d/0x380 [ 627.900608][T15647] __do_fault+0x320/0x490 [ 627.900640][T15647] ? __pfx_filemap_map_pages+0x10/0x10 [ 627.900668][T15647] do_pte_missing+0x1a6/0x3fb0 [ 627.900694][T15647] ? do_raw_spin_unlock+0x172/0x230 [ 627.900732][T15647] ? __pmd_alloc+0x3c2/0x870 [ 627.900763][T15647] ? find_held_lock+0x2b/0x80 [ 627.900790][T15647] __handle_mm_fault+0x103d/0x2a40 [ 627.900828][T15647] ? __pfx___handle_mm_fault+0x10/0x10 [ 627.900877][T15647] ? find_vma+0xbf/0x140 [ 627.900909][T15647] ? __pfx_find_vma+0x10/0x10 [ 627.900946][T15647] handle_mm_fault+0x3fe/0xad0 [ 627.900980][T15647] do_user_addr_fault+0x7a6/0x1370 [ 627.901009][T15647] ? rcu_is_watching+0x12/0xc0 [ 627.901035][T15647] exc_page_fault+0x5c/0xc0 [ 627.901068][T15647] asm_exc_page_fault+0x26/0x30 [ 627.901093][T15647] RIP: 0010:__put_user_8+0xd/0x20 [ 627.901124][T15647] Code: 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 [ 627.901146][T15647] RSP: 0018:ffffc9000c2a7be8 EFLAGS: 00050246 [ 627.901166][T15647] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 627.901181][T15647] RDX: ffff88807b910000 RSI: ffffffff825c9e71 RDI: ffffffff8bf472e0 [ 627.901198][T15647] RBP: 0000000000001000 R08: 08c5532909d99a6c R09: 0000000000000001 [ 627.901213][T15647] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 627.901228][T15647] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 627.901256][T15647] ? kpagecount_read+0x211/0x570 [ 627.901296][T15647] kpagecount_read+0x21c/0x570 [ 627.901329][T15647] ? __pfx_kpagecount_read+0x10/0x10 [ 627.901371][T15647] proc_reg_read+0x120/0x330 [ 627.901397][T15647] ? __pfx_proc_reg_read+0x10/0x10 [ 627.901424][T15647] vfs_readv+0x6bc/0x8a0 [ 627.901456][T15647] ? __pfx___mutex_trylock_common+0x10/0x10 [ 627.901499][T15647] ? __pfx_vfs_readv+0x10/0x10 [ 627.901533][T15647] ? __mutex_lock+0x1ca/0xb90 [ 627.901575][T15647] ? __pfx___mutex_lock+0x10/0x10 [ 627.901623][T15647] ? __fget_files+0x20e/0x3c0 [ 627.901643][T15647] ? __fget_files+0x120/0x3c0 [ 627.901674][T15647] ? do_readv+0x132/0x330 [ 627.901694][T15647] do_readv+0x132/0x330 [ 627.901716][T15647] ? __pfx_do_readv+0x10/0x10 [ 627.901748][T15647] ? rcu_is_watching+0x12/0xc0 [ 627.901783][T15647] do_syscall_64+0xcd/0x230 [ 627.901820][T15647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.901845][T15647] RIP: 0033:0x7f2f5e58e969 [ 627.901865][T15647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 627.901889][T15647] RSP: 002b:00007f2f5f4db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 627.901913][T15647] RAX: ffffffffffffffda RBX: 00007f2f5e7b5fa0 RCX: 00007f2f5e58e969 [ 627.901930][T15647] RDX: 0000000100000007 RSI: 00002000000001c0 RDI: 0000000000000003 [ 627.901947][T15647] RBP: 00007f2f5f4db090 R08: 0000000000000000 R09: 0000000000000000 [ 627.901963][T15647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 627.901977][T15647] R13: 0000000000000000 R14: 00007f2f5e7b5fa0 R15: 00007ffc50c38898 [ 627.902013][T15647] [ 628.332011][ T5831] Bluetooth: hci1: command tx timeout [ 628.346273][T15610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 628.353860][T15610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 628.380560][T15610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 628.482657][T15610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 628.490172][T15610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 628.534850][T15610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 628.565293][T15657] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 628.736442][T15658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2466'. [ 629.015872][T15610] hsr_slave_0: entered promiscuous mode [ 629.038694][T15610] hsr_slave_1: entered promiscuous mode [ 629.058883][T15610] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 629.082241][T15610] Cannot create hsr debugfs directory [ 629.633462][T15610] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.814361][T15610] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.147035][T15610] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.385232][ T5831] Bluetooth: hci1: command tx timeout [ 630.575396][T15610] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.325158][T15610] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 631.353934][T15610] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 631.380163][T15610] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 631.407634][T15610] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 631.588077][T15704] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 631.702297][T15703] ima: policy update failed [ 631.716410][ T30] audit: type=1802 audit(6042066848.979:8): pid=15703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2480" res=0 errno=0 [ 631.962013][T15610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 632.067261][T15610] 8021q: adding VLAN 0 to HW filter on device team0 [ 632.081273][ T6736] bridge0: port 1(bridge_slave_0) entered blocking state [ 632.088442][ T6736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 632.127631][ T6736] bridge0: port 2(bridge_slave_1) entered blocking state [ 632.134741][ T6736] bridge0: port 2(bridge_slave_1) entered forwarding state [ 632.264450][T15610] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 632.470548][ T5831] Bluetooth: hci1: command tx timeout [ 632.983960][T15610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 633.177467][T15610] veth0_vlan: entered promiscuous mode [ 633.226993][T15610] veth1_vlan: entered promiscuous mode [ 633.302111][T15610] veth0_macvtap: entered promiscuous mode [ 633.345370][T15610] veth1_macvtap: entered promiscuous mode [ 633.439718][T15610] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 633.479629][T15610] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.510779][T15610] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 633.549525][T15610] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.565680][T15610] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 633.734110][T15610] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 633.798850][T15610] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.858216][T15610] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 633.915748][T15610] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.975127][T15610] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 634.071341][T15610] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.095654][T15610] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.144641][T15610] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.181624][T15610] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 634.541051][ T5831] Bluetooth: hci1: command tx timeout [ 634.778864][ T6801] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 634.800388][ T6801] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 634.891231][ T6801] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 634.899101][ T6801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 636.709044][T15783] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input19 [ 637.548722][T15792] FAULT_INJECTION: forcing a failure. [ 637.548722][T15792] name failslab, interval 1, probability 0, space 0, times 0 [ 637.696811][T15792] CPU: 0 UID: 0 PID: 15792 Comm: syz.1.2500 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 637.696839][T15792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 637.696849][T15792] Call Trace: [ 637.696855][T15792] [ 637.696861][T15792] dump_stack_lvl+0x16c/0x1f0 [ 637.696886][T15792] should_fail_ex+0x512/0x640 [ 637.696907][T15792] ? __kvmalloc_node_noprof+0x122/0x600 [ 637.696925][T15792] should_failslab+0xc2/0x120 [ 637.696943][T15792] __kvmalloc_node_noprof+0x135/0x600 [ 637.696960][T15792] ? find_held_lock+0x2b/0x80 [ 637.696975][T15792] ? seq_read_iter+0x826/0x12c0 [ 637.696995][T15792] ? aa_file_perm+0x4c7/0xfb0 [ 637.697018][T15792] ? seq_read_iter+0x826/0x12c0 [ 637.697037][T15792] seq_read_iter+0x826/0x12c0 [ 637.697066][T15792] kernfs_fop_read_iter+0x40f/0x5a0 [ 637.697086][T15792] ? copy_iovec_from_user+0x138/0x170 [ 637.697110][T15792] do_iter_readv_writev+0x738/0x950 [ 637.697134][T15792] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 637.697162][T15792] ? rw_verify_area+0xcf/0x680 [ 637.697185][T15792] vfs_readv+0x4c5/0x8a0 [ 637.697205][T15792] ? __pfx___mutex_trylock_common+0x10/0x10 [ 637.697230][T15792] ? __pfx___might_resched+0x10/0x10 [ 637.697257][T15792] ? __pfx_vfs_readv+0x10/0x10 [ 637.697278][T15792] ? __mutex_lock+0x1ca/0xb90 [ 637.697303][T15792] ? __pfx___mutex_lock+0x10/0x10 [ 637.697331][T15792] ? __fget_files+0x20e/0x3c0 [ 637.697343][T15792] ? __fget_files+0x120/0x3c0 [ 637.697361][T15792] ? do_readv+0x132/0x330 [ 637.697372][T15792] do_readv+0x132/0x330 [ 637.697384][T15792] ? __pfx_do_readv+0x10/0x10 [ 637.697405][T15792] ? rcu_is_watching+0x12/0xc0 [ 637.697424][T15792] do_syscall_64+0xcd/0x230 [ 637.697446][T15792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.697461][T15792] RIP: 0033:0x7f254698e969 [ 637.697474][T15792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.697488][T15792] RSP: 002b:00007f25447f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 637.697505][T15792] RAX: ffffffffffffffda RBX: 00007f2546bb5fa0 RCX: 00007f254698e969 [ 637.697515][T15792] RDX: 0000000000000004 RSI: 0000200000000080 RDI: 0000000000000003 [ 637.697524][T15792] RBP: 00007f25447f6090 R08: 0000000000000000 R09: 0000000000000000 [ 637.697532][T15792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 637.697541][T15792] R13: 0000000000000000 R14: 00007f2546bb5fa0 R15: 00007fff1c6fb728 [ 637.697561][T15792] [ 639.625065][T15830] ima: policy update failed [ 639.636576][T15809] kexec: Could not allocate control_code_buffer [ 639.664559][T15829] Invalid ELF header magic: != ELF [ 639.694500][ T30] audit: type=1802 audit(6042066856.959:9): pid=15830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.2509" res=0 errno=0 [ 642.591512][T15883] nvme_fabrics: missing parameter 'transport=%s' [ 642.597903][T15883] nvme_fabrics: missing parameter 'nqn=%s' [ 642.639416][T15888] netlink: 'syz.3.2522': attribute type 1 has an invalid length. [ 642.648409][T15888] nbd: error processing sock list [ 645.907558][T15944] FAULT_INJECTION: forcing a failure. [ 645.907558][T15944] name failslab, interval 1, probability 0, space 0, times 0 [ 645.937354][T15944] CPU: 1 UID: 0 PID: 15944 Comm: syz.3.2536 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 645.937399][T15944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 645.937416][T15944] Call Trace: [ 645.937425][T15944] [ 645.937436][T15944] dump_stack_lvl+0x16c/0x1f0 [ 645.937478][T15944] should_fail_ex+0x512/0x640 [ 645.937515][T15944] ? __kmalloc_noprof+0xbf/0x510 [ 645.937546][T15944] ? drm_atomic_state_init+0x17b/0x320 [ 645.937581][T15944] should_failslab+0xc2/0x120 [ 645.937614][T15944] __kmalloc_noprof+0xd2/0x510 [ 645.937652][T15944] drm_atomic_state_init+0x17b/0x320 [ 645.937686][T15944] ? __kasan_kmalloc+0xaa/0xb0 [ 645.937713][T15944] drm_atomic_state_alloc+0xd3/0x120 [ 645.937751][T15944] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 645.937791][T15944] ? __pfx___might_resched+0x10/0x10 [ 645.937824][T15944] ? rcu_is_watching+0x12/0xc0 [ 645.937849][T15944] ? trace_contention_end+0xdd/0x130 [ 645.937883][T15944] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 645.937960][T15944] drm_client_modeset_commit_locked+0x14d/0x580 [ 645.937999][T15944] drm_client_modeset_commit+0x4f/0x80 [ 645.938032][T15944] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 645.938064][T15944] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 645.938103][T15944] drm_fbdev_client_restore+0x2c/0x40 [ 645.938139][T15944] drm_client_dev_restore+0x1f3/0x2a0 [ 645.938178][T15944] drm_release+0x2c4/0x360 [ 645.938211][T15944] ? __pfx_drm_release+0x10/0x10 [ 645.938240][T15944] __fput+0x402/0xb70 [ 645.938281][T15944] task_work_run+0x14d/0x240 [ 645.938321][T15944] ? __pfx_task_work_run+0x10/0x10 [ 645.938358][T15944] ? __pfx___do_sys_close_range+0x10/0x10 [ 645.938383][T15944] ? rcu_is_watching+0x12/0xc0 [ 645.938416][T15944] syscall_exit_to_user_mode+0x27b/0x2a0 [ 645.938454][T15944] do_syscall_64+0xda/0x230 [ 645.938492][T15944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.938519][T15944] RIP: 0033:0x7f2f5e58e969 [ 645.938540][T15944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 645.938565][T15944] RSP: 002b:00007f2f5f4db038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 645.938591][T15944] RAX: 0000000000000000 RBX: 00007f2f5e7b5fa0 RCX: 00007f2f5e58e969 [ 645.938609][T15944] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 645.938624][T15944] RBP: 00007f2f5e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 645.938641][T15944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 645.938656][T15944] R13: 0000000000000000 R14: 00007f2f5e7b5fa0 R15: 00007ffc50c38898 [ 645.938695][T15944] [ 646.201231][ C1] vkms_vblank_simulate: vblank timer overrun [ 646.414842][T15954] FAULT_INJECTION: forcing a failure. [ 646.414842][T15954] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 646.495767][T15954] CPU: 0 UID: 0 PID: 15954 Comm: syz.2.2539 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 646.495804][T15954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 646.495818][T15954] Call Trace: [ 646.495828][T15954] [ 646.495838][T15954] dump_stack_lvl+0x16c/0x1f0 [ 646.495877][T15954] should_fail_ex+0x512/0x640 [ 646.495916][T15954] should_fail_alloc_page+0xe7/0x130 [ 646.495949][T15954] prepare_alloc_pages+0x3c2/0x610 [ 646.495991][T15954] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 646.496040][T15954] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 646.496069][T15954] ? do_raw_spin_lock+0x12c/0x2b0 [ 646.496105][T15954] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 646.496139][T15954] ? find_held_lock+0x2b/0x80 [ 646.496175][T15954] ? __lock_acquire+0xaa4/0x1ba0 [ 646.496204][T15954] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 646.496240][T15954] ? policy_nodemask+0xea/0x4e0 [ 646.496273][T15954] alloc_pages_mpol+0x1fb/0x550 [ 646.496304][T15954] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 646.496344][T15954] folio_alloc_mpol_noprof+0x36/0x2f0 [ 646.496378][T15954] shmem_alloc_folio+0x135/0x160 [ 646.496405][T15954] shmem_alloc_and_add_folio+0x499/0xc20 [ 646.496443][T15954] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 646.496484][T15954] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 646.496521][T15954] shmem_get_folio_gfp+0x687/0x1530 [ 646.496562][T15954] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 646.496593][T15954] ? __pfx_timestamp_truncate+0x10/0x10 [ 646.496626][T15954] shmem_fault+0x1fe/0xa30 [ 646.496659][T15954] ? __pfx_shmem_fault+0x10/0x10 [ 646.496694][T15954] ? __pfx___up_read+0x10/0x10 [ 646.496737][T15954] ? __pfx_filemap_map_pages+0x10/0x10 [ 646.496766][T15954] __do_fault+0x10d/0x490 [ 646.496804][T15954] ? __pfx_filemap_map_pages+0x10/0x10 [ 646.496832][T15954] do_pte_missing+0x1a6/0x3fb0 [ 646.496862][T15954] ? __handle_mm_fault+0x1010/0x2a40 [ 646.496894][T15954] __handle_mm_fault+0x103d/0x2a40 [ 646.496931][T15954] ? __pfx___handle_mm_fault+0x10/0x10 [ 646.496979][T15954] ? find_vma+0xbf/0x140 [ 646.497010][T15954] ? __pfx_find_vma+0x10/0x10 [ 646.497046][T15954] handle_mm_fault+0x3fe/0xad0 [ 646.497079][T15954] do_user_addr_fault+0x7a6/0x1370 [ 646.497109][T15954] ? rcu_is_watching+0x12/0xc0 [ 646.497136][T15954] exc_page_fault+0x5c/0xc0 [ 646.497168][T15954] asm_exc_page_fault+0x26/0x30 [ 646.497192][T15954] RIP: 0010:__put_user_8+0xd/0x20 [ 646.497224][T15954] Code: 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 [ 646.497247][T15954] RSP: 0018:ffffc9000b6bfbe8 EFLAGS: 00050206 [ 646.497268][T15954] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000002000 [ 646.497284][T15954] RDX: ffff888035b9bc00 RSI: ffffffff825c9e71 RDI: ffffffff8bf472e0 [ 646.497301][T15954] RBP: 000000000007e010 R08: 08c5532909d99a6c R09: 0000000000000001 [ 646.497317][T15954] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000002000 [ 646.497332][T15954] R13: 00000000000005fe R14: dffffc0000000000 R15: 0000000000000000 [ 646.497361][T15954] ? kpagecount_read+0x211/0x570 [ 646.497400][T15954] kpagecount_read+0x21c/0x570 [ 646.497432][T15954] ? __pfx_kpagecount_read+0x10/0x10 [ 646.497467][T15954] proc_reg_read+0x120/0x330 [ 646.497501][T15954] ? __pfx_proc_reg_read+0x10/0x10 [ 646.497528][T15954] vfs_readv+0x6bc/0x8a0 [ 646.497560][T15954] ? __pfx___mutex_trylock_common+0x10/0x10 [ 646.497604][T15954] ? __pfx_vfs_readv+0x10/0x10 [ 646.497638][T15954] ? __mutex_lock+0x1ca/0xb90 [ 646.497678][T15954] ? __pfx___mutex_lock+0x10/0x10 [ 646.497720][T15954] ? __fget_files+0x20e/0x3c0 [ 646.497741][T15954] ? __fget_files+0x120/0x3c0 [ 646.497772][T15954] ? do_readv+0x132/0x330 [ 646.497789][T15954] do_readv+0x132/0x330 [ 646.497810][T15954] ? __pfx_do_readv+0x10/0x10 [ 646.497841][T15954] ? rcu_is_watching+0x12/0xc0 [ 646.497872][T15954] do_syscall_64+0xcd/0x230 [ 646.497907][T15954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 646.497931][T15954] RIP: 0033:0x7f0d61f8e969 [ 646.497949][T15954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 646.497970][T15954] RSP: 002b:00007f0d62d86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 646.497992][T15954] RAX: ffffffffffffffda RBX: 00007f0d621b5fa0 RCX: 00007f0d61f8e969 [ 646.498008][T15954] RDX: 0000000100000007 RSI: 00002000000001c0 RDI: 0000000000000003 [ 646.498024][T15954] RBP: 00007f0d62d86090 R08: 0000000000000000 R09: 0000000000000000 [ 646.498040][T15954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 646.498054][T15954] R13: 0000000000000000 R14: 00007f0d621b5fa0 R15: 00007ffff684f8e8 [ 646.498090][T15954] [ 646.996762][T15957] netlink: 'syz.1.2540': attribute type 1 has an invalid length. [ 647.005595][T15957] nbd: error processing sock list [ 647.108744][T15963] FAULT_INJECTION: forcing a failure. [ 647.108744][T15963] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 647.140986][T15963] CPU: 0 UID: 0 PID: 15963 Comm: syz.2.2543 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 647.141021][T15963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 647.141035][T15963] Call Trace: [ 647.141044][T15963] [ 647.141054][T15963] dump_stack_lvl+0x16c/0x1f0 [ 647.141092][T15963] should_fail_ex+0x512/0x640 [ 647.141130][T15963] _copy_from_user+0x2e/0xd0 [ 647.141166][T15963] copy_msghdr_from_user+0x98/0x160 [ 647.141196][T15963] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 647.141241][T15963] ___sys_sendmsg+0xfe/0x1d0 [ 647.141270][T15963] ? __pfx____sys_sendmsg+0x10/0x10 [ 647.141340][T15963] __sys_sendmsg+0x16d/0x220 [ 647.141369][T15963] ? __pfx___sys_sendmsg+0x10/0x10 [ 647.141419][T15963] ? rcu_is_watching+0x12/0xc0 [ 647.141454][T15963] do_syscall_64+0xcd/0x230 [ 647.141490][T15963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.141515][T15963] RIP: 0033:0x7f0d61f8e969 [ 647.141535][T15963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.141559][T15963] RSP: 002b:00007f0d62d86038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 647.141583][T15963] RAX: ffffffffffffffda RBX: 00007f0d621b5fa0 RCX: 00007f0d61f8e969 [ 647.141600][T15963] RDX: 0000000000000000 RSI: 0000200000007b00 RDI: 0000000000000003 [ 647.141616][T15963] RBP: 00007f0d62d86090 R08: 0000000000000000 R09: 0000000000000000 [ 647.141631][T15963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 647.141645][T15963] R13: 0000000000000000 R14: 00007f0d621b5fa0 R15: 00007ffff684f8e8 [ 647.141678][T15963] [ 647.389868][T15971] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 648.885133][T15971] zram: Added device: zram1 [ 648.953920][T16006] nvme_fabrics: missing parameter 'transport=%s' [ 648.982793][T16006] nvme_fabrics: missing parameter 'nqn=%s' [ 649.785290][T16031] netlink: 'syz.2.2554': attribute type 1 has an invalid length. [ 649.793196][T16031] nbd: error processing sock list [ 650.666081][ T6797] bridge_slave_1: left allmulticast mode [ 650.714545][ T6797] bridge_slave_1: left promiscuous mode [ 650.737019][ T6797] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.885721][ T6797] bridge_slave_0: left allmulticast mode [ 650.905258][ T6797] bridge_slave_0: left promiscuous mode [ 650.924352][ T6797] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.019288][ T6797] bridge_slave_1: left allmulticast mode [ 651.064671][ T6797] bridge_slave_1: left promiscuous mode [ 651.076091][ T6797] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.136026][ T6797] bridge_slave_0: left allmulticast mode [ 651.155699][ T6797] bridge_slave_0: left promiscuous mode [ 651.191217][ T6797] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.226271][ T6797] bridge_slave_1: left allmulticast mode [ 