last executing test programs: 4m59.218973005s ago: executing program 3 (id=2770): mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) close_range$auto(0x2, 0x8, 0x0) socket(0x28, 0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) r0 = fsopen$auto(0x0, 0x1) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x22048814) preadv2$auto(r0, &(0x7f0000000480)={&(0x7f0000000800)="b81a471ba1ba14d6ce3847843cca6c5430c9887458491e2b98536ec8b468c665828e726b1482229ae4d9d64d06309acfcc8a04fb68e57ba5cda207000000e3c1f7d4325785eac9a58765ce6a8e920ef942623863e56247f56329b177bbe75e98547ff41d39f4620a51241a405c94688ff2ceaf431de1f8e3e8fdbf2db7ad3d2ef55281d2f09b433619f163c381a128ffe25a183b331ef946f434fb63118e70446cfff744328bccacc83ca2ad96de77203ea96a0811d5c38cdbdc1af5bce535b78f80eb6eb60f31d3226ee80a4e32813cd8bd7019230f1656a0688e0889b9b6917504678515fc2abca460f6035e03b13b09366827ad1cbcfd4134651dc03d89409ecfe43a540abfedfebc718159a866a0871c286f734a2675b1bf576e800a5a10f8f4e9d8c39353cc1d7d41b95ba2a4be85681871d50609a38626b1fd86a11c9ba372f49ace637ee63d9a8216108225fb9b7a9634532c1e92f1166c", 0x2766}, 0x2, 0x6, 0xfffffffffffff371, 0x4) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x0, 0x8, 0xc, 0x3, 0x81, 0xfffffffc, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0xb0, 0x9, 0x1, 0xffffffff, 0x5, 0x7, 0x0, 0x7, 0x0, 0xffffffee, 0x2a17, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x800000000000, 0x0, 0x0, 0xd, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x5, 0x7fff, 0x0, 0x0, 0x0, 0x71a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe9, 0x0, 0x4, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x9, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4m58.369733634s ago: executing program 3 (id=2773): msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) (async, rerun: 32) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 32) migrate_pages$auto(0x0, 0x74, &(0x7f0000000780)=0x8000000000000001, &(0x7f00000007c0)=0x1) (async) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0xfffffffffffffffc, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) (async, rerun: 32) capget$auto(&(0x7f0000000100)={0x8}, &(0x7f0000000140)={0x9, 0x8, 0x800}) (async, rerun: 32) sendmsg$auto_NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000001200)={0x12f0, r1, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, "ea42e41cec4d4fef79cdc3a3"}, @NL80211_ATTR_PMK={0x3c, 0xfe, "6f6b9b3d4ab0feaff4e419bdd0636f5d546bfb119b27d2df9b2af198a28febcf1ceffe14de30556d5ad3742520a270cd11912375e66146d7"}, @NL80211_ATTR_MBSSID_CONFIG={0x48, 0x132, 0x0, 0x1, [@NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES={0x5, 0x1, 0x5}, @NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX={0x8}, @NL80211_MBSSID_CONFIG_ATTR_EMA={0x4}, @NL80211_MBSSID_CONFIG_ATTR_INDEX={0x5, 0x3, 0x8f}, @NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY={0x5, 0x2, 0xb}, @NL80211_MBSSID_CONFIG_ATTR_EMA={0x4}, @NL80211_MBSSID_CONFIG_ATTR_EMA={0x4}, @NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX={0x8}, @NL80211_MBSSID_CONFIG_ATTR_INDEX={0x5, 0x3, 0x9}, @NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY={0x5, 0x2, 0x3}]}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x1220, 0x84, 0x0, 0x1, [@nested={0x120f, 0x110, 0x0, 0x1, [@nested={0xa3, 0x5, 0x0, 0x1, [@generic="d0db11", @nested={0x99, 0x109, 0x0, 0x1, [@generic="8c06f3e3afcd9fc3fa235bd4cca91f2a253b925580ca9710197b15f362b95acf50344b5a507863a479bd450da3f15c64e3f63dddc7814c3ce80381677a26e7af314b6e1f2d74e6d3e008a2658a738911f16731fab8554a11ba4c2e08ac4be54689fc4562ba82b9a25d83f899dbf052db2f3f67fef638fa5f1ae8ff5310ab77d1d95ba18fb4da408eb0", @typed={0x8, 0x119, 0x0, 0x0, @fd}, @nested={0x4, 0x32}]}]}, @generic="beae1e08f3c5ba00f18e5c6cf4a14921b5f8f11ee79324811b99bc5bad547aca0964652425199535a56d3a31c3190754dc0c33d504e5c9e3e73c4cb7593c44f2bb67248bb3f024207f46b9ccc1f9de20f200d44a29a05fc820424c1f159f946157b110edb4d79dd0cff646ea65c78dcb5e40c074bc3f34ccc50696ae4686993844dba90be3372ae0e15660ac47e571bbc483813e01acc96dd8d8d23e990918119494c1a09f96f65b9f21f6d60dc8060bbdc5da266d8823568df771cfa597f586060077509793951cb8ee6fa13197667bc89842be3969f66faf3535824124c578f7720c18892cf79d86925e31f12592a40c71a2d6f8ccdebbc76679ad89f6db20ca742893946e6c76083989514c117b1bf9a20777092d6167f4daa2425cdbed6adda52314486b977eb0db1eb3426b2b56fa0b97d8f5306cf0ba2bd864b90419bb099504e661e80e02d9b6f894a657bfba7118520299d1a0fe3bb5dd9b2699383ee2ce0816a17e3ff7ed6277415280db7de31a57505232abf9f1d63cee1c1dff46ef8fcb3cf925c5a08aade47a2cc4c56a592b8c490998b72254e7e962cc144fbc6a6e2b77420eac2bd290dc2b2583fcae209f4ffd7596c48351411d2b9a6022f874c928d525d1c565ebb47409dcde1f5b2efb0ab7f4f6a18e59b506ba5e4bfaaad55f8d56f791b4d1ee63f82b46923f4e0edaa2a5fe6bf6a46b1f107e3cce38c9fe02ce29da81e7020868e0a3cb427fb11c1b39aaf14238e2a19aa88edcd891ec39abef3274e89bf81c204df97525be70f8bd4e37afcf87743b7b1602df8116b60451043a5f03cfe4a40f77ddc58c4ca57a8c490f8b48a7604d0c908e0656de7d698f2145c754d1918d9721d13c70bbee37d4ecefa9c6ff5a90a9bd2495cd4be5e1493f7c6ae76851672b08ff082472db532365d021c209acdcd7653db771b780d27eb63f392eb836680db4ab5baa3441bc3eb85517a1d6cd6e1faff2cabae55360318d03d41266937a972c83f3272c8138353de515599e8a6b8163ba9075176436d806edee1ed782e5b9624d9fcf07be2d569d8f02c1fe8da9c1a292355fa3d4e3cf7b413bf5c796c662f51d4742daf68ed8283cb2fed874f97a37863bc0c986b1936cd13e875ef0d1113bd926435359847b69289c6b584a2d52a38e1d3a9db6e204d6d863a66c0d0799ad082872262327a627fd063ebe964b1dbd01d3a1ac1719a220de7df7bfb09ad75ddc9f8171d82071072b7328bcc66c2fda7ead29da99935ae8355a4044b035af5c0090c12345f0782134add6d7227c4090c10421df7b705709c6b930c5e363d56b0b95762b289925805011da2cf4ec46a9da4594e91710c5545ad35698c42fe5600272a637c96db782df367f0c5869b78649a0f26e1c100471360adbfa293850fc8f7f56e0708fc2211086a5412b6acf1c2f61ef8c712d59cddf9daeedd11d85ecc715310ec47332ccf0d7007918d8e38e8f7e6a3b4fbfb7ae4e0e7763c3296d8413655a1bf882bc4a60c8e016b8a6d7cb9a2420ed28b912d160b9503c47ae267dea205d89ac9185a9d4435a4bd72d1718ead7603b2426f6d0027eee40c7fe2cc188445352c832534d1220b5da604a42663ab4316dab8310a47c130f20d8e7ba294fa36b99d256e2929804e1b4802b4bb13c81a7782796f5b281377cba7b32f41d564e51c75908ba66940f619013eff363716273f495b7ba6b47a4e36cb98c0e17e54a018321ebfdb4fd20d3b0296dec0af6d0bd8b1812ad34ecc79ed0748472b78e6d12cdc13f76d493f91387d7009d8eb30036d7b3ee46025b3e3fdcaa391e7a78da963049afe6afe580747b5bf0cd77b782fb856ef60136a1033e93f3b0046781b7aaeb7385fd9cc4a8ac02cf458c2715897cbe52d089a9387f9f63fb7208256b6a2bdf1a7e56a1d422b8dee60850b8b249c4316c7b0cc6e5c90bf1113922345f2db256cafd4e3382005662394236b2fc490ed9045c9e248c9a7fa5ab71861c8c7d088bf227ec3940e76c5a4d2a8b48478a41227cd62dbaf63e71efbb19d954d9aea7cba0cebef2b9bff6130598eff6f1f7fa68e0fc2898e48cce112bea4cd003f3d44b1507bee6de7060a9d9e9668cc50e249a167bd3320e3e6583e6d8caec9ab7f4037c9133e1e1c29ec04db41433bbb04d8e3d18483d8ec3bef6ebad6ca9232a2c5e70d86e9613356b33c8f0e2f9bf0cc3ad410e0340823b1938aa4150d0ea5db9c4f32578e16c200f96fdaa364e087326c7fc77f734a69fa3d53a20411ca66b6aed4e15f29a2fdec0cbcdca8e38875af69d0c744c353f830f89fc6bf518cee35788a59e48fc9ee54324c9f5c7b2b3ca68021681ab9d42f9641a8ca6c64a185665065cc0a7ffec6cb0374b833d2141ad6a304405f94df39024b40973a87568a414edb3028001fd508a481cd331c32b3aeaccf1969ec070a7ffbd12325a783b444ac39b334a3ab99a672e5c6d51868535617fce26ab3bfaee9039919312b63031a8f7f1f80e6b37f0f3e5af3289066e422f1b997144b5195e7d1af342d26b810c77a696f77fdd4cef54d1e6df10de0b971fc2162b43b53bf6a225bfd608c844c090e4983ec2016155ec42a6974b46a0a8e9d2d6a05965a80af1841b6f62c5bb1b40e706734c8a2dba277bd6d7aef41ddc421ddb94174dd86ebb6a04eb4506121d8b3f4cf22332b6b3fe6a79cae3ac9ac969c67ea6d4e9ffdc7936d4ce5d496a5eb6db87131d6f45eefc346018cedbd39515b7d7e56adf7e8ccfacaa54a8a88b6d8d84af9aa6cd6fab6f0abc5a2c5abf2cd58069bfc865cb09429c823f0891f0dd91b4c940ca20c1c70a390049e456c1491e4e203958d7d4394012a0e28ade038dc054a7bb60eb236648de641cdb5940715325cd1eb204aaa8dfaffe888663b5160dcfe95763fd740f7283b3e239c3637c7557a3bf90636a1b017fbc32b014d1e0e234c9d51122269ca07b0e2663cdd6695ba7606c71d13fc6d9d31a7084e6fe94ab66640a813b2847cb3f3930a31d7508a97e004fb0da4eecb112284280d21f493bb3f54a2b2b8244a2845ae7e50413d5cbcc4d5033a66ed0eca9acca9ace09548d5cebf787400a0f7377e10b1c65bc9025b2537e47c40fe8c43654a13475473e8263cdc97f99be3e589d76388c2f03810a9af9fcd0e6507e346b76b272fa3e16b57a1fb2bc664b0f2d0c914af1bb5c58dfa83674dd0c1a25e196e0c693fdac27507b0fc739454385718c96de03cb8b6dbe0559a008537c471a51520c9244fe545f06274e20b05535f1fc82304cb19e9fe2fe668818d4a573cd84b50d5a7408ad3f108beef949fdd1495ded0eb935493360b15b74100b10b6d5310f21dc93fe7f604da06fd8a9c133ab8805a477f3292eb045d8a8bf9a9aa561be810b9b252aecaf4076802dfdc9a3be97f238208c693e0c51df390066222569625b62af29c5a3ba630b0f5194fc5b129241f7113b76f32664fc455c304bfb948ee743d0d880fd782c259f09747f36649a0d039652528a5b5ef8e51758087aa85d89bb3f9f4d8ec0568d1c2e87994fe9ae35595e0dc3a7dc3421f39bbc43c54502dbef935b1a123466bb53e423fb165a41afaea26792c2de286079a6b7d213311be03f868f3819f26da0006d78ffeb51d7ab7e675171d3d5c8c6f0b3ecba98d1743b8ac23d8f3053ac3e31a8d99bb0accdcd9a631cbe27fc5f4ae4c5ce823ee4ea4077ecbdc30a87076cbb6033725995394dea7b1d0552a52e6c53738252a1e2aa118b082c0a36fd9a9c3ca634a90c2915a0bbcffea29f4353ff07e39718ca237bcaa24df26c4c73d526f15b2603c2a07888bf308692214a1bd07ce0915bd52e2d02c6de0fcf22598a6f7d818478163bcdbe8b6145e02a7c787bd679576131498cdc8ed6b59b8d3e50a824109a9dabfe03446ec05274185a0ea6c0c29c5785f99678d02768615104c82ba934a6cbb73c270df85450eb3fc587e50218f30cc04caee3e424eaa51526acf2e01365f62ab0a7546d6e8a1042b3ec6a71e6bef63457c7891e78a668274ef47b8257fffbe8a463be2d461e956fd889211c3ec2ff7d468d94619710430fa20b2783290953f4ca7ac84443782a820fe1a7750fdc7a8daae846e02f79716459cd7c8d04c9b7439e65db5d3da6cbed356422b5104ba77791df22fb30d7abe2b0cf41f951e1696228118984d89625ccfece4a37fd6cddd8f4af9a65522f06f26eea8aa826a2c4075d33d179b9073d806732332f181b2ad9d4bdd859b18c31906af3f9a9d342fb1fc93bc5fd1a40f4a8df1d8aa88a33bf060d5a65f49786f52f7c661ef855bff76a183b8e890b9e5b87b6000e88d97fa15f45246bded0d54d646bea26ee77982a705b5ab27a36767400731e9109381bdf9f873963930cbc18d199400898f8800de0e28d21e72b3c4e445b6fe8163e9ac441ea7f5251886031cad693dd053f3ad859bff63b37c82ad222380384cd3bfb1c850fabba4fd37b911defafe115ed0ec7cc645666ad31a14d462d1fbd2f79be6189b8d9f09e9acdd61f997496ca8eacfc54445f798617eeffa842fab307c8d4204d4c698975419ba1acd36b8aaa6a6fc57212429a16825881ab20db3dfd2b7843a7b26ebfdaa6c43e3b1b046ed963c22854ef7578a858532b75e36afadc40eb0d1e9a93dd12ef868d677e060fe5ce8ef6607f9619967a29a8404a4ce2ff8ab09425971b016c98dbc0b512267e900d5196dd2d04b0cd24b1ffc9dce7c1a046d9c973fc38e88830d204b2511b42a2a3d5c7dea2cba824e581d473df4000cb35500607765a5d484f8c8d520d87181dbd0a510169f877a6a274a0f652bb96f6f94cfa2508a2da60216e3ff8ce2ae397333126cd2d631829d9e4be44095920c8d3e4431f94ee74df5399c89b3ba8a2142f75a606ec760636bc303caea8ba90d48d8e2a43e2d9c011965afea2b3697ddc101bc8eac815adcced6c1db08e7be19986e5fd6f5b5922ca90f4bddb789d6842c7e3bce10c8dccfd8071b1739f3db97f250b39b9331170a8800435dc4425634bbeaa4d36302318b6a914528b35c83d0c51ab67ea101afb6bc5801c172bd4f408a14fb8f2596995bb74d65b27e7455596ab382b6b9a055e615955416abcd59194e241f892aec13502c8247ae3d0dbc3cdd563dcd43808c03fabdbb050d9fe38568a2dba1e4204e469e6ab1444521c0ff29d5f6a9726d5d7487befd80ce178a90e8e23bc557fbb1c11d6956eb2175f341cb313d0ad0791f625e5f2b5578412f21949e1c525acb5d6a01ca2de230b23bfe1aff3b791863ec88f97eefa124286c0d00e66e8e9391e10893c687c36a53837b9d82da1d795826580487f8a0d607090cea84eb162c6c206536bde3aebfb36cce100296c74bbfc2b66ca57904ae73508482b21607e19ad9788977fac77d6f72d2b1fdef79a9fb99959514ac126f6bf73a77c171e792cab307dc4462c3df269d21f81e5f66a6118433b7fb211762c551fb958d48c1ae012adb6b485cb25d4b7b2d280f06092268cd32489558bf8e9dfc1925bcbc35c6b519e3a69531cfb9dbcfdc2071f52513944717d44a760276ad0ac1c43333c979cd6a2fbf97bb9b5f4a218f0e75796b98e67434ce3db48c0ce5a02d8f27af17379afb5dca7ba66959785de27694fe83c800afe262caaf4ebaa23417deb01f5208afde46a0437e44dced87cb91c088bf08b147e31f77b614b6189cf6aeafefbce3aaeab3e6406c39367813963b3eb6d46503ba15aec347976949d4afc57a73058eac233e89706063904780a", @generic="415594dca4a52650d0a27b5feaa8503b0a8c1cc913aa08c1466c6cda2dedcf70232ed0f8d7a43dd169340e1326541ebfa8016955129c8a3c53db56bd2b68d9ff6a1ce81f5f8be4569bad77ec87dc5be7b266c2a32e85b9665deb64caa65bc7607c77426ced897b268096867120f8017f64bcfdd0444e087c03f1ade11ae6ecfb068dcf84e4c009ab32494ad4b7c2094759a54c4dbb6d3bfc554ac10abb5db5", @generic="cbd648a55af0b970dd6526975ab0a8d699c0a8141e024bd09f6835f595413fdf5f928dced41edef84383b8aace485635b3a916a1ab4d5477982cde3f8b68286dec68695327cdd048a2cb3c5a4654afafe2525bb2f2a41c5b748c58eb8f2adc8bd4b793768020cd31bd8d7526cf4c7dbf8d2e31ef0489a9f44f3e0d6af7c4ebeca7693cd218d2cf1cdc015f787948cc74912737a436338a8caf114b1365b2fb0862504c3cd01ba06453940843942d46c58217a4f56b60687b", @generic="8289032c7165edde4c3e97cfb8ed2ce4"]}, @typed={0x8, 0x8, 0x0, 0x0, @fd=r0}, @nested={0x4, 0xde}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x9}, @NL80211_ATTR_HE_BSS_COLOR={0x18, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}]}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x6}]}, 0x12f0}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) (async) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) (async) socket(0x2, 0x1, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) r3 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/pcmC1D0c\x00', 0x2, 0x0) mmap$auto_snd_pcm_f_ops_pcm1(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x13, r3, 0x0) (async, rerun: 64) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1541, 0x0) (rerun: 64) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) (async) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (rerun: 32) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) (async) ioctl$auto_KVM_CREATE_VM(r2, 0x4048aecb, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async, rerun: 32) mlock$auto(0xfbe8, 0x4) (async, rerun: 32) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000208bd7000fedbdf25010000000c001600feffffffffffffff050006000d0000000600020009000000"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x404c080) 4m56.451857624s ago: executing program 3 (id=2780): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x1e, 0x4, 0x0) recvmmsg$auto(r0, &(0x7f00000001c0)={{0x0, 0x1c, &(0x7f00000000c0)={0x0, 0x8001}, 0x2, 0x0, 0x5, 0xfff}}, 0x7, 0x5, 0x0) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r1, 0x84, 0x80, 0x0, &(0x7f00000000c0)=0x97) 4m48.226412728s ago: executing program 3 (id=2806): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2081, 0x0) ioctl$auto_SNDCTL_SEQ_GETINCOUNT(r0, 0x80045105, 0x0) ioperm$auto(0x3b, 0xf99b, 0x6) adjtimex$auto(&(0x7f0000000000)={0x4, 0x0, 0xcbe9, 0xffff, 0xa, 0x80000000, 0xd37f, 0x0, 0xffff, 0xc, 0x3, {0x10, 0x6}, 0xfffffffffffffffc, 0x4, 0x2, 0x4, 0x0, 0xfffffffffffffffa, 0x1, 0x0, 0x9, 0x7, 0x5}) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/tty/ptyd5/power/control\x00', 0x183042, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/dirty_bytes\x00', 0x200, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r2, 0x0, 0x0) sendfile$auto(r1, r1, 0x0, 0x8000) 4m46.972172835s ago: executing program 3 (id=2815): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x1e, 0x4, 0x0) recvmmsg$auto(r0, &(0x7f00000001c0)={{0x0, 0x1c, &(0x7f00000000c0)={0x0, 0x8001}, 0x2, 0x0, 0x5, 0xfff}}, 0x7, 0x5, 0x0) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getsockopt$auto(r1, 0x84, 0x80, 0x0, &(0x7f00000000c0)=0x97) 4m42.210152354s ago: executing program 3 (id=2831): bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x9}, 0x6f4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.6/usb7/power/wakeup_active_count\x00') r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) move_mount$auto(r0, 0x0, r0, 0x0, 0x400091e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x30, 0x80000006, 0x4) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x7, 0x1ff, 0x7, 0x42, 0x4909b6f8, 0x1ffdf, 0x7, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x80, 0x100000000, 0x0, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x6, 0x2000, 0x0, 0x6, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0xfffffffffffffffe, 0x2000000000000000, 0x0, 0x0, 0x400000000005b8, 0xc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0x3, 0xfffffffffffffffa, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) madvise$auto(0x0, 0xffffffffffff0005, 0x19) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) mmap$auto(0x0, 0x200003, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r2, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000240)={0x34, r3, 0x6c5679fc7dece1a9, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10001}, @SEG6_ATTR_SECRET={0x7, 0x4, "eb96e1"}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000) 4m26.688919422s ago: executing program 32 (id=2831): bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x9}, 0x6f4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.6/usb7/power/wakeup_active_count\x00') r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/Stats\x00', 0x28102, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) madvise$auto(0x0, 0x2000000080000001, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x8}) move_mount$auto(r0, 0x0, r0, 0x0, 0x400091e4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x30, 0x80000006, 0x4) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x7, 0x1ff, 0x7, 0x42, 0x4909b6f8, 0x1ffdf, 0x7, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x80, 0x100000000, 0x0, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x6, 0x2000, 0x0, 0x6, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x5, 0xfffffffffffffffe, 0xffffffffffffbfff, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0xfffffffffffffffe, 0x2000000000000000, 0x0, 0x0, 0x400000000005b8, 0xc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0x3, 0xfffffffffffffffa, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) madvise$auto(0x0, 0xffffffffffff0005, 0x19) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) mmap$auto(0x0, 0x200003, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SETHMAC(r2, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000240)={0x34, r3, 0x6c5679fc7dece1a9, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10001}, @SEG6_ATTR_SECRET={0x7, 0x4, "eb96e1"}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000) 4.77967704s ago: executing program 2 (id=4151): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x3, 0x4) symlink$auto(&(0x7f0000000300)='\\\':.