last executing test programs: 11m37.919820024s ago: executing program 2 (id=2448): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) shmctl$auto(0x691, 0x3, 0x0) setsockopt$auto(0x3, 0x0, 0x32, 0x0, 0x4) 11m37.4529536s ago: executing program 2 (id=2452): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0xa9, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x31df4f184fd6d27d}, 0x20000000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f2, 0x24) 11m36.520480516s ago: executing program 2 (id=2459): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) fstat$auto(0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video13\x00', 0x20000, 0x0) ioctl$auto(0x3, 0xc0285628, 0x8) 11m36.086378575s ago: executing program 2 (id=2463): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 11m35.724280325s ago: executing program 2 (id=2465): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400) ioctl$auto_FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)) 11m35.123417808s ago: executing program 2 (id=2471): r0 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) get_robust_list$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) getsockopt$auto(r0, 0x0, 0xcf, 0x0, 0x0) 11m34.78035485s ago: executing program 32 (id=2471): r0 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) get_robust_list$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) getsockopt$auto(r0, 0x0, 0xcf, 0x0, 0x0) 6.821284272s ago: executing program 4 (id=7025): rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x10000c5, 0x0, 0x40eb2, 0x402, 0x300000000000) shmctl$auto_SHM_STAT_ANY(0x7ff, 0xf, 0x0) unshare$auto(0x40000080) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video8\x00', 0x802, 0x0) ioctl$auto_SG_GET_TRANSFORM(0xffffffffffffffff, 0x2205, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/kernel/debug/lru_gen\x00', 0xc002, 0x0) madvise$auto(0x0, 0x3, 0x66) 5.867946442s ago: executing program 1 (id=7027): r0 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x24261, 0x0) fadvise64$auto_POSIX_FADV_DONTNEED(r0, 0xffffffffffffe0d8, 0x8000000000, 0x4) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0xffffffffffffffff, 0x28000) memfd_create$auto(0x0, 0xe) rseq$auto(&(0x7f0000000300)={0xe, 0x2, 0x9, 0x6, 0x6, 0x2}, 0x8000, 0x0, 0x9) sysfs$auto(0x2, 0x4c, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x6, 0x0, 0x0, 0x0) seccomp$auto_SECCOMP_SET_MODE_FILTER(0x1, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x3c, 0x75f, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x6, 0x0, 0xb4, 0x9, 0x6, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 5.698193599s ago: executing program 0 (id=7029): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x80c0}, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/fscreate\x00', 0x100, 0x0) sysfs$auto(0x2, 0x10000000000048, 0x0) r3 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0x4188aec6, r3) close_range$auto(0x2, 0x8, 0x0) 5.662195689s ago: executing program 1 (id=7030): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r3 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r5, r4, 0x4, 0x401, r3, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) 5.512810759s ago: executing program 0 (id=7032): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x29, 0x5, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000040)={{0x0, 0x2, &(0x7f0000000080)={0x0, 0x1}, 0xa, 0x0, 0x4, 0x401}, 0xed7138c}, 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r0 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r0, 0x11, 0x67, 0x0, 0x8) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, 0x0, 0x55) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) 5.454196348s ago: executing program 1 (id=7033): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, r0) openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000001180), 0x410000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), r1) bind$auto(0x3, 0x0, 0x6a) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000008c0)=""/61, 0x3d) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(0x0, r2) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) 5.37520667s ago: executing program 3 (id=7034): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001040)='/proc/asound/card1/pcm1c/sub7/info\x00', 0x28102, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b1000000", @ANYRES16, @ANYBLOB="01002dbd7000fddbdf25030000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 5.107423726s ago: executing program 0 (id=7035): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) io_uring_setup$auto(0x9, 0x0) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r0, r3, 0x4, 0x401, r2, @relative_id=0x14, 0xe600}, 0xd) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) 5.072269335s ago: executing program 3 (id=7036): fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x48}) unshare$auto(0x40000080) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91\vI\x1eRN8\x99\x88\xca\xd9\xec\x1epJ\"ds\x1cJr\xde:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18\x89\v\xea\x1b\x95\xaf\xee\xe69\x8d(<\xc7+\x83\xfcQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd3\x81Y\xa3Fp\v\xdc\xe2\xc3\xc3\xdbS\xdc', 0xfdef, 0x0) close_range$auto(0x2, 0x8, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) io_uring_setup$auto(0x7, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_KEY_FLUSH(r0, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000000300)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x0) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) 4.249719364s ago: executing program 4 (id=7037): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = socket(0x10, 0x2, 0x6) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r1, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_COORDINATOR={0x2c, 0x1e, 0x0, 0x1, [@nested={0x28, 0x5e, 0x0, 0x1, [@nested={0x8, 0x46, 0x0, 0x1, [@nested={0x4, 0xf7}]}, @nested={0x1c, 0x10, 0x0, 0x1, [@nested={0x18, 0x127, 0x0, 0x1, [@typed={0x14, 0x3f, 0x0, 0x0, @ipv6=@loopback}]}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4) r3 = socket(0x11, 0x80003, 0x300) mmap$auto(0x3, 0x8001, 0x62, 0x10, r2, 0x7) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb2, 0x40000000000a1, 0x8000) setsockopt$auto(r3, 0x107, 0x12, 0x0, 0x4) 4.219150848s ago: executing program 0 (id=7038): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x1, 0x20009, 0x8, 0xeb1, 0x7f, 0x8000) rseq$auto(0x0, 0xfffffff5, 0x0, 0x5) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket(0x2b, 0x1, 0x1) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40001, 0x0) getsockopt$auto(r0, 0x1, 0x1a, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r1 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00) read$auto(r1, 0x0, 0x0) 4.03419324s ago: executing program 4 (id=7039): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x929, 0x44b, 0x7, 0x5, 0x100717e, 0xd1, 0x7, 0x7, 0x7ff, 0xfffffffe, 0x80000001, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffb, 0x8, 0x0, 0x2, 0x0, 0x864, 0xe, 0x22000, 0x200, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0xa, 0xd) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd01, &(0x7f00000001c0)) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x141241, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto_proc_projid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) mincore$auto(0x1000, 0x4000000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) 3.00354797s ago: executing program 4 (id=7040): fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) semctl$auto(0x201, 0x2, 0x13, 0x1) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_l2cap_debugfs_fops_(r0, &(0x7f0000000240)=""/177, 0xb1) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x100000000021, 0x8000002000000000, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rt_sigaction$auto(0xfffffff8, &(0x7f0000000380)={&(0x7f0000000140)=0x0, 0x7, 0x0, {0xfffffffffffffff8}}, &(0x7f00000004c0)={0x0, 0x6, 0x0, {0x1}}, 0x8) capset$auto(0x0, 0x0) io_uring_setup$auto(0x6, 0x0) mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xcb) 2.955882039s ago: executing program 0 (id=7041): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x900, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) r0 = socket(0x1e, 0x4, 0x0) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) 2.793644101s ago: executing program 1 (id=7042): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) setsockopt$auto(0x3, 