651.238744][ T6797] bridge_slave_1: left promiscuous mode [ 651.256877][ T6797] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.281409][ T6797] bridge_slave_0: left allmulticast mode [ 651.288284][ T6797] bridge_slave_0: left promiscuous mode [ 651.314704][T16072] netlink: 'syz.0.2566': attribute type 1 has an invalid length. [ 651.316019][ T6797] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.338180][T16072] nbd: error processing sock list [ 652.726266][ T6797] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 652.758415][ T6797] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 652.806147][ T6797] bond0 (unregistering): Released all slaves [ 652.938656][ T6797] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 652.949865][ T6797] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 652.959772][ T6797] bond0 (unregistering): Released all slaves [ 653.043036][ T6797] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 653.055066][ T6797] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 653.065760][ T6797] bond0 (unregistering): Released all slaves [ 653.359765][ T6797] ovs_: left promiscuous mode [ 653.519105][ T6797] ovs_: left promiscuous mode [ 654.519861][T16120] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(3) [ 655.229240][T16116] zram: Added device: zram2 [ 655.707964][T16139] FAULT_INJECTION: forcing a failure. [ 655.707964][T16139] name failslab, interval 1, probability 0, space 0, times 0 [ 655.805795][T16139] CPU: 0 UID: 0 PID: 16139 Comm: syz.1.2582 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 655.805831][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 655.805845][T16139] Call Trace: [ 655.805854][T16139] [ 655.805862][T16139] dump_stack_lvl+0x16c/0x1f0 [ 655.805932][T16139] should_fail_ex+0x512/0x640 [ 655.805972][T16139] should_failslab+0xc2/0x120 [ 655.806002][T16139] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 655.806032][T16139] ? __inet_bhash2_update_saddr+0x1c0/0x19d0 [ 655.806059][T16139] ? ip_route_output_key_hash+0x16b/0x2e0 [ 655.806099][T16139] __inet_bhash2_update_saddr+0x1c0/0x19d0 [ 655.806130][T16139] ? __call_rcu_common.constprop.0+0x3e5/0x9f0 [ 655.806182][T16139] tcp_v4_connect+0x14d5/0x1ba0 [ 655.806228][T16139] ? __pfx_tcp_v4_connect+0x10/0x10 [ 655.806260][T16139] ? __lock_acquire+0xaa4/0x1ba0 [ 655.806304][T16139] __inet_stream_connect+0x3c8/0x1020 [ 655.806348][T16139] ? __pfx___inet_stream_connect+0x10/0x10 [ 655.806383][T16139] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 655.806431][T16139] ? __local_bh_enable_ip+0xa4/0x120 [ 655.806465][T16139] inet_stream_connect+0x57/0xa0 [ 655.806502][T16139] kernel_connect+0x104/0x180 [ 655.806536][T16139] ? __pfx_kernel_connect+0x10/0x10 [ 655.806585][T16139] ? __local_bh_enable_ip+0xa4/0x120 [ 655.806618][T16139] smc_connect+0x4c7/0x760 [ 655.806651][T16139] ? __pfx_smc_connect+0x10/0x10 [ 655.806695][T16139] __sys_connect_file+0x13e/0x1a0 [ 655.806725][T16139] __sys_connect+0x14d/0x170 [ 655.806749][T16139] ? __pfx___sys_connect+0x10/0x10 [ 655.806788][T16139] ? __pfx_ksys_write+0x10/0x10 [ 655.806811][T16139] ? rcu_is_watching+0x12/0xc0 [ 655.806842][T16139] __x64_sys_connect+0x72/0xb0 [ 655.806865][T16139] ? lockdep_hardirqs_on+0x7c/0x110 [ 655.806898][T16139] do_syscall_64+0xcd/0x230 [ 655.806936][T16139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.806961][T16139] RIP: 0033:0x7f254698e969 [ 655.806982][T16139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 655.807004][T16139] RSP: 002b:00007f25447f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 655.807028][T16139] RAX: ffffffffffffffda RBX: 00007f2546bb5fa0 RCX: 00007f254698e969 [ 655.807045][T16139] RDX: 0000000000000058 RSI: 00002000000000c0 RDI: 0000000000000003 [ 655.807061][T16139] RBP: 00007f25447f6090 R08: 0000000000000000 R09: 0000000000000000 [ 655.807076][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 655.807091][T16139] R13: 0000000000000000 R14: 00007f2546bb5fa0 R15: 00007fff1c6fb728 [ 655.807126][T16139] [ 656.067249][ C0] vkms_vblank_simulate: vblank timer overrun [ 656.729247][T16153] FAULT_INJECTION: forcing a failure. [ 656.729247][T16153] name failslab, interval 1, probability 0, space 0, times 0 [ 656.780067][T16153] CPU: 1 UID: 0 PID: 16153 Comm: syz.0.2589 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 656.780107][T16153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 656.780123][T16153] Call Trace: [ 656.780132][T16153] [ 656.780144][T16153] dump_stack_lvl+0x16c/0x1f0 [ 656.780186][T16153] should_fail_ex+0x512/0x640 [ 656.780220][T16153] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 656.780252][T16153] should_failslab+0xc2/0x120 [ 656.780287][T16153] __kmalloc_cache_noprof+0x6a/0x3e0 [ 656.780314][T16153] ? vkms_plane_duplicate_state+0x87/0x130 [ 656.780353][T16153] ? kasan_save_track+0x14/0x30 [ 656.780383][T16153] vkms_plane_duplicate_state+0x87/0x130 [ 656.780422][T16153] drm_atomic_get_plane_state+0x20e/0x590 [ 656.780459][T16153] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 656.780492][T16153] ? __pfx___might_resched+0x10/0x10 [ 656.780531][T16153] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 656.780612][T16153] drm_client_modeset_commit_locked+0x14d/0x580 [ 656.780653][T16153] drm_client_modeset_commit+0x4f/0x80 [ 656.780688][T16153] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 656.780721][T16153] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 656.780759][T16153] drm_fbdev_client_restore+0x2c/0x40 [ 656.780796][T16153] drm_client_dev_restore+0x1f3/0x2a0 [ 656.780832][T16153] drm_release+0x2c4/0x360 [ 656.780862][T16153] ? __pfx_drm_release+0x10/0x10 [ 656.780888][T16153] __fput+0x402/0xb70 [ 656.780927][T16153] task_work_run+0x14d/0x240 [ 656.780966][T16153] ? __pfx_task_work_run+0x10/0x10 [ 656.781004][T16153] ? __pfx___do_sys_close_range+0x10/0x10 [ 656.781041][T16153] syscall_exit_to_user_mode+0x27b/0x2a0 [ 656.781080][T16153] do_syscall_64+0xda/0x230 [ 656.781119][T16153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.781145][T16153] RIP: 0033:0x7f3ba038e969 [ 656.781166][T16153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.781191][T16153] RSP: 002b:00007f3ba11ca038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 656.781216][T16153] RAX: 0000000000000000 RBX: 00007f3ba05b5fa0 RCX: 00007f3ba038e969 [ 656.781233][T16153] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 656.781248][T16153] RBP: 00007f3ba0410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 656.781264][T16153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 656.781280][T16153] R13: 0000000000000000 R14: 00007f3ba05b5fa0 R15: 00007fffcea5c698 [ 656.781318][T16153] [ 658.041094][T16172] FAULT_INJECTION: forcing a failure. [ 658.041094][T16172] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 658.065164][T16172] CPU: 0 UID: 0 PID: 16172 Comm: syz.2.2595 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 