\x00', 0x0) readlink$auto(&(0x7f0000000b00)='\xfb\x00', 0x0, 0x800) setsockopt$auto(0x3, 0xa4ff, 0x4, 0x0, 0x28) 4.496929807s ago: executing program 2 (id=4155): mmap$auto(0x0, 0x200006, 0x2, 0x10, 0x602, 0x300000000001) r0 = openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyvf\x00', 0x510a1, 0x0) write$auto(r1, 0x0, 0x0) r2 = semctl$auto_IPC_RMID(0xd1, 0xa96b, 0x0, 0xc) r3 = prctl$auto(0x1000000003b, 0x6, r2, 0x5, 0x4000000000000007) mmap$auto(0x0, 0x400005, 0x800000000000df, 0x9b72, 0x2, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0xffe) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_psample(&(0x7f0000007a40), 0xffffffffffffffff) socket(0x1d, 0x2, 0x2) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video44\x00', 0x8a240, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x7fffffff) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x13, 0x940, 0x1ffe0, 0x3, 0x6, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x1fe, 0x81) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3fc, 0x4}, 0xf3, 0x0, 0x0, 0x8) ioctl$auto(r4, 0x5646, 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x0) close_range$auto(0xffffffffffffffff, r0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) socket(0x1, 0x2, 0x0) ioctl$auto(0x3, 0x8912, 0x46) 2.986196113s ago: executing program 1 (id=4163): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001a40), r0) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r0, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001a80)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@IOAM6_ATTR_SC_ID={0x8}]}, 0x1c}}, 0x90) (fail_nth: 6) 2.953770341s ago: executing program 4 (id=4164): setresgid$auto(0x800, 0x28000000000000, 0xffffffffffffffff) socket(0x15, 0x5, 0x0) (async) r0 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) ustat$auto(0x801, 0x0) (async) ustat$auto(0x801, 0x0) socket(0xa, 0x1, 0x84) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/tty/ttyw6/power/runtime_active_time\x00', 0x0, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/tty/ttyw6/power/runtime_active_time\x00', 0x0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b47, r1) sendmsg$auto(r0, 0x0, 0x0) (async) sendmsg$auto(r0, 0x0, 0x0) setregid$auto(0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_GTP_CMD_ECHOREQ(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="1e000000", @ANYRES16=0x0, @ANYBLOB="01002abd7000fbdbdf250300000008000100ffffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10) (async) sendmsg$auto_GTP_CMD_ECHOREQ(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="1e000000", @ANYRES16=0x0, @ANYBLOB="01002abd7000fbdbdf250300000008000100ffffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x0, 0x0) (async) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) (async) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd11/mq/0/nr_reserved_tags\x00', 0x101000, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010002000000a04880ddd6e64667423c9c5543727bb60ba96d5e6be96b3af8ecb6d14da5438ba31ccbab69458b509fe5c72e98562d68e51f45f50ce82261621aeb0f93d764ec39ed4be7a790ae22bba8da6c0c640dd49ccd16f9dacf51d05e2de0eda38757439d7fd5310ddf876f15a908d8cbd0ebfda16e2f"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) (async) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010002000000a04880ddd6e64667423c9c5543727bb60ba96d5e6be96b3af8ecb6d14da5438ba31ccbab69458b509fe5c72e98562d68e51f45f50ce82261621aeb0f93d764ec39ed4be7a790ae22bba8da6c0c640dd49ccd16f9dacf51d05e2de0eda38757439d7fd5310ddf876f15a908d8cbd0ebfda16e2f"], 0x14}, 0x1, 0x0, 0x0, 0x8044}, 0x4001090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) 2.940861073s ago: executing program 2 (id=4165): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000020c0)={0x0, 0x38, &(0x7f0000002080)={&(0x7f0000000300)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x400c) 2.875135685s ago: executing program 0 (id=4166): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mincore$auto(0x1000, 0x8001, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x73, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socket(0x10, 0x2, 0xf) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) socket(0xa, 0x3, 0xff) r1 = pipe$auto(0x0) r2 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_11={0xb7, 0xac1, 0x1, 0x0, 0x7, 0xfffffbff, 0x6, r0}, 0xd) bpf$auto(0x2, &(0x7f00000001c0)=@bpf_attr_1={r2, 0xb0, @next_key=0xf642, 0x2}, 0xc) mmap$auto(0x40000, 0x0, 0x3, 0x10, r1, 0x8000) unshare$auto(0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) madvise$auto(0x2, 0x8000000000000000, 0xa) socket(0x28, 0x80000, 0x0) mmap$auto(0x0, 0x2020009, 0x800b, 0x3a489cd7, 0xffffffffffffffff, 0x8003) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0xa, 0x801, 0x84) getsockopt$auto(r3, 0x40000000029, 0xb, 0xfffffffffffffffe, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/001/001\x00', 0x883, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) quotactl_fd$auto(r4, 0x1000, 0x0, 0x0) socket(0x2, 0x1, 0xfffffff0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb3, 0x401, 0x8000) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x200000000001, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804}) socket(0x11, 0x800, 0x3) 2.387617449s ago: executing program 0 (id=4167): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000001200)='/dev/nbd0\x00', 0x2003, 0x0) ioctl$auto_BLKREPORTZONE(r0, 0xc0101282, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8201, 0x2, 0x8, 0xc, 0xe3, 0x4000000002, 0x3}, 0x6f4) futex_waitv$auto(&(0x7f0000000180)={0x3fb, 0x6, 0x2, 0xfff}, 0x3, 0xbffffffc, 0x0, 0x81) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000180)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x18, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_RECEIVE_MULTICAST={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4044890}, 0x40050) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a3b02, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/pci0000:00/0000:00:01.3/msi_bus\x00', 0x12b702, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)=""/112, 0x70) 2.331794998s ago: executing program 1 (id=4168): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0xc8c02, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) madvise$auto(0x9, 0xdd, 0x17) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) r1 = prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYBLOB="712b738fa1868b61828c4edf70835ba590a23c42b164ed528cc9775a3bb89199f0b13cf225fa2a3a283f28371dd6bf97a0577c6c917409ac137621de47b61a1edd3654a8cd230deef92baec70515ef96aa714c66e670694dc010c3abf539ed7d78b6dd764235d81a0f1ef6dd0651536df9a95ca5452a11c348a3f0419fb9b1a4ac3f1847ccafd5e62bb96377c84adda4a5cf58d6cf0c12e2b3", @ANYRES16=r1], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440)="110000000700"/17, 0x11) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0x8000000000000011, 0xfffffffffffffffa, 0x1000000000008000) read$auto(r3, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x2) write$auto(0x3, 0x0, 0xffd8) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x5, 0x0) 2.190909369s ago: executing program 2 (id=4169): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x800, 0x0) socket(0x1f, 0x6, 0x4) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(0xffffffffffffffff, 0x1, &(0x7f0000000040)="c3f2219a6441988de43e9c7723b86cc8bcc948f33e0f438f13f7a8fe83f9fbba22616710b12af6d374573505301ea21986e0a3b4c9d68eb21f12b5d995c7c4b9319242930ce5c094f577ab645244e160215c6ee54544bf4ae5346380b23100c9365043514e02e42d7c15b87b260e") close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi2\x00', 0xa200, 0x0) unshare$auto(0x40000080) mmap$auto(0x1, 0x1, 0x4000000000df, 0xa417, 0xffffffffffffffff, 0x300000000003) mmap$auto(0x0, 0x9, 0xdf, 0xeb4, 0x401, 0x88000) r0 = socket(0xb, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) setsockopt$auto(0x400000000000003, 0x27, 0x3b08, 0x0, 0xfffffffc) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/apparmor/exec\x00', 0x200200, 0x0) pipe$auto(0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x22082, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/v4l-touch8\x00', 0x40080, 0x0) read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f00000001c0)=""/191, 0x1f8) syz_clone(0x84902080, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x6, 0x4, 0x8, 0x40eb1, r0, 0x300000000002) setsockopt$auto_SO_MAX_PACING_RATE(r0, 0x101, 0x2f, &(0x7f00000005c0)='\xba\xf13\xa4o\xd3\xd2\xe0v\x95\xe6mAk\x90\xa1\xfd\xb0\xe1\xa6W\x85py\x91Q\xe7\xc9\x05\xce\x17\xe6C0e\x12\xe8/\x16\xf0\xd2\xe5\x06[\vFf\xd6\xc0sTv*\xa6\x97\xb4\xcf\xc8d^\xb1\x7f\xee)\x9b\xa6\xa7\x18\x8fa\rm\x9db\x96\xf3\xbe\x14H\xd2\xa8\xef\xad\xdfw\xad\x1e\xcf\x13\xd2\xbbh\xb7\xb1\xa2\x14\xbe=Q\xf3\xd6\x85\x8as\x04\x93\x8c3\n\x9e\xcc\xbdP\x89\xee\xa8\x82\x03\x97\xe6^\x85\xa8\xf1>\x1d\x18\x1b\x04\xa2G\xd2#,\xbb\xf3}\xc6#\x11T\x8dE\xba\nF\xc2\xe2\x06k\xf0~\xa3\x86h\xc2\xb8\xcfk\x1f\x19\xa4\x03b\\\xce\x16\x80\xa4\v&n\x8fq\xdcK0\x99G\xd8\x9f4\x18\x16\x9b=\x91d\x86\xb3\x1c\xef\xb5\x01\xb5\x11\v\xb2Yn\x0e\xb5\x1d\xfa\x7f\xf4eYV}D\xdd\xf1`p(\x8c\xe2\xad\xf4j\xb6\x7f/j\xc3}\x87\xa1\n(_\x84+\t8ZI\xed\xd5\x00', @ANYRES16, @ANYBLOB="000225bd7000fddbdf250500000008000500070000000800090006000000050002"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8000) socket(0x10, 0x2, 0xfffffffc) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="c2ff2f4e08000000000000000600"], 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r3 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) close_range$auto(0x0, 0xfffffffffffff000, 0x2) pidfd_open$auto(0x1, 0x0) pidfd_send_signal$auto(r3, 0x4, &(0x7f0000000100)={@siginfo_0_0={0x4, 0x8, 0xffffffc4, @_sigsys={0x0, 0xe, 0x80000001}}}, 0x1) poll$auto(&(0x7f0000000000)={0xffffffffffffffff, 0x101, 0x72}, 0x4, 0x1) 1.689113545s ago: executing program 0 (id=4172): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb42, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0x2, 0x1, 0x0) r1 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(r0, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) fstat$auto(0xffffffffffffffff, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) 1.503841315s ago: executing program 4 (id=4173): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb42, 0x0) close_range$auto(r0, 0x8, 0x0) socket(0x2, 0x3, 0x100) r1 = socket(0x2, 0x1, 0x0) r2 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) listen$auto(r1, 0x7) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/config.gz\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xe1, 0x9b72, 0x7, 0x28000) r3 = socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x7, 0x7ffffeffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) getsockopt$auto(0x4, 0x6, 0x24, 0xfffffffffffffffc, 0x0) setsockopt$auto(r3, 0x114, 0x8, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) mq_notify$auto(0xbc, &(0x7f0000000140)={@sival_int=0x4, @inferred, 0xc, @_sigev_thread={0x0, 0x0}}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1, 0xb}, 0x800009}, 0x5, 0x20000000) 1.377671866s ago: executing program 1 (id=4174): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x2, 0x3a) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)={0x3c, r1, 0x1, 0x50bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x200000000006}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x8880) mlockall$auto(0x7) 1.320330497s ago: executing program 0 (id=4175): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x3, 0x4) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e24, @multicast1}, 0x55) write$auto(0x3, 0x0, 0xfffffdef) 1.169949942s ago: executing program 2 (id=4176): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, 0x0, 0x1a1382, 0x0) recvmmsg$auto(0x4, 0x0, 0xffffffff, 0x0, 0x0) sendmsg$auto_NETDEV_CMD_NAPI_GET(0xffffffffffffffff, 0x0, 0x2400c0d0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) write$auto(r0, 0x0, 0xeffd) read$auto_tomoyo_operations_securityfs_if(r0, &(0x7f0000000240)=""/88, 0x58) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/ieee80211/phy16/rc/name\x00', 0x121c01, 0x0) write$auto(0x3, 0x0, 0x1) pwrite64$auto(0xffffffffffffffff, 0x0, 0x400000, 0x9) r1 = socket(0xa, 0x3, 0x3c) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x80) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x800, 0x0) r3 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$auto_SIOCGIFHWADDR(r3, 0x8927, 0x0) ioctl$auto(r2, 0x5609, r1) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/lockdep\x00', 0x10b402, 0x0) pread64$auto(r4, &(0x7f0000000000)='/proc/NesH\x1fk\xdd\x00\x00\x00\x00\x88\x00\x00\x00\x00\x00:\x19\xf4\xe2\xb7:\x81\xf8\xedl\x9d\x9a\'\xf8D,\xc0x\x1d\xf5JE\xcd7\xc3^\xbc2\xc7\xbf\xe5\x7f\xb93 \xcd${!\x9a`\x96\x86\x96D|\xf0H\x8c\x05:\xae\xa6\x88x\t\x18\x8b\xec\xd7\xe80x0}) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000000040)={0x1c, r4, 0x1f97227bd58c1f83, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004041}, 0x40004) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000001300)={'batadv_slave_0\x00', 0x0}) r8 = waitid$auto_P_ALL(0x0, 0xffffffffffffffff, &(0x7f0000001640)={@_si_pad}, 0x9, &(0x7f00000016c0)={{0xc626, 0x10000}, {0x8, 0x9}, 0x10000, 0x24f0, 0x3, 0xc39, 0x4, 0x4, 0x8986, 0x9f, 0x0, 0x7fffffffffffffff, 0x101, 0xff, 0x4, 0x1}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000001840)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001800)={&(0x7f00000003c0)=ANY=[@ANYBLOB="44000000d97f27cd0c9478160b91f787a61dbc4540673878d89a03b0008e3ba9a7489b7d855e5e", @ANYRES16=0x0, @ANYBLOB="100025bd7000fcdbdf2501000000080005000500000008000700080000000f0001002f6465762f7461703633000008000500ff0f000008000200", @ANYRES32=r8, @ANYBLOB, @ANYRES8=0x0], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x24000005) fcntl$auto(0xffffffffffffffff, 0x8, r8) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r6) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r6, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000040)={0x28, r9, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x9dfefc5e47f5c72f}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'veth1_to_bridge\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_MM_GET(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x94, r2, 0x10d, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_MM_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @ETHTOOL_A_MM_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x2, 0x3, 0x100}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x881c}, 0x24000000) r11 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyr0\x00', 0x41, 0x0) ioctl$auto(0xc8, 0x400454c9, 0x5c8d) ioctl$auto_VHOST_GET_VRING_ENDIAN2(0xffffffffffffffff, 0x4008af14, &(0x7f0000000000)={0x0, 0x101}) ioctl$auto(r11, 0x9, r11) r12 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x202080, 0x0) r13 = fanotify_init$auto(0xe, 0xc) ioctl$auto_VHOST_SET_VRING_KICK2(r12, 0x4008af20, &(0x7f0000000100)={0x7, r13}) r14 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/smps\x00', 0x40601, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) r15 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_timedsend$auto(r15, 0x0, 0x2, 0x6, 0x0) write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r14, 0x0, 0x0) 730.944124ms ago: executing program 4 (id=4179): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bond_slave_1\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32=r1, @ANYBLOB='w'], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x24004080) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 520.778543ms ago: executing program 1 (id=4180): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x6a1, 0x2000000000002) socket(0x26, 0x80805, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bond_slave_1\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32=r1, @ANYBLOB='w'], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x24004080) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 450.560467ms ago: executing program 4 (id=4181): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x4, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r0, 0x402, 0x8000007fffffdf) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) write$auto(r1, 0x0, 0xeffd) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mount_setattr$auto(0x0, 0xfffffffffffffffe, 0x100, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x1, 0x0) io_cancel$auto(0x7, &(0x7f0000000000)={0x7, 0xfff, 0x90ad, 0x2, 0x3ff, r3, 0x6, 0xffffffffffffffc0, 0x3, 0x0, 0xe8c9, r1}, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0xd, 0x3}) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x7) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x2c, 0x3, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x10, 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x801, 0x106) socket(0x8, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 398.385376ms ago: executing program 2 (id=4182): mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x14}}, 0x4000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0xc8c02, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) madvise$auto(0x9, 0xdd, 0x17) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) r1 = prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYBLOB="712b738fa1868b61828c4edf70835ba590a23c42b164ed528cc9775a3bb89199f0b13cf225fa2a3a283f28371dd6bf97a0577c6c917409ac137621de47b61a1edd3654a8cd230deef92baec70515ef96aa714c66e670694dc010c3abf539ed7d78b6dd764235d81a0f1ef6dd0651536df9a95ca5452a11c348a3f0419fb9b1a4ac3f1847ccafd5e62bb96377c84adda4a5cf58d6cf0c12e2b3", @ANYRES16=r1], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440)="110000000700"/17, 0x11) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0x8000000000000011, 0xfffffffffffffffa, 0x1000000000008000) read$auto(r3, 0x0, 0xb4d3) write$auto(0x3, 0x0, 0x2) write$auto(0x3, 0x0, 0xffd8) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2, 0x5, 0x0) 191.262148ms ago: executing program 1 (id=4183): r0 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/flags\x00', 0x80, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = semctl$auto_GETVAL(0xfe38, 0xa29, 0xc, 0x7) fcntl$auto(r0, 0x5, r1) io_uring_setup$auto(0x1, 0x0) r2 = socket(0xa, 0x801, 0x106) setsockopt$auto(r2, 0x6, 0x24, 0x0, 0x9) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) 34.031145ms ago: executing program 0 (id=4184): ioctl$auto(0xc8, 0x400454c8, 0x5) 0s ago: executing program 1 (id=4185): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) read$auto(0x3, 0x0, 0x1f40) write$auto(0x3, 0x0, 0x3f00) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x8080, 0x0) ioctl$auto_XFS_IOC_FREESP64(0xffffffffffffffff, 0x40305825, &(0x7f0000000040)={0x5c2, 0x4, 0x7, 0x0, 0x7f, 0xffffffffffffffff}) fcntl$auto_F_SETOWN_EX(r0, 0xf, r1) kernel console output (not intermixed with test programs): T19488] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 873.860916][T19488] vfs_read+0x1df/0xbf0 [ 873.860940][T19488] ? __fget_files+0x1fc/0x3a0 [ 873.860964][T19488] ? __pfx___mutex_lock+0x10/0x10 [ 873.860998][T19488] ? __pfx_vfs_read+0x10/0x10 [ 873.861029][T19488] ? __fget_files+0x206/0x3a0 [ 873.861059][T19488] ksys_read+0x12b/0x250 [ 873.861079][T19488] ? __pfx_ksys_read+0x10/0x10 [ 873.861110][T19488] do_syscall_64+0xcd/0x250 [ 873.861135][T19488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.861167][T19488] RIP: 0033:0x7f567ef8b7fc [ 873.861185][T19488] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 873.861207][T19488] RSP: 002b:00007f567fd56030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 873.861229][T19488] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8b7fc [ 873.861245][T19488] RDX: 000000000000000f RSI: 00007f567fd560a0 RDI: 0000000000000005 [ 873.861260][T19488] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 873.861274][T19488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 873.861297][T19488] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 873.861333][T19488] [ 874.905475][T19512] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3547'. [ 876.088088][T19537] syz.1.3553 (19537) used obsolete PPPIOCDETACH ioctl [ 876.608857][T19553] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3557'. [ 876.880586][T19565] device-mapper: ioctl: Unable to rename non-existent device, to [ 877.159267][T19568] netlink: 'syz.0.3561': attribute type 1 has an invalid length. [ 879.035123][T19600] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3569'. [ 881.975764][T19659] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 884.693188][T19723] syz_tun: tun_chr_ioctl cmd 1074025673 [ 884.938783][T19730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7fe10 [ 884.967514][T19730] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 884.987440][T19730] memcg:ffff8880344a7781 [ 885.010201][T19730] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 885.028511][T19730] page_type: f5(slab) [ 885.033181][T19730] raw: 00fff00000000040 ffff88801b04f500 0000000000000000 dead000000000001 [ 885.044660][T19730] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff8880344a7781 [ 885.053597][T19730] head: 00fff00000000040 ffff88801b04f500 0000000000000000 dead000000000001 [ 885.062542][T19730] head: 0000000000000000 0000000000040004 00000000f5000000 ffff8880344a7781 [ 885.073565][T19730] head: 00fff00000000003 ffffea0001ff8401 ffffffffffffffff 0000000000000000 [ 885.082407][T19730] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 885.091449][T19730] page dumped because: unmovable page [ 885.096925][T19730] page_owner tracks the page as allocated [ 885.134421][T19730] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 14760, tgid 14760 (modprobe), ts 604944186886, free_ts 604496729191 [ 885.158687][T19730] post_alloc_hook+0x181/0x1b0 [ 885.164139][T19730] get_page_from_freelist+0xfce/0x2f80 [ 885.173191][T19730] __alloc_frozen_pages_noprof+0x221/0x2470 [ 885.184488][T19730] alloc_pages_mpol+0x1fc/0x540 [ 885.194480][T19730] new_slab+0x23d/0x330 [ 885.202528][T19730] ___slab_alloc+0xbfa/0x1600 [ 885.207610][T19730] __slab_alloc.constprop.0+0x56/0xb0 [ 885.213953][T19730] __kmalloc_node_noprof+0x2f0/0x520 [ 885.220990][T19730] __kvmalloc_node_noprof+0xad/0x1a0 [ 885.226484][T19730] seq_read_iter+0x82a/0x12b0 [ 885.232775][T19730] proc_reg_read_iter+0x21d/0x310 [ 885.238720][T19730] vfs_read+0x886/0xbf0 [ 885.243664][T19730] ksys_read+0x12b/0x250 [ 885.248085][T19730] do_syscall_64+0xcd/0x250 [ 885.256393][T19730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 885.269974][T19730] page last free pid 14744 tgid 14734 stack trace: [ 885.288165][T19730] free_frozen_pages+0x6db/0xfb0 [ 885.295015][T19730] qlist_free_all+0x4e/0x120 [ 885.300376][T19730] kasan_quarantine_reduce+0x195/0x1e0 [ 885.306090][T19730] __kasan_slab_alloc+0x69/0x90 [ 885.311870][T19730] __kmalloc_cache_noprof+0x202/0x420 [ 885.317551][T19730] __request_module+0x2c6/0x6c0 [ 885.323391][T19730] dev_load+0x1ff/0x240 [ 885.327804][T19730] dev_ioctl+0x473/0x10c0 [ 885.333427][T19730] sock_do_ioctl+0x19e/0x280 [ 885.343634][T19730] sock_ioctl+0x228/0x6c0 [ 885.348368][T19730] __x64_sys_ioctl+0x190/0x200 [ 885.353462][T19730] do_syscall_64+0xcd/0x250 [ 885.359585][T19730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.575299][T19775] syz_tun: tun_chr_ioctl cmd 1074025675 [ 886.659903][T19775] syz_tun: persist disabled [ 886.822350][T19778] syz_tun: tun_chr_ioctl cmd 1074025673 [ 887.159455][T19787] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3618'. [ 887.193326][T19787] netlink: 23 bytes leftover after parsing attributes in process `syz.4.3618'. [ 888.961508][T19844] FAULT_INJECTION: forcing a failure. [ 888.961508][T19844] name failslab, interval 1, probability 0, space 0, times 0 [ 889.005649][T19844] CPU: 1 UID: 0 PID: 19844 Comm: syz.4.3630 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 889.005687][T19844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 889.005703][T19844] Call Trace: [ 889.005711][T19844] [ 889.005722][T19844] dump_stack_lvl+0x16c/0x1f0 [ 889.005766][T19844] should_fail_ex+0x50a/0x650 [ 889.005797][T19844] ? fs_reclaim_acquire+0xae/0x150 [ 889.005840][T19844] should_failslab+0xc2/0x120 [ 889.005871][T19844] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 889.005902][T19844] ? __alloc_skb+0x2b3/0x380 [ 889.005927][T19844] ? find_held_lock+0x2d/0x110 [ 889.005967][T19844] __alloc_skb+0x2b3/0x380 [ 889.005992][T19844] ? __pfx___alloc_skb+0x10/0x10 [ 889.006020][T19844] ? __pfx_lock_release+0x10/0x10 [ 889.006049][T19844] ? trace_lock_acquire+0x14e/0x1f0 [ 889.006086][T19844] alloc_uevent_skb+0x7d/0x210 [ 889.006127][T19844] kobject_uevent_env+0xb04/0x1670 [ 889.006164][T19844] ? bus_to_subsys+0x12d/0x160 [ 889.006206][T19844] device_add+0x10e0/0x1a70 [ 889.006246][T19844] ? __pfx_device_add+0x10/0x10 [ 889.006276][T19844] ? kfree+0x260/0x4d0 [ 889.006313][T19844] device_create_groups_vargs+0x1f8/0x270 [ 889.006353][T19844] device_create+0xe9/0x130 [ 889.006388][T19844] ? __pfx_device_create+0x10/0x10 [ 889.006419][T19844] ? rcu_is_watching+0x12/0xc0 [ 889.006457][T19844] ? do_init_timer+0xc9/0x110 [ 889.006498][T19844] ? ieee80211_roc_setup+0x136/0x270 [ 889.006535][T19844] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 889.006570][T19844] mac80211_hwsim_new_radio+0x3df/0x56d0 [ 889.006605][T19844] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.006661][T19844] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 889.006715][T19844] hwsim_new_radio_nl+0xb42/0x12b0 [ 889.006757][T19844] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 889.006807][T19844] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 889.006847][T19844] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 889.006895][T19844] genl_family_rcv_msg_doit+0x202/0x2f0 [ 889.006937][T19844] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 889.006975][T19844] ? trace_cap_capable+0x1a2/0x210 [ 889.007029][T19844] ? bpf_lsm_capable+0x9/0x10 [ 889.007063][T19844] ? security_capable+0x7e/0x260 [ 889.007102][T19844] ? ns_capable+0xd7/0x110 [ 889.007136][T19844] genl_rcv_msg+0x565/0x800 [ 889.007166][T19844] ? __pfx_genl_rcv_msg+0x10/0x10 [ 889.007192][T19844] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 889.007243][T19844] netlink_rcv_skb+0x165/0x410 [ 889.007278][T19844] ? __pfx_genl_rcv_msg+0x10/0x10 [ 889.007306][T19844] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 889.007357][T19844] ? down_read+0xc9/0x330 [ 889.007382][T19844] ? __pfx_down_read+0x10/0x10 [ 889.007409][T19844] ? netlink_deliver_tap+0x1ae/0xca0 [ 889.007448][T19844] genl_rcv+0x28/0x40 [ 889.007482][T19844] netlink_unicast+0x53c/0x7f0 [ 889.007521][T19844] ? __pfx_netlink_unicast+0x10/0x10 [ 889.007557][T19844] ? __phys_addr_symbol+0x30/0x80 [ 889.007593][T19844] ? __check_object_size+0x488/0x710 [ 889.007629][T19844] netlink_sendmsg+0x8b8/0xd70 [ 889.007669][T19844] ? __pfx_netlink_sendmsg+0x10/0x10 [ 889.007718][T19844] ____sys_sendmsg+0x9ae/0xb40 [ 889.007750][T19844] ? copy_msghdr_from_user+0x10b/0x160 [ 889.007775][T19844] ? __pfx_____sys_sendmsg+0x10/0x10 [ 889.007826][T19844] ___sys_sendmsg+0x135/0x1e0 [ 889.007856][T19844] ? __pfx____sys_sendmsg+0x10/0x10 [ 889.007898][T19844] ? __pfx_lock_release+0x10/0x10 [ 889.007927][T19844] ? trace_lock_acquire+0x14e/0x1f0 [ 889.007964][T19844] ? __fget_files+0x206/0x3a0 [ 889.008006][T19844] __sys_sendmsg+0x16e/0x220 [ 889.008034][T19844] ? __pfx___sys_sendmsg+0x10/0x10 [ 889.008060][T19844] ? __x64_sys_futex+0x1e1/0x4c0 [ 889.008110][T19844] do_syscall_64+0xcd/0x250 [ 889.008138][T19844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 889.008171][T19844] RIP: 0033:0x7f567ef8cde9 [ 889.008191][T19844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 889.008215][T19844] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 889.008238][T19844] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 889.008255][T19844] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000006 [ 889.008272][T19844] RBP: 00007f567f00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 889.008287][T19844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 889.008302][T19844] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 889.008338][T19844] [ 890.562474][T19901] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3641'. [ 891.753682][T19927] random: crng reseeded on system resumption [ 893.050556][T19944] syz_tun: tun_chr_ioctl cmd 1074025673 [ 896.071821][T20012] netlink: 'syz.0.3673': attribute type 11 has an invalid length. [ 896.339129][T20013] ecryptfs_miscdev_write: Invalid packet size [0] [ 897.099135][T15351] Bluetooth: hci1: unexpected event 0x16 length: 11 > 6 [ 897.357273][T20036] netlink: 'syz.0.3678': attribute type 2 has an invalid length. [ 897.849688][T20055] syz_tun: tun_chr_ioctl cmd 2147767506 [ 898.503680][T20067] FAULT_INJECTION: forcing a failure. [ 898.503680][T20067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 898.517111][T20067] CPU: 0 UID: 0 PID: 20067 Comm: syz.2.3688 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 898.517139][T20067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 898.517153][T20067] Call Trace: [ 898.517160][T20067] [ 898.517169][T20067] dump_stack_lvl+0x16c/0x1f0 [ 898.517208][T20067] should_fail_ex+0x50a/0x650 [ 898.517239][T20067] _copy_from_user+0x2e/0xd0 [ 898.517271][T20067] clear_refs_write+0xeb/0xc10 [ 898.517305][T20067] ? __pfx___lock_acquire+0x10/0x10 [ 898.517332][T20067] ? __pfx___lock_acquire+0x10/0x10 [ 898.517355][T20067] ? __pfx_aa_file_perm+0x10/0x10 [ 898.517384][T20067] ? __pfx_clear_refs_write+0x10/0x10 [ 898.517430][T20067] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 898.517458][T20067] ? rcu_is_watching+0x12/0xc0 [ 898.517488][T20067] ? trace_lock_acquire+0x14e/0x1f0 [ 898.517520][T20067] ? __pfx_clear_refs_write+0x10/0x10 [ 898.517552][T20067] vfs_write+0x24c/0x1150 [ 898.517577][T20067] ? __fget_files+0x1fc/0x3a0 [ 898.517601][T20067] ? __pfx___mutex_lock+0x10/0x10 [ 898.517633][T20067] ? __pfx_vfs_write+0x10/0x10 [ 898.517665][T20067] ? __fget_files+0x206/0x3a0 [ 898.517696][T20067] ksys_write+0x12b/0x250 [ 898.517718][T20067] ? __pfx_ksys_write+0x10/0x10 [ 898.517750][T20067] do_syscall_64+0xcd/0x250 [ 898.517774][T20067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.517804][T20067] RIP: 0033:0x7f08b718cde9 [ 898.517823][T20067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 898.517844][T20067] RSP: 002b:00007f08b7f4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 898.517866][T20067] RAX: ffffffffffffffda RBX: 00007f08b73a5fa0 RCX: 00007f08b718cde9 [ 898.517890][T20067] RDX: 00000000ffffff4b RSI: 0000000000000000 RDI: 0000000000000003 [ 898.517903][T20067] RBP: 00007f08b7f4b090 R08: 0000000000000000 R09: 0000000000000000 [ 898.517917][T20067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 898.517930][T20067] R13: 0000000000000000 R14: 00007f08b73a5fa0 R15: 00007fffd6195ac8 [ 898.517962][T20067] [ 899.431034][T20081] FAULT_INJECTION: forcing a failure. [ 899.431034][T20081] name failslab, interval 1, probability 0, space 0, times 0 [ 899.526209][T20081] CPU: 0 UID: 0 PID: 20081 Comm: syz.4.3691 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 899.526246][T20081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 899.526260][T20081] Call Trace: [ 899.526268][T20081] [ 899.526277][T20081] dump_stack_lvl+0x16c/0x1f0 [ 899.526318][T20081] should_fail_ex+0x50a/0x650 [ 899.526345][T20081] ? fs_reclaim_acquire+0xae/0x150 [ 899.526383][T20081] should_failslab+0xc2/0x120 [ 899.526412][T20081] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 899.526439][T20081] ? mas_alloc_nodes+0x18b/0x880 [ 899.526475][T20081] mas_alloc_nodes+0x18b/0x880 [ 899.526513][T20081] mas_node_count_gfp+0x105/0x130 [ 899.526546][T20081] mas_preallocate+0x53f/0xce0 [ 899.526575][T20081] ? __pfx_mas_preallocate+0x10/0x10 [ 899.526613][T20081] ? anon_vma_name+0x75/0x100 [ 899.526646][T20081] __split_vma+0x474/0x1210 [ 899.526678][T20081] ? __pfx___split_vma+0x10/0x10 [ 899.526719][T20081] vms_gather_munmap_vmas+0x38b/0x1730 [ 899.526757][T20081] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 899.526787][T20081] ? mas_walk+0x6a6/0x910 [ 899.526831][T20081] __mmap_region+0x328/0x2760 [ 899.526869][T20081] ? __pfx___mmap_region+0x10/0x10 [ 899.526910][T20081] ? lock_acquire.part.0+0x11b/0x380 [ 899.526946][T20081] ? find_held_lock+0x2d/0x110 [ 899.527025][T20081] ? cap_capable+0xb3/0x250 [ 899.527065][T20081] mmap_region+0x32b/0x3f0 [ 899.527098][T20081] do_mmap+0xd8d/0x11b0 [ 899.527128][T20081] ? __pfx_do_mmap+0x10/0x10 [ 899.527151][T20081] ? __pfx_down_write_killable+0x10/0x10 [ 899.527184][T20081] vm_mmap_pgoff+0x203/0x3a0 [ 899.527215][T20081] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 899.527247][T20081] ? __fget_files+0x206/0x3a0 [ 899.527278][T20081] ksys_mmap_pgoff+0x32c/0x5c0 [ 899.527311][T20081] ? __pfx_ksys_write+0x10/0x10 [ 899.527339][T20081] __x64_sys_mmap+0x125/0x190 [ 899.527373][T20081] do_syscall_64+0xcd/0x250 [ 899.527398][T20081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 899.527429][T20081] RIP: 0033:0x7f567ef8cde9 [ 899.527447][T20081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 899.527470][T20081] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 899.527492][T20081] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 899.527508][T20081] RDX: 0000000000000ffb RSI: 0000000000000009 RDI: 0000000000000000 [ 899.527522][T20081] RBP: 00007f567fd56090 R08: 0000000000000003 R09: 0000000000000000 [ 899.527536][T20081] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000001 [ 899.527550][T20081] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 899.527583][T20081] [ 900.244079][T20096] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3695'. [ 900.478644][T20101] FAULT_INJECTION: forcing a failure. [ 900.478644][T20101] name failslab, interval 1, probability 0, space 0, times 0 [ 900.539487][T20101] CPU: 1 UID: 0 PID: 20101 Comm: syz.0.3697 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 900.539522][T20101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 900.539537][T20101] Call Trace: [ 900.539544][T20101] [ 900.539553][T20101] dump_stack_lvl+0x16c/0x1f0 [ 900.539613][T20101] should_fail_ex+0x50a/0x650 [ 900.539638][T20101] ? fs_reclaim_acquire+0xae/0x150 [ 900.539672][T20101] ? __pfx_filemap_map_pages+0x10/0x10 [ 900.539701][T20101] should_failslab+0xc2/0x120 [ 900.539728][T20101] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 900.539752][T20101] ? ptlock_alloc+0x1f/0x70 [ 900.539776][T20101] ? __pfx_filemap_map_pages+0x10/0x10 [ 900.539807][T20101] ptlock_alloc+0x1f/0x70 [ 900.539829][T20101] pte_alloc_one+0x74/0x390 [ 900.539858][T20101] __do_fault+0x320/0x490 [ 900.539892][T20101] ? __pfx_filemap_map_pages+0x10/0x10 [ 900.539923][T20101] do_pte_missing+0x1a8/0x3e10 [ 900.539949][T20101] ? do_raw_spin_unlock+0x172/0x230 [ 900.539998][T20101] ? __pmd_alloc+0x3c2/0x870 [ 900.540031][T20101] __handle_mm_fault+0x1166/0x2c60 [ 900.540069][T20101] ? __pfx___handle_mm_fault+0x10/0x10 [ 900.540093][T20101] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 900.540137][T20101] ? find_vma+0xc0/0x140 [ 900.540167][T20101] ? __pfx_find_vma+0x10/0x10 [ 900.540201][T20101] handle_mm_fault+0x3fa/0xaa0 [ 900.540234][T20101] do_user_addr_fault+0x7a3/0x13f0 [ 900.540271][T20101] exc_page_fault+0x5c/0xc0 [ 900.540303][T20101] asm_exc_page_fault+0x26/0x30 [ 900.540334][T20101] RIP: 0010:rep_movs_alternative+0x33/0x70 [ 900.540362][T20101] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb [ 900.540384][T20101] RSP: 0018:ffffc9000490fa68 EFLAGS: 00050206 [ 900.540403][T20101] RAX: 5f454c49464f5250 RBX: 0000000000000019 RCX: 0000000000000019 [ 900.540418][T20101] RDX: ffffed100c8cc804 RSI: ffff888064664000 RDI: 0000000000000000 [ 900.540433][T20101] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100c8cc803 [ 900.540447][T20101] R10: ffff888064664018 R11: 0000000000000003 R12: ffff888064664000 [ 900.540462][T20101] R13: 0000000000000019 R14: 00007ffffffff000 R15: 0000000000000000 [ 900.540497][T20101] _copy_to_user+0xbb/0xd0 [ 900.540530][T20101] tomoyo_flush+0x160/0x4b0 [ 900.540563][T20101] tomoyo_set_string+0xaf/0xe0 [ 900.540594][T20101] tomoyo_io_printf+0x26f/0x2f0 [ 900.540625][T20101] ? __pfx_tomoyo_io_printf+0x10/0x10 [ 900.540667][T20101] ? tomoyo_read_profile+0x93d/0xd40 [ 900.540702][T20101] tomoyo_read_profile+0x9c6/0xd40 [ 900.540736][T20101] ? tomoyo_flush+0x3ad/0x4b0 [ 900.540761][T20101] ? lock_acquire+0x2f/0xb0 [ 900.540794][T20101] tomoyo_read_control+0x281/0x510 [ 900.540828][T20101] ? __pfx_tomoyo_read+0x10/0x10 [ 900.540857][T20101] vfs_read+0x1df/0xbf0 [ 900.540882][T20101] ? __fget_files+0x1fc/0x3a0 [ 900.540907][T20101] ? __pfx___mutex_lock+0x10/0x10 [ 900.540940][T20101] ? __pfx_vfs_read+0x10/0x10 [ 900.540974][T20101] ? __fget_files+0x206/0x3a0 [ 900.541017][T20101] ksys_read+0x12b/0x250 [ 900.541039][T20101] ? __pfx_ksys_read+0x10/0x10 [ 900.541073][T20101] do_syscall_64+0xcd/0x250 [ 900.541098][T20101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 900.541126][T20101] RIP: 0033:0x7fb7c4d8cde9 [ 900.541145][T20101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 900.541162][T20101] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 900.541180][T20101] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 900.541193][T20101] RDX: 0000000000001f40 RSI: 0000000000000000 RDI: 0000000000000003 [ 900.541206][T20101] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 900.541220][T20101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 900.541232][T20101] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 900.541264][T20101] [ 901.467413][T20106] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3699'. [ 901.477015][T20106] veth1_macvtap: entered allmulticast mode [ 902.798604][T20122] ecryptfs_miscdev_write: Invalid packet size [0] [ 903.288301][T20139] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3706'. [ 903.516980][T20147] syz_tun: tun_chr_ioctl cmd 1074025673 [ 907.509094][T20199] ecryptfs_miscdev_write: Invalid packet size [0] [ 908.077872][T20214] syz_tun: tun_chr_ioctl cmd 1074025673 [ 908.667943][T20219] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3724'. [ 912.120305][T20276] FAULT_INJECTION: forcing a failure. [ 912.120305][T20276] name failslab, interval 1, probability 0, space 0, times 0 [ 912.319445][T20276] CPU: 1 UID: 0 PID: 20276 Comm: syz.1.3735 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 912.319478][T20276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 912.319492][T20276] Call Trace: [ 912.319498][T20276] [ 912.319508][T20276] dump_stack_lvl+0x16c/0x1f0 [ 912.319552][T20276] should_fail_ex+0x50a/0x650 [ 912.319580][T20276] ? fs_reclaim_acquire+0xae/0x150 [ 912.319617][T20276] should_failslab+0xc2/0x120 [ 912.319646][T20276] __kmalloc_noprof+0xce/0x4f0 [ 912.319670][T20276] ? get_mm_exe_file+0x8a/0x1a0 [ 912.319700][T20276] ? tomoyo_realpath_from_path+0xbf/0x710 [ 912.319729][T20276] ? trace_lock_acquire+0x14e/0x1f0 [ 912.319754][T20276] tomoyo_realpath_from_path+0xbf/0x710 [ 912.319792][T20276] tomoyo_get_exe+0x63/0xa0 [ 912.319836][T20276] tomoyo_write_control+0x5ad/0x13d0 [ 912.319878][T20276] ? rcu_is_watching+0x12/0xc0 [ 912.319913][T20276] ? __pfx_tomoyo_write_control+0x10/0x10 [ 912.319943][T20276] ? ksys_write+0x12b/0x250 [ 912.319974][T20276] ? __pfx_tomoyo_write+0x10/0x10 [ 912.320006][T20276] vfs_write+0x24c/0x1150 [ 912.320030][T20276] ? __fget_files+0x1fc/0x3a0 [ 912.320055][T20276] ? __pfx___mutex_lock+0x10/0x10 [ 912.320089][T20276] ? __pfx_vfs_write+0x10/0x10 [ 912.320123][T20276] ? __fget_files+0x206/0x3a0 [ 912.320157][T20276] ksys_write+0x12b/0x250 [ 912.320180][T20276] ? __pfx_ksys_write+0x10/0x10 [ 912.320214][T20276] do_syscall_64+0xcd/0x250 [ 912.320240][T20276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 912.320269][T20276] RIP: 0033:0x7f216cf8cde9 [ 912.320288][T20276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 912.320309][T20276] RSP: 002b:00007f216de4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 912.320330][T20276] RAX: ffffffffffffffda RBX: 00007f216d1a5fa0 RCX: 00007f216cf8cde9 [ 912.320346][T20276] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 912.320359][T20276] RBP: 00007f216de4c090 R08: 0000000000000000 R09: 0000000000000000 [ 912.320373][T20276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 912.320386][T20276] R13: 0000000000000000 R14: 00007f216d1a5fa0 R15: 00007ffdc1d20f08 [ 912.320419][T20276] [ 912.320429][T20276] ERROR: Out of memory at tomoyo_realpath_from_path. [ 912.890691][T20294] syz_tun: tun_chr_ioctl cmd 1074025673 [ 915.690249][T20336] ubi0: detaching mtd0 [ 915.850473][T20336] ubi0: mtd0 is detached [ 916.292974][T20349] syz_tun: tun_chr_ioctl cmd 1074025678 [ 916.298621][T20349] syz_tun: group set to 23693 [ 919.382511][T20391] nbd: nbd7 already in use [ 919.440049][ T29] audit: type=1326 audit(4294967368.865:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20389 comm="syz.0.3762" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb7c4d8cde9 code=0x0 [ 919.579767][ T29] audit: type=1326 audit(4294967369.015:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20389 comm="syz.0.3762" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb7c4d8cde9 code=0x0 [ 919.644197][T20405] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3765'. [ 922.450690][T20437] FAULT_INJECTION: forcing a failure. [ 922.450690][T20437] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 922.590953][T20437] CPU: 0 UID: 0 PID: 20437 Comm: syz.2.3773 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 922.590989][T20437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 922.591003][T20437] Call Trace: [ 922.591010][T20437] [ 922.591030][T20437] dump_stack_lvl+0x16c/0x1f0 [ 922.591070][T20437] should_fail_ex+0x50a/0x650 [ 922.591103][T20437] _copy_to_user+0x32/0xd0 [ 922.591137][T20437] simple_read_from_buffer+0xd0/0x160 [ 922.591174][T20437] proc_fail_nth_read+0x198/0x270 [ 922.591207][T20437] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 922.591241][T20437] ? rw_verify_area+0xcf/0x680 [ 922.591271][T20437] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 922.591303][T20437] vfs_read+0x1df/0xbf0 [ 922.591326][T20437] ? __fget_files+0x1fc/0x3a0 [ 922.591351][T20437] ? __pfx___mutex_lock+0x10/0x10 [ 922.591385][T20437] ? __pfx_vfs_read+0x10/0x10 [ 922.591416][T20437] ? __fget_files+0x206/0x3a0 [ 922.591449][T20437] ksys_read+0x12b/0x250 [ 922.591472][T20437] ? __pfx_ksys_read+0x10/0x10 [ 922.591504][T20437] do_syscall_64+0xcd/0x250 [ 922.591529][T20437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 922.591559][T20437] RIP: 0033:0x7f08b718b7fc [ 922.591577][T20437] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 922.591599][T20437] RSP: 002b:00007f08b7f09030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 922.591620][T20437] RAX: ffffffffffffffda RBX: 00007f08b73a6160 RCX: 00007f08b718b7fc [ 922.591635][T20437] RDX: 000000000000000f RSI: 00007f08b7f090a0 RDI: 0000000000000007 [ 922.591649][T20437] RBP: 00007f08b7f09090 R08: 0000000000000000 R09: 0000000000000000 [ 922.591663][T20437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 922.591676][T20437] R13: 0000000000000001 R14: 00007f08b73a6160 R15: 00007fffd6195ac8 [ 922.591708][T20437] [ 926.692455][T20455] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 927.139600][T20455] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 927.180066][T20455] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 927.216677][T20455] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 927.224976][T20455] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 928.410376][T15351] Bluetooth: hci4: command 0x041b tx timeout [ 928.771476][T20510] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 928.892502][ T29] audit: type=1800 audit(4294967378.315:23): pid=20518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3796" name="lu_gp_id" dev="configfs" ino=67397 res=0 errno=0 [ 928.913740][T20510] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 928.953036][T20510] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 929.040370][T20510] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 930.810438][T15351] Bluetooth: hci4: command 0x041b tx timeout [ 930.969701][T15351] Bluetooth: hci0: command 0x0c1a tx timeout [ 930.969741][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 931.049538][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 932.092624][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.099894][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.129694][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 935.852365][T20655] FAULT_INJECTION: forcing a failure. [ 935.852365][T20655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 935.879435][T20655] CPU: 1 UID: 0 PID: 20655 Comm: syz.2.3834 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 935.879469][T20655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 935.879482][T20655] Call Trace: [ 935.879488][T20655] [ 935.879497][T20655] dump_stack_lvl+0x16c/0x1f0 [ 935.879533][T20655] should_fail_ex+0x50a/0x650 [ 935.879561][T20655] _copy_from_user+0x2e/0xd0 [ 935.879592][T20655] do_sock_getsockopt+0x319/0x870 [ 935.879620][T20655] ? trace_lock_acquire+0x80/0x1f0 [ 935.879645][T20655] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 