0x6, 0x100000000, 0xfffffffffffffffc, 0xa) mmap$auto(0x235, 0x40000a, 0x20000000000d, 0x208018, 0xffffffffffffffff, 0x200000001) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40800, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0xa) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) mincore$auto(0x1000, 0x8001, 0x0) close_range$auto(0x2, 0x8, 0x0) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0xa, 0x40000000000000) 2.457747019s ago: executing program 3 (id=7043): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000b80)='/sys/kernel/debug/dri/vkms/Writeback-1/force\x00', 0x2, 0x0) socket(0x10, 0x2, 0x4) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyt2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socketpair$auto(0x5b, 0x2, 0x420000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 2.27865354s ago: executing program 3 (id=7044): socket(0xa, 0x3, 0x3b) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x1, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0xb, 0x5}, 0x7) 2.125307541s ago: executing program 3 (id=7045): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xe2a02, 0x0) mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x10000000000000b, 0x0) madvise$auto(0x0, 0x5, 0x15) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) 1.819397951s ago: executing program 0 (id=7046): rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x10000c5, 0x0, 0x40eb2, 0x402, 0x300000000000) shmctl$auto_SHM_STAT_ANY(0x7ff, 0xf, 0x0) unshare$auto(0x40000080) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video8\x00', 0x802, 0x0) ioctl$auto_SG_GET_TRANSFORM(0xffffffffffffffff, 0x2205, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000012c0)='/sys/kernel/debug/lru_gen\x00', 0xc002, 0x0) madvise$auto(0x0, 0x3, 0x66) 1.228736529s ago: executing program 3 (id=7047): fcntl$auto(0xffffffffffffffff, 0x409, 0x40003f) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) waitid$auto_P_PID(0x1, 0xffffffffffffffff, 0x0, 0x80000001, &(0x7f00000002c0)={{0x7fff, 0x3}, {0x100000000, 0xffffffff00000001}, 0x6, 0xa9f, 0x4, 0x2, 0x100, 0xb18, 0xb, 0x9, 0x1, 0x7f, 0x4, 0xf9f6, 0xdc73, 0x6}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) io_uring_setup$auto(0x7, 0x0) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) r0 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cmdline\x00', 0x60502, 0x0) read$auto_proc_pid_cmdline_ops_base(r0, &(0x7f0000000040)=""/159, 0x9f) socket(0xa, 0x801, 0x84) 1.227941857s ago: executing program 1 (id=7055): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sr0\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket(0x200000000000011, 0x2, 0x0) ioctl$auto_KVM_GET_EMULATED_CPUID(0xffffffffffffffff, 0xc008ae09, &(0x7f0000000040)={0x6, 0x0, [{0x3, 0x1, 0x774, 0x401, 0x7fffffff, 0x80000000, 0x3}]}) ustat$auto(0x1, &(0x7f0000000000)={0xfff, 0x2, "be5705f65205", "184885ca64ad"}) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x1900, 0x0) read$auto_fops_blob_file(0xffffffffffffffff, &(0x7f0000000180)=""/76, 0x4c) pread64$auto(r1, 0x0, 0xe, 0x100000000007) read$auto(r0, 0x0, 0xe8) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f682, 0x0) ioctl$auto_BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000000c0)={"2252f65ca1b92f72a92538725b0694521629e8c3e6ba91c62e2e9d42cf4aef15", 0x4, 0x1ff, 0x8000, 0x6, 0xff}) 966.850729ms ago: executing program 4 (id=7048): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x2, 0x1) socket(0x2, 0x801, 0x106) socket(0x26, 0x80805, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x145) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x1e}, 0x3) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) write$auto(r0, 0x0, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) 107.4911ms ago: executing program 4 (id=7049): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x2, 0x0) r0 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x100) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x10b}, 0x800009}, 0x5, 0x20000000) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0x6}, 0x5, 0x400) 0s ago: executing program 1 (id=7050): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0x4140aecd, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto_KVM_CREATE_VM(r0, 0x4138ae84, 0x0) kernel console output (not intermixed with test programs): 4551] dump_stack_lvl+0x16c/0x1f0 [ 950.091272][T24551] should_fail_ex+0x512/0x640 [ 950.091316][T24551] should_fail_alloc_page+0xe7/0x130 [ 950.091346][T24551] prepare_alloc_pages+0x3c2/0x610 [ 950.091378][T24551] ? rcu_is_watching+0x12/0xc0 [ 950.091410][T24551] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 950.091454][T24551] ? rcu_is_watching+0x12/0xc0 [ 950.091482][T24551] ? trace_mm_page_alloc+0x11f/0x1a0 [ 950.091512][T24551] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 950.091552][T24551] ? __pfx_stack_trace_save+0x10/0x10 [ 950.091582][T24551] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 950.091633][T24551] ? alloc_vmap_area+0xdc8/0x29c0 [ 950.091660][T24551] ? __vmalloc_node_range_noprof+0x271/0x14b0 [ 950.091692][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.091724][T24551] ? do_syscall_64+0xcd/0x490 [ 950.091757][T24551] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.091802][T24551] alloc_pages_bulk_noprof+0x71c/0x1410 [ 950.091839][T24551] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 950.091879][T24551] ? policy_nodemask+0xea/0x4e0 [ 950.091910][T24551] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 950.091949][T24551] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 950.091991][T24551] kasan_populate_vmalloc+0xf1/0x1f0 [ 950.092043][T24551] alloc_vmap_area+0x959/0x29c0 [ 950.092087][T24551] ? __pfx_alloc_vmap_area+0x10/0x10 [ 950.092126][T24551] __get_vm_area_node+0x1ca/0x330 [ 950.092165][T24551] __vmalloc_node_range_noprof+0x271/0x14b0 [ 950.092201][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.092241][T24551] ? __lock_acquire+0xb8a/0x1c90 [ 950.092275][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.092316][T24551] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 950.092351][T24551] ? __alloc_pages_noprof+0xb/0x1b0 [ 950.092387][T24551] ? ___kmalloc_large_node+0x84/0x1e0 [ 950.092415][T24551] ? find_held_lock+0x2b/0x80 [ 950.092450][T24551] __kvmalloc_node_noprof+0x30a/0x620 [ 950.092485][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.092517][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.092556][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.092586][T24551] __do_sys_listmount+0x1c2/0xec0 [ 950.092625][T24551] ? __x64_sys_futex+0x1e0/0x4c0 [ 950.092656][T24551] ? __x64_sys_futex+0x1e9/0x4c0 [ 950.092687][T24551] ? __pfx___do_sys_listmount+0x10/0x10 [ 950.092738][T24551] do_syscall_64+0xcd/0x490 [ 950.092779][T24551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.092806][T24551] RIP: 0033:0x7fc6bfb8e929 [ 950.092829][T24551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 950.092856][T24551] RSP: 002b:00007fc6c0975038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 950.092883][T24551] RAX: ffffffffffffffda RBX: 00007fc6bfdb6080 RCX: 00007fc6bfb8e929 [ 950.092902][T24551] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 950.092920][T24551] RBP: 00007fc6bfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 950.092936][T24551] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 950.092952][T24551] R13: 0000000000000000 R14: 00007fc6bfdb6080 R15: 00007ffd65ebc168 [ 950.092988][T24551] [ 950.094248][T24551] warn_alloc: 1 callbacks suppressed [ 950.094264][T24551] syz.4.6422: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null) [ 950.183137][T24554] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6423'. [ 950.217466][T24551] ,cpuset=/,mems_allowed=0-1 [ 950.473078][T24551] CPU: 1 UID: 0 PID: 24551 Comm: syz.4.6422 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 950.473124][T24551] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 950.473135][T24551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 950.473149][T24551] Call Trace: [ 950.473158][T24551] [ 950.473168][T24551] dump_stack_lvl+0x16c/0x1f0 [ 950.473209][T24551] warn_alloc+0x248/0x3a0 [ 950.473247][T24551] ? __pfx_warn_alloc+0x10/0x10 [ 950.473293][T24551] ? kfree+0x2b4/0x4d0 [ 950.473333][T24551] ? __get_vm_area_node+0x208/0x330 [ 950.473371][T24551] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 