658.065200][T16172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 658.065216][T16172] Call Trace: [ 658.065225][T16172] [ 658.065236][T16172] dump_stack_lvl+0x16c/0x1f0 [ 658.065275][T16172] should_fail_ex+0x512/0x640 [ 658.065314][T16172] should_fail_alloc_page+0xe7/0x130 [ 658.065347][T16172] prepare_alloc_pages+0x3c2/0x610 [ 658.065383][T16172] ? rcu_is_watching+0x12/0xc0 [ 658.065411][T16172] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 658.065462][T16172] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 658.065497][T16172] ? do_raw_spin_lock+0x12c/0x2b0 [ 658.065533][T16172] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 658.065568][T16172] ? find_held_lock+0x2b/0x80 [ 658.065604][T16172] ? __lock_acquire+0xaa4/0x1ba0 [ 658.065635][T16172] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 658.065670][T16172] ? policy_nodemask+0xea/0x4e0 [ 658.065703][T16172] alloc_pages_mpol+0x1fb/0x550 [ 658.065735][T16172] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 658.065777][T16172] folio_alloc_mpol_noprof+0x36/0x2f0 [ 658.065813][T16172] shmem_alloc_folio+0x135/0x160 [ 658.065840][T16172] shmem_alloc_and_add_folio+0x499/0xc20 [ 658.065879][T16172] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 658.065913][T16172] ? shmem_allowable_huge_orders+0xcb/0x2f0 [ 658.065950][T16172] shmem_get_folio_gfp+0x687/0x1530 [ 658.065988][T16172] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 658.066020][T16172] ? reacquire_held_locks+0xcd/0x1f0 [ 658.066050][T16172] ? __mark_inode_dirty+0x64d/0xe50 [ 658.066086][T16172] shmem_fault+0x1fe/0xa30 [ 658.066118][T16172] ? __pfx_shmem_fault+0x10/0x10 [ 658.066150][T16172] ? _raw_spin_unlock+0x28/0x50 [ 658.066181][T16172] ? __pfx___up_read+0x10/0x10 [ 658.066225][T16172] ? __pfx_filemap_map_pages+0x10/0x10 [ 658.066254][T16172] __do_fault+0x10d/0x490 [ 658.066287][T16172] ? __pfx_filemap_map_pages+0x10/0x10 [ 658.066315][T16172] do_pte_missing+0x1a6/0x3fb0 [ 658.066346][T16172] ? __handle_mm_fault+0x1010/0x2a40 [ 658.066377][T16172] __handle_mm_fault+0x103d/0x2a40 [ 658.066415][T16172] ? __pfx___handle_mm_fault+0x10/0x10 [ 658.066476][T16172] ? find_vma+0xbf/0x140 [ 658.066512][T16172] ? __pfx_find_vma+0x10/0x10 [ 658.066550][T16172] handle_mm_fault+0x3fe/0xad0 [ 658.066583][T16172] do_user_addr_fault+0x7a6/0x1370 [ 658.066614][T16172] ? rcu_is_watching+0x12/0xc0 [ 658.066640][T16172] exc_page_fault+0x5c/0xc0 [ 658.066672][T16172] asm_exc_page_fault+0x26/0x30 [ 658.066693][T16172] RIP: 0010:__put_user_8+0xd/0x20 [ 658.066724][T16172] Code: 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 [ 658.066746][T16172] RSP: 0018:ffffc90004bffbe8 EFLAGS: 00050206 [ 658.066766][T16172] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000004000 [ 658.066781][T16172] RDX: ffff8880321a3c00 RSI: ffffffff825c9e71 RDI: ffffffff8bf472e0 [ 658.066797][T16172] RBP: 000000000007c010 R08: 08c5532909d99a6c R09: 0000000000000001 [ 658.066809][T16172] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000004000 [ 658.066820][T16172] R13: 00000000000009fe R14: dffffc0000000000 R15: 0000000000000000 [ 658.066844][T16172] ? kpagecount_read+0x211/0x570 [ 658.066881][T16172] kpagecount_read+0x21c/0x570 [ 658.066914][T16172] ? __pfx_kpagecount_read+0x10/0x10 [ 658.066949][T16172] proc_reg_read+0x120/0x330 [ 658.066975][T16172] ? __pfx_proc_reg_read+0x10/0x10 [ 658.067002][T16172] vfs_readv+0x6bc/0x8a0 [ 658.067035][T16172] ? __pfx___mutex_trylock_common+0x10/0x10 [ 658.067078][T16172] ? __pfx_vfs_readv+0x10/0x10 [ 658.067112][T16172] ? __mutex_lock+0x1ca/0xb90 [ 658.067154][T16172] ? __pfx___mutex_lock+0x10/0x10 [ 658.067201][T16172] ? __fget_files+0x20e/0x3c0 [ 658.067221][T16172] ? __fget_files+0x120/0x3c0 [ 658.067254][T16172] ? do_readv+0x132/0x330 [ 658.067273][T16172] do_readv+0x132/0x330 [ 658.067295][T16172] ? __pfx_do_readv+0x10/0x10 [ 658.067327][T16172] ? rcu_is_watching+0x12/0xc0 [ 658.067361][T16172] do_syscall_64+0xcd/0x230 [ 658.067398][T16172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.067422][T16172] RIP: 0033:0x7f0d61f8e969 [ 658.067441][T16172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 658.067464][T16172] RSP: 002b:00007f0d62d86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 658.067493][T16172] RAX: ffffffffffffffda RBX: 00007f0d621b5fa0 RCX: 00007f0d61f8e969 [ 658.067510][T16172] RDX: 0000000100000007 RSI: 00002000000001c0 RDI: 0000000000000003 [ 658.067526][T16172] RBP: 00007f0d62d86090 R08: 0000000000000000 R09: 0000000000000000 [ 658.067542][T16172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 658.067557][T16172] R13: 0000000000000000 R14: 00007f0d621b5fa0 R15: 00007ffff684f8e8 [ 658.067593][T16172] [ 658.616248][T16174] random: crng reseeded on system resumption [ 658.676682][T16158] zram: Added device: zram3 [ 658.696984][ T6797] hsr_slave_0: left promiscuous mode [ 658.720587][ T6797] hsr_slave_1: left promiscuous mode [ 658.863800][ T6797] hsr_slave_0: left promiscuous mode [ 658.950379][ T6797] hsr_slave_1: left promiscuous mode [ 659.010944][ T6797] hsr_slave_0: left promiscuous mode [ 659.028748][ T6797] hsr_slave_1: left promiscuous mode [ 659.095259][ T6797] veth0_macvtap: left promiscuous mode [ 659.102453][ T6797] veth1_vlan: left promiscuous mode [ 659.107920][ T6797] veth0_vlan: left promiscuous mode [ 659.125161][ T6797] veth1_macvtap: left promiscuous mode [ 659.139469][ T6797] veth0_macvtap: left promiscuous mode [ 659.150904][ T6797] veth1_vlan: left promiscuous mode [ 659.165623][ T6797] veth0_vlan: left promiscuous mode [ 659.188128][T16186] FAULT_INJECTION: forcing a failure. [ 659.188128][T16186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 659.201490][T16186] CPU: 0 UID: 0 PID: 16186 Comm: syz.0.2600 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 659.201523][T16186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 659.201538][T16186] Call Trace: [ 659.201546][T16186] [ 659.201556][T16186] dump_stack_lvl+0x16c/0x1f0 [ 659.201594][T16186] should_fail_ex+0x512/0x640 [ 659.201639][T16186] _copy_from_user+0x2e/0xd0 [ 659.201675][T16186] copy_msghdr_from_user+0x98/0x160 [ 659.201704][T16186] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 659.201750][T16186] ___sys_sendmsg+0xfe/0x1d0 [ 659.201780][T16186] ? __pfx____sys_sendmsg+0x10/0x10 [ 659.201852][T16186] __sys_sendmsg+0x16d/0x220 [ 659.201881][T16186] ? __pfx___sys_sendmsg+0x10/0x10 [ 659.201920][T16186] ? rcu_is_watching+0x12/0xc0 [ 659.201954][T16186] do_syscall_64+0xcd/0x230 [ 659.201991][T16186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.202016][T16186] RIP: 0033:0x7f3ba038e969 [ 659.202035][T16186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 659.202059][T16186] RSP: 002b:00007f3ba11ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 659.202082][T16186] RAX: ffffffffffffffda RBX: 00007f3ba05b5fa0 RCX: 00007f3ba038e969 [ 659.202099][T16186] RDX: 0000000000000000 RSI: 0000200000007b00 RDI: 0000000000000003 [ 