935.879673][T20655] ? lock_acquire+0x2f/0xb0 [ 935.879698][T20655] ? __fget_files+0x40/0x3a0 [ 935.879726][T20655] ? __fget_files+0x206/0x3a0 [ 935.879756][T20655] __sys_getsockopt+0x12f/0x260 [ 935.879796][T20655] __x64_sys_getsockopt+0xbd/0x160 [ 935.879817][T20655] ? do_syscall_64+0x91/0x250 [ 935.879839][T20655] ? lockdep_hardirqs_on+0x7c/0x110 [ 935.879871][T20655] do_syscall_64+0xcd/0x250 [ 935.879895][T20655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 935.879927][T20655] RIP: 0033:0x7f08b718cde9 [ 935.879946][T20655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 935.879967][T20655] RSP: 002b:00007f08b7f4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 935.879989][T20655] RAX: ffffffffffffffda RBX: 00007f08b73a5fa0 RCX: 00007f08b718cde9 [ 935.880004][T20655] RDX: 0000000000000081 RSI: 000000000000010f RDI: 0000000000000003 [ 935.880017][T20655] RBP: 00007f08b7f4b090 R08: 0000000000000000 R09: 0000000000000000 [ 935.880030][T20655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 935.880044][T20655] R13: 0000000000000000 R14: 00007f08b73a5fa0 R15: 00007fffd6195ac8 [ 935.880074][T20655] [ 936.584536][T20662] FAULT_INJECTION: forcing a failure. [ 936.584536][T20662] name failslab, interval 1, probability 0, space 0, times 0 [ 936.669494][T20662] CPU: 1 UID: 0 PID: 20662 Comm: syz.1.3835 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 936.669530][T20662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 936.669545][T20662] Call Trace: [ 936.669553][T20662] [ 936.669562][T20662] dump_stack_lvl+0x16c/0x1f0 [ 936.669601][T20662] should_fail_ex+0x50a/0x650 [ 936.669632][T20662] ? cfmuxl_create+0x40/0x210 [ 936.669675][T20662] should_failslab+0xc2/0x120 [ 936.669704][T20662] __kmalloc_cache_noprof+0x68/0x420 [ 936.669733][T20662] ? __pfx_caif_init_net+0x10/0x10 [ 936.669765][T20662] cfmuxl_create+0x40/0x210 [ 936.669796][T20662] cfcnfg_create+0x78/0x500 [ 936.669826][T20662] ? debug_mutex_init+0x37/0x70 [ 936.669859][T20662] ? __pfx_caif_init_net+0x10/0x10 [ 936.669885][T20662] caif_init_net+0x7d/0xe0 [ 936.669912][T20662] ops_init+0x1df/0x5f0 [ 936.669938][T20662] setup_net+0x21f/0x860 [ 936.669962][T20662] ? __pfx_setup_net+0x10/0x10 [ 936.669982][T20662] ? down_read_killable+0xcc/0x380 [ 936.670004][T20662] ? __pfx_down_read_killable+0x10/0x10 [ 936.670027][T20662] ? debug_mutex_init+0x37/0x70 [ 936.670060][T20662] copy_net_ns+0x2b4/0x6c0 [ 936.670087][T20662] create_new_namespaces+0x3ea/0xad0 [ 936.670120][T20662] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 936.670150][T20662] ksys_unshare+0x45d/0xa40 [ 936.670180][T20662] ? __pfx_ksys_unshare+0x10/0x10 [ 936.670208][T20662] ? xfd_validate_state+0x5d/0x180 [ 936.670242][T20662] __x64_sys_unshare+0x31/0x40 [ 936.670271][T20662] do_syscall_64+0xcd/0x250 [ 936.670292][T20662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.670319][T20662] RIP: 0033:0x7f216cf8cde9 [ 936.670336][T20662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 936.670355][T20662] RSP: 002b:00007f216de4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 936.670375][T20662] RAX: ffffffffffffffda RBX: 00007f216d1a5fa0 RCX: 00007f216cf8cde9 [ 936.670388][T20662] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 936.670401][T20662] RBP: 00007f216d00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 936.670413][T20662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.670425][T20662] R13: 0000000000000000 R14: 00007f216d1a5fa0 R15: 00007ffdc1d20f08 [ 936.670452][T20662] [ 937.102428][T20673] FAULT_INJECTION: forcing a failure. [ 937.102428][T20673] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 937.115832][T20673] CPU: 1 UID: 0 PID: 20673 Comm: syz.2.3842 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 937.115862][T20673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 937.115876][T20673] Call Trace: [ 937.115883][T20673] [ 937.115891][T20673] dump_stack_lvl+0x16c/0x1f0 [ 937.115931][T20673] should_fail_ex+0x50a/0x650 [ 937.115962][T20673] _copy_to_user+0x32/0xd0 [ 937.115996][T20673] simple_read_from_buffer+0xd0/0x160 [ 937.116032][T20673] proc_fail_nth_read+0x198/0x270 [ 937.116064][T20673] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 937.116098][T20673] ? rw_verify_area+0xcf/0x680 [ 937.116129][T20673] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 937.116161][T20673] vfs_read+0x1df/0xbf0 [ 937.116183][T20673] ? __fget_files+0x1fc/0x3a0 [ 937.116207][T20673] ? __pfx___mutex_lock+0x10/0x10 [ 937.116241][T20673] ? __pfx_vfs_read+0x10/0x10 [ 937.116272][T20673] ? __fget_files+0x206/0x3a0 [ 937.116305][T20673] ksys_read+0x12b/0x250 [ 937.116326][T20673] ? __pfx_ksys_read+0x10/0x10 [ 937.116357][T20673] do_syscall_64+0xcd/0x250 [ 937.116382][T20673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.116425][T20673] RIP: 0033:0x7f08b718b7fc [ 937.116444][T20673] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 937.116465][T20673] RSP: 002b:00007f08b7f4b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 937.116486][T20673] RAX: ffffffffffffffda RBX: 00007f08b73a5fa0 RCX: 00007f08b718b7fc [ 937.116501][T20673] RDX: 000000000000000f RSI: 00007f08b7f4b0a0 RDI: 0000000000000003 [ 937.116515][T20673] RBP: 00007f08b7f4b090 R08: 0000000000000000 R09: 0000000000000000 [ 937.116527][T20673] R10: 0000400000000040 R11: 0000000000000246 R12: 0000000000000001 [ 937.116542][T20673] R13: 0000000000000001 R14: 00007f08b73a5fa0 R15: 00007fffd6195ac8 [ 937.116579][T20673] [ 937.682378][T20666] FAULT_INJECTION: forcing a failure. [ 937.682378][T20666] name failslab, interval 1, probability 0, space 0, times 0 [ 937.742072][T20666] CPU: 1 UID: 0 PID: 20666 Comm: syz.4.3840 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 937.742109][T20666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 937.742123][T20666] Call Trace: [ 937.742131][T20666] [ 937.742140][T20666] dump_stack_lvl+0x16c/0x1f0 [ 937.742186][T20666] should_fail_ex+0x50a/0x650 [ 937.742213][T20666] ? fs_reclaim_acquire+0xae/0x150 [ 937.742253][T20666] should_failslab+0xc2/0x120 [ 937.742284][T20666] __kmalloc_noprof+0xce/0x4f0 [ 937.742313][T20666] ? ima_alloc_init_template+0xb8/0x720 [ 937.742392][T20666] ima_alloc_init_template+0xb8/0x720 [ 937.742430][T20666] ? d_absolute_path+0x137/0x1b0 [ 937.742462][T20666] ? __pfx_d_absolute_path+0x10/0x10 [ 937.742503][T20666] ima_store_measurement+0x1ea/0x5c0 [ 937.742539][T20666] ? __pfx_ima_store_measurement+0x10/0x10 [ 937.742571][T20666] ? ima_d_path+0x12c/0x2a0 [ 937.742595][T20666] ? vfs_getxattr_alloc+0xf1/0x340 [ 937.742626][T20666] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 937.742661][T20666] process_measurement+0x1bcb/0x2370 [ 937.742698][T20666] ? __pfx_process_measurement+0x10/0x10 [ 937.742735][T20666] ? mark_held_locks+0x9f/0xe0 [ 937.742762][T20666] ? kasan_quarantine_put+0x10a/0x240 [ 937.742805][T20666] ? find_held_lock+0x2d/0x110 [ 937.742841][T20666] ? tomoyo_bprm_check_security+0x168/0x1d0 [ 937.742876][T20666] ima_bprm_check+0xe8/0x210 [ 937.742904][T20666] ? __pfx_ima_bprm_check+0x10/0x10 [ 937.742939][T20666] security_bprm_check+0xa5/0x1e0 [ 937.742975][T20666] bprm_execve+0x832/0x16d0 [ 937.743007][T20666] ? __pfx_bprm_execve+0x10/0x10 [ 937.743033][T20666] ? copy_string_kernel+0x1d4/0x210 [ 937.743061][T20666] do_execveat_common.isra.0+0x4a2/0x610 [ 937.743091][T20666] __x64_sys_execve+0x8c/0xb0 [ 937.743115][T20666] do_syscall_64+0xcd/0x250 [ 937.743141][T20666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 937.743175][T20666] RIP: 0033:0x7f567ef8cde9 [ 937.743194][T20666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 937.743216][T20666] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 937.743239][T20666] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 937.743254][T20666] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000080 [ 937.743267][T20666] RBP: 00007f567f00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 937.743281][T20666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.743294][T20666] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 937.743325][T20666] [ 937.763750][ T29] audit: type=1804 audit(4294967387.175:24): pid=20666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.4.3840" name="/newroot/231/file0" dev="tmpfs" ino=1234 res=0 errno=0 [ 938.266689][T20682] ERROR: Out of memory at tomoyo_memory_ok. [ 938.294673][T20696] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3846'. [ 940.558448][T20737] FAULT_INJECTION: forcing a failure. [ 940.558448][T20737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 940.585752][T20737] CPU: 0 UID: 0 PID: 20737 Comm: syz.4.3855 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 940.585787][T20737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 940.585799][T20737] Call Trace: [ 940.585806][T20737] [ 940.585816][T20737] dump_stack_lvl+0x16c/0x1f0 [ 940.585853][T20737] should_fail_ex+0x50a/0x650 [ 940.585884][T20737] _copy_to_user+0x32/0xd0 [ 940.585915][T20737] simple_read_from_buffer+0xd0/0x160 [ 940.585950][T20737] proc_fail_nth_read+0x198/0x270 [ 940.585981][T20737] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 940.586015][T20737] ? rw_verify_area+0xcf/0x680 [ 940.586046][T20737] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 940.586078][T20737] vfs_read+0x1df/0xbf0 [ 940.586101][T20737] ? __fget_files+0x1fc/0x3a0 [ 940.586126][T20737] ? __pfx___mutex_lock+0x10/0x10 [ 940.586161][T20737] ? __pfx_vfs_read+0x10/0x10 [ 940.586192][T20737] ? __fget_files+0x206/0x3a0 [ 940.586223][T20737] ksys_read+0x12b/0x250 [ 940.586245][T20737] ? __pfx_ksys_read+0x10/0x10 [ 940.586278][T20737] do_syscall_64+0xcd/0x250 [ 940.586303][T20737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.586342][T20737] RIP: 0033:0x7f567ef8b7fc [ 940.586360][T20737] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 940.586381][T20737] RSP: 002b:00007f567fd56030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 940.586402][T20737] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8b7fc [ 940.586416][T20737] RDX: 000000000000000f RSI: 00007f567fd560a0 RDI: 0000000000000004 [ 940.586430][T20737] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 940.586444][T20737] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 940.586457][T20737] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 940.586489][T20737] [ 941.094514][T20741] Invalid ELF header magic: != ELF [ 941.120532][T20743] Invalid ELF header magic: != ELF [ 941.396201][T20754] syz_tun: tun_chr_ioctl cmd 1074025673 [ 941.717448][T20769] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3864'. [ 941.778901][T20768] syz_tun: tun_chr_ioctl cmd 7 [ 942.175684][T20771] FAULT_INJECTION: forcing a failure. [ 942.175684][T20771] name failslab, interval 1, probability 0, space 0, times 0 [ 942.188531][T20771] CPU: 0 UID: 0 PID: 20771 Comm: syz.0.3866 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 942.188564][T20771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 942.188580][T20771] Call Trace: [ 942.188588][T20771] [ 942.188598][T20771] dump_stack_lvl+0x16c/0x1f0 [ 942.188641][T20771] should_fail_ex+0x50a/0x650 [ 942.188670][T20771] ? fs_reclaim_acquire+0xae/0x150 [ 942.188711][T20771] should_failslab+0xc2/0x120 [ 942.188744][T20771] __kmalloc_noprof+0xce/0x4f0 [ 942.188772][T20771] ? ima_write_template_field_data+0x48/0x1c0 [ 942.188802][T20771] ima_write_template_field_data+0x48/0x1c0 [ 942.188830][T20771] ima_eventdigest_init_common+0x131/0x3d0 [ 942.188858][T20771] ? __pfx_ima_eventdigest_init_common+0x10/0x10 [ 942.188905][T20771] ? rcu_is_watching+0x12/0xc0 [ 942.188941][T20771] ? trace_kmalloc+0x2d/0xd0 [ 942.188972][T20771] ? __kmalloc_noprof+0x23b/0x4f0 [ 942.189001][T20771] ? ima_alloc_init_template+0x195/0x720 [ 942.189038][T20771] ima_alloc_init_template+0x399/0x720 [ 942.189088][T20771] ? __pfx_d_absolute_path+0x10/0x10 [ 942.189134][T20771] ima_store_measurement+0x1ea/0x5c0 [ 942.189170][T20771] ? __pfx_ima_store_measurement+0x10/0x10 [ 942.189205][T20771] ? ima_d_path+0x12c/0x2a0 [ 942.189234][T20771] ? vfs_getxattr_alloc+0xf1/0x340 [ 942.189268][T20771] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 942.189305][T20771] process_measurement+0x1bcb/0x2370 [ 942.189350][T20771] ? __pfx_process_measurement+0x10/0x10 [ 942.189391][T20771] ? mark_held_locks+0x9f/0xe0 [ 942.189426][T20771] ? kasan_quarantine_put+0x10a/0x240 [ 942.189478][T20771] ? find_held_lock+0x2d/0x110 [ 942.189513][T20771] ? tomoyo_bprm_check_security+0x168/0x1d0 [ 942.189547][T20771] ima_bprm_check+0xe8/0x210 [ 942.189575][T20771] ? __pfx_ima_bprm_check+0x10/0x10 [ 942.189611][T20771] security_bprm_check+0xa5/0x1e0 [ 942.189644][T20771] bprm_execve+0x832/0x16d0 [ 942.189676][T20771] ? __pfx_bprm_execve+0x10/0x10 [ 942.189700][T20771] ? copy_string_kernel+0x1d4/0x210 [ 942.189727][T20771] do_execveat_common.isra.0+0x4a2/0x610 [ 942.189761][T20771] __x64_sys_execve+0x8c/0xb0 [ 942.189786][T20771] do_syscall_64+0xcd/0x250 [ 942.189813][T20771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.189847][T20771] RIP: 0033:0x7fb7c4d8cde9 [ 942.189867][T20771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 942.189890][T20771] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 942.189913][T20771] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 942.189930][T20771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000080 [ 942.189944][T20771] RBP: 00007fb7c4e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 942.189959][T20771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.189973][T20771] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 942.190005][T20771] [ 942.506944][ T29] audit: type=1804 audit(4294967391.935:25): pid=20771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.0.3866" name="/newroot/374/file0" dev="tmpfs" ino=1997 res=0 errno=0 [ 943.580921][T20810] FAULT_INJECTION: forcing a failure. [ 943.580921][T20810] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 943.659687][T20810] CPU: 1 UID: 0 PID: 20810 Comm: syz.0.3877 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 943.659720][T20810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 943.659734][T20810] Call Trace: [ 943.659740][T20810] [ 943.659749][T20810] dump_stack_lvl+0x16c/0x1f0 [ 943.659788][T20810] should_fail_ex+0x50a/0x650 [ 943.659820][T20810] _copy_from_user+0x2e/0xd0 [ 943.659851][T20810] move_addr_to_kernel+0x68/0x160 [ 943.659885][T20810] __sys_bind+0x11c/0x260 [ 943.659918][T20810] ? __pfx___sys_bind+0x10/0x10 [ 943.659947][T20810] ? __fget_files+0x206/0x3a0 [ 943.659983][T20810] ? __pfx_ksys_write+0x10/0x10 [ 943.660023][T20810] __x64_sys_bind+0x72/0xb0 [ 943.660053][T20810] ? lockdep_hardirqs_on+0x7c/0x110 [ 943.660085][T20810] do_syscall_64+0xcd/0x250 [ 943.660110][T20810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.660142][T20810] RIP: 0033:0x7fb7c4d8cde9 [ 943.660160][T20810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 943.660183][T20810] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 943.660205][T20810] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 943.660220][T20810] RDX: 000000000000006b RSI: 0000400000000080 RDI: 0000000000000003 [ 943.660235][T20810] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 943.660249][T20810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 943.660262][T20810] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 943.660290][T20810] [ 944.104986][T20820] FAULT_INJECTION: forcing a failure. [ 944.104986][T20820] name failslab, interval 1, probability 0, space 0, times 0 [ 944.179724][T20820] CPU: 1 UID: 0 PID: 20820 Comm: syz.2.3881 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 944.179759][T20820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 944.179773][T20820] Call Trace: [ 944.179780][T20820] [ 944.179790][T20820] dump_stack_lvl+0x16c/0x1f0 [ 944.179831][T20820] should_fail_ex+0x50a/0x650 [ 944.179860][T20820] ? fs_reclaim_acquire+0xae/0x150 [ 944.179899][T20820] should_failslab+0xc2/0x120 [ 944.179927][T20820] __kmalloc_noprof+0xce/0x4f0 [ 944.179954][T20820] ? ima_write_template_field_data+0xe9/0x1c0 [ 944.179986][T20820] ima_write_template_field_data+0xe9/0x1c0 [ 944.180031][T20820] ima_eventname_init_common.isra.0+0x113/0x1f0 [ 944.180062][T20820] ? __pfx_ima_eventname_init_common.isra.0+0x10/0x10 [ 944.180096][T20820] ? trace_kmalloc+0x2d/0xd0 [ 944.180129][T20820] ? __kmalloc_noprof+0x23b/0x4f0 [ 944.180155][T20820] ? ima_alloc_init_template+0x195/0x720 [ 944.180193][T20820] ima_alloc_init_template+0x399/0x720 [ 944.180228][T20820] ? __pfx_d_absolute_path+0x10/0x10 [ 944.180260][T20820] ima_store_measurement+0x1ea/0x5c0 [ 944.180295][T20820] ? __pfx_ima_store_measurement+0x10/0x10 [ 944.180329][T20820] ? ima_d_path+0x12c/0x2a0 [ 944.180355][T20820] ? vfs_getxattr_alloc+0xf1/0x340 [ 944.180391][T20820] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 944.180424][T20820] process_measurement+0x1bcb/0x2370 [ 944.180469][T20820] ? __pfx_process_measurement+0x10/0x10 [ 944.180510][T20820] ? mark_held_locks+0x9f/0xe0 [ 944.180540][T20820] ? kasan_quarantine_put+0x10a/0x240 [ 944.180585][T20820] ? find_held_lock+0x2d/0x110 [ 944.180625][T20820] ? tomoyo_bprm_check_security+0x168/0x1d0 [ 944.180665][T20820] ima_bprm_check+0xe8/0x210 [ 944.180696][T20820] ? __pfx_ima_bprm_check+0x10/0x10 [ 944.180736][T20820] security_bprm_check+0xa5/0x1e0 [ 944.180772][T20820] bprm_execve+0x832/0x16d0 [ 944.180802][T20820] ? __pfx_bprm_execve+0x10/0x10 [ 944.180827][T20820] ? copy_string_kernel+0x1d4/0x210 [ 944.180856][T20820] do_execveat_common.isra.0+0x4a2/0x610 [ 944.180888][T20820] __x64_sys_execve+0x8c/0xb0 [ 944.180915][T20820] do_syscall_64+0xcd/0x250 [ 944.180941][T20820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.180973][T20820] RIP: 0033:0x7f08b718cde9 [ 944.181002][T20820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 944.181026][T20820] RSP: 002b:00007f08b7f4b038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 944.181049][T20820] RAX: ffffffffffffffda RBX: 00007f08b73a5fa0 RCX: 00007f08b718cde9 [ 944.181066][T20820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000080 [ 944.181081][T20820] RBP: 00007f08b720e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 944.181097][T20820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.181112][T20820] R13: 0000000000000000 R14: 00007f08b73a5fa0 R15: 00007fffd6195ac8 [ 944.181147][T20820] [ 944.186488][ T29] audit: type=1804 audit(4294967393.615:26): pid=20820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.3881" name="/newroot/371/file0" dev="tmpfs" ino=1978 res=0 errno=0 [ 945.084006][T20848] FAULT_INJECTION: forcing a failure. [ 945.084006][T20848] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 945.129507][T20848] CPU: 0 UID: 0 PID: 20848 Comm: syz.4.3888 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 945.129538][T20848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 945.129551][T20848] Call Trace: [ 945.129558][T20848] [ 945.129568][T20848] dump_stack_lvl+0x16c/0x1f0 [ 945.129607][T20848] should_fail_ex+0x50a/0x650 [ 945.129639][T20848] _copy_from_user+0x2e/0xd0 [ 945.129671][T20848] move_addr_to_kernel+0x68/0x160 [ 945.129705][T20848] __sys_connect+0xb0/0x170 [ 945.129737][T20848] ? __pfx___sys_connect+0x10/0x10 [ 945.129780][T20848] ? __pfx_ksys_write+0x10/0x10 [ 945.129810][T20848] __x64_sys_connect+0x72/0xb0 [ 945.129841][T20848] ? lockdep_hardirqs_on+0x7c/0x110 [ 945.129873][T20848] do_syscall_64+0xcd/0x250 [ 945.129899][T20848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.129935][T20848] RIP: 0033:0x7f567ef8cde9 [ 945.129953][T20848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 945.129973][T20848] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 945.129995][T20848] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 945.130010][T20848] RDX: 0000000000000055 RSI: 00004000000000c0 RDI: 0000000000000003 [ 945.130024][T20848] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 945.130037][T20848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 945.130050][T20848] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 945.130079][T20848] [ 946.366229][T20874] FAULT_INJECTION: forcing a failure. [ 946.366229][T20874] name failslab, interval 1, probability 0, space 0, times 0 [ 946.414380][T20874] CPU: 0 UID: 0 PID: 20874 Comm: syz.0.3894 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 946.414414][T20874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 946.414427][T20874] Call Trace: [ 946.414434][T20874] [ 946.414444][T20874] dump_stack_lvl+0x16c/0x1f0 [ 946.414483][T20874] should_fail_ex+0x50a/0x650 [ 946.414510][T20874] ? fs_reclaim_acquire+0xae/0x150 [ 946.414548][T20874] should_failslab+0xc2/0x120 [ 946.414576][T20874] __kmalloc_noprof+0xce/0x4f0 [ 946.414601][T20874] ? d_absolute_path+0x137/0x1b0 [ 946.414630][T20874] ? tomoyo_encode2+0x100/0x3e0 [ 946.414662][T20874] tomoyo_encode2+0x100/0x3e0 [ 946.414694][T20874] tomoyo_realpath_from_path+0x1a7/0x710 [ 946.414724][T20874] ? tomoyo_path_number_perm+0x235/0x5b0 [ 946.414753][T20874] tomoyo_path_number_perm+0x248/0x5b0 [ 946.414775][T20874] ? tomoyo_path_number_perm+0x235/0x5b0 [ 946.414809][T20874] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 946.414865][T20874] ? __pfx_lock_release+0x10/0x10 [ 946.414891][T20874] ? trace_lock_acquire+0x14e/0x1f0 [ 946.414918][T20874] ? lock_acquire+0x2f/0xb0 [ 946.414941][T20874] ? __fget_files+0x40/0x3a0 [ 946.414970][T20874] ? __fget_files+0x206/0x3a0 [ 946.414999][T20874] security_file_ioctl+0x9b/0x240 [ 946.415026][T20874] __x64_sys_ioctl+0xb7/0x200 [ 946.415060][T20874] do_syscall_64+0xcd/0x250 [ 946.415085][T20874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 946.415116][T20874] RIP: 0033:0x7fb7c4d8cde9 [ 946.415134][T20874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 946.415155][T20874] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 946.415177][T20874] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 946.415192][T20874] RDX: 0000000000000005 RSI: 00000000400454c8 RDI: 00000000000000c8 [ 946.415206][T20874] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 946.415220][T20874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 946.415234][T20874] R13: 0000000000000001 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 946.415265][T20874] [ 946.415283][T20874] ERROR: Out of memory at tomoyo_realpath_from_path. [ 946.719184][T20874] syz_tun: tun_chr_ioctl cmd 1074025672 [ 946.734309][T20874] syz_tun: ignored: set checksum disabled [ 947.696112][T20887] syz_tun: tun_chr_ioctl cmd 1074025673 [ 949.025711][T20896] syz_tun: tun_chr_ioctl cmd 1074025675 [ 949.036224][T20896] syz_tun: persist enabled [ 949.196639][T20899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3903'. [ 949.237662][ T29] audit: type=1800 audit(4294967398.665:27): pid=20899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3903" name="discovery_nqn" dev="configfs" ino=69555 res=0 errno=0 [ 949.371500][T20902] FAULT_INJECTION: forcing a failure. [ 949.371500][T20902] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 949.403925][T20902] CPU: 0 UID: 0 PID: 20902 Comm: syz.4.3904 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 949.403959][T20902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 949.403974][T20902] Call Trace: [ 949.403981][T20902] [ 949.403991][T20902] dump_stack_lvl+0x16c/0x1f0 [ 949.404030][T20902] should_fail_ex+0x50a/0x650 [ 949.404063][T20902] _copy_from_user+0x2e/0xd0 [ 949.404094][T20902] move_addr_to_kernel+0x68/0x160 [ 949.404128][T20902] __copy_msghdr+0x386/0x470 [ 949.404153][T20902] copy_msghdr_from_user+0xc2/0x160 [ 949.404177][T20902] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 949.404217][T20902] ___sys_sendmsg+0xff/0x1e0 [ 949.404244][T20902] ? __pfx____sys_sendmsg+0x10/0x10 [ 949.404281][T20902] ? __pfx_lock_release+0x10/0x10 [ 949.404308][T20902] ? trace_lock_acquire+0x14e/0x1f0 [ 949.404341][T20902] ? __fget_files+0x206/0x3a0 [ 949.404373][T20902] __sys_sendmsg+0x16e/0x220 [ 949.404392][T20902] ? __pfx___sys_sendmsg+0x10/0x10 [ 949.404433][T20902] do_syscall_64+0xcd/0x250 [ 949.404456][T20902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 949.404479][T20902] RIP: 0033:0x7f567ef8cde9 [ 949.404493][T20902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 949.404513][T20902] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 949.404541][T20902] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 949.404557][T20902] RDX: 0000000000000000 RSI: 0000400000000180 RDI: 0000000000000003 [ 949.404571][T20902] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 949.404586][T20902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 949.404600][T20902] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 949.404631][T20902] [ 949.872042][T20916] netlink: 1204 bytes leftover after parsing attributes in process `syz.0.3907'. [ 949.887120][T20905] FAULT_INJECTION: forcing a failure. [ 949.887120][T20905] name failslab, interval 1, probability 0, space 0, times 0 [ 949.911404][T20905] CPU: 1 UID: 0 PID: 20905 Comm: syz.4.3904 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 949.911434][T20905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 949.911448][T20905] Call Trace: [ 949.911454][T20905] [ 949.911463][T20905] dump_stack_lvl+0x16c/0x1f0 [ 949.911499][T20905] should_fail_ex+0x50a/0x650 [ 949.911523][T20905] ? fs_reclaim_acquire+0xae/0x150 [ 949.911555][T20905] should_failslab+0xc2/0x120 [ 949.911582][T20905] __kmalloc_noprof+0xce/0x4f0 [ 949.911607][T20905] ? lsm_blob_alloc+0x68/0x90 [ 949.911634][T20905] lsm_blob_alloc+0x68/0x90 [ 949.911657][T20905] security_sk_alloc+0x30/0x270 [ 949.911689][T20905] sk_prot_alloc+0xfb/0x2a0 [ 949.911715][T20905] sk_alloc+0x36/0xb90 [ 949.911737][T20905] rds_create+0x9e/0x5f0 [ 949.911766][T20905] __sock_create+0x335/0x8d0 [ 949.911809][T20905] __sys_socket+0x14f/0x260 [ 949.911839][T20905] ? __pfx___sys_socket+0x10/0x10 [ 949.911870][T20905] ? rcu_is_watching+0x12/0xc0 [ 949.911905][T20905] __x64_sys_socket+0x72/0xb0 [ 949.911934][T20905] ? lockdep_hardirqs_on+0x7c/0x110 [ 949.911965][T20905] do_syscall_64+0xcd/0x250 [ 949.911989][T20905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 949.912020][T20905] RIP: 0033:0x7f567ef8cde9 [ 949.912039][T20905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 949.912060][T20905] RSP: 002b:00007f567fd35038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 949.912080][T20905] RAX: ffffffffffffffda RBX: 00007f567f1a6080 RCX: 00007f567ef8cde9 [ 949.912093][T20905] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000015 [ 949.912106][T20905] RBP: 00007f567f00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 949.912118][T20905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 949.912131][T20905] R13: 0000000000000000 R14: 00007f567f1a6080 R15: 00007fff35b5bd48 [ 949.912158][T20905] [ 950.157771][T20920] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3907'. [ 950.241492][T20923] syz_tun: tun_chr_ioctl cmd 1074025676 [ 950.247107][T20923] syz_tun: owner set to 5 [ 950.606941][T20936] FAULT_INJECTION: forcing a failure. [ 950.606941][T20936] name failslab, interval 1, probability 0, space 0, times 0 [ 950.620070][T20936] CPU: 1 UID: 0 PID: 20936 Comm: syz.0.3912 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 950.620114][T20936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 950.620128][T20936] Call Trace: [ 950.620135][T20936] [ 950.620144][T20936] dump_stack_lvl+0x16c/0x1f0 [ 950.620184][T20936] should_fail_ex+0x50a/0x650 [ 950.620211][T20936] ? fs_reclaim_acquire+0xae/0x150 [ 950.620248][T20936] should_failslab+0xc2/0x120 [ 950.620275][T20936] __kmalloc_noprof+0xce/0x4f0 [ 950.620298][T20936] ? d_absolute_path+0x137/0x1b0 [ 950.620326][T20936] ? tomoyo_encode2+0x100/0x3e0 [ 950.620358][T20936] tomoyo_encode2+0x100/0x3e0 [ 950.620390][T20936] tomoyo_realpath_from_path+0x1a7/0x710 [ 950.620420][T20936] ? tomoyo_path_number_perm+0x235/0x5b0 [ 950.620446][T20936] tomoyo_path_number_perm+0x248/0x5b0 [ 950.620468][T20936] ? tomoyo_path_number_perm+0x235/0x5b0 [ 950.620495][T20936] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 950.620549][T20936] ? __pfx_lock_release+0x10/0x10 [ 950.620574][T20936] ? trace_lock_acquire+0x14e/0x1f0 [ 950.620597][T20936] ? lock_acquire+0x2f/0xb0 [ 950.620617][T20936] ? __fget_files+0x40/0x3a0 [ 950.620642][T20936] ? __fget_files+0x206/0x3a0 [ 950.620669][T20936] security_file_ioctl+0x9b/0x240 [ 950.620706][T20936] __x64_sys_ioctl+0xb7/0x200 [ 950.620755][T20936] do_syscall_64+0xcd/0x250 [ 950.620784][T20936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.620815][T20936] RIP: 0033:0x7fb7c4d8cde9 [ 950.620834][T20936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 950.620860][T20936] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 950.620882][T20936] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 950.620897][T20936] RDX: 0000000000000005 RSI: 00000000400454cb RDI: 00000000000000c8 [ 950.620911][T20936] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 950.620925][T20936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 950.620938][T20936] R13: 0000000000000001 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 950.620969][T20936] [ 950.620987][T20936] ERROR: Out of memory at tomoyo_realpath_from_path. [ 950.861277][T20936] syz_tun: tun_chr_ioctl cmd 1074025675 [ 950.883280][T20936] syz_tun: persist enabled [ 951.009036][T20941] syz_tun: tun_chr_ioctl cmd 1074025677 [ 951.039121][T20941] syz_tun: Linktype set failed because interface is up [ 952.336274][T20952] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 952.342989][T20952] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 952.389584][T20952] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 952.420707][T20952] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 953.849665][ T5847] Bluetooth: hci4: command 0x041b tx timeout [ 954.022009][T20989] syz_tun: tun_chr_ioctl cmd 1074025673 [ 954.311753][T20998] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3933'. [ 954.420184][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout [ 954.427648][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout [ 954.499808][T21003] Bluetooth: hci3: command 0x0406 tx timeout [ 955.334544][T21023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3938'. [ 956.163448][T21050] syz_tun: tun_chr_ioctl cmd 1074025673 [ 957.117877][T21091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3949'. [ 957.738794][T21106] FAULT_INJECTION: forcing a failure. [ 957.738794][T21106] name failslab, interval 1, probability 0, space 0, times 0 [ 957.752966][T21106] CPU: 0 UID: 0 PID: 21106 Comm: syz.2.3952 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 957.752997][T21106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 957.753010][T21106] Call Trace: [ 957.753017][T21106] [ 957.753026][T21106] dump_stack_lvl+0x16c/0x1f0 [ 957.753064][T21106] should_fail_ex+0x50a/0x650 [ 957.753096][T21106] should_failslab+0xc2/0x120 [ 957.753125][T21106] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 957.753152][T21106] ? skb_clone+0x190/0x3f0 [ 957.753181][T21106] skb_clone+0x190/0x3f0 [ 957.753206][T21106] netlink_deliver_tap+0xafd/0xca0 [ 957.753244][T21106] netlink_unicast+0x5e1/0x7f0 [ 957.753278][T21106] ? __pfx_netlink_unicast+0x10/0x10 [ 957.753311][T21106] ? __phys_addr_symbol+0x30/0x80 [ 957.753343][T21106] ? __check_object_size+0x488/0x710 [ 957.753375][T21106] netlink_sendmsg+0x8b8/0xd70 [ 957.753411][T21106] ? __pfx_netlink_sendmsg+0x10/0x10 [ 957.753455][T21106] ____sys_sendmsg+0x9ae/0xb40 [ 957.753485][T21106] ? copy_msghdr_from_user+0x10b/0x160 [ 957.753509][T21106] ? __pfx_____sys_sendmsg+0x10/0x10 [ 957.753554][T21106] ___sys_sendmsg+0x135/0x1e0 [ 957.753581][T21106] ? __pfx____sys_sendmsg+0x10/0x10 [ 957.753620][T21106] ? __pfx_lock_release+0x10/0x10 [ 957.753646][T21106] ? trace_lock_acquire+0x14e/0x1f0 [ 957.753679][T21106] ? __fget_files+0x206/0x3a0 [ 957.753711][T21106] __sys_sendmsg+0x16e/0x220 [ 957.753735][T21106] ? __pfx___sys_sendmsg+0x10/0x10 [ 957.753781][T21106] do_syscall_64+0xcd/0x250 [ 957.753812][T21106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.753843][T21106] RIP: 0033:0x7f08b718cde9 [ 957.753861][T21106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 957.753883][T21106] RSP: 002b:00007f08b7f4b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 957.753903][T21106] RAX: ffffffffffffffda RBX: 00007f08b73a5fa0 RCX: 00007f08b718cde9 [ 957.753919][T21106] RDX: 000000000000c800 RSI: 0000400000000000 RDI: 0000000000000003 [ 957.753932][T21106] RBP: 00007f08b7f4b090 R08: 0000000000000000 R09: 0000000000000000 [ 957.753947][T21106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 957.753961][T21106] R13: 0000000000000000 R14: 00007f08b73a5fa0 R15: 00007fffd6195ac8 [ 957.753993][T21106] [ 958.761373][T21125] ptrace attach of "./syz-executor exec"[14682] was attempted by "./syz-executor exec"[21125] [ 958.832184][T21128] syz_tun: tun_chr_ioctl cmd 1074025673 [ 959.837783][T21159] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3967'. [ 960.171448][T21164] FAULT_INJECTION: forcing a failure. [ 960.171448][T21164] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 960.249528][T21164] CPU: 1 UID: 0 PID: 21164 Comm: syz.0.3968 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 960.249558][T21164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 960.249570][T21164] Call Trace: [ 960.249576][T21164] [ 960.249584][T21164] dump_stack_lvl+0x16c/0x1f0 [ 960.249628][T21164] should_fail_ex+0x50a/0x650 [ 960.249657][T21164] _copy_from_user+0x2e/0xd0 [ 960.249686][T21164] copy_msghdr_from_user+0x99/0x160 [ 960.249708][T21164] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 960.249744][T21164] ___sys_sendmsg+0xff/0x1e0 [ 960.249765][T21164] ? __pfx____sys_sendmsg+0x10/0x10 [ 960.249799][T21164] ? __pfx_lock_release+0x10/0x10 [ 960.249821][T21164] ? trace_lock_acquire+0x14e/0x1f0 [ 960.249850][T21164] ? __fget_files+0x206/0x3a0 [ 960.249879][T21164] __sys_sendmsg+0x16e/0x220 [ 960.249901][T21164] ? __pfx___sys_sendmsg+0x10/0x10 [ 960.249941][T21164] do_syscall_64+0xcd/0x250 [ 960.249962][T21164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 960.249988][T21164] RIP: 0033:0x7fb7c4d8cde9 [ 960.250006][T21164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 960.250025][T21164] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 960.250044][T21164] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 960.250058][T21164] RDX: 0000000010004010 RSI: 0000400000000100 RDI: 0000000000000003 [ 960.250070][T21164] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 960.250082][T21164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 960.250093][T21164] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 960.250120][T21164] [ 960.672305][T21168] FAULT_INJECTION: forcing a failure. [ 960.672305][T21168] name failslab, interval 1, probability 0, space 0, times 0 [ 960.737577][T21168] CPU: 0 UID: 0 PID: 21168 Comm: syz.0.3970 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 960.737616][T21168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 960.737631][T21168] Call Trace: [ 960.737639][T21168] [ 960.737649][T21168] dump_stack_lvl+0x16c/0x1f0 [ 960.737693][T21168] should_fail_ex+0x50a/0x650 [ 960.737722][T21168] ? fs_reclaim_acquire+0xae/0x150 [ 960.737763][T21168] should_failslab+0xc2/0x120 [ 960.737796][T21168] __kmalloc_noprof+0xce/0x4f0 [ 960.737822][T21168] ? lsm_blob_alloc+0x68/0x90 [ 960.737860][T21168] lsm_blob_alloc+0x68/0x90 [ 960.737891][T21168] security_sk_alloc+0x30/0x270 [ 960.737927][T21168] sk_prot_alloc+0xfb/0x2a0 [ 960.737960][T21168] sk_alloc+0x36/0xb90 [ 960.737986][T21168] inet6_create+0x380/0x1320 [ 960.738026][T21168] ? inet6_create+0x5d/0x1320 [ 960.738064][T21168] __sock_create+0x335/0x8d0 [ 960.738101][T21168] inet_ctl_sock_create+0x96/0x230 [ 960.738134][T21168] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 960.738166][T21168] ? do_init_timer+0xc9/0x110 [ 960.738204][T21168] ? __pfx_sctp_ctrlsock_init+0x10/0x10 [ 960.738230][T21168] sctp_ctrlsock_init+0x40/0xf0 [ 960.738254][T21168] ops_init+0x1df/0x5f0 [ 960.738285][T21168] setup_net+0x21f/0x860 [ 960.738313][T21168] ? __pfx_setup_net+0x10/0x10 [ 960.738337][T21168] ? down_read_killable+0xcc/0x380 [ 960.738363][T21168] ? __pfx_down_read_killable+0x10/0x10 [ 960.738390][T21168] ? debug_mutex_init+0x37/0x70 [ 960.738429][T21168] copy_net_ns+0x2b4/0x6c0 [ 960.738462][T21168] create_new_namespaces+0x3ea/0xad0 [ 960.738504][T21168] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 960.738538][T21168] ksys_unshare+0x45d/0xa40 [ 960.738586][T21168] ? __pfx_ksys_unshare+0x10/0x10 [ 960.738622][T21168] ? xfd_validate_state+0x5d/0x180 [ 960.738665][T21168] __x64_sys_unshare+0x31/0x40 [ 960.738699][T21168] do_syscall_64+0xcd/0x250 [ 960.738725][T21168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 960.738756][T21168] RIP: 0033:0x7fb7c4d8cde9 [ 960.738775][T21168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 960.738798][T21168] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 960.738820][T21168] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 960.738836][T21168] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 960.738850][T21168] RBP: 00007fb7c4e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 960.738865][T21168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 960.738878][T21168] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 960.738911][T21168] [ 961.443986][T21178] CIFS: VFS: Invalid SecurityFlags: 0 [ 961.443986][T21178] [ 961.476579][T21180] FAULT_INJECTION: forcing a failure. [ 961.476579][T21180] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 961.509488][T21180] CPU: 1 UID: 0 PID: 21180 Comm: syz.4.3972 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 961.509530][T21180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 961.509544][T21180] Call Trace: [ 961.509551][T21180] [ 961.509560][T21180] dump_stack_lvl+0x16c/0x1f0 [ 961.509600][T21180] should_fail_ex+0x50a/0x650 [ 961.509626][T21180] ? __pfx___might_resched+0x10/0x10 [ 961.509659][T21180] should_fail_alloc_page+0xe7/0x130 [ 961.509690][T21180] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 961.509732][T21180] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 961.509761][T21180] ? __pfx_mark_lock+0x10/0x10 [ 961.509800][T21180] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 961.509825][T21180] ? mark_lock+0xb5/0xc60 [ 961.509851][T21180] ? hlock_class+0x4e/0x130 [ 961.509901][T21180] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 961.509933][T21180] ? policy_nodemask+0xea/0x4e0 [ 961.509964][T21180] alloc_pages_mpol+0x1fc/0x540 [ 961.509993][T21180] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 961.510019][T21180] ? find_held_lock+0x2d/0x110 [ 961.510057][T21180] alloc_pages_noprof+0x131/0x390 [ 961.510086][T21180] __pmd_alloc+0x3f/0x870 [ 961.510117][T21180] __handle_mm_fault+0x9fb/0x2c60 [ 961.510153][T21180] ? __pfx___handle_mm_fault+0x10/0x10 [ 961.510177][T21180] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 961.510223][T21180] ? find_vma+0xc0/0x140 [ 961.510255][T21180] ? __pfx_find_vma+0x10/0x10 [ 961.510292][T21180] handle_mm_fault+0x3fa/0xaa0 [ 961.510325][T21180] do_user_addr_fault+0x7a3/0x13f0 [ 961.510362][T21180] exc_page_fault+0x5c/0xc0 [ 961.510396][T21180] asm_exc_page_fault+0x26/0x30 [ 961.510426][T21180] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 961.510455][T21180] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 961.510477][T21180] RSP: 0018:ffffc9000483fb88 EFLAGS: 00050206 [ 961.510495][T21180] RAX: 0000000000000001 RBX: 0000000000000004 RCX: 0000000000000003 [ 961.510515][T21180] RDX: ffffed1005144818 RSI: 0000000000000004 RDI: ffff888028a240c0 [ 961.510530][T21180] RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed1005144818 [ 961.510545][T21180] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000 [ 961.510558][T21180] R13: ffff888028a240c0 R14: dffffc0000000000 R15: 0000000000000003 [ 961.510591][T21180] _copy_from_user+0x98/0xd0 [ 961.510624][T21180] generic_map_delete_batch+0x43e/0x6f0 [ 961.510651][T21180] ? lock_acquire+0x2f/0xb0 [ 961.510682][T21180] ? __pfx_generic_map_delete_batch+0x10/0x10 [ 961.510709][T21180] ? __fget_files+0x206/0x3a0 [ 961.510739][T21180] ? __pfx_generic_map_delete_batch+0x10/0x10 [ 961.510768][T21180] bpf_map_do_batch+0x294/0x640 [ 961.510797][T21180] __sys_bpf+0x5fe/0x57a0 [ 961.510823][T21180] ? __pfx_lock_release+0x10/0x10 [ 961.510853][T21180] ? __pfx___sys_bpf+0x10/0x10 [ 961.510879][T21180] ? vfs_write+0x306/0x1150 [ 961.510909][T21180] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 961.510963][T21180] ? fput+0x67/0x440 [ 961.510991][T21180] ? ksys_write+0x1ba/0x250 [ 961.511013][T21180] ? __pfx_ksys_write+0x10/0x10 [ 961.511043][T21180] __x64_sys_bpf+0x78/0xc0 [ 961.511071][T21180] ? lockdep_hardirqs_on+0x7c/0x110 [ 961.511102][T21180] do_syscall_64+0xcd/0x250 [ 961.511127][T21180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 961.511156][T21180] RIP: 0033:0x7f567ef8cde9 [ 961.511174][T21180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 961.511195][T21180] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 961.511215][T21180] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 961.511231][T21180] RDX: 0000000000000092 RSI: 0000400000000380 RDI: 000000000000001b [ 961.511244][T21180] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 961.511258][T21180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 961.511272][T21180] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 961.511304][T21180] [ 962.325291][T21187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3974'. [ 962.983373][T21205] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 963.037329][T21205] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 963.059715][T21205] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 963.145381][T21205] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 964.752091][T21204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3978'. [ 965.050951][T21003] Bluetooth: hci1: command 0x0c1a tx timeout [ 965.057070][T15351] Bluetooth: hci4: command 0x041b tx timeout [ 965.110855][T21224] syz_tun: tun_chr_ioctl cmd 1074025673 [ 965.129819][T15351] Bluetooth: hci0: command 0x0c1a tx timeout [ 965.209484][T15351] Bluetooth: hci3: command 0x0406 tx timeout [ 965.245354][T21229] FAULT_INJECTION: forcing a failure. [ 