950.473412][T24551] ? __lock_acquire+0xb8a/0x1c90 [ 950.473446][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.473486][T24551] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 950.473520][T24551] ? __alloc_pages_noprof+0xb/0x1b0 [ 950.473555][T24551] ? ___kmalloc_large_node+0x84/0x1e0 [ 950.473582][T24551] ? find_held_lock+0x2b/0x80 [ 950.473634][T24551] __kvmalloc_node_noprof+0x30a/0x620 [ 950.473668][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.473701][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.473739][T24551] ? __do_sys_listmount+0x1c2/0xec0 [ 950.473767][T24551] __do_sys_listmount+0x1c2/0xec0 [ 950.473805][T24551] ? __x64_sys_futex+0x1e0/0x4c0 [ 950.473834][T24551] ? __x64_sys_futex+0x1e9/0x4c0 [ 950.473866][T24551] ? __pfx___do_sys_listmount+0x10/0x10 [ 950.473915][T24551] do_syscall_64+0xcd/0x490 [ 950.473954][T24551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.473979][T24551] RIP: 0033:0x7fc6bfb8e929 [ 950.474000][T24551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 950.474025][T24551] RSP: 002b:00007fc6c0975038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 950.474050][T24551] RAX: ffffffffffffffda RBX: 00007fc6bfdb6080 RCX: 00007fc6bfb8e929 [ 950.474067][T24551] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 950.474083][T24551] RBP: 00007fc6bfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 950.474099][T24551] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 950.474115][T24551] R13: 0000000000000000 R14: 00007fc6bfdb6080 R15: 00007ffd65ebc168 [ 950.474146][T24551] [ 950.474155][T24551] Mem-Info: [ 950.868119][T24551] active_anon:20729 inactive_anon:66173 isolated_anon:0 [ 950.868119][T24551] active_file:26925 inactive_file:38629 isolated_file:0 [ 950.868119][T24551] unevictable:768 dirty:857 writeback:0 [ 950.868119][T24551] slab_reclaimable:12229 slab_unreclaimable:95349 [ 950.868119][T24551] mapped:28280 shmem:60601 pagetables:1547 [ 950.868119][T24551] sec_pagetables:0 bounce:0 [ 950.868119][T24551] kernel_misc_reclaimable:0 [ 950.868119][T24551] free:1227778 free_pcp:16983 free_cma:0 [ 951.093812][T24551] Node 0 active_anon:82916kB inactive_anon:260492kB active_file:107700kB inactive_file:154392kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116220kB dirty:3428kB writeback:0kB shmem:236468kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11764kB pagetables:6024kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 951.164094][T24551] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:124kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 951.233132][T24551] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 951.283044][T24551] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 951.293625][T24551] Node 0 DMA32 free:982228kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:82964kB inactive_anon:256392kB active_file:106448kB inactive_file:154320kB unevictable:1536kB writepending:3428kB present:3129332kB managed:2540352kB mlocked:0kB bounce:0kB free_pcp:70832kB local_pcp:15612kB free_cma:0kB [ 951.392236][T24551] lowmem_reserve[]: 0 0 1 1 1 [ 951.397464][T24551] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:1252kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 951.454732][T24551] lowmem_reserve[]: 0 0 0 0 0 [ 951.459540][T24551] Node 1 Normal free:3912512kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:124kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:7372kB local_pcp:3024kB free_cma:0kB [ 951.468919][T24562] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6425'. [ 951.550199][T24551] lowmem_reserve[]: 0 0 0 0 0 [ 951.555561][T24551] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 951.591124][T24551] Node 0 DMA32: 2358*4kB (UME) 856*8kB (UME) 647*16kB (UME) 558*32kB (UME) 410*64kB (UME) 254*128kB (UME) 157*256kB (UME) 122*512kB (UME) 95*1024kB (UM) 9*2048kB (UM) 161*4096kB (UM) = 981064kB [ 951.641931][T24562] veth0_macvtap: left promiscuous mode [ 951.651118][T24551] Node 0 Normal: 3*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 951.690773][T24551] Node 1 Normal: 234*4kB (UE) 57*8kB (UME) 39*16kB (UME) 225*32kB (UME) 105*64kB (UME) 34*128kB (UME) 16*256kB (UM) 12*512kB (UME) 3*1024kB (UME) 4*2048kB (UE) 945*4096kB (UM) = 3912512kB [ 951.743886][T24551] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 951.778218][T24551] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 951.813655][T24551] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 951.835411][T24551] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 951.864591][T24551] 121831 total pagecache pages [ 951.871162][T24551] 10 pages in swap cache [ 951.899527][T24551] Free swap = 124772kB [ 951.903736][T24551] Total swap = 124996kB [ 951.907909][T24551] 2097051 pages RAM [ 951.922217][T24551] 0 pages HighMem/MovableOnly [ 951.926946][T24551] 429985 pages reserved [ 951.928217][T24565] netlink: 186 bytes leftover after parsing attributes in process `syz.0.6426'. [ 951.949657][T24551] 0 pages cma reserved [ 953.387192][T24581] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6432'. [ 953.635067][T24588] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6434'. [ 953.694017][T24588] netlink: 294 bytes leftover after parsing attributes in process `syz.4.6434'. [ 954.696301][T24605] FAULT_INJECTION: forcing a failure. [ 954.696301][T24605] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 954.722787][T24605] CPU: 1 UID: 0 PID: 24605 Comm: syz.3.6438 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 954.722839][T24605] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 954.722851][T24605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 954.722868][T24605] Call Trace: [ 954.722878][T24605] [ 954.722889][T24605] dump_stack_lvl+0x16c/0x1f0 [ 954.722935][T24605] should_fail_ex+0x512/0x640 [ 954.722975][T24605] should_fail_alloc_page+0xe7/0x130 [ 954.723004][T24605] prepare_alloc_pages+0x3c2/0x610 [ 954.723034][T24605] ? rcu_is_watching+0x12/0xc0 [ 954.723066][T24605] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 954.723113][T24605] ? rcu_is_watching+0x12/0xc0 [ 954.723140][T24605] ? trace_mm_page_alloc+0x11f/0x1a0 [ 954.723171][T24605] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 954.723210][T24605] ? __pfx_stack_trace_save+0x10/0x10 [ 954.723240][T24605] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 954.723290][T24605] ? alloc_vmap_area+0x645/0x29c0 [ 954.723317][T24605] ? __vmalloc_node_range_noprof+0x271/0x14b0 [ 954.723348][T24605] ? __do_sys_listmount+0x1c2/0xec0 [ 954.723377][T24605] ? do_syscall_64+0xcd/0x490 [ 954.723411][T24605] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 954.723454][T24605] alloc_pages_bulk_noprof+0x71c/0x1410 [ 954.723490][T24605] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 954.723531][T24605] ? policy_nodemask+0xea/0x4e0 [ 954.723580][T24605] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 954.723622][T24605] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 954.723665][T24605] kasan_populate_vmalloc+0xf1/0x1f0 [ 954.723709][T24605] alloc_vmap_area+0x959/0x29c0 [ 954.723753][T24605] ? __pfx_alloc_vmap_area+0x10/0x10 [ 954.723792][T24605] __get_vm_area_node+0x1ca/0x330 [ 954.723830][T24605] __vmalloc_node_range_noprof+0x271/0x14b0 [ 954.723863][T24605] ? __do_sys_listmount+0x1c2/0xec0 [ 954.723903][T24605] ? __lock_acquire+0xb8a/0x1c90 [ 954.723936][T24605] ? __do_sys_listmount+0x1c2/0xec0 [ 954.723976][T24605] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 954.724010][T24605] ? __alloc_pages_noprof+0xb/0x1b0 [ 954.724045][T24605] ? ___kmalloc_large_node+0x84/0x1e0 [ 954.724074][T24605] ? find_held_lock+0x2b/0x80 [ 954.724108][T24605] __kvmalloc_node_noprof+0x30a/0x620 [ 954.724143][T24605] ? __do_sys_listmount+0x1c2/0xec0 [ 954.724176][T24605] ? __do_sys_listmount+0x1c2/0xec0 [ 954.724214][T24605] ? __do_sys_listmount+0x1c2/0xec0 [ 954.724243][T24605] __do_sys_listmount+0x1c2/0xec0 [ 954.724281][T24605] ? __x64_sys_futex+0x1e0/0x4c0 [ 954.724311][T24605] ? __x64_sys_futex+0x1e9/0x4c0 [ 954.724342][T24605] ? __pfx___do_sys_listmount+0x10/0x10 [ 954.724392][T24605] do_syscall_64+0xcd/0x490 [ 954.724431][T24605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 954.724458][T24605] RIP: 0033:0x7f38fc18e929 [ 954.724481][T24605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 954.724508][T24605] RSP: 002b:00007f38fd07d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 