659.202113][T16186] RBP: 00007f3ba11ca090 R08: 0000000000000000 R09: 0000000000000000 [ 659.202128][T16186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 659.202144][T16186] R13: 0000000000000000 R14: 00007f3ba05b5fa0 R15: 00007fffcea5c698 [ 659.202178][T16186] [ 659.411083][ T6797] veth1_macvtap: left promiscuous mode [ 659.416794][ T6797] veth0_macvtap: left promiscuous mode [ 659.425096][ T6797] veth1_vlan: left promiscuous mode [ 659.437101][ T6797] veth0_vlan: left promiscuous mode [ 659.607677][T16192] FAULT_INJECTION: forcing a failure. [ 659.607677][T16192] name failslab, interval 1, probability 0, space 0, times 0 [ 659.643995][T16192] CPU: 1 UID: 0 PID: 16192 Comm: syz.3.2602 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 659.644034][T16192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 659.644052][T16192] Call Trace: [ 659.644062][T16192] [ 659.644073][T16192] dump_stack_lvl+0x16c/0x1f0 [ 659.644116][T16192] should_fail_ex+0x512/0x640 [ 659.644152][T16192] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 659.644185][T16192] should_failslab+0xc2/0x120 [ 659.644218][T16192] __kmalloc_cache_noprof+0x6a/0x3e0 [ 659.644245][T16192] ? vkms_plane_duplicate_state+0x87/0x130 [ 659.644283][T16192] ? kasan_save_track+0x14/0x30 [ 659.644313][T16192] vkms_plane_duplicate_state+0x87/0x130 [ 659.644362][T16192] drm_atomic_get_plane_state+0x20e/0x590 [ 659.644401][T16192] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 659.644435][T16192] ? __pfx___might_resched+0x10/0x10 [ 659.644474][T16192] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 659.644552][T16192] drm_client_modeset_commit_locked+0x14d/0x580 [ 659.644593][T16192] drm_client_modeset_commit+0x4f/0x80 [ 659.644626][T16192] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 659.644657][T16192] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 659.644695][T16192] drm_fbdev_client_restore+0x2c/0x40 [ 659.644734][T16192] drm_client_dev_restore+0x1f3/0x2a0 [ 659.644775][T16192] drm_release+0x2c4/0x360 [ 659.644809][T16192] ? __pfx_drm_release+0x10/0x10 [ 659.644837][T16192] __fput+0x402/0xb70 [ 659.644878][T16192] task_work_run+0x14d/0x240 [ 659.644918][T16192] ? __pfx_task_work_run+0x10/0x10 [ 659.644956][T16192] ? __pfx___do_sys_close_range+0x10/0x10 [ 659.644981][T16192] ? rcu_is_watching+0x12/0xc0 [ 659.645014][T16192] syscall_exit_to_user_mode+0x27b/0x2a0 [ 659.645052][T16192] do_syscall_64+0xda/0x230 [ 659.645092][T16192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.645119][T16192] RIP: 0033:0x7f2f5e58e969 [ 659.645141][T16192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 659.645168][T16192] RSP: 002b:00007f2f5f4db038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 659.645195][T16192] RAX: 0000000000000000 RBX: 00007f2f5e7b5fa0 RCX: 00007f2f5e58e969 [ 659.645213][T16192] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 659.645229][T16192] RBP: 00007f2f5e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 659.645247][T16192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 659.645263][T16192] R13: 0000000000000000 R14: 00007f2f5e7b5fa0 R15: 00007ffc50c38898 [ 659.645302][T16192] [ 660.129884][T16197] FAULT_INJECTION: forcing a failure. [ 660.129884][T16197] name failslab, interval 1, probability 0, space 0, times 0 [ 660.150231][T16197] CPU: 0 UID: 0 PID: 16197 Comm: syz.3.2605 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 660.150268][T16197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 660.150288][T16197] Call Trace: [ 660.150298][T16197] [ 660.150309][T16197] dump_stack_lvl+0x16c/0x1f0 [ 660.150351][T16197] should_fail_ex+0x512/0x640 [ 660.150386][T16197] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 660.150418][T16197] should_failslab+0xc2/0x120 [ 660.150451][T16197] __kmalloc_cache_noprof+0x6a/0x3e0 [ 660.150478][T16197] ? vkms_plane_duplicate_state+0x87/0x130 [ 660.150518][T16197] ? kasan_save_track+0x14/0x30 [ 660.150559][T16197] vkms_plane_duplicate_state+0x87/0x130 [ 660.150600][T16197] drm_atomic_get_plane_state+0x20e/0x590 [ 660.150640][T16197] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 660.150676][T16197] ? __pfx___might_resched+0x10/0x10 [ 660.150716][T16197] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 660.150793][T16197] drm_client_modeset_commit_locked+0x14d/0x580 [ 660.150834][T16197] drm_client_modeset_commit+0x4f/0x80 [ 660.150869][T16197] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 660.150901][T16197] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 660.150940][T16197] drm_fbdev_client_restore+0x2c/0x40 [ 660.150977][T16197] drm_client_dev_restore+0x1f3/0x2a0 [ 660.151017][T16197] drm_release+0x2c4/0x360 [ 660.151050][T16197] ? __pfx_drm_release+0x10/0x10 [ 660.151079][T16197] __fput+0x402/0xb70 [ 660.151117][T16197] task_work_run+0x14d/0x240 [ 660.151156][T16197] ? __pfx_task_work_run+0x10/0x10 [ 660.151194][T16197] ? __pfx___do_sys_close_range+0x10/0x10 [ 660.151218][T16197] ? rcu_is_watching+0x12/0xc0 [ 660.151251][T16197] syscall_exit_to_user_mode+0x27b/0x2a0 [ 660.151289][T16197] do_syscall_64+0xda/0x230 [ 660.151328][T16197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.151354][T16197] RIP: 0033:0x7f2f5e58e969 [ 660.151375][T16197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.151402][T16197] RSP: 002b:00007f2f5f4db038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 660.151428][T16197] RAX: 0000000000000000 RBX: 00007f2f5e7b5fa0 RCX: 00007f2f5e58e969 [ 660.151445][T16197] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 660.151461][T16197] RBP: 00007f2f5e610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 660.151478][T16197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 660.151494][T16197] R13: 0000000000000000 R14: 00007f2f5e7b5fa0 R15: 00007ffc50c38898 [ 660.151540][T16197] [ 661.101423][ T6797] team0 (unregistering): Port device team_slave_1 removed [ 661.503718][T16222] FAULT_INJECTION: forcing a failure. [ 661.503718][T16222] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 661.525060][T16222] CPU: 1 UID: 0 PID: 16222 Comm: syz.1.2612 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 661.525096][T16222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 661.525111][T16222] Call Trace: [ 661.525120][T16222] [ 661.525130][T16222] dump_stack_lvl+0x16c/0x1f0 [ 661.525167][T16222] should_fail_ex+0x512/0x640 [ 661.525205][T16222] _copy_from_iter+0x2a4/0x15b0 [ 661.525243][T16222] ? __alloc_skb+0x200/0x380 [ 661.525269][T16222] ? __pfx__copy_from_iter+0x10/0x10 [ 661.525306][T16222] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 661.525335][T16222] ? __lock_acquire+0xaa4/0x1ba0 [ 661.525375][T16222] netlink_sendmsg+0x829/0xdd0 [ 661.525412][T16222] ? __pfx_netlink_sendmsg+0x10/0x10 [ 661.525464][T16222] ____sys_sendmsg+0xa98/0xc70 [ 661.525499][T16222] ? copy_msghdr_from_user+0x10a/0x160 [ 661.525528][T16222] ? __pfx_____sys_sendmsg+0x10/0x10 [ 661.525579][T16222] ___sys_sendmsg+0x134/0x1d0 [ 661.525609][T16222] ? __pfx____sys_sendmsg+0x10/0x10 [ 661.525684][T16222] __sys_sendmsg+0x16d/0x220 [ 661.525713][T16222] ? __pfx___sys_sendmsg+0x10/0x10 [ 661.525752][T16222] ? rcu_is_watching+0x12/0xc0 [ 661.525786][T16222] do_syscall_64+0xcd/0x230 [ 661.525823][T16222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.525848][T16222] RIP: 0033:0x7f254698e969 [ 661.525868][T16222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 661.525892][T16222] RSP: 002b:00007f25447f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 661.525916][T16222] RAX: ffffffffffffffda RBX: 00007f2546bb5fa0 RCX: 00007f254698e969 [ 661.525933][T16222] RDX: 0000000000000000 RSI: 0000200000007b00 RDI: 0000000000000003 [ 661.525949][T16222] RBP: 00007f25447f6090 R08: 0000000000000000 R09: 0000000000000000 [ 661.525968][T16222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 661.525983][T16222] R13: 0000000000000000 R14: 00007f2546bb5fa0 R15: 00007fff1c6fb728 [ 661.526018][T16222] [ 661.999244][T16227] FAULT_INJECTION: forcing a failure. [ 661.999244][T16227] name failslab, interval 1, probability 0, space 0, times 0 [ 662.023761][T16227] CPU: 0 UID: 0 PID: 16227 Comm: syz.1.2614 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 662.023799][T16227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 662.023815][T16227] Call Trace: [ 662.023825][T16227] [ 662.023836][T16227] dump_stack_lvl+0x16c/0x1f0 [ 662.023880][T16227] should_fail_ex+0x512/0x640 [ 662.023916][T16227] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 662.023948][T16227] should_failslab+0xc2/0x120 [ 662.023979][T16227] __kmalloc_cache_noprof+0x6a/0x3e0 [ 662.024007][T16227] ? vkms_plane_duplicate_state+0x87/0x130 [ 662.024047][T16227] ? kasan_save_track+0x14/0x30 [ 662.024079][T16227] vkms_plane_duplicate_state+0x87/0x130 [ 662.024119][T16227] drm_atomic_get_plane_state+0x20e/0x590 [ 662.024170][T16227] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 662.024207][T16227] ? __pfx___might_resched+0x10/0x10 [ 662.024246][T16227] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 662.024321][T16227] drm_client_modeset_commit_locked+0x14d/0x580 [ 662.024362][T16227] drm_client_modeset_commit+0x4f/0x80 [ 662.024396][T16227] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 662.024428][T16227] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 662.024467][T16227] drm_fbdev_client_restore+0x2c/0x40 [ 662.024504][T16227] drm_client_dev_restore+0x1f3/0x2a0 [ 662.024543][T16227] drm_release+0x2c4/0x360 [ 662.024578][T16227] ? __pfx_drm_release+0x10/0x10 [ 662.024606][T16227] __fput+0x402/0xb70 [ 662.024648][T16227] task_work_run+0x14d/0x240 [ 662.024687][T16227] ? __pfx_task_work_run+0x10/0x10 [ 662.024725][T16227] ? __pfx___do_sys_close_range+0x10/0x10 [ 662.024751][T16227] ? rcu_is_watching+0x12/0xc0 [ 662.024784][T16227] syscall_exit_to_user_mode+0x27b/0x2a0 [ 662.024823][T16227] do_syscall_64+0xda/0x230 [ 662.024863][T16227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.024890][T16227] RIP: 0033:0x7f254698e969 [ 662.024913][T16227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 662.024938][T16227] RSP: 002b:00007f25447f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 662.024963][T16227] RAX: 0000000000000000 RBX: 00007f2546bb5fa0 RCX: 00007f254698e969 [ 662.024981][T16227] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 662.024997][T16227] RBP: 00007f2546a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 662.025014][T16227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 662.025031][T16227] R13: 0000000000000000 R14: 00007f2546bb5fa0 R15: 00007fff1c6fb728 [ 662.025070][T16227] [ 663.120728][ T6797] team0 (unregistering): Port device team_slave_1 removed [ 664.007013][ T6797] team0 (unregistering): Port device team_slave_1 removed [ 665.711235][T16261] FAULT_INJECTION: forcing a failure. [ 665.711235][T16261] name failslab, interval 1, probability 0, space 0, times 0 [ 665.744332][T16261] CPU: 0 UID: 0 PID: 16261 Comm: syz.2.2624 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 665.744373][T16261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 665.744390][T16261] Call Trace: [ 665.744400][T16261] [ 665.744412][T16261] dump_stack_lvl+0x16c/0x1f0 [ 665.744457][T16261] should_fail_ex+0x512/0x640 [ 665.744495][T16261] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 665.744528][T16261] should_failslab+0xc2/0x120 [ 665.744563][T16261] __kmalloc_cache_noprof+0x6a/0x3e0 [ 665.744590][T16261] ? vkms_plane_duplicate_state+0x87/0x130 [ 665.744634][T16261] ? kasan_save_track+0x14/0x30 [ 665.744669][T16261] vkms_plane_duplicate_state+0x87/0x130 [ 665.744711][T16261] drm_atomic_get_plane_state+0x20e/0x590 [ 665.744750][T16261] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 665.744787][T16261] ? __pfx___might_resched+0x10/0x10 [ 665.744827][T16261] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 665.744905][T16261] drm_client_modeset_commit_locked+0x14d/0x580 [ 665.744947][T16261] drm_client_modeset_commit+0x4f/0x80 [ 665.744983][T16261] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 665.745019][T16261] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 665.745076][T16261] drm_fbdev_client_restore+0x2c/0x40 [ 665.745116][T16261] drm_client_dev_restore+0x1f3/0x2a0 [ 665.745166][T16261] drm_release+0x2c4/0x360 [ 665.745205][T16261] ? __pfx_drm_release+0x10/0x10 [ 665.745237][T16261] __fput+0x402/0xb70 [ 665.745284][T16261] task_work_run+0x14d/0x240 [ 665.745329][T16261] ? __pfx_task_work_run+0x10/0x10 [ 665.745372][T16261] ? __pfx___do_sys_close_range+0x10/0x10 [ 665.745400][T16261] ? rcu_is_watching+0x12/0xc0 [ 665.745435][T16261] syscall_exit_to_user_mode+0x27b/0x2a0 [ 665.745479][T16261] do_syscall_64+0xda/0x230 [ 665.745523][T16261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.745552][T16261] RIP: 0033:0x7f0d61f8e969 [ 665.745575][T16261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.745605][T16261] RSP: 002b:00007f0d62d86038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 665.745633][T16261] RAX: 0000000000000000 RBX: 00007f0d621b5fa0 RCX: 00007f0d61f8e969 [ 665.745652][T16261] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 665.745669][T16261] RBP: 00007f0d62010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 665.745687][T16261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 665.745706][T16261] R13: 0000000000000000 R14: 00007f0d621b5fa0 R15: 00007ffff684f8e8 [ 665.745748][T16261] [ 669.328119][T16314] FAULT_INJECTION: forcing a failure. [ 669.328119][T16314] name failslab, interval 1, probability 0, space 0, times 0 [ 669.449672][T16314] CPU: 0 UID: 0 PID: 16314 Comm: syz.0.2636 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 669.449708][T16314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 669.449723][T16314] Call Trace: [ 669.449733][T16314] [ 669.449749][T16314] dump_stack_lvl+0x16c/0x1f0 [ 669.449788][T16314] should_fail_ex+0x512/0x640 [ 669.449828][T16314] should_failslab+0xc2/0x120 [ 669.449860][T16314] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 669.449891][T16314] ? skb_clone+0x190/0x3f0 [ 669.449924][T16314] skb_clone+0x190/0x3f0 [ 669.449954][T16314] netlink_deliver_tap+0xabd/0xd30 [ 669.449994][T16314] netlink_unicast+0x5df/0x7f0 [ 669.450030][T16314] ? __pfx_netlink_unicast+0x10/0x10 [ 669.450059][T16314] ? __lock_acquire+0xaa4/0x1ba0 [ 669.450100][T16314] netlink_sendmsg+0x8d1/0xdd0 [ 669.450137][T16314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 669.450183][T16314] ____sys_sendmsg+0xa98/0xc70 [ 669.450219][T16314] ? copy_msghdr_from_user+0x10a/0x160 [ 669.450247][T16314] ? __pfx_____sys_sendmsg+0x10/0x10 [ 669.450300][T16314] ___sys_sendmsg+0x134/0x1d0 [ 669.450330][T16314] ? __pfx____sys_sendmsg+0x10/0x10 [ 669.450398][T16314] __sys_sendmsg+0x16d/0x220 [ 669.450426][T16314] ? __pfx___sys_sendmsg+0x10/0x10 [ 669.450463][T16314] ? rcu_is_watching+0x12/0xc0 [ 669.450497][T16314] do_syscall_64+0xcd/0x230 [ 669.450535][T16314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.450561][T16314] RIP: 0033:0x7f3ba038e969 [ 669.450581][T16314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.450605][T16314] RSP: 002b:00007f3ba11ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 669.450629][T16314] RAX: ffffffffffffffda RBX: 00007f3ba05b5fa0 RCX: 00007f3ba038e969 [ 669.450647][T16314] RDX: 0000000000000000 RSI: 0000200000007b00 RDI: 0000000000000003 [ 669.450662][T16314] RBP: 00007f3ba11ca090 R08: 0000000000000000 R09: 0000000000000000 [ 669.450678][T16314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 669.450694][T16314] R13: 0000000000000000 R14: 00007f3ba05b5fa0 R15: 00007fffcea5c698 [ 669.450729][T16314] [ 670.620491][T16335] cougar: G6 mapped to F18 [ 671.110778][ T5831] ================================================================== [ 671.118890][ T5831] BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 [ 671.126734][ T5831] Read of size 140 at addr ffffc90004aed000 by task kworker/u9:2/5831 [ 671.134907][ T5831] [ 671.137249][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: kworker/u9:2 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 671.137282][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 671.137299][ T5831] Workqueue: hci0 hci_devcd_timeout [ 671.137335][ T5831] Call Trace: [ 671.137344][ T5831] [ 671.137354][ T5831] dump_stack_lvl+0x116/0x1f0 [ 671.137388][ T5831] print_report+0xc3/0x670 [ 671.137417][ T5831] ? __virt_addr_valid+0x5e/0x590 [ 671.137450][ T5831] ? hci_devcd_dump+0x142/0x240 [ 671.137481][ T5831] kasan_report+0xe0/0x110 [ 671.137509][ T5831] ? hci_devcd_dump+0x142/0x240 [ 671.137544][ T5831] kasan_check_range+0xef/0x1a0 [ 671.137582][ T5831] __asan_memcpy+0x23/0x60 [ 671.137605][ T5831] hci_devcd_dump+0x142/0x240 [ 671.137636][ T5831] hci_devcd_timeout+0xb5/0x2e0 [ 671.137665][ T5831] ? rcu_is_watching+0x12/0xc0 [ 671.137691][ T5831] process_one_work+0x9cc/0x1b70 [ 671.137734][ T5831] ? __pfx_process_one_work+0x10/0x10 [ 671.137775][ T5831] ? assign_work+0x1a0/0x250 [ 671.137808][ T5831] worker_thread+0x6c8/0xf10 [ 671.137847][ T5831] ? __kthread_parkme+0x19e/0x250 [ 671.137877][ T5831] ? __pfx_worker_thread+0x10/0x10 [ 671.137909][ T5831] kthread+0x3c5/0x780 [ 671.137940][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.137966][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.137993][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.138019][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.138046][ T5831] ? rcu_is_watching+0x12/0xc0 [ 671.138065][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.138092][ T5831] ret_from_fork+0x48/0x80 [ 671.138111][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.138138][ T5831] ret_from_fork_asm+0x1a/0x30 [ 671.138172][ T5831] [ 671.138180][ T5831] [ 671.303361][ T5831] The buggy address ffffc90004aed000 belongs to a vmalloc virtual mapping [ 671.311853][ T5831] Memory state around the buggy address: [ 671.317475][ T5831] ffffc90004aecf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 671.325534][ T5831] ffffc90004aecf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 671.333594][ T5831] >ffffc90004aed000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 671.341646][ T5831] ^ [ 671.345702][ T5831] ffffc90004aed080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 671.353754][ T5831] ffffc90004aed100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 671.361805][ T5831] ================================================================== [ 671.369866][ C1] vkms_vblank_simulate: vblank timer overrun [ 671.381170][ T5831] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 671.388394][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: kworker/u9:2 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) [ 671.400565][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 671.410634][ T5831] Workqueue: hci0 hci_devcd_timeout [ 671.415867][ T5831] Call Trace: [ 671.419153][ T5831] [ 671.422091][ T5831] dump_stack_lvl+0x3d/0x1f0 [ 671.426711][ T5831] panic+0x71c/0x800 [ 671.430635][ T5831] ? __pfx_panic+0x10/0x10 [ 671.435079][ T5831] ? irqentry_exit+0x3b/0x90 [ 671.439677][ T5831] ? lockdep_hardirqs_on+0x7c/0x110 [ 671.444884][ T5831] ? preempt_schedule_thunk+0x16/0x30 [ 671.450270][ T5831] ? hci_devcd_dump+0x142/0x240 [ 671.455139][ T5831] ? preempt_schedule_common+0x44/0xc0 [ 671.460605][ T5831] ? check_panic_on_warn+0x1f/0xb0 [ 671.465725][ T5831] ? hci_devcd_dump+0x142/0x240 [ 671.470581][ T5831] check_panic_on_warn+0xab/0xb0 [ 671.475528][ T5831] end_report+0x107/0x170 [ 671.479865][ T5831] kasan_report+0xee/0x110 [ 671.484287][ T5831] ? hci_devcd_dump+0x142/0x240 [ 671.489152][ T5831] kasan_check_range+0xef/0x1a0 [ 671.494009][ T5831] __asan_memcpy+0x23/0x60 [ 671.498424][ T5831] hci_devcd_dump+0x142/0x240 [ 671.503105][ T5831] hci_devcd_timeout+0xb5/0x2e0 [ 671.507962][ T5831] ? rcu_is_watching+0x12/0xc0 [ 671.512726][ T5831] process_one_work+0x9cc/0x1b70 [ 671.517675][ T5831] ? __pfx_process_one_work+0x10/0x10 [ 671.523061][ T5831] ? assign_work+0x1a0/0x250 [ 671.527663][ T5831] worker_thread+0x6c8/0xf10 [ 671.532282][ T5831] ? __kthread_parkme+0x19e/0x250 [ 671.537321][ T5831] ? __pfx_worker_thread+0x10/0x10 [ 671.542443][ T5831] kthread+0x3c5/0x780 [ 671.546518][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.551113][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.555717][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.560315][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.564910][ T5831] ? rcu_is_watching+0x12/0xc0 [ 671.569672][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.574267][ T5831] ret_from_fork+0x48/0x80 [ 671.578683][ T5831] ? __pfx_kthread+0x10/0x10 [ 671.583282][ T5831] ret_from_fork_asm+0x1a/0x30 [ 671.588066][ T5831] [ 671.591313][ T5831] Kernel Offset: disabled [ 671.595633][ T5831] Rebooting in 86400 seconds..