965.245354][T21229] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 965.279276][T21229] CPU: 1 UID: 0 PID: 21229 Comm: syz.2.3983 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 965.279312][T21229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 965.279329][T21229] Call Trace: [ 965.279335][T21229] [ 965.279344][T21229] dump_stack_lvl+0x16c/0x1f0 [ 965.279380][T21229] should_fail_ex+0x50a/0x650 [ 965.279409][T21229] _copy_from_user+0x2e/0xd0 [ 965.279440][T21229] copy_msghdr_from_user+0x99/0x160 [ 965.279474][T21229] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 965.279501][T21229] ? __pfx___lock_acquire+0x10/0x10 [ 965.279534][T21229] ___sys_recvmsg+0xdc/0x1a0 [ 965.279558][T21229] ? __pfx____sys_recvmsg+0x10/0x10 [ 965.279583][T21229] ? __pfx_lock_release+0x10/0x10 [ 965.279608][T21229] ? trace_lock_acquire+0x14e/0x1f0 [ 965.279652][T21229] do_recvmmsg+0x2f8/0x740 [ 965.279679][T21229] ? __pfx_do_recvmmsg+0x10/0x10 [ 965.279700][T21229] ? vfs_write+0x306/0x1150 [ 965.279730][T21229] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 965.279774][T21229] ? __fget_files+0x206/0x3a0 [ 965.279804][T21229] __x64_sys_recvmmsg+0x239/0x290 [ 965.279831][T21229] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 965.279865][T21229] do_syscall_64+0xcd/0x250 [ 965.279888][T21229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 965.279919][T21229] RIP: 0033:0x7f08b718cde9 [ 965.279937][T21229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 965.279959][T21229] RSP: 002b:00007f08b7f2a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 965.279982][T21229] RAX: ffffffffffffffda RBX: 00007f08b73a6080 RCX: 00007f08b718cde9 [ 965.279997][T21229] RDX: 000000000000010a RSI: 0000400000000140 RDI: 0000000000000003 [ 965.280012][T21229] RBP: 00007f08b7f2a090 R08: 0000000000000000 R09: 0000000000000000 [ 965.280026][T21229] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 965.280039][T21229] R13: 0000000000000001 R14: 00007f08b73a6080 R15: 00007fffd6195ac8 [ 965.280068][T21229] [ 967.665866][T21256] syz_tun: tun_chr_ioctl cmd 1074025675 [ 967.681204][T21256] syz_tun: persist disabled [ 967.690522][T21264] FAULT_INJECTION: forcing a failure. [ 967.690522][T21264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 967.748740][T21264] CPU: 1 UID: 0 PID: 21264 Comm: syz.4.3993 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 967.748773][T21264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 967.748786][T21264] Call Trace: [ 967.748792][T21264] [ 967.748801][T21264] dump_stack_lvl+0x16c/0x1f0 [ 967.748837][T21264] should_fail_ex+0x50a/0x650 [ 967.748865][T21264] _copy_from_user+0x2e/0xd0 [ 967.748896][T21264] semctl_main+0xf1a/0x2ac0 [ 967.748938][T21264] ? __pfx_semctl_main+0x10/0x10 [ 967.749030][T21264] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 967.749074][T21264] ksys_semctl.constprop.0+0x277/0x2e0 [ 967.749109][T21264] ? __fget_files+0x206/0x3a0 [ 967.749133][T21264] ? __pfx_ksys_semctl.constprop.0+0x10/0x10 [ 967.749188][T21264] do_syscall_64+0xcd/0x250 [ 967.749212][T21264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.749241][T21264] RIP: 0033:0x7f567ef8cde9 [ 967.749259][T21264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 967.749281][T21264] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000042 [ 967.749302][T21264] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 967.749317][T21264] RDX: 0000000000000011 RSI: 0000000000008001 RDI: 0000000000000002 [ 967.749333][T21264] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 967.749345][T21264] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 967.749356][T21264] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 967.749382][T21264] [ 968.234968][T21272] syz_tun: tun_chr_ioctl cmd 1074025673 [ 970.690838][T21320] Process accounting resumed [ 972.873593][T21346] netlink: 'syz.1.4018': attribute type 21 has an invalid length. [ 972.904245][T21346] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4018'. [ 975.531265][T21373] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4023'. [ 976.913525][T21373] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 976.971990][T21373] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 977.001668][T21373] bond0 (unregistering): Released all slaves [ 977.085823][T21399] syz_tun: tun_chr_ioctl cmd 1074025673 [ 978.012783][T21416] FAULT_INJECTION: forcing a failure. [ 978.012783][T21416] name failslab, interval 1, probability 0, space 0, times 0 [ 978.124774][T21416] CPU: 1 UID: 0 PID: 21416 Comm: syz.4.4031 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 978.124811][T21416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 978.124827][T21416] Call Trace: [ 978.124834][T21416] [ 978.124845][T21416] dump_stack_lvl+0x16c/0x1f0 [ 978.124888][T21416] should_fail_ex+0x50a/0x650 [ 978.124917][T21416] ? fs_reclaim_acquire+0xae/0x150 [ 978.124958][T21416] should_failslab+0xc2/0x120 [ 978.124988][T21416] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 978.125016][T21416] ? __alloc_skb+0x2b3/0x380 [ 978.125043][T21416] __alloc_skb+0x2b3/0x380 [ 978.125065][T21416] ? __pfx___alloc_skb+0x10/0x10 [ 978.125086][T21416] ? __lock_acquire+0xcc5/0x3c40 [ 978.125124][T21416] alloc_skb_with_frags+0xe4/0x850 [ 978.125152][T21416] ? __pfx___lock_acquire+0x10/0x10 [ 978.125179][T21416] ? aa_label_sk_perm+0x19d/0x5a0 [ 978.125207][T21416] sock_alloc_send_pskb+0x7f1/0x980 [ 978.125243][T21416] ? hlock_class+0x4e/0x130 [ 978.125286][T21416] ? __lock_acquire+0x15a9/0x3c40 [ 978.125323][T21416] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 978.125360][T21416] ? __pfx_lock_release+0x10/0x10 [ 978.125402][T21416] unix_dgram_sendmsg+0x41f/0x17e0 [ 978.125441][T21416] ? aa_sk_perm+0x2f5/0xb20 [ 978.125463][T21416] ? __pfx_lock_release+0x10/0x10 [ 978.125490][T21416] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 978.125522][T21416] ? __pfx_aa_sk_perm+0x10/0x10 [ 978.125557][T21416] ____sys_sendmsg+0x9ae/0xb40 [ 978.125588][T21416] ? copy_msghdr_from_user+0x10b/0x160 [ 978.125613][T21416] ? __pfx_____sys_sendmsg+0x10/0x10 [ 978.125643][T21416] ? __lock_acquire+0xcc5/0x3c40 [ 978.125673][T21416] ? hlock_class+0x4e/0x130 [ 978.125706][T21416] ? __lock_acquire+0x15a9/0x3c40 [ 978.125740][T21416] ___sys_sendmsg+0x135/0x1e0 [ 978.125767][T21416] ? __pfx____sys_sendmsg+0x10/0x10 [ 978.125789][T21416] ? __pfx___lock_acquire+0x10/0x10 [ 978.125845][T21416] ? __pfx___might_resched+0x10/0x10 [ 978.125874][T21416] ? __might_fault+0xe3/0x190 [ 978.125909][T21416] __sys_sendmmsg+0x201/0x420 [ 978.125938][T21416] ? __pfx___sys_sendmmsg+0x10/0x10 [ 978.125972][T21416] ? __pfx_do_futex+0x10/0x10 [ 978.126010][T21416] ? xfd_validate_state+0x5d/0x180 [ 978.126040][T21416] ? rcu_is_watching+0x12/0xc0 [ 978.126080][T21416] __x64_sys_sendmmsg+0x9c/0x100 [ 978.126105][T21416] ? lockdep_hardirqs_on+0x7c/0x110 [ 978.126140][T21416] do_syscall_64+0xcd/0x250 [ 978.126165][T21416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 978.126197][T21416] RIP: 0033:0x7f567ef8cde9 [ 978.126217][T21416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 978.126241][T21416] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 978.126265][T21416] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 978.126289][T21416] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 978.126304][T21416] RBP: 00007f567f00e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 978.126320][T21416] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000000 [ 978.126335][T21416] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 978.126366][T21416] [ 979.581009][T21427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4036'. [ 981.331314][T21472] syz_tun: tun_chr_ioctl cmd 1074025678 [ 981.347196][T21472] syz_tun: group set to 23693 [ 981.409812][T21471] netlink: 'syz.0.4044': attribute type 2 has an invalid length. [ 981.754269][T21482] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4044'. [ 981.777041][T21474] zswap: compressor not available [ 982.545763][T21471] netlink: 'syz.0.4044': attribute type 2 has an invalid length. [ 983.172942][T21514] FAULT_INJECTION: forcing a failure. [ 983.172942][T21514] name failslab, interval 1, probability 0, space 0, times 0 [ 983.200443][T21515] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4056'. [ 983.235148][T21514] CPU: 0 UID: 0 PID: 21514 Comm: syz.0.4055 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 983.235179][T21514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 983.235192][T21514] Call Trace: [ 983.235199][T21514] [ 983.235208][T21514] dump_stack_lvl+0x16c/0x1f0 [ 983.235247][T21514] should_fail_ex+0x50a/0x650 [ 983.235274][T21514] ? fs_reclaim_acquire+0xae/0x150 [ 983.235310][T21514] should_failslab+0xc2/0x120 [ 983.235339][T21514] __kmalloc_cache_node_noprof+0x6f/0x3f0 [ 983.235366][T21514] ? __get_vm_area_node+0x101/0x2f0 [ 983.235403][T21514] __get_vm_area_node+0x101/0x2f0 [ 983.235436][T21514] ? vb2_fop_read+0x213/0x3e0 [ 983.235469][T21514] __vmalloc_node_range_noprof+0x26a/0x1530 [ 983.235493][T21514] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.235536][T21514] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.235576][T21514] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 983.235610][T21514] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.235643][T21514] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 983.235674][T21514] vmalloc_user_noprof+0x6b/0x90 [ 983.235696][T21514] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.235727][T21514] vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.235763][T21514] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 983.235794][T21514] __vb2_queue_alloc+0x896/0x1230 [ 983.235843][T21514] vb2_core_reqbufs+0xa73/0xfb0 [ 983.235883][T21514] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 983.235941][T21514] __vb2_init_fileio+0x3f3/0x1110 [ 983.235974][T21514] ? __mutex_lock+0x1cc/0xb10 [ 983.235999][T21514] ? vb2_fop_read+0xe2/0x3e0 [ 983.236032][T21514] __vb2_perform_fileio+0x9de/0x1620 [ 983.236074][T21514] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 983.236118][T21514] vb2_fop_read+0x213/0x3e0 [ 983.236155][T21514] v4l2_read+0x226/0x360 [ 983.236185][T21514] ? __pfx_v4l2_read+0x10/0x10 [ 983.236212][T21514] vfs_read+0x1df/0xbf0 [ 983.236236][T21514] ? __fget_files+0x1fc/0x3a0 [ 983.236259][T21514] ? __pfx_lock_release+0x10/0x10 [ 983.236288][T21514] ? __pfx_vfs_read+0x10/0x10 [ 983.236312][T21514] ? lock_acquire+0x2f/0xb0 [ 983.236336][T21514] ? __fget_files+0x40/0x3a0 [ 983.236364][T21514] ? __fget_files+0x206/0x3a0 [ 983.236396][T21514] ksys_read+0x12b/0x250 [ 983.236417][T21514] ? __pfx_ksys_read+0x10/0x10 [ 983.236448][T21514] do_syscall_64+0xcd/0x250 [ 983.236471][T21514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 983.236501][T21514] RIP: 0033:0x7fb7c4d8cde9 [ 983.236519][T21514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 983.236539][T21514] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 983.236560][T21514] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 983.236574][T21514] RDX: 0000000000070800 RSI: 0000400000000000 RDI: 0000000000000003 [ 983.236588][T21514] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 983.236602][T21514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 983.236615][T21514] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 983.236646][T21514] [ 983.557019][T21514] syz.0.4055: vmalloc error: size 462848, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 983.574981][T21514] CPU: 1 UID: 0 PID: 21514 Comm: syz.0.4055 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 983.575014][T21514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 983.575027][T21514] Call Trace: [ 983.575034][T21514] [ 983.575043][T21514] dump_stack_lvl+0x16c/0x1f0 [ 983.575083][T21514] warn_alloc+0x24d/0x3a0 [ 983.575113][T21514] ? __pfx_warn_alloc+0x10/0x10 [ 983.575144][T21514] ? __kmalloc_cache_node_noprof+0x245/0x3f0 [ 983.575173][T21514] ? __kasan_kmalloc+0x8a/0xb0 [ 983.575204][T21514] ? __get_vm_area_node+0x1dc/0x2f0 [ 983.575247][T21514] __vmalloc_node_range_noprof+0xd24/0x1530 [ 983.575284][T21514] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.575327][T21514] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 983.575362][T21514] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.575395][T21514] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 983.575426][T21514] vmalloc_user_noprof+0x6b/0x90 [ 983.575450][T21514] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.575483][T21514] vb2_vmalloc_alloc+0x11e/0x3d0 [ 983.575519][T21514] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 983.575550][T21514] __vb2_queue_alloc+0x896/0x1230 [ 983.575601][T21514] vb2_core_reqbufs+0xa73/0xfb0 [ 983.575640][T21514] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 983.575692][T21514] __vb2_init_fileio+0x3f3/0x1110 [ 983.575724][T21514] ? __mutex_lock+0x1cc/0xb10 [ 983.575749][T21514] ? vb2_fop_read+0xe2/0x3e0 [ 983.575782][T21514] __vb2_perform_fileio+0x9de/0x1620 [ 983.575824][T21514] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 983.575874][T21514] vb2_fop_read+0x213/0x3e0 [ 983.575910][T21514] v4l2_read+0x226/0x360 [ 983.575936][T21514] ? __pfx_v4l2_read+0x10/0x10 [ 983.575963][T21514] vfs_read+0x1df/0xbf0 [ 983.575986][T21514] ? __fget_files+0x1fc/0x3a0 [ 983.576011][T21514] ? __pfx_lock_release+0x10/0x10 [ 983.576039][T21514] ? __pfx_vfs_read+0x10/0x10 [ 983.576062][T21514] ? lock_acquire+0x2f/0xb0 [ 983.576087][T21514] ? __fget_files+0x40/0x3a0 [ 983.576115][T21514] ? __fget_files+0x206/0x3a0 [ 983.576148][T21514] ksys_read+0x12b/0x250 [ 983.576171][T21514] ? __pfx_ksys_read+0x10/0x10 [ 983.576204][T21514] do_syscall_64+0xcd/0x250 [ 983.576229][T21514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 983.576259][T21514] RIP: 0033:0x7fb7c4d8cde9 [ 983.576277][T21514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 983.576300][T21514] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 983.576321][T21514] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 983.576337][T21514] RDX: 0000000000070800 RSI: 0000400000000000 RDI: 0000000000000003 [ 983.576351][T21514] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 983.576365][T21514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 983.576379][T21514] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 983.576404][T21514] [ 983.576410][T21514] Mem-Info: [ 983.918759][T21514] active_anon:45566 inactive_anon:1 isolated_anon:0 [ 983.918759][T21514] active_file:6729 inactive_file:53760 isolated_file:0 [ 983.918759][T21514] unevictable:1665 dirty:1327 writeback:0 [ 983.918759][T21514] slab_reclaimable:11594 slab_unreclaimable:108984 [ 983.918759][T21514] mapped:26913 shmem:18752 pagetables:1047 [ 983.918759][T21514] sec_pagetables:0 bounce:0 [ 983.918759][T21514] kernel_misc_reclaimable:0 [ 983.918759][T21514] free:1270766 free_pcp:5719 free_cma:0 [ 983.990788][T21514] Node 0 active_anon:179096kB inactive_anon:4kB active_file:26916kB inactive_file:214936kB unevictable:5224kB isolated(anon):0kB isolated(file):0kB mapped:102852kB dirty:5308kB writeback:0kB shmem:70424kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11320kB pagetables:4188kB sec_pagetables:0kB all_unreclaimable? no [ 984.025645][T21514] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 984.067492][T21514] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 984.138209][T21514] lowmem_reserve[]: 0 2490 2491 0 0 [ 984.177645][T21514] Node 0 DMA32 free:1177732kB boost:0kB min:34416kB low:43020kB high:51624kB reserved_highatomic:0KB active_anon:171060kB inactive_anon:4kB active_file:26916kB inactive_file:216016kB unevictable:3824kB writepending:5008kB present:3129332kB managed:2550580kB mlocked:2296kB bounce:0kB free_pcp:18660kB local_pcp:860kB free_cma:0kB [ 984.309697][T21514] lowmem_reserve[]: 0 0 0 0 0 [ 984.314507][T21514] Node 0 Normal free:4kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 984.399464][T21514] lowmem_reserve[]: 0 0 0 0 0 [ 984.404680][T21514] Node 1 Normal free:3895584kB boost:0kB min:55476kB low:69344kB high:83212kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:11564kB local_pcp:6144kB free_cma:0kB [ 984.456288][T21535] [U] -1 [ 984.459224][T21535] [U] [ 984.461948][T21535] [U] [ 984.464669][T21535] [U] [ 984.467388][T21535] [U] [ 984.509619][T21514] lowmem_reserve[]: 0 0 0 0 0 [ 984.514417][T21514] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 984.539547][T21535] [U] [ 984.542310][T21535] [U] [ 984.545028][T21535] [U] [ 984.547742][T21535] [U] [ 984.592297][T21535] [U] [ 984.592365][T21535] [U] [ 984.592404][T21535] [U] [ 984.592443][T21535] [U] [ 984.592627][T21535] [U] [ 984.592665][T21535] [U] [ 984.592701][T21535] [U] [ 984.592751][T21535] [U] [ 984.592940][T21535] [U] [ 984.592979][T21535] [U] [ 984.593018][T21535] [U] [ 984.593057][T21535] [U] [ 984.593239][T21535] [U] [ 984.593280][T21535] [U] [ 984.593320][T21535] [U] [ 984.593362][T21535] [U] [ 984.593547][T21535] [U] [ 984.593590][T21535] [U] [ 984.593631][T21535] [U] [ 984.593672][T21535] [U] [ 984.593869][T21535] [U] [ 984.593912][T21535] [U] [ 984.593955][T21535] [U] [ 984.593999][T21535] [U] [ 984.594185][T21535] [U] [ 984.594226][T21535] [U] [ 984.594267][T21535] [U] [ 984.594309][T21535] [U] [ 984.594500][T21535] [U] [ 984.594540][T21535] [U] [ 984.594580][T21535] [U] [ 984.594620][T21535] [U] [ 984.594808][T21535] [U] [ 984.594843][T21535] [U] [ 984.594878][T21535] [U] [ 984.594920][T21535] [U] [ 984.595077][T21535] [U] [ 984.595113][T21535] [U] [ 984.595148][T21535] [U] [ 984.595187][T21535] [U] [ 984.595376][T21535] [U] [ 984.595419][T21535] [U] [ 984.595460][T21535] [U] [ 984.595501][T21535] [U] [ 984.595687][T21535] [U] [ 984.595728][T21535] [U] [ 984.595779][T21535] [U] [ 984.595822][T21535] [U] [ 984.596008][T21535] [U] [ 984.596049][T21535] [U] [ 984.596091][T21535] [U] [ 984.596133][T21535] [U] [ 984.596319][T21535] [U] [ 984.596360][T21535] [U] [ 984.596400][T21535] [U] [ 984.596442][T21535] [U] [ 984.596627][T21535] [U] [ 984.596669][T21535] [U] [ 984.596711][T21535] [U] [ 984.596758][T21535] [U] [ 984.596945][T21535] [U] [ 984.596986][T21535] [U] [ 984.597027][T21535] [U] [ 984.597069][T21535] [U] [ 984.597254][T21535] [U] [ 984.597296][T21535] [U] [ 984.597338][T21535] [U] [ 984.597380][T21535] [U] [ 984.597562][T21535] [U] [ 984.597605][T21535] [U] [ 984.597646][T21535] [U] [ 984.597687][T21535] [U] [ 984.597884][T21535] [U] [ 984.597926][T21535] [U] [ 984.597968][T21535] [U] [ 984.598009][T21535] [U] [ 984.598194][T21535] [U] [ 984.598236][T21535] [U] [ 984.598276][T21535] [U] [ 984.598318][T21535] [U] [ 984.598503][T21535] [U] [ 984.598544][T21535] [U] [ 984.598585][T21535] [U] [ 984.598626][T21535] [U] [ 984.598819][T21535] [U] [ 984.598860][T21535] [U] [ 984.598902][T21535] [U] [ 984.598945][T21535] [U] [ 984.599134][T21535] [U] [ 984.599176][T21535] [U] [ 984.599216][T21535] [U] [ 984.599257][T21535] [U] [ 984.621177][T21535] [U] [ 984.621226][T21535] [U] [ 984.621271][T21535] [U] [ 984.621313][T21535] [U] [ 984.621502][T21535] [U] [ 984.621543][T21535] [U] [ 984.621583][T21535] [U] [ 984.621624][T21535] [U] [ 984.621822][T21535] [U] [ 984.621866][T21535] [U] [ 984.621908][T21535] [U] [ 984.621949][T21535] [U] [ 984.622132][T21535] [U] [ 984.622172][T21535] [U] [ 984.622214][T21535] [U] [ 984.622256][T21535] [U] [ 984.622444][T21535] [U] [ 984.622486][T21535] [U] [ 984.622527][T21535] [U] [ 984.622567][T21535] [U] [ 984.622759][T21535] [U] [ 984.622801][T21535] [U] [ 984.622842][T21535] [U] [ 984.622884][T21535] [U] [ 984.623039][T21535] [U] [ 984.623082][T21535] [U] [ 984.623123][T21535] [U] [ 984.634259][T21514] Node 0 DMA32: 2047*4kB (UME) 3804*8kB (UME) 2665*16kB (UME) 1886*32kB (UME) 1408*64kB (UM) 675*128kB (UME) 494*256kB (UM) 291*512kB (UM) 127*1024kB (UME) 14*2048kB (UM) 108*4096kB (UME) = 1194668kB [ 984.634520][T21514] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 984.634664][T21514] Node 1 Normal: 183*4kB (UME) 56*8kB (UME) 36*16kB (UME) 192*32kB (UME) 93*64kB (UME) 34*128kB (UME) 19*256kB (UME) 8*512kB (UM) 8*1024kB (UME) 3*2048kB (UME) 941*4096kB (M) = 3895836kB [ 984.634897][T21514] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 984.634918][T21514] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 984.634938][T21514] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 984.634958][T21514] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 984.634978][T21514] 70976 total pagecache pages [ 984.634988][T21514] 39 pages in swap cache [ 984.634998][T21514] Free swap = 120692kB [ 984.635009][T21514] Total swap = 124996kB [ 984.635019][T21514] 2097051 pages RAM [ 984.635029][T21514] 0 pages HighMem/MovableOnly [ 984.635038][T21514] 427684 pages reserved [ 984.635048][T21514] 0 pages cma reserved [ 984.830736][T21534] [U] [ 985.607874][T21549] netlink: 'syz.0.4066': attribute type 21 has an invalid length. [ 985.639581][T21549] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4066'. [ 985.981564][T21561] syz_tun: tun_chr_ioctl cmd 1074025673 [ 986.249623][T21568] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4071'. [ 986.278370][T21534] sctp: [Deprecated]: syz.2.4062 (pid 21534) Use of int in maxseg socket option. [ 986.278370][T21534] Use struct