954.724535][T24605] RAX: ffffffffffffffda RBX: 00007f38fc3b6080 RCX: 00007f38fc18e929 [ 954.724560][T24605] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 954.724577][T24605] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 954.724594][T24605] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 954.724611][T24605] R13: 0000000000000000 R14: 00007f38fc3b6080 R15: 00007ffd0eae4c48 [ 954.724648][T24605] [ 955.828861][T24625] binder: 24620:24625 ioctl c00c620f 200000000180 returned -22 [ 956.311251][T24634] Dead loop on virtual device ip6_vti0, fix it urgently! [ 956.337357][T24634] Dead loop on virtual device ip6_vti0, fix it urgently! [ 956.366837][T24634] Dead loop on virtual device ip6_vti0, fix it urgently! [ 956.397804][T24634] Dead loop on virtual device ip6_vti0, fix it urgently! [ 956.421077][T24634] Dead loop on virtual device ip6_vti0, fix it urgently! [ 956.466501][T24634] Dead loop on virtual device ip6_vti0, fix it urgently! [ 956.839853][T24647] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6451'. [ 957.324514][T24658] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6456'. [ 957.388272][T24658] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 957.673114][T24667] binder: 24664:24667 ioctl c00c620f 200000000180 returned -22 [ 958.006428][T24677] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 959.523275][T24710] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6471'. [ 959.882515][T24710] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6471'. [ 960.005369][T24710] netlink: 290 bytes leftover after parsing attributes in process `syz.1.6471'. [ 961.035135][T24736] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6480'. [ 961.722282][T24754] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 961.764747][ T5849] Bluetooth: hci2: unexpected event 0x03 length: 17 > 11 [ 963.587688][T24789] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6494'. [ 963.688899][T24795] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6494'. [ 963.733134][T24795] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6494'. [ 963.796490][T24795] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6494'. [ 963.823545][T24803] netlink: 'syz.0.6500': attribute type 5 has an invalid length. [ 963.840267][T24803] netlink: 'syz.0.6500': attribute type 1 has an invalid length. [ 963.857624][T24795] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6494'. [ 963.867041][T24803] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6500'. [ 963.897294][T24806] netlink: 'syz.0.6500': attribute type 5 has an invalid length. [ 963.905073][T24806] netlink: 'syz.0.6500': attribute type 1 has an invalid length. [ 963.932773][T24806] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6500'. [ 963.952283][T24795] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6494'. [ 964.026585][T24795] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6494'. [ 964.074605][T24795] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6494'. [ 968.979811][T24914] __nla_validate_parse: 2 callbacks suppressed [ 968.979835][T24914] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6530'. [ 969.032803][T24914] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6530'. [ 969.093046][T24901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6525'. [ 969.913403][T24928] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6540'. [ 969.950007][T24928] veth0_macvtap: entered allmulticast mode [ 970.403008][T24946] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6536'. [ 970.413089][T24946] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6536'. [ 971.212887][ T5849] Bluetooth: hci3: unexpected event 0x03 length: 17 > 11 [ 971.703914][T24976] sctp: [Deprecated]: syz.4.6547 (pid 24976) Use of struct sctp_assoc_value in delayed_ack socket option. [ 971.703914][T24976] Use struct sctp_sack_info instead [ 971.774391][T24982] FAULT_INJECTION: forcing a failure. [ 971.774391][T24982] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 971.799383][T24982] CPU: 0 UID: 0 PID: 24982 Comm: syz.1.6549 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 971.799432][T24982] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 971.799444][T24982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 971.799460][T24982] Call Trace: [ 971.799469][T24982] [ 971.799480][T24982] dump_stack_lvl+0x16c/0x1f0 [ 971.799523][T24982] should_fail_ex+0x512/0x640 [ 971.799568][T24982] should_fail_alloc_page+0xe7/0x130 [ 971.799596][T24982] prepare_alloc_pages+0x3c2/0x610 [ 971.799626][T24982] ? rcu_is_watching+0x12/0xc0 [ 971.799658][T24982] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 971.799702][T24982] ? rcu_is_watching+0x12/0xc0 [ 971.799729][T24982] ? trace_mm_page_alloc+0x11f/0x1a0 [ 971.799759][T24982] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 971.799796][T24982] ? __pfx_stack_trace_save+0x10/0x10 [ 971.799824][T24982] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 971.799870][T24982] ? alloc_vmap_area+0x645/0x29c0 [ 971.799896][T24982] ? __vmalloc_node_range_noprof+0x271/0x14b0 [ 971.799925][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 971.799954][T24982] ? do_syscall_64+0xcd/0x490 [ 971.799988][T24982] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 971.800029][T24982] alloc_pages_bulk_noprof+0x71c/0x1410 [ 971.800065][T24982] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 971.800114][T24982] ? policy_nodemask+0xea/0x4e0 [ 971.800143][T24982] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 971.800183][T24982] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 971.800222][T24982] kasan_populate_vmalloc+0xf1/0x1f0 [ 971.800265][T24982] alloc_vmap_area+0x959/0x29c0 [ 971.800308][T24982] ? __pfx_alloc_vmap_area+0x10/0x10 [ 971.800347][T24982] __get_vm_area_node+0x1ca/0x330 [ 971.800383][T24982] __vmalloc_node_range_noprof+0x271/0x14b0 [ 971.800416][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 971.800454][T24982] ? __lock_acquire+0xb8a/0x1c90 [ 971.800488][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 971.800529][T24982] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 971.800564][T24982] ? __alloc_pages_noprof+0xb/0x1b0 [ 971.800599][T24982] ? ___kmalloc_large_node+0x84/0x1e0 [ 971.800627][T24982] ? find_held_lock+0x2b/0x80 [ 971.800661][T24982] __kvmalloc_node_noprof+0x30a/0x620 [ 971.800697][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 971.800731][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 971.800769][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 971.800798][T24982] __do_sys_listmount+0x1c2/0xec0 [ 971.800837][T24982] ? __x64_sys_futex+0x1e0/0x4c0 [ 971.800866][T24982] ? __x64_sys_futex+0x1e9/0x4c0 [ 971.800898][T24982] ? __pfx___do_sys_listmount+0x10/0x10 [ 971.800948][T24982] do_syscall_64+0xcd/0x490 [ 971.800987][T24982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 971.801013][T24982] RIP: 0033:0x7f62b458e929 [ 971.801037][T24982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 971.801064][T24982] RSP: 002b:00007f62b536d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 971.801090][T24982] RAX: ffffffffffffffda RBX: 00007f62b47b6080 RCX: 00007f62b458e929 [ 971.801117][T24982] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 971.801134][T24982] RBP: 00007f62b4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 971.801152][T24982] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 971.801169][T24982] R13: 0000000000000000 R14: 00007f62b47b6080 R15: 00007ffe2c488738 [ 971.801205][T24982] [ 971.804836][T24982] warn_alloc: 2 callbacks suppressed [ 971.804848][T24982] syz.1.6549: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 972.193333][T24982] CPU: 1 UID: 0 PID: 24982 Comm: syz.1.6549 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 972.193381][T24982] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 972.193393][T24982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 972.193408][T24982] Call Trace: [ 972.193417][T24982] [ 972.193428][T24982] dump_stack_lvl+0x16c/0x1f0 [ 972.193470][T24982] warn_alloc+0x248/0x3a0 [ 972.193510][T24982] ? __pfx_warn_alloc+0x10/0x10 [ 972.193549][T24982] ? kfree+0x2b4/0x4d0 [ 972.193588][T24982] ? __get_vm_area_node+0x208/0x330 [ 972.193626][T24982] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 972.193668][T24982] ? __lock_acquire+0xb8a/0x1c90 [ 972.193703][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 972.193754][T24982] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 972.193789][T24982] ? __alloc_pages_noprof+0xb/0x1b0 [ 972.193824][T24982] ? ___kmalloc_large_node+0x84/0x1e0 [ 972.193850][T24982] ? find_held_lock+0x2b/0x80 [ 972.193884][T24982] __kvmalloc_node_noprof+0x30a/0x620 [ 972.193924][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 972.193955][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 972.193990][T24982] ? __do_sys_listmount+0x1c2/0xec0 [ 972.194018][T24982] __do_sys_listmount+0x1c2/0xec0 [ 972.194055][T24982] ? __x64_sys_futex+0x1e0/0x4c0 [ 972.194085][T24982] ? __x64_sys_futex+0x1e9/0x4c0 [ 972.194116][T24982] ? __pfx___do_sys_listmount+0x10/0x10 [ 972.194162][T24982] do_syscall_64+0xcd/0x490 [ 972.194201][T24982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 972.194227][T24982] RIP: 0033:0x7f62b458e929 [ 972.194250][T24982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 972.194276][T24982] RSP: 002b:00007f62b536d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 972.194300][T24982] RAX: ffffffffffffffda RBX: 00007f62b47b6080 RCX: 00007f62b458e929 [ 972.194319][T24982] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000100 [ 972.194336][T24982] RBP: 00007f62b4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 972.194353][T24982] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 972.194371][T24982] R13: 0000000000000000 R14: 00007f62b47b6080 R15: 00007ffe2c488738 [ 972.194404][T24982] [ 972.314280][T24988] netlink: 314 bytes leftover after parsing attributes in process `syz.0.6550'. [ 972.434264][T24982] Mem-Info: [ 972.437411][T24982] active_anon:21245 inactive_anon:50716 isolated_anon:0 [ 972.437411][T24982] active_file:26921 inactive_file:38615 isolated_file:0 [ 972.437411][T24982] unevictable:768 dirty:785 writeback:0 [ 972.437411][T24982] slab_reclaimable:11836 slab_unreclaimable:95115 [ 972.437411][T24982] mapped:25318 shmem:46613 pagetables:1475 [ 972.437411][T24982] sec_pagetables:0 bounce:0 [ 972.437411][T24982] kernel_misc_reclaimable:0 [ 972.437411][T24982] free:1243217 free_pcp:16422 free_cma:0 [ 972.555848][T24982] Node 0 active_anon:84980kB inactive_anon:202764kB active_file:107684kB inactive_file:154336kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101272kB dirty:3140kB writeback:0kB shmem:184916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11632kB pagetables:5636kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 972.597883][T24986] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6550'. [ 972.635478][T24990] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6551'. [ 972.661691][T24982] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:124kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 972.732020][T24982] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 972.761684][T24982] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 972.788656][T24982] Node 0 DMA32 free:1048432kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:84928kB inactive_anon:202780kB active_file:106432kB inactive_file:154264kB unevictable:1536kB writepending:3176kB present:3129332kB managed:2540352kB mlocked:0kB bounce:0kB free_pcp:54988kB local_pcp:23364kB free_cma:0kB [ 972.836699][T24987] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6550'. [ 972.889421][T24982] lowmem_reserve[]: 0 0 1 1 1 [ 972.895709][T24982] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:1252kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 972.932949][T24982] lowmem_reserve[]: 0 0 0 0 0 [ 972.937985][T24982] Node 1 Normal free:3915184kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:124kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:4692kB local_pcp:0kB free_cma:0kB [ 972.996586][T24982] lowmem_reserve[]: 0 0 0 0 0 [ 973.003703][T24982] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 973.091437][T24982] Node 0 DMA32: 3236*4kB (UM) 2731*8kB (UM) 1752*16kB (UME) 716*32kB (UME) 223*64kB (UME) 217*128kB (UME) 169*256kB (UME) 128*512kB (UME) 97*1024kB (UM) 14*2048kB (UM) 167*4096kB (UM) = 1048616kB [ 973.148614][T24982] Node 0 Normal: 3*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 973.163377][T24982] Node 1 Normal: 236*4kB (UME) 60*8kB (UME) 38*16kB (UME) 224*32kB (UME) 103*64kB (UE) 34*128kB (UME) 15*256kB (UM) 12*512kB (UME) 4*1024kB (UME) 5*2048kB (UME) 945*4096kB (UM) = 3915184kB [ 973.191910][T24982] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 973.217091][T24982] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 973.247117][T24982] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 973.263176][T24982] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 973.276172][T24982] 112149 total pagecache pages [ 973.292055][T24982] 4 pages in swap cache [ 973.297675][T24982] Free swap = 122940kB [ 973.336142][T24982] Total swap = 124996kB [ 973.347569][T24982] 2097051 pages RAM [ 973.367301][T24982] 0 pages HighMem/MovableOnly [ 973.376250][T24982] 429985 pages reserved [ 973.412226][T24982] 0 pages cma reserved [ 975.281388][T25053] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 975.304105][T25053] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 975.695485][T25062] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 976.723107][T25076] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 976.929933][T25085] __nla_validate_parse: 6 callbacks suppressed [ 976.929953][T25085] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6579'. [ 977.439875][T25102] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6583'. [ 977.534837][T25105] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 978.348826][T25121] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6592'. [ 978.358439][T25121] bridge_slave_0: left allmulticast mode [ 978.371972][T25121] bridge_slave_0: left promiscuous mode [ 978.389181][T25121] bridge0: port 1(bridge_slave_0) entered disabled state [ 979.756710][T25143] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6596'. [ 980.009485][T25150] FAULT_INJECTION: forcing a failure. [ 980.009485][T25150] name failslab, interval 1, probability 0, space 0, times 0 [ 980.063237][T25150] CPU: 0 UID: 0 PID: 25150 Comm: syz.3.6598 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 980.063299][T25150] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 980.063310][T25150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 980.063326][T25150] Call Trace: [ 980.063335][T25150] [ 980.063347][T25150] dump_stack_lvl+0x16c/0x1f0 [ 980.063390][T25150] should_fail_ex+0x512/0x640 [ 980.063425][T25150] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 980.063469][T25150] should_failslab+0xc2/0x120 [ 980.063497][T25150] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 980.063535][T25150] ? mark_held_locks+0x49/0x80 [ 980.063569][T25150] ? kstrdup_const+0x63/0x80 [ 980.063610][T25150] kstrdup+0x53/0x100 [ 980.063648][T25150] kstrdup_const+0x63/0x80 [ 980.063684][T25150] kvasprintf_const+0x10f/0x1a0 [ 980.063713][T25150] kobject_set_name_vargs+0x5a/0x140 [ 980.063742][T25150] dev_set_name+0xc7/0x100 [ 980.063773][T25150] ? __pfx_dev_set_name+0x10/0x10 [ 980.063807][T25150] ? lockdep_init_map_type+0x5c/0x280 [ 980.063844][T25150] ? __init_waitqueue_head+0xca/0x150 [ 980.063879][T25150] netdev_register_kobject+0xc5/0x3a0 [ 980.063912][T25150] register_netdevice+0x13dc/0x2270 [ 980.063946][T25150] ? __pfx_register_netdevice+0x10/0x10 [ 980.063981][T25150] __ip_tunnel_create+0x540/0x6e0 [ 980.064012][T25150] ? __pfx___ip_tunnel_create+0x10/0x10 [ 980.064053][T25150] ip_tunnel_init_net+0x22f/0x7d0 [ 980.064087][T25150] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 980.064125][T25150] ? trace_kmalloc+0x2b/0xd0 [ 980.064150][T25150] ? __kmalloc_noprof+0x242/0x510 [ 980.064185][T25150] ? lockdep_init_map_type+0x5c/0x280 [ 980.064224][T25150] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 980.064270][T25150] ops_init+0x1df/0x5f0 [ 980.064314][T25150] setup_net+0x1ff/0x510 [ 980.064351][T25150] ? lockdep_init_map_type+0x5c/0x280 [ 980.064387][T25150] ? __pfx_setup_net+0x10/0x10 [ 980.064427][T25150] ? debug_mutex_init+0x37/0x70 [ 980.064459][T25150] copy_net_ns+0x2a6/0x5f0 [ 980.064491][T25150] create_new_namespaces+0x3ea/0xa90 [ 980.064529][T25150] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 980.064561][T25150] ksys_unshare+0x45b/0xa40 [ 980.064594][T25150] ? __pfx_ksys_unshare+0x10/0x10 [ 980.064629][T25150] ? xfd_validate_state+0x61/0x180 [ 980.064674][T25150] __x64_sys_unshare+0x31/0x40 [ 980.064707][T25150] do_syscall_64+0xcd/0x490 [ 980.064746][T25150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 980.064773][T25150] RIP: 0033:0x7f38fc18e929 [ 980.064795][T25150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 980.064820][T25150] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 980.064846][T25150] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 980.064864][T25150] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 980.064881][T25150] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 980.064898][T25150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 980.064914][T25150] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 980.064950][T25150] [ 980.384614][ C0] vkms_vblank_simulate: vblank timer overrun [ 980.494271][T25155] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6600'. [ 980.505549][T25158] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6600'. [ 980.522729][T25155] netlink: 306 bytes leftover after parsing attributes in process `syz.1.6600'. [ 980.533839][T25158] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6600'. [ 980.543661][T25158] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6600'. [ 980.580553][T25158] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6600'. [ 980.910816][T25167] : Can't lookup blockdev [ 980.919165][T25167] FAULT_INJECTION: forcing a failure. [ 980.919165][T25167] name fail_futex, interval 1, probability 0, space 0, times 0 [ 980.932463][T25167] CPU: 1 UID: 0 PID: 25167 Comm: syz.1.6604 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 980.932512][T25167] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 980.932523][T25167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 980.932539][T25167] Call Trace: [ 980.932549][T25167] [ 980.932559][T25167] dump_stack_lvl+0x16c/0x1f0 [ 980.932601][T25167] should_fail_ex+0x512/0x640 [ 980.932641][T25167] get_futex_key+0x1d0/0x1540 [ 980.932677][T25167] ? __pfx_get_futex_key+0x10/0x10 [ 980.932706][T25167] ? find_held_lock+0x2b/0x80 [ 980.932742][T25167] futex_wake+0xe7/0x4e0 [ 980.932779][T25167] ? __pfx_futex_wake+0x10/0x10 [ 980.932819][T25167] ? find_held_lock+0x2b/0x80 [ 980.932844][T25167] ? __might_fault+0xe3/0x190 [ 980.932882][T25167] do_futex+0x1e3/0x350 [ 980.932912][T25167] ? __pfx_do_futex+0x10/0x10 [ 980.932953][T25167] ? snd_pcm_oss_ioctl+0x2c2/0x37a0 [ 980.932990][T25167] __x64_sys_futex+0x1e0/0x4c0 [ 980.933025][T25167] ? __fget_files+0x20e/0x3c0 [ 980.933059][T25167] ? __pfx___x64_sys_futex+0x10/0x10 [ 980.933094][T25167] ? fput+0x70/0xf0 [ 980.933124][T25167] do_syscall_64+0xcd/0x490 [ 980.933161][T25167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 980.933186][T25167] RIP: 0033:0x7f62b458e929 [ 980.933208][T25167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 980.933235][T25167] RSP: 002b:00007f62b538e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 980.933260][T25167] RAX: ffffffffffffffda RBX: 00007f62b47b5fa8 RCX: 00007f62b458e929 [ 980.933279][T25167] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f62b47b5fac [ 980.933297][T25167] RBP: 00007f62b47b5fa0 R08: 00007f62b538f000 R09: 0000000000000000 [ 980.933314][T25167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f62b47b5fac [ 980.933331][T25167] R13: 0000000000000000 R14: 00007ffe2c488650 R15: 00007ffe2c488738 [ 980.933366][T25167] [ 981.733476][T25180] zswap: compressor not available [ 982.769682][T25204] __nla_validate_parse: 3 callbacks suppressed [ 982.769704][T25204] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6616'. [ 982.786097][T25201] netlink: 306 bytes leftover after parsing attributes in process `syz.0.6615'. [ 983.156838][T25218] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 983.486487][T25228] netlink: 226 bytes leftover after parsing attributes in process `syz.4.6624'. [ 983.521035][T25228] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6624'. [ 984.077003][T25241] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6629'. [ 984.491832][T25252] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 984.667316][T25259] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 985.076370][T25266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6635'. [ 985.168198][T25269] netlink: 'syz.3.6635': attribute type 1 has an invalid length. [ 985.282335][T25269] netlink: 13 bytes leftover after parsing attributes in process `syz.3.6635'. [ 988.759590][T25322] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6647'. [ 988.768697][T25322] bond_slave_1: entered allmulticast mode [ 990.440556][T25351] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6656'. [ 991.033830][T25359] FAULT_INJECTION: forcing a failure. [ 991.033830][T25359] name failslab, interval 1, probability 0, space 0, times 0 [ 991.056995][T25359] CPU: 0 UID: 0 PID: 25359 Comm: syz.3.6661 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 991.057047][T25359] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 991.057065][T25359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 991.057081][T25359] Call Trace: [ 991.057091][T25359] [ 991.057102][T25359] dump_stack_lvl+0x16c/0x1f0 [ 991.057147][T25359] should_fail_ex+0x512/0x640 [ 991.057183][T25359] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 991.057223][T25359] should_failslab+0xc2/0x120 [ 991.057249][T25359] __kmalloc_cache_node_noprof+0x6d/0x420 [ 991.057286][T25359] ? __alloc_workqueue+0x506/0x1810 [ 991.057326][T25359] __alloc_workqueue+0x506/0x1810 [ 991.057372][T25359] alloc_workqueue+0xd2/0x200 [ 991.057404][T25359] ? __pfx_alloc_workqueue+0x10/0x10 [ 991.057444][T25359] ? rcu_is_watching+0x12/0xc0 [ 991.057473][T25359] ? __kmalloc_noprof+0x242/0x510 [ 991.057506][T25359] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 991.057548][T25359] ieee80211_register_hw+0x1e92/0x4140 [ 991.057582][T25359] ? __debug_object_init+0x281/0x3d0 [ 991.057614][T25359] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 991.057645][T25359] ? find_held_lock+0x2b/0x80 [ 991.057673][T25359] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 991.057712][T25359] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 991.057741][T25359] ? __hrtimer_setup+0x176/0x280 [ 991.057783][T25359] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 991.057840][T25359] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 991.057889][T25359] hwsim_new_radio_nl+0xb51/0x12c0 [ 991.057930][T25359] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 991.057984][T25359] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 991.058020][T25359] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 991.058069][T25359] genl_family_rcv_msg_doit+0x209/0x2f0 [ 991.058106][T25359] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 991.058138][T25359] ? trace_cap_capable+0x18d/0x200 [ 991.058175][T25359] ? bpf_lsm_capable+0x9/0x10 [ 991.058204][T25359] ? security_capable+0x7e/0x260 [ 991.058231][T25359] ? ns_capable+0xd7/0x110 [ 991.058263][T25359] genl_rcv_msg+0x55c/0x800 [ 991.058298][T25359] ? __pfx_genl_rcv_msg+0x10/0x10 [ 991.058330][T25359] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 991.058381][T25359] netlink_rcv_skb+0x158/0x420 [ 991.058408][T25359] ? __pfx_genl_rcv_msg+0x10/0x10 [ 991.058441][T25359] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 991.058485][T25359] ? netlink_deliver_tap+0x1ae/0xd30 [ 991.058531][T25359] genl_rcv+0x28/0x40 [ 991.058557][T25359] netlink_unicast+0x53a/0x7f0 [ 991.058589][T25359] ? __pfx_netlink_unicast+0x10/0x10 [ 991.058628][T25359] netlink_sendmsg+0x8d1/0xdd0 [ 991.058662][T25359] ? __pfx_netlink_sendmsg+0x10/0x10 [ 991.058704][T25359] ____sys_sendmsg+0xa98/0xc70 [ 991.058734][T25359] ? copy_msghdr_from_user+0x10a/0x160 [ 991.058770][T25359] ? __pfx_____sys_sendmsg+0x10/0x10 [ 991.058806][T25359] ? __pfx_futex_wake_mark+0x10/0x10 [ 991.058848][T25359] ___sys_sendmsg+0x134/0x1d0 [ 991.058887][T25359] ? __pfx____sys_sendmsg+0x10/0x10 [ 991.058920][T25359] ? __lock_acquire+0x622/0x1c90 [ 991.059001][T25359] __sys_sendmsg+0x16d/0x220 [ 991.059038][T25359] ? __pfx___sys_sendmsg+0x10/0x10 [ 991.059080][T25359] ? __x64_sys_futex+0x1e0/0x4c0 [ 991.059128][T25359] do_syscall_64+0xcd/0x490 [ 991.059164][T25359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 991.059189][T25359] RIP: 0033:0x7f38fc18e929 [ 991.059210][T25359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 991.059237][T25359] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 