sctp_assoc_value instead [ 988.324747][T21646] syz_tun: tun_chr_ioctl cmd 1074025673 [ 989.373283][T21655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4088'. [ 990.452320][T21668] Process accounting resumed [ 990.988891][T21685] syz_tun: tun_chr_ioctl cmd 1074025673 [ 991.329913][T21689] FAULT_INJECTION: forcing a failure. [ 991.329913][T21689] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 991.351633][T21689] CPU: 1 UID: 0 PID: 21689 Comm: syz.4.4098 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 991.351665][T21689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 991.351679][T21689] Call Trace: [ 991.351686][T21689] [ 991.351694][T21689] dump_stack_lvl+0x16c/0x1f0 [ 991.351734][T21689] should_fail_ex+0x50a/0x650 [ 991.351787][T21689] _copy_from_iter+0x29b/0x1400 [ 991.351817][T21689] ? trace_lock_acquire+0x14e/0x1f0 [ 991.351837][T21689] ? __alloc_skb+0x200/0x380 [ 991.351860][T21689] ? __pfx__copy_from_iter+0x10/0x10 [ 991.351897][T21689] ? __virt_addr_valid+0x1a4/0x590 [ 991.351922][T21689] ? __virt_addr_valid+0x5e/0x590 [ 991.351942][T21689] ? __phys_addr_symbol+0x30/0x80 [ 991.351974][T21689] ? __check_object_size+0x488/0x710 [ 991.352004][T21689] netlink_sendmsg+0x813/0xd70 [ 991.352039][T21689] ? __pfx_netlink_sendmsg+0x10/0x10 [ 991.352078][T21689] ____sys_sendmsg+0x9ae/0xb40 [ 991.352107][T21689] ? copy_msghdr_from_user+0x10b/0x160 [ 991.352131][T21689] ? __pfx_____sys_sendmsg+0x10/0x10 [ 991.352175][T21689] ___sys_sendmsg+0x135/0x1e0 [ 991.352199][T21689] ? __pfx____sys_sendmsg+0x10/0x10 [ 991.352233][T21689] ? __pfx_lock_release+0x10/0x10 [ 991.352256][T21689] ? trace_lock_acquire+0x14e/0x1f0 [ 991.352286][T21689] ? __fget_files+0x206/0x3a0 [ 991.352314][T21689] __sys_sendmsg+0x16e/0x220 [ 991.352336][T21689] ? __pfx___sys_sendmsg+0x10/0x10 [ 991.352374][T21689] do_syscall_64+0xcd/0x250 [ 991.352395][T21689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 991.352423][T21689] RIP: 0033:0x7f567ef8cde9 [ 991.352440][T21689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 991.352459][T21689] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 991.352479][T21689] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 991.352493][T21689] RDX: 0000000004000000 RSI: 0000400000000140 RDI: 0000000000000003 [ 991.352505][T21689] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 991.352518][T21689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 991.352530][T21689] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 991.352557][T21689] [ 992.976868][T21712] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 993.531486][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.561106][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.707064][T21730] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4110'. [ 993.768480][T21728] FAULT_INJECTION: forcing a failure. [ 993.768480][T21728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 993.839070][T21728] CPU: 0 UID: 0 PID: 21728 Comm: syz.4.4109 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 993.839104][T21728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 993.839118][T21728] Call Trace: [ 993.839125][T21728] [ 993.839134][T21728] dump_stack_lvl+0x16c/0x1f0 [ 993.839174][T21728] should_fail_ex+0x50a/0x650 [ 993.839206][T21728] _copy_from_user+0x2e/0xd0 [ 993.839239][T21728] copy_msghdr_from_user+0x99/0x160 [ 993.839264][T21728] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 993.839287][T21728] ? __lock_acquire+0xcc5/0x3c40 [ 993.839318][T21728] ? hlock_class+0x4e/0x130 [ 993.839349][T21728] ? __lock_acquire+0x15a9/0x3c40 [ 993.839380][T21728] ___sys_sendmsg+0xff/0x1e0 [ 993.839405][T21728] ? __pfx____sys_sendmsg+0x10/0x10 [ 993.839426][T21728] ? __pfx___lock_acquire+0x10/0x10 [ 993.839479][T21728] ? __pfx___might_resched+0x10/0x10 [ 993.839507][T21728] ? __might_fault+0xe3/0x190 [ 993.839543][T21728] __sys_sendmmsg+0x201/0x420 [ 993.839571][T21728] ? __pfx___sys_sendmmsg+0x10/0x10 [ 993.839606][T21728] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 993.839653][T21728] ? fput+0x67/0x440 [ 993.839681][T21728] ? ksys_write+0x1ba/0x250 [ 993.839704][T21728] ? __pfx_ksys_write+0x10/0x10 [ 993.839732][T21728] __x64_sys_sendmmsg+0x9c/0x100 [ 993.839754][T21728] ? lockdep_hardirqs_on+0x7c/0x110 [ 993.839785][T21728] do_syscall_64+0xcd/0x250 [ 993.839810][T21728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 993.839840][T21728] RIP: 0033:0x7f567ef8cde9 [ 993.839858][T21728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 993.839880][T21728] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 993.839903][T21728] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 993.839919][T21728] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 993.839932][T21728] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 993.839947][T21728] R10: 0000000000003ec0 R11: 0000000000000246 R12: 0000000000000001 [ 993.839960][T21728] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 993.839990][T21728] [ 994.262538][T21743] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4112'. [ 994.418691][T21751] FAULT_INJECTION: forcing a failure. [ 994.418691][T21751] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 994.479449][T21751] CPU: 1 UID: 0 PID: 21751 Comm: syz.0.4114 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 994.479484][T21751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 994.479497][T21751] Call Trace: [ 994.479504][T21751] [ 994.479512][T21751] dump_stack_lvl+0x16c/0x1f0 [ 994.479552][T21751] should_fail_ex+0x50a/0x650 [ 994.479585][T21751] _copy_to_user+0x32/0xd0 [ 994.479626][T21751] simple_read_from_buffer+0xd0/0x160 [ 994.479663][T21751] proc_fail_nth_read+0x198/0x270 [ 994.479697][T21751] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 994.479729][T21751] ? rw_verify_area+0xcf/0x680 [ 994.479761][T21751] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 994.479792][T21751] vfs_read+0x1df/0xbf0 [ 994.479816][T21751] ? __fget_files+0x1fc/0x3a0 [ 994.479840][T21751] ? __pfx___mutex_lock+0x10/0x10 [ 994.479874][T21751] ? __pfx_vfs_read+0x10/0x10 [ 994.479905][T21751] ? __fget_files+0x206/0x3a0 [ 994.479937][T21751] ksys_read+0x12b/0x250 [ 994.479957][T21751] ? __pfx_ksys_read+0x10/0x10 [ 994.479987][T21751] do_syscall_64+0xcd/0x250 [ 994.480011][T21751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.480040][T21751] RIP: 0033:0x7fb7c4d8b7fc [ 994.480057][T21751] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 994.480078][T21751] RSP: 002b:00007fb7c5bcf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 994.480098][T21751] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8b7fc [ 994.480114][T21751] RDX: 000000000000000f RSI: 00007fb7c5bcf0a0 RDI: 0000000000000004 [ 994.480127][T21751] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 994.480140][T21751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 994.480153][T21751] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 994.480185][T21751] [ 994.717218][T21742] zero sized request [ 994.942920][T21765] futex_wake_op: syz.0.4118 tries to shift op by 64; fix this program [ 995.127236][T21767] netlink: 492 bytes leftover after parsing attributes in process `syz.2.4119'. [ 995.182884][T21772] netlink: 492 bytes leftover after parsing attributes in process `syz.2.4119'. [ 995.234720][T21767] netlink: 350 bytes leftover after parsing attributes in process `syz.2.4119'. [ 995.623987][T15351] Bluetooth: hci1: unexpected subevent 0x04 length: 122 > 11 [ 996.911778][T21805] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4127'. [ 996.929813][T21809] FAULT_INJECTION: forcing a failure. [ 996.929813][T21809] name failslab, interval 1, probability 0, space 0, times 0 [ 996.977273][T21809] CPU: 0 UID: 0 PID: 21809 Comm: syz.4.4129 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 996.977307][T21809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 996.977320][T21809] Call Trace: [ 996.977327][T21809] [ 996.977337][T21809] dump_stack_lvl+0x16c/0x1f0 [ 996.977377][T21809] should_fail_ex+0x50a/0x650 [ 996.977411][T21809] should_failslab+0xc2/0x120 [ 996.977441][T21809] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 996.977480][T21809] ? skb_clone+0x190/0x3f0 [ 996.977510][T21809] skb_clone+0x190/0x3f0 [ 996.977536][T21809] netlink_deliver_tap+0xafd/0xca0 [ 996.977575][T21809] netlink_unicast+0x5e1/0x7f0 [ 996.977614][T21809] ? __pfx_netlink_unicast+0x10/0x10 [ 996.977647][T21809] ? __phys_addr_symbol+0x30/0x80 [ 996.977681][T21809] ? __check_object_size+0x488/0x710 [ 996.977714][T21809] netlink_sendmsg+0x8b8/0xd70 [ 996.977750][T21809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 996.977795][T21809] ____sys_sendmsg+0x9ae/0xb40 [ 996.977826][T21809] ? copy_msghdr_from_user+0x10b/0x160 [ 996.977850][T21809] ? __pfx_____sys_sendmsg+0x10/0x10 [ 996.977896][T21809] ___sys_sendmsg+0x135/0x1e0 [ 996.977923][T21809] ? __pfx____sys_sendmsg+0x10/0x10 [ 996.977961][T21809] ? __pfx_lock_release+0x10/0x10 [ 996.977987][T21809] ? trace_lock_acquire+0x14e/0x1f0 [ 996.978021][T21809] ? __fget_files+0x206/0x3a0 [ 996.978054][T21809] __sys_sendmsg+0x16e/0x220 [ 996.978080][T21809] ? __pfx___sys_sendmsg+0x10/0x10 [ 996.978126][T21809] do_syscall_64+0xcd/0x250 [ 996.978151][T21809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 996.978182][T21809] RIP: 0033:0x7f567ef8cde9 [ 996.978201][T21809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 996.978222][T21809] RSP: 002b:00007f567fd56038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 996.978244][T21809] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8cde9 [ 996.978259][T21809] RDX: 0000000000000002 RSI: 00004000000079c0 RDI: 0000000000000003 [ 996.978273][T21809] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 996.978286][T21809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 996.978300][T21809] R13: 0000000000000000 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 996.978331][T21809] [ 996.979159][T21805] veth0_macvtap: left promiscuous mode [ 997.685479][T21825] random: crng reseeded on system resumption [ 997.772428][T21824] syz_tun: tun_chr_ioctl cmd 2147767506 [ 998.375755][ T29] audit: type=1800 audit(4294967463.809:28): pid=21838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4135" name="features" dev="configfs" ino=74172 res=0 errno=0 [ 998.699257][T21847] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4137'. [ 999.594945][T21856] [U] -1 [ 999.597896][T21856] [U] [ 999.600631][T21856] [U] [ 999.603353][T21856] [U] [ 999.606076][T21856] [U] [ 999.624748][T21856] [U] [ 999.627507][T21856] [U] [ 999.630261][T21856] [U] [ 999.632994][T21856] [U] [ 999.654417][T21856] [U] [ 999.657192][T21856] [U] [ 999.659935][T21856] [U] [ 999.660587][T21859] ima: policy update failed [ 999.662642][T21856] [U] [ 999.679834][T21856] [U] [ 999.682599][T21856] [U] [ 999.685335][T21856] [U] [ 999.688069][T21856] [U] [ 999.700152][ T29] audit: type=1802 audit(4294967465.119:29): pid=21859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4142" res=0 errno=0 [ 999.730522][T21857] [U] [ 1000.384628][T21869] can: request_module (can-proto-5) failed. [ 1000.618627][T21857] sctp: [Deprecated]: syz.1.4141 (pid 21857) Use of int in maxseg socket option. [ 1000.618627][T21857] Use struct sctp_assoc_value instead [ 1000.963794][T21891] netlink: 1204 bytes leftover after parsing attributes in process `syz.4.4149'. [ 1002.198612][T21925] FAULT_INJECTION: forcing a failure. [ 1002.198612][T21925] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.211909][T21925] CPU: 1 UID: 0 PID: 21925 Comm: syz.0.4159 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 1002.211946][T21925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1002.211961][T21925] Call Trace: [ 1002.211968][T21925] [ 1002.211978][T21925] dump_stack_lvl+0x16c/0x1f0 [ 1002.212018][T21925] should_fail_ex+0x50a/0x650 [ 1002.212052][T21925] should_failslab+0xc2/0x120 [ 1002.212081][T21925] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1002.212107][T21925] ? do_raw_spin_lock+0x12d/0x2c0 [ 1002.212138][T21925] ? inet_bind_bucket_create+0x2d/0x260 [ 1002.212168][T21925] inet_bind_bucket_create+0x2d/0x260 [ 1002.212193][T21925] inet_csk_get_port+0x128e/0x2530 [ 1002.212223][T21925] ? __inet_bind+0x8a1/0xd80 [ 1002.212267][T21925] ? __local_bh_enable_ip+0xa4/0x120 [ 1002.212303][T21925] __inet_bind+0x571/0xd80 [ 1002.212341][T21925] inet_bind_sk+0x17b/0x230 [ 1002.212374][T21925] ? __pfx_inet_bind_sk+0x10/0x10 [ 1002.212420][T21925] __sys_bind+0x213/0x260 [ 1002.212453][T21925] ? __pfx___sys_bind+0x10/0x10 [ 1002.212482][T21925] ? __fget_files+0x206/0x3a0 [ 1002.212519][T21925] ? __pfx_ksys_write+0x10/0x10 [ 1002.212551][T21925] __x64_sys_bind+0x72/0xb0 [ 1002.212580][T21925] ? lockdep_hardirqs_on+0x7c/0x110 [ 1002.212613][T21925] do_syscall_64+0xcd/0x250 [ 1002.212638][T21925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.212668][T21925] RIP: 0033:0x7fb7c4d8cde9 [ 1002.212688][T21925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1002.212710][T21925] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1002.212732][T21925] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 1002.212748][T21925] RDX: 000000000000006b RSI: 0000400000000080 RDI: 0000000000000003 [ 1002.212762][T21925] RBP: 00007fb7c5bcf090 R08: 0000000000000000 R09: 0000000000000000 [ 1002.212776][T21925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1002.212790][T21925] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 1002.212823][T21925] [ 1002.446262][T21909] vivid-009: ================= START STATUS ================= [ 1002.459641][T21909] vivid-009: Enable Output Cropping: true [ 1002.465946][T21909] vivid-009: Enable Output Composing: true [ 1002.487629][T21909] vivid-009: Enable Output Scaler: true [ 1002.494348][T21909] vivid-009: Tx RGB Quantization Range: Automatic [ 1002.520136][T21909] vivid-009: Transmit Mode: HDMI [ 1002.527396][T21909] vivid-009: Hotplug Present: 0x00000000 [ 1002.572239][T21923] ptrace attach of "./syz-executor exec"[16548] was attempted by "./syz-executor exec"[21923] [ 1002.581000][T21909] vivid-009: RxSense Present: 0x00000000 [ 1002.595933][T21909] vivid-009: EDID Present: 0x00000000 [ 1002.617410][T21909] vivid-009: ================== END STATUS ================== [ 1002.743218][T21934] serio: Serial port ptm0 [ 1002.863687][T21937] FAULT_INJECTION: forcing a failure. [ 1002.863687][T21937] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.901688][T21937] CPU: 1 UID: 0 PID: 21937 Comm: syz.1.4163 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 1002.901722][T21937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1002.901735][T21937] Call Trace: [ 1002.901742][T21937] [ 1002.901751][T21937] dump_stack_lvl+0x16c/0x1f0 [ 1002.901790][T21937] should_fail_ex+0x50a/0x650 [ 1002.901816][T21937] ? fs_reclaim_acquire+0xae/0x150 [ 1002.901849][T21937] should_failslab+0xc2/0x120 [ 1002.901878][T21937] __kmalloc_noprof+0xce/0x4f0 [ 1002.901903][T21937] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 1002.901939][T21937] ? lockdep_hardirqs_on+0x7c/0x110 [ 1002.901973][T21937] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 1002.902015][T21937] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 1002.902050][T21937] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1002.902085][T21937] ? trace_cap_capable+0x1a2/0x210 [ 1002.902126][T21937] ? bpf_lsm_capable+0x9/0x10 [ 1002.902153][T21937] ? security_capable+0x7e/0x260 [ 1002.902200][T21937] genl_rcv_msg+0x565/0x800 [ 1002.902226][T21937] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1002.902250][T21937] ? __pfx_ioam6_genl_delsc+0x10/0x10 [ 1002.902297][T21937] netlink_rcv_skb+0x165/0x410 [ 1002.902328][T21937] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1002.902351][T21937] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1002.902395][T21937] ? down_read+0xc9/0x330 [ 1002.902417][T21937] ? __pfx_down_read+0x10/0x10 [ 1002.902441][T21937] ? netlink_deliver_tap+0x1ae/0xca0 [ 1002.902475][T21937] genl_rcv+0x28/0x40 [ 1002.902506][T21937] netlink_unicast+0x53c/0x7f0 [ 1002.902540][T21937] ? __pfx_netlink_unicast+0x10/0x10 [ 1002.902572][T21937] ? __phys_addr_symbol+0x30/0x80 [ 1002.902605][T21937] ? __check_object_size+0x488/0x710 [ 1002.902637][T21937] netlink_sendmsg+0x8b8/0xd70 [ 1002.902673][T21937] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1002.902714][T21937] ____sys_sendmsg+0x9ae/0xb40 [ 1002.902743][T21937] ? copy_msghdr_from_user+0x10b/0x160 [ 1002.902765][T21937] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1002.902807][T21937] ___sys_sendmsg+0x135/0x1e0 [ 1002.902832][T21937] ? __pfx____sys_sendmsg+0x10/0x10 [ 1002.902869][T21937] ? __pfx_lock_release+0x10/0x10 [ 1002.902893][T21937] ? trace_lock_acquire+0x14e/0x1f0 [ 1002.902925][T21937] ? __fget_files+0x206/0x3a0 [ 1002.902958][T21937] __sys_sendmsg+0x16e/0x220 [ 1002.902983][T21937] ? __pfx___sys_sendmsg+0x10/0x10 [ 1002.903029][T21937] do_syscall_64+0xcd/0x250 [ 1002.903053][T21937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.903083][T21937] RIP: 0033:0x7f216cf8cde9 [ 1002.903102][T21937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1002.903124][T21937] RSP: 002b:00007f216de4c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1002.903147][T21937] RAX: ffffffffffffffda RBX: 00007f216d1a5fa0 RCX: 00007f216cf8cde9 [ 1002.903162][T21937] RDX: 0000000000000090 RSI: 0000400000001b00 RDI: 0000000000000003 [ 1002.903176][T21937] RBP: 00007f216de4c090 R08: 0000000000000000 R09: 0000000000000000 [ 1002.903195][T21937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1002.903209][T21937] R13: 0000000000000000 R14: 00007f216d1a5fa0 R15: 00007ffdc1d20f08 [ 1002.903240][T21937] [ 1003.443117][T21946] FAULT_INJECTION: forcing a failure. [ 1003.443117][T21946] name failslab, interval 1, probability 0, space 0, times 0 [ 1003.456573][T21946] CPU: 1 UID: 0 PID: 21946 Comm: syz.0.4167 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 1003.456606][T21946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1003.456622][T21946] Call Trace: [ 1003.456629][T21946] [ 1003.456639][T21946] dump_stack_lvl+0x16c/0x1f0 [ 1003.456685][T21946] should_fail_ex+0x50a/0x650 [ 1003.456714][T21946] ? fs_reclaim_acquire+0xae/0x150 [ 1003.456756][T21946] should_failslab+0xc2/0x120 [ 1003.456787][T21946] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1003.456817][T21946] ? acpi_ut_create_generic_state+0x5c/0xb0 [ 1003.456902][T21946] acpi_ut_create_generic_state+0x5c/0xb0 [ 1003.456937][T21946] acpi_ps_push_scope+0x22/0x230 [ 1003.456976][T21946] acpi_ps_parse_loop+0x9f1/0x1ce0 [ 1003.457022][T21946] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 1003.457054][T21946] ? trace_kmem_cache_alloc+0x2d/0xd0 [ 1003.457089][T21946] ? kmem_cache_alloc_noprof+0x21b/0x3b0 [ 1003.457119][T21946] ? acpi_ut_create_thread_state+0x63/0x170 [ 1003.457161][T21946] acpi_ps_parse_aml+0x3c1/0xcb0 [ 1003.457202][T21946] acpi_ps_execute_method+0x55a/0xb30 [ 1003.457230][T21946] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 1003.457261][T21946] acpi_ns_evaluate+0x76c/0xca0 [ 1003.457288][T21946] ? kasan_save_track+0x14/0x30 [ 1003.457318][T21946] acpi_evaluate_object+0x1fb/0xa90 [ 1003.457355][T21946] ? __lock_acquire+0xcc5/0x3c40 [ 1003.457385][T21946] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 1003.457430][T21946] acpi_evaluate_integer+0xde/0x200 [ 1003.457459][T21946] ? __pfx___lock_acquire+0x10/0x10 [ 1003.457488][T21946] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 1003.457516][T21946] ? rcu_is_watching+0x12/0xc0 [ 1003.457551][T21946] ? trace_contention_end+0xee/0x140 [ 1003.457594][T21946] ? __pfx_status_show+0x10/0x10 [ 1003.457629][T21946] status_show+0xa1/0x120 [ 1003.457665][T21946] ? __pfx_status_show+0x10/0x10 [ 1003.457710][T21946] dev_attr_show+0x53/0xe0 [ 1003.457743][T21946] ? __pfx_dev_attr_show+0x10/0x10 [ 1003.457773][T21946] sysfs_kf_seq_show+0x223/0x3e0 [ 1003.457814][T21946] seq_read_iter+0x4f4/0x12b0 [ 1003.457874][T21946] kernfs_fop_read_iter+0x414/0x580 [ 1003.457906][T21946] ? rw_verify_area+0xcf/0x680 [ 1003.457947][T21946] vfs_read+0x886/0xbf0 [ 1003.457978][T21946] ? __pfx_vfs_read+0x10/0x10 [ 1003.457999][T21946] ? do_futex+0x123/0x350 [ 1003.458039][T21946] ? __x64_sys_futex+0x1e1/0x4c0 [ 1003.458061][T21946] ? __x64_sys_futex+0x1ea/0x4c0 [ 1003.458090][T21946] ksys_read+0x12b/0x250 [ 1003.458113][T21946] ? __pfx_ksys_read+0x10/0x10 [ 1003.458148][T21946] do_syscall_64+0xcd/0x250 [ 1003.458175][T21946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.458208][T21946] RIP: 0033:0x7fb7c4d8cde9 [ 1003.458229][T21946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1003.458252][T21946] RSP: 002b:00007fb7c5bcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1003.458275][T21946] RAX: ffffffffffffffda RBX: 00007fb7c4fa5fa0 RCX: 00007fb7c4d8cde9 [ 1003.458292][T21946] RDX: 0000000000000070 RSI: 0000400000000000 RDI: 0000000000000003 [ 1003.458308][T21946] RBP: 00007fb7c4e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1003.458323][T21946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1003.458337][T21946] R13: 0000000000000000 R14: 00007fb7c4fa5fa0 R15: 00007fff2b9506b8 [ 1003.458373][T21946] [ 