991.059259][T25359] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 991.059277][T25359] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 991.059294][T25359] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 991.059309][T25359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 991.059323][T25359] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 991.059357][T25359] [ 991.749184][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 991.755528][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 992.823749][T25389] FAULT_INJECTION: forcing a failure. [ 992.823749][T25389] name failslab, interval 1, probability 0, space 0, times 0 [ 992.856787][T25389] CPU: 1 UID: 0 PID: 25389 Comm: syz.3.6668 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 992.856837][T25389] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 992.856849][T25389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 992.856871][T25389] Call Trace: [ 992.856880][T25389] [ 992.856891][T25389] dump_stack_lvl+0x16c/0x1f0 [ 992.856934][T25389] should_fail_ex+0x512/0x640 [ 992.856968][T25389] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 992.857005][T25389] should_failslab+0xc2/0x120 [ 992.857031][T25389] __kmalloc_cache_noprof+0x6a/0x3e0 [ 992.857064][T25389] ? kvm_pic_init+0x4f/0x380 [ 992.857103][T25389] kvm_pic_init+0x4f/0x380 [ 992.857140][T25389] kvm_arch_vm_ioctl+0x8fd/0x1cf0 [ 992.857172][T25389] ? ima_match_policy+0x7f9/0x22e0 [ 992.857200][T25389] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 992.857232][T25389] ? __lock_acquire+0x622/0x1c90 [ 992.857272][T25389] ? __lock_acquire+0x622/0x1c90 [ 992.857313][T25389] ? __lock_acquire+0x622/0x1c90 [ 992.857358][T25389] ? __lock_acquire+0x622/0x1c90 [ 992.857420][T25389] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 992.857452][T25389] ? is_bpf_text_address+0x94/0x1a0 [ 992.857488][T25389] ? kernel_text_address+0x8d/0x100 [ 992.857527][T25389] ? __kernel_text_address+0xd/0x40 [ 992.857550][T25389] ? unwind_get_return_address+0x59/0xa0 [ 992.857589][T25389] ? arch_stack_walk+0xa6/0x100 [ 992.857626][T25389] ? stack_trace_save+0x8e/0xc0 [ 992.857654][T25389] ? __pfx_stack_trace_save+0x10/0x10 [ 992.857682][T25389] ? stack_depot_save_flags+0x28/0xa40 [ 992.857720][T25389] ? __lock_acquire+0xb8a/0x1c90 [ 992.857756][T25389] ? kasan_save_stack+0x42/0x60 [ 992.857790][T25389] ? kasan_save_stack+0x33/0x60 [ 992.857823][T25389] ? kasan_save_track+0x14/0x30 [ 992.857856][T25389] ? kasan_save_free_info+0x3b/0x60 [ 992.857890][T25389] ? __kasan_slab_free+0x51/0x70 [ 992.857924][T25389] ? kfree+0x2b4/0x4d0 [ 992.857952][T25389] ? tomoyo_path_number_perm+0x470/0x580 [ 992.857980][T25389] ? security_file_ioctl+0x9b/0x240 [ 992.858007][T25389] ? __x64_sys_ioctl+0xb7/0x210 [ 992.858034][T25389] ? do_syscall_64+0xcd/0x490 [ 992.858075][T25389] kvm_vm_ioctl+0x19bb/0x3da0 [ 992.858127][T25389] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 992.858186][T25389] ? kasan_quarantine_put+0x10a/0x240 [ 992.858220][T25389] ? lockdep_hardirqs_on+0x7c/0x110 [ 992.858258][T25389] ? find_held_lock+0x2b/0x80 [ 992.858285][T25389] ? tomoyo_path_number_perm+0x295/0x580 [ 992.858320][T25389] ? tomoyo_path_number_perm+0x18d/0x580 [ 992.858353][T25389] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 992.858382][T25389] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 992.858421][T25389] ? do_vfs_ioctl+0x523/0x1a60 [ 992.858450][T25389] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 992.858503][T25389] ? find_held_lock+0x2b/0x80 [ 992.858529][T25389] ? hook_file_ioctl_common+0x145/0x410 [ 992.858564][T25389] ? __fget_files+0x20e/0x3c0 [ 992.858602][T25389] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 992.858640][T25389] __x64_sys_ioctl+0x18e/0x210 [ 992.858672][T25389] do_syscall_64+0xcd/0x490 [ 992.858710][T25389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.858736][T25389] RIP: 0033:0x7f38fc18e929 [ 992.858758][T25389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 992.858784][T25389] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 992.858810][T25389] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 992.858829][T25389] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 992.858846][T25389] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 992.858869][T25389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 992.858886][T25389] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 992.858922][T25389] [ 994.266017][T25413] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6676'. [ 994.661956][T25426] FAULT_INJECTION: forcing a failure. [ 994.661956][T25426] name failslab, interval 1, probability 0, space 0, times 0 [ 994.712347][T25426] CPU: 0 UID: 0 PID: 25426 Comm: syz.4.6680 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 994.712397][T25426] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 994.712409][T25426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 994.712424][T25426] Call Trace: [ 994.712433][T25426] [ 994.712453][T25426] dump_stack_lvl+0x16c/0x1f0 [ 994.712497][T25426] should_fail_ex+0x512/0x640 [ 994.712531][T25426] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 994.712572][T25426] should_failslab+0xc2/0x120 [ 994.712599][T25426] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 994.712634][T25426] ? __proc_create+0xc3/0x8c0 [ 994.712669][T25426] ? __proc_create+0x2ce/0x8c0 [ 994.712710][T25426] __proc_create+0x2ce/0x8c0 [ 994.712748][T25426] ? __pfx___proc_create+0x10/0x10 [ 994.712782][T25426] ? _raw_write_unlock+0x28/0x50 [ 994.712815][T25426] ? proc_register+0x314/0x5f0 [ 994.712863][T25426] _proc_mkdir+0xb9/0x200 [ 994.712887][T25426] ? __pfx__proc_mkdir+0x10/0x10 [ 994.712909][T25426] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 994.712953][T25426] ? __pfx_netfilter_net_init+0x10/0x10 [ 994.712989][T25426] netfilter_net_init+0x37b/0x4b0 [ 994.713022][T25426] ? sysctl_net_init+0x27/0x30 [ 994.713059][T25426] ops_init+0x1df/0x5f0 [ 994.713101][T25426] setup_net+0x1ff/0x510 [ 994.713135][T25426] ? lockdep_init_map_type+0x5c/0x280 [ 994.713170][T25426] ? __pfx_setup_net+0x10/0x10 [ 994.713209][T25426] ? debug_mutex_init+0x37/0x70 [ 994.713239][T25426] copy_net_ns+0x2a6/0x5f0 [ 994.713270][T25426] create_new_namespaces+0x3ea/0xa90 [ 994.713308][T25426] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 994.713340][T25426] ksys_unshare+0x45b/0xa40 [ 994.713375][T25426] ? __pfx_ksys_unshare+0x10/0x10 [ 994.713409][T25426] ? xfd_validate_state+0x61/0x180 [ 994.713461][T25426] __x64_sys_unshare+0x31/0x40 [ 994.713495][T25426] do_syscall_64+0xcd/0x490 [ 994.713535][T25426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.713563][T25426] RIP: 0033:0x7fc6bfb8e929 [ 994.713585][T25426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 994.713610][T25426] RSP: 002b:00007fc6c0996038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 994.713635][T25426] RAX: ffffffffffffffda RBX: 00007fc6bfdb5fa0 RCX: 00007fc6bfb8e929 [ 994.713653][T25426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 994.713670][T25426] RBP: 00007fc6bfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 994.713686][T25426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 994.713702][T25426] R13: 0000000000000000 R14: 00007fc6bfdb5fa0 R15: 00007ffd65ebc168 [ 994.713737][T25426] [ 994.713748][T25426] cannot create netfilter proc entry [ 996.141783][T25454] netlink: 186 bytes leftover after parsing attributes in process `syz.3.6685'. [ 996.173362][T25454] netlink: 186 bytes leftover after parsing attributes in process `syz.3.6685'. [ 996.566800][ T30] audit: type=1804 audit(4294977371.561:30): pid=25465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.6689" name="file0" dev="tmpfs" ino=8856 res=1 errno=0 [ 997.308004][T25470] kexec: Could not allocate control_code_buffer [ 997.434589][T25483] netlink: 504 bytes leftover after parsing attributes in process `syz.1.6696'. [ 997.447275][T25483] netlink: 350 bytes leftover after parsing attributes in process `syz.1.6696'. [ 998.556030][T25511] ERROR: Out of memory at tomoyo_memory_ok. [ 998.589285][T25511] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/1047/:,' not defined. [ 998.673581][T25511] FAULT_INJECTION: forcing a failure. [ 998.673581][T25511] name failslab, interval 1, probability 0, space 0, times 0 [ 998.702779][T25511] CPU: 1 UID: 0 PID: 25511 Comm: syz.4.6709 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 