1003.458411][T21946] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20240827/psparse-529) [ 1004.904496][T21981] syz_tun: tun_chr_ioctl cmd 1074025672 [ 1004.929729][T21973] nbd2: detected capacity change from 0 to 68719476736 [ 1004.937807][T21981] syz_tun: ignored: set checksum disabled [ 1004.954441][T21981] FAULT_INJECTION: forcing a failure. [ 1004.954441][T21981] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1004.956424][T13681] block nbd2: Send control failed (result -22) [ 1004.969752][T21981] CPU: 1 UID: 0 PID: 21981 Comm: syz.4.4177 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 1004.969783][T21981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1004.969796][T21981] Call Trace: [ 1004.969803][T21981] [ 1004.969812][T21981] dump_stack_lvl+0x16c/0x1f0 [ 1004.969851][T21981] should_fail_ex+0x50a/0x650 [ 1004.969883][T21981] _copy_to_user+0x32/0xd0 [ 1004.969914][T21981] simple_read_from_buffer+0xd0/0x160 [ 1004.969950][T21981] proc_fail_nth_read+0x198/0x270 [ 1004.969982][T21981] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1004.970014][T21981] ? rw_verify_area+0xcf/0x680 [ 1004.970045][T21981] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1004.970075][T21981] vfs_read+0x1df/0xbf0 [ 1004.970097][T21981] ? __fget_files+0x1fc/0x3a0 [ 1004.970121][T21981] ? __pfx___mutex_lock+0x10/0x10 [ 1004.970154][T21981] ? __pfx_vfs_read+0x10/0x10 [ 1004.970183][T21981] ? __fget_files+0x206/0x3a0 [ 1004.970215][T21981] ksys_read+0x12b/0x250 [ 1004.970237][T21981] ? __pfx_ksys_read+0x10/0x10 [ 1004.970268][T21981] do_syscall_64+0xcd/0x250 [ 1004.970291][T21981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1004.970321][T21981] RIP: 0033:0x7f567ef8b7fc [ 1004.970340][T21981] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1004.970360][T21981] RSP: 002b:00007f567fd56030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1004.970381][T21981] RAX: ffffffffffffffda RBX: 00007f567f1a5fa0 RCX: 00007f567ef8b7fc [ 1004.970396][T21981] RDX: 000000000000000f RSI: 00007f567fd560a0 RDI: 0000000000000003 [ 1004.970410][T21981] RBP: 00007f567fd56090 R08: 0000000000000000 R09: 0000000000000000 [ 1004.970424][T21981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1004.970437][T21981] R13: 0000000000000001 R14: 00007f567f1a5fa0 R15: 00007fff35b5bd48 [ 1004.970467][T21981] [ 1005.213054][T21979] synth uevent: /bus/memstick: unknown uevent action string [ 1005.250378][T21984] syz_tun: tun_chr_ioctl cmd 1074025673 [ 1005.315193][T13681] block nbd2: Request send failed, requeueing [ 1005.354018][T15351] block nbd2: Receive control failed (result -32) [ 1005.358125][ T42] block nbd2: Dead connection, failed to find a fallback [ 1005.396999][ T42] block nbd2: shutting down sockets [ 1005.403648][ T42] blk_print_req_error: 24 callbacks suppressed [ 1005.403664][ T42] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.422246][ T42] buffer_io_error: 23 callbacks suppressed [ 1005.422264][ T42] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.436261][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.445465][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.453665][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.463129][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.471228][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.480911][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.488922][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.498173][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.506320][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.515769][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.523889][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.524044][T21995] [U] [ 1005.533191][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.535648][T21995] [U] [ 1005.543668][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.546045][T21995] [U] [ 1005.546086][T21995] [U] [ 1005.555473][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.568528][T13681] ldm_validate_partition_table(): Disk read failed. [ 1005.575409][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.592927][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.609738][T13681] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1005.622337][T13681] Buffer I/O error on dev nbd2, logical block 0, async page read [ 1005.638877][T13681] Dev nbd2: unable to read RDB block 0 [ 1005.657837][T13681] nbd2: unable to read partition table [ 1005.678123][T21995] [U] [ 1005.680890][T21995] [U] [ 1005.683629][T21995] [U] [ 1005.686342][T21995] [U] [ 1005.710384][T13681] ldm_validate_partition_table(): Disk read failed. [ 1005.719875][T13681] Dev nbd2: unable to read RDB block 0 [ 1005.725835][T13681] nbd2: unable to read partition table [ 1005.837816][T13681] [ 1005.837847][T22002] ALUA LU Group already has a valid ID, ignoring request [ 1005.840161][T13681] ====================================================== [ 1005.840170][T13681] WARNING: possible circular locking dependency detected [ 1005.840178][T13681] 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 Not tainted [ 1005.840190][T13681] ------------------------------------------------------ [ 1005.840197][T13681] udevd/13681 is trying to acquire lock: [ 1005.840208][T13681] ffff888025cedc88 (&q->q_usage_counter(io)#51){++++}-{0:0}, at: __submit_bio+0x3d1/0x690 [ 1005.890899][T13681] [ 1005.890899][T13681] but task is already holding lock: [ 1005.898277][T13681] ffff88802389ce40 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_unbounded+0x173/0x7d0 [ 1005.909118][T13681] [ 1005.909118][T13681] which lock already depends on the new lock. [ 1005.909118][T13681] [ 1005.919531][T21995] [U] [ 1005.919532][T13681] [ 1005.919532][T13681] the existing dependency chain (in reverse order) is: [ 1005.919544][T13681] [ 1005.919544][T13681] -> #6 ( [ 1005.922239][T21995] [U] [ 1005.931199][T13681] mapping.invalidate_lock [ 1005.936311][T21995] [U] [ 1005.938931][T13681] #2){++++}-{4:4} [ 1005.943262][T21995] [U] [ 1005.945881][T13681] : [ 1005.945888][T13681] down_read+0x9a/0x330 [ 1005.959290][T13681] filemap_fault+0x2e7/0x2ca0 [ 1005.964507][T13681] __do_fault+0x10a/0x490 [ 1005.969384][T13681] do_pte_missing+0xecf/0x3e10 [ 1005.974686][T13681] __handle_mm_fault+0x1166/0x2c60 [ 1005.980324][T13681] handle_mm_fault+0x3fa/0xaa0 [ 1005.985623][T13681] do_user_addr_fault+0x7a3/0x13f0 [ 1005.991263][T13681] exc_page_fault+0x5c/0xc0 [ 1005.996290][T13681] asm_exc_page_fault+0x26/0x30 [ 1006.001664][T13681] strncpy_from_user+0x148/0x2d0 [ 1006.007115][T13681] getname_flags.part.0+0x8f/0x550 [ 1006.012750][T13681] getname+0x8d/0xe0 [ 1006.017159][T13681] do_sys_openat2+0x104/0x1e0 [ 1006.022355][T13681] __x64_sys_open+0x154/0x1e0 [ 1006.027555][T13681] do_syscall_64+0xcd/0x250 [ 1006.032573][T13681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.038986][T13681] [ 1006.038986][T13681] -> #5 (&mm->mmap_lock){++++}-{4:4}: [ 1006.046540][T13681] __might_fault+0x11b/0x190 [ 1006.051655][T13681] _copy_from_user+0x29/0xd0 [ 1006.056764][T13681] csum_and_copy_from_iter_full+0x218/0x1eb0 [ 1006.063267][T13681] ip_generic_getfrag+0x175/0x260 [ 1006.068810][T13681] raw6_getfrag+0x1ed/0x270 [ 1006.073834][T13681] __ip6_append_data.isra.0+0x3dca/0x4650 [ 1006.080072][T13681] ip6_append_data+0x1e6/0x500 [ 1006.085350][T13681] rawv6_sendmsg+0x15ce/0x4460 [ 1006.090629][T13681] inet_sendmsg+0x119/0x140 [ 1006.095663][T13681] ____sys_sendmsg+0x907/0xb40 [ 1006.100946][T13681] ___sys_sendmsg+0x135/0x1e0 [ 1006.106136][T13681] __sys_sendmsg+0x16e/0x220 [ 1006.111240][T13681] do_syscall_64+0xcd/0x250 [ 1006.116256][T13681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.122670][T13681] [ 1006.122670][T13681] -> #4 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 1006.130399][T13681] lock_sock_nested+0x3a/0xf0 [ 1006.135590][T13681] inet_autobind+0x1a/0x1a0 [ 1006.140615][T13681] inet_send_prepare+0x317/0x530 [ 1006.146076][T13681] inet_sendmsg+0x43/0x140 [ 1006.151011][T13681] sock_sendmsg+0x324/0x410 [ 1006.156031][T13681] __sock_xmit+0x1e8/0x4f0 [ 1006.160969][T13681] nbd_send_cmd+0x8ec/0x1c90 [ 1006.166080][T13681] nbd_queue_rq+0x941/0x1220 [ 1006.171185][T13681] blk_mq_dispatch_rq_list+0x443/0x1dc0 [ 1006.177256][T13681] __blk_mq_sched_dispatch_requests+0xcdf/0x1620 [ 1006.184105][T13681] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 1006.190603][T13681] blk_mq_run_hw_queue+0x239/0x670 [ 1006.196240][T13681] blk_mq_flush_plug_list+0x673/0x1c60 [ 1006.202218][T13681] __blk_flush_plug+0x2c5/0x4b0 [ 1006.207763][T13681] __submit_bio+0x547/0x690 [ 1006.212786][T13681] submit_bio_noacct_nocheck+0x698/0xd70 [ 1006.218938][T13681] submit_bio_noacct+0x50d/0x1ec0 [ 1006.224482][T13681] block_read_full_folio+0x812/0xa50 [ 1006.230282][T13681] filemap_read_folio+0xc6/0x2a0 [ 1006.235739][T13681] do_read_cache_folio+0x263/0x5c0 [ 1006.241362][T13681] read_part_sector+0xd4/0x310 [ 1006.246647][T13681] adfspart_check_ICS+0xa7/0x8c0 [ 1006.252101][T13681] bdev_disk_changed+0x6c6/0x14e0 [ 1006.257648][T13681] blkdev_get_whole+0x187/0x290 [ 1006.263020][T13681] bdev_open+0x2c7/0xe20 [ 1006.267785][T13681] blkdev_open+0x272/0x3f0 [ 1006.272712][T13681] do_dentry_open+0x735/0x1c40 [ 1006.277991][T13681] vfs_open+0x82/0x3f0 [ 1006.282584][T13681] path_openat+0x1e88/0x2d80 [ 1006.287694][T13681] do_filp_open+0x20c/0x470 [ 1006.292712][T13681] do_sys_openat2+0x17a/0x1e0 [ 1006.297913][T13681] __x64_sys_openat+0x175/0x210 [ 1006.303286][T13681] do_syscall_64+0xcd/0x250 [ 1006.308302][T13681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.314723][T13681] [ 1006.314723][T13681] -> #3 (&nsock->tx_lock){+.+.}-{4:4}: [ 1006.322364][T13681] __mutex_lock+0x19b/0xb10 [ 1006.327384][T13681] nbd_queue_rq+0x424/0x1220 [ 1006.332493][T13681] blk_mq_dispatch_rq_list+0x443/0x1dc0 [ 1006.338562][T13681] __blk_mq_sched_dispatch_requests+0xcdf/0x1620 [ 1006.345408][T13681] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 1006.351909][T13681] blk_mq_run_hw_queue+0x239/0x670 [ 1006.357543][T13681] blk_mq_flush_plug_list+0x673/0x1c60 [ 1006.363527][T13681] __blk_flush_plug+0x2c5/0x4b0 [ 1006.368899][T13681] __submit_bio+0x547/0x690 [ 1006.373937][T13681] submit_bio_noacct_nocheck+0x698/0xd70 [ 1006.380092][T13681] submit_bio_noacct+0x50d/0x1ec0 [ 1006.385638][T13681] block_read_full_folio+0x812/0xa50 [ 1006.391440][T13681] filemap_read_folio+0xc6/0x2a0 [ 1006.396901][T13681] do_read_cache_folio+0x263/0x5c0 [ 1006.402526][T13681] read_part_sector+0xd4/0x310 [ 1006.407815][T13681] adfspart_check_ICS+0xa7/0x8c0 [ 1006.413275][T13681] bdev_disk_changed+0x6c6/0x14e0 [ 1006.418817][T13681] blkdev_get_whole+0x187/0x290 [ 1006.424186][T13681] bdev_open+0x2c7/0xe20 [ 1006.428962][T13681] blkdev_open+0x272/0x3f0 [ 1006.433890][T13681] do_dentry_open+0x735/0x1c40 [ 1006.439166][T13681] vfs_open+0x82/0x3f0 [ 1006.443757][T13681] path_openat+0x1e88/0x2d80 [ 1006.448892][T13681] do_filp_open+0x20c/0x470 [ 1006.453908][T13681] do_sys_openat2+0x17a/0x1e0 [ 1006.459105][T13681] __x64_sys_openat+0x175/0x210 [ 1006.464474][T13681] do_syscall_64+0xcd/0x250 [ 1006.469496][T13681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.475910][T13681] [ 1006.475910][T13681] -> #2 (&cmd->lock){+.+.}-{4:4}: [ 1006.483119][T13681] __mutex_lock+0x19b/0xb10 [ 1006.488136][T13681] nbd_queue_rq+0xbe/0x1220 [ 1006.493155][T13681] blk_mq_dispatch_rq_list+0x443/0x1dc0 [ 1006.499312][T13681] __blk_mq_sched_dispatch_requests+0xcdf/0x1620 [ 1006.506165][T13681] blk_mq_sched_dispatch_requests+0xd8/0x1b0 [ 1006.512666][T13681] blk_mq_run_hw_queue+0x239/0x670 [ 1006.518297][T13681] blk_mq_flush_plug_list+0x673/0x1c60 [ 1006.524368][T13681] __blk_flush_plug+0x2c5/0x4b0 [ 1006.529741][T13681] __submit_bio+0x547/0x690 [ 1006.534764][T13681] submit_bio_noacct_nocheck+0x698/0xd70 [ 1006.540917][T13681] submit_bio_noacct+0x50d/0x1ec0 [ 1006.546464][T13681] block_read_full_folio+0x812/0xa50 [ 1006.552263][T13681] filemap_read_folio+0xc6/0x2a0 [ 1006.557722][T13681] do_read_cache_folio+0x263/0x5c0 [ 1006.563349][T13681] read_part_sector+0xd4/0x310 [ 1006.568639][T13681] adfspart_check_ICS+0xa7/0x8c0 [ 1006.574095][T13681] bdev_disk_changed+0x6c6/0x14e0 [ 1006.579635][T13681] blkdev_get_whole+0x187/0x290 [ 1006.585007][T13681] bdev_open+0x2c7/0xe20 [ 1006.589769][T13681] blkdev_open+0x272/0x3f0 [ 1006.594698][T13681] do_dentry_open+0x735/0x1c40 [ 1006.599982][T13681] vfs_open+0x82/0x3f0 [ 1006.604589][T13681] path_openat+0x1e88/0x2d80 [ 1006.609713][T13681] do_filp_open+0x20c/0x470 [ 1006.614741][T13681] do_sys_openat2+0x17a/0x1e0 [ 1006.619943][T13681] __x64_sys_openat+0x175/0x210 [ 1006.625316][T13681] do_syscall_64+0xcd/0x250 [ 1006.630334][T13681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.636749][T13681] [ 1006.636749][T13681] -> #1 (set->srcu){.+.+}-{0:0}: [ 1006.643871][T13681] __synchronize_srcu+0xa9/0x2a0 [ 1006.649335][T13681] blk_mq_update_nr_requests+0x288/0x670 [ 1006.655493][T13681] queue_requests_store+0x161/0x210 [ 1006.661210][T13681] queue_attr_store+0x370/0x510 [ 1006.666605][T13681] sysfs_kf_write+0x117/0x170 [ 1006.671814][T13681] kernfs_fop_write_iter+0x33d/0x500 [ 1006.677617][T13681] vfs_write+0x5ae/0x1150 [ 1006.682460][T13681] ksys_write+0x12b/0x250 [ 1006.687306][T13681] do_syscall_64+0xcd/0x250 [ 1006.692325][T13681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.698744][T13681] [ 1006.698744][T13681] -> #0 (&q->q_usage_counter(io)#51){++++}-{0:0}: [ 1006.707353][T13681] __lock_acquire+0x249e/0x3c40 [ 1006.712723][T13681] lock_acquire.part.0+0x11b/0x380 [ 1006.718358][T13681] blk_mq_submit_bio+0x20db/0x25f0 [ 1006.723997][T13681] __submit_bio+0x3d1/0x690 [ 1006.729025][T13681] submit_bio_noacct_nocheck+0x698/0xd70 [ 1006.735206][T13681] submit_bio_noacct+0x50d/0x1ec0 [ 1006.740939][T13681] mpage_readahead+0x41d/0x590 [ 1006.746227][T13681] read_pages+0x1a7/0xc60 [ 1006.751085][T13681] page_cache_ra_unbounded+0x426/0x7d0 [ 1006.757065][T13681] force_page_cache_ra+0x24b/0x340 [ 1006.762699][T13681] page_cache_sync_ra+0x158/0xa30 [ 1006.768244][T13681] filemap_get_pages+0xb62/0x1c30 [ 1006.773783][T13681] filemap_read+0x3c5/0xe70 [ 1006.778802][T13681] blkdev_read_iter+0x187/0x4b0 [ 1006.784169][T13681] vfs_read+0x886/0xbf0 [ 1006.788840][T13681] ksys_read+0x12b/0x250 [ 1006.793603][T13681] do_syscall_64+0xcd/0x250 [ 1006.798628][T13681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.805043][T13681] [ 1006.805043][T13681] other info that might help us debug this: [ 1006.805043][T13681] [ 1006.815269][T13681] Chain exists of: [ 1006.815269][T13681] &q->q_usage_counter(io)#51 --> &mm->mmap_lock --> mapping.invalidate_lock#2 [ 1006.815269][T13681] [ 1006.830057][T13681] Possible unsafe locking scenario: [ 1006.830057][T13681] [ 1006.837496][T13681] CPU0 CPU1 [ 1006.842857][T13681] ---- ---- [ 1006.848212][T13681] rlock(mapping.invalidate_lock#2); [ 1006.853589][T13681] lock(&mm->mmap_lock); [ 1006.860448][T13681] lock(mapping.invalidate_lock#2); [ 1006.868271][T13681] rlock(&q->q_usage_counter(io)#51); [ 1006.873737][T13681] [ 1006.873737][T13681] *** DEADLOCK *** [ 1006.873737][T13681] [ 1006.881870][T13681] 1 lock held by udevd/13681: [ 1006.886539][T13681] #0: ffff88802389ce40 (mapping.invalidate_lock#2){++++}-{4:4}, at: page_cache_ra_unbounded+0x173/0x7d0 [ 1006.897784][T13681] [ 1006.897784][T13681] stack backtrace: [ 1006.903664][T13681] CPU: 0 UID: 0 PID: 13681 Comm: udevd Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 1006.903688][T13681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1006.903700][T13681] Call Trace: [ 1006.903709][T13681] [ 1006.903717][T13681] dump_stack_lvl+0x116/0x1f0 [ 1006.903748][T13681] print_circular_bug+0x490/0x760 [ 1006.903772][T13681] check_noncircular+0x31a/0x400 [ 1006.903792][T13681] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 1006.903829][T13681] ? __pfx_check_noncircular+0x10/0x10 [ 1006.903849][T13681] ? __kernel_text_address+0xd/0x40 [ 1006.903872][T13681] ? unwind_get_return_address+0x59/0xa0 [ 1006.903900][T13681] ? lockdep_lock+0x1b8/0x200 [ 1006.903927][T13681] ? __pfx_lockdep_lock+0x10/0x10 [ 1006.903956][T13681] __lock_acquire+0x249e/0x3c40 [ 1006.903982][T13681] ? __pfx___lock_acquire+0x10/0x10 [ 1006.904002][T13681] ? hlock_class+0x4e/0x130 [ 1006.904028][T13681] ? mark_lock+0xb5/0xc60 [ 1006.904048][T13681] ? mark_lock+0xb5/0xc60 [ 1006.904066][T13681] ? page_cache_ra_unbounded+0x426/0x7d0 [ 1006.904092][T13681] ? page_cache_sync_ra+0x158/0xa30 [ 1006.904119][T13681] lock_acquire.part.0+0x11b/0x380 [ 1006.904141][T13681] ? __submit_bio+0x3d1/0x690 [ 1006.904169][T13681] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1006.904191][T13681] ? rcu_is_watching+0x12/0xc0 [ 1006.904217][T13681] ? trace_lock_acquire+0x14e/0x1f0 [ 1006.904234][T13681] ? __submit_bio+0x3d1/0x690 [ 1006.904259][T13681] ? lock_acquire+0x2f/0xb0 [ 1006.904279][T13681] ? __submit_bio+0x3d1/0x690 [ 1006.904305][T13681] blk_mq_submit_bio+0x20db/0x25f0 [ 1006.904332][T13681] ? __submit_bio+0x3d1/0x690 [ 1006.904358][T13681] ? __pfx_blk_mq_submit_bio+0x10/0x10 [ 1006.904386][T13681] ? mark_lock+0xb5/0xc60 [ 1006.904405][T13681] ? __pfx___lock_acquire+0x10/0x10 [ 1006.904426][T13681] ? __pfx___lock_acquire+0x10/0x10 [ 1006.904446][T13681] ? trace_lock_acquire+0x14e/0x1f0 [ 1006.904463][T13681] ? __pfx_mark_lock+0x10/0x10 [ 1006.904487][T13681] __submit_bio+0x3d1/0x690 [ 1006.904513][T13681] ? __pfx___submit_bio+0x10/0x10 [ 1006.904539][T13681] ? trace_lock_acquire+0x14e/0x1f0 [ 1006.904561][T13681] ? submit_bio_noacct_nocheck+0x698/0xd70 [ 1006.904588][T13681] submit_bio_noacct_nocheck+0x698/0xd70 [ 1006.904616][T13681] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 1006.904645][T13681] ? __pfx___might_resched+0x10/0x10 [ 1006.904670][T13681] submit_bio_noacct+0x50d/0x1ec0 [ 1006.904699][T13681] mpage_readahead+0x41d/0x590 [ 1006.904724][T13681] ? __pfx_mpage_readahead+0x10/0x10 [ 1006.904753][T13681] ? __pfx_blkdev_get_block+0x10/0x10 [ 1006.904772][T13681] ? __folio_batch_add_and_move+0x5f3/0xc60 [ 1006.904791][T13681] ? __pfx_lock_release+0x10/0x10 [ 1006.904816][T13681] ? trace_lock_acquire+0x14e/0x1f0 [ 1006.904833][T13681] ? __pfx_blkdev_readahead+0x10/0x10 [ 1006.904852][T13681] read_pages+0x1a7/0xc60 [ 1006.904875][T13681] ? __folio_batch_add_and_move+0x689/0xc60 [ 1006.904897][T13681] ? __pfx_read_pages+0x10/0x10 [ 1006.904927][T13681] page_cache_ra_unbounded+0x426/0x7d0 [ 1006.904957][T13681] force_page_cache_ra+0x24b/0x340 [ 1006.904985][T13681] page_cache_sync_ra+0x158/0xa30 [ 1006.905010][T13681] ? __lock_acquire+0xcc5/0x3c40 [ 1006.905032][T13681] filemap_get_pages+0xb62/0x1c30 [ 1006.905054][T13681] ? __pfx_filemap_get_pages+0x10/0x10 [ 1006.905074][T13681] ? __pfx___might_resched+0x10/0x10 [ 1006.905099][T13681] filemap_read+0x3c5/0xe70 [ 1006.905116][T13681] ? trace_lock_acquire+0x14e/0x1f0 [ 1006.905137][T13681] ? __pfx_filemap_read+0x10/0x10 [ 1006.905165][T13681] ? apparmor_file_permission+0x251/0x400 [ 1006.905196][T13681] blkdev_read_iter+0x187/0x4b0 [ 1006.905217][T13681] vfs_read+0x886/0xbf0 [ 1006.905237][T13681] ? __pfx_vfs_read+0x10/0x10 [ 1006.905255][T13681] ? blkdev_llseek+0x9b/0xd0 [ 1006.905272][T13681] ? __pfx_lock_release+0x10/0x10 [ 1006.905295][T13681] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1006.905321][T13681] ksys_read+0x12b/0x250 [ 1006.905339][T13681] ? __pfx_ksys_read+0x10/0x10 [ 1006.905359][T13681] do_syscall_64+0xcd/0x250 [ 1006.905378][T13681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.905405][T13681] RIP: 0033:0x7f88fd516b6a [ 1006.905421][T13681] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 1006.905440][T13681] RSP: 002b:00007ffded4e0768 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1006.905457][T13681] RAX: ffffffffffffffda RBX: 00001fffffff0000 RCX: 00007f88fd516b6a [ 1006.905470][T13681] RDX: 0000000000000040 RSI: 00005578e0d7bf58 RDI: 0000000000000009 [ 1006.905482][T13681] RBP: 0000000000000040 R08: 00005578e0d7bf30 R09: 0000000000040000 [ 1006.905494][T13681] R10: 0000000000000015 R11: 0000000000000246 R12: 00005578e0d7bf30 [ 1006.905507][T13681] R13: 00005578e0d7bf48 R14: 00005578e0d77908 R15: 00005578e0d778b0 [ 1006.905525][T13681] [ 1007.366431][T22005] syz_tun: tun_chr_ioctl cmd 1074025672 [ 1007.375248][T22005] syz_tun: ignored: set checksum disabled [ 1007.606879][T21995] [U] [ 1007.630659][T21995] [U] Gz"7Vmɧi UC"jޛ¼r [ 1007.637208][T21995] [U] r? [ 1007.643082][T21995] [U] k>@7r68sRj NmQ{cД-x畓tHDƊ_ڱX ᐐ6ήyS` [ 1007.654760][T21995] [U] r}.UJ0ԛ91cqi귄*XY'T틞hZlYioY^HNP̎\.6ip/t+?yF*|)ވóbWٳuM[fnP;$;Ea [ 1007.676453][T21995] [U] [GOYq(5DѠ)ǫC v\EP Aj]l2oCmč-k'dIaO? VYLKҒeZ$Xhdq>;pɈ*ϑ:B!{J.+J^mfHlFG+75pNDyMW0Y2sl(jM*3/qn%dsdԈ!̵1X/jMz[w}G\ [ 1007.712646][T21995] [U] qNspB V [ 1007.717285][T21995] [U] [ 1007.721118][T21995] [U] Ȋ'۞ lwo*_eOEpUc$k ;kщUz M #OHmPh]u2_&̸]z:#WlD/^2ʺkE#+ H4]C:Z"{`(&!"YVZ\Um蹗޴ o;abs}Gɠ?XkZnjI[TSzDq@$;@׊[}P|96 [ 1007.744681][T21995] [U] uAOaV f [ 1007.749084][T21995] [U] <~6*K>" =z>àXG:$=}=2xĮ+fg+ދ[ViO|Su[=3z7E_L8lEd@l`4pM5,IBӎ"drkpM [ 1007.766259][T21995] [U] OXoPۂ^w [ 1007.770788][T21995] [U] *+է?pk;xc [ 1007.776394][T21995] [U] + 1~ٲ"Ԉqq'/YܕT\r*Uc|0](ZR%:yN`sO[??zY!߿}@ ĝ'e䲌4/H,~ըۨ<:65ԍ*-s|Ma}qY? [ 1007.796075][T21995] [U] I6 [ 1007.799625][T21995] [U] 6T8