998.702828][T25511] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 998.702838][T25511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 998.702854][T25511] Call Trace: [ 998.702863][T25511] [ 998.702874][T25511] dump_stack_lvl+0x16c/0x1f0 [ 998.702917][T25511] should_fail_ex+0x512/0x640 [ 998.702953][T25511] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 998.702995][T25511] should_failslab+0xc2/0x120 [ 998.703035][T25511] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 998.703071][T25511] ? __asan_memcpy+0x3c/0x60 [ 998.703104][T25511] ? __kernfs_new_node+0xd2/0x8e0 [ 998.703143][T25511] __kernfs_new_node+0xd2/0x8e0 [ 998.703180][T25511] ? __pfx___kernfs_new_node+0x10/0x10 [ 998.703221][T25511] ? find_held_lock+0x2b/0x80 [ 998.703250][T25511] ? kernfs_root+0xee/0x2a0 [ 998.703291][T25511] kernfs_new_node+0x13c/0x1e0 [ 998.703331][T25511] ? net_ns_get_ownership+0xf8/0x1b0 [ 998.703374][T25511] kernfs_create_dir_ns+0x4c/0x1a0 [ 998.703417][T25511] sysfs_create_dir_ns+0x13a/0x2b0 [ 998.703452][T25511] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 998.703483][T25511] ? find_held_lock+0x2b/0x80 [ 998.703513][T25511] ? net_namespace+0x12/0x50 [ 998.703538][T25511] ? device_namespace+0x76/0xa0 [ 998.703568][T25511] kobject_add_internal+0x2c4/0x9b0 [ 998.703601][T25511] kobject_add+0x16e/0x240 [ 998.703627][T25511] ? __pfx_kobject_add+0x10/0x10 [ 998.703655][T25511] ? get_device_parent+0x1c5/0x4e0 [ 998.703694][T25511] ? kobject_put+0xab/0x5a0 [ 998.703742][T25511] device_add+0x288/0x1a70 [ 998.703768][T25511] ? __pfx_dev_set_name+0x10/0x10 [ 998.703797][T25511] ? __pfx_device_add+0x10/0x10 [ 998.703823][T25511] ? lockdep_init_map_type+0x5c/0x280 [ 998.703860][T25511] ? __init_waitqueue_head+0xca/0x150 [ 998.703895][T25511] netdev_register_kobject+0x182/0x3a0 [ 998.703928][T25511] register_netdevice+0x13dc/0x2270 [ 998.703961][T25511] ? __pfx_register_netdevice+0x10/0x10 [ 998.704008][T25511] internal_dev_create+0x2d3/0x520 [ 998.704040][T25511] ovs_vport_add+0x147/0x4d0 [ 998.704084][T25511] new_vport+0x16/0x1d0 [ 998.704117][T25511] ovs_dp_cmd_new+0x6ba/0xe60 [ 998.704163][T25511] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 998.704206][T25511] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 998.704239][T25511] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 998.704276][T25511] genl_family_rcv_msg_doit+0x209/0x2f0 [ 998.704309][T25511] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 998.704339][T25511] ? trace_cap_capable+0x18d/0x200 [ 998.704375][T25511] ? bpf_lsm_capable+0x9/0x10 [ 998.704407][T25511] ? security_capable+0x7e/0x260 [ 998.704435][T25511] ? ns_capable+0xd7/0x110 [ 998.704466][T25511] genl_rcv_msg+0x55c/0x800 [ 998.704501][T25511] ? __pfx_genl_rcv_msg+0x10/0x10 [ 998.704533][T25511] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 998.704581][T25511] netlink_rcv_skb+0x158/0x420 [ 998.704613][T25511] ? __pfx_genl_rcv_msg+0x10/0x10 [ 998.704647][T25511] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 998.704691][T25511] ? netlink_deliver_tap+0x1ae/0xd30 [ 998.704739][T25511] genl_rcv+0x28/0x40 [ 998.704766][T25511] netlink_unicast+0x53a/0x7f0 [ 998.704799][T25511] ? __pfx_netlink_unicast+0x10/0x10 [ 998.704837][T25511] netlink_sendmsg+0x8d1/0xdd0 [ 998.704873][T25511] ? __pfx_netlink_sendmsg+0x10/0x10 [ 998.704915][T25511] ____sys_sendmsg+0xa98/0xc70 [ 998.704945][T25511] ? copy_msghdr_from_user+0x10a/0x160 [ 998.704981][T25511] ? __pfx_____sys_sendmsg+0x10/0x10 [ 998.705027][T25511] ? __pfx_futex_wake_mark+0x10/0x10 [ 998.705071][T25511] ___sys_sendmsg+0x134/0x1d0 [ 998.705111][T25511] ? __pfx____sys_sendmsg+0x10/0x10 [ 998.705144][T25511] ? __lock_acquire+0x622/0x1c90 [ 998.705228][T25511] __sys_sendmsg+0x16d/0x220 [ 998.705264][T25511] ? __pfx___sys_sendmsg+0x10/0x10 [ 998.705299][T25511] ? __x64_sys_futex+0x1e0/0x4c0 [ 998.705352][T25511] do_syscall_64+0xcd/0x490 [ 998.705389][T25511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 998.705414][T25511] RIP: 0033:0x7fc6bfb8e929 [ 998.705438][T25511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 998.705463][T25511] RSP: 002b:00007fc6c0996038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 998.705488][T25511] RAX: ffffffffffffffda RBX: 00007fc6bfdb5fa0 RCX: 00007fc6bfb8e929 [ 998.705506][T25511] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 998.705521][T25511] RBP: 00007fc6bfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 998.705537][T25511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 998.705552][T25511] R13: 0000000000000000 R14: 00007fc6bfdb5fa0 R15: 00007ffd65ebc168 [ 998.705588][T25511] [ 998.705714][T25511] kobject: kobject_add_internal failed for HfR (error: -12 parent: net) [ 998.764114][T25519] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6710'. [ 999.518292][T25531] FAULT_INJECTION: forcing a failure. [ 999.518292][T25531] name failslab, interval 1, probability 0, space 0, times 0 [ 999.531354][T25531] CPU: 1 UID: 0 PID: 25531 Comm: syz.4.6714 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 999.531401][T25531] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 999.531413][T25531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 999.531428][T25531] Call Trace: [ 999.531438][T25531] [ 999.531448][T25531] dump_stack_lvl+0x16c/0x1f0 [ 999.531491][T25531] should_fail_ex+0x512/0x640 [ 999.531525][T25531] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 999.531562][T25531] should_failslab+0xc2/0x120 [ 999.531588][T25531] __kmalloc_cache_noprof+0x6a/0x3e0 [ 999.531623][T25531] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 999.531658][T25531] kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 999.531691][T25531] ? __pfx_kvm_vm_release+0x10/0x10 [ 999.531713][T25531] kvm_put_kvm+0xe4/0xb40 [ 999.531740][T25531] ? lockdep_hardirqs_on+0x7c/0x110 [ 999.531781][T25531] ? __pfx_kvm_vm_release+0x10/0x10 [ 999.531803][T25531] kvm_vm_release+0x3c/0x50 [ 999.531824][T25531] __fput+0x402/0xb70 [ 999.531858][T25531] task_work_run+0x150/0x240 [ 999.531899][T25531] ? __pfx_task_work_run+0x10/0x10 [ 999.531937][T25531] ? __pfx___do_sys_close_range+0x10/0x10 [ 999.531978][T25531] exit_to_user_mode_loop+0xeb/0x110 [ 999.532017][T25531] do_syscall_64+0x3f6/0x490 [ 999.532053][T25531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 999.532077][T25531] RIP: 0033:0x7fc6bfb8e929 [ 999.532099][T25531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 999.532122][T25531] RSP: 002b:00007fc6c0996038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 999.532141][T25531] RAX: 0000000000000000 RBX: 00007fc6bfdb5fa0 RCX: 00007fc6bfb8e929 [ 999.532150][T25531] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 999.532159][T25531] RBP: 00007fc6bfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 999.532167][T25531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 999.532176][T25531] R13: 0000000000000000 R14: 00007fc6bfdb5fa0 R15: 00007ffd65ebc168 [ 999.532194][T25531] [ 1000.091726][T25536] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6717'. [ 1000.447605][T25545] FAULT_INJECTION: forcing a failure. [ 1000.447605][T25545] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1000.484092][T25545] CPU: 0 UID: 0 PID: 25545 Comm: syz.3.6720 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1000.484142][T25545] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1000.484154][T25545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1000.484169][T25545] Call Trace: [ 1000.484177][T25545] [ 1000.484187][T25545] dump_stack_lvl+0x16c/0x1f0 [ 1000.484229][T25545] should_fail_ex+0x512/0x640 [ 1000.484269][T25545] should_fail_alloc_page+0xe7/0x130 [ 1000.484298][T25545] prepare_alloc_pages+0x3c2/0x610 [ 1000.484334][T25545] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1000.484379][T25545] ? __lock_acquire+0x622/0x1c90 [ 1000.484420][T25545] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1000.484469][T25545] ? is_bpf_text_address+0x8a/0x1a0 [ 1000.484503][T25545] ? bpf_ksym_find+0x124/0x1c0 [ 1000.484530][T25545] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1000.484561][T25545] ? is_bpf_text_address+0x94/0x1a0 [ 1000.484594][T25545] ? kernel_text_address+0x8d/0x100 [ 1000.484631][T25545] ? __kernel_text_address+0xd/0x40 [ 1000.484655][T25545] ? unwind_get_return_address+0x59/0xa0 [ 1000.484697][T25545] ? wiphy_new_nm+0x701/0x2160 [ 1000.484721][T25545] __alloc_pages_noprof+0xb/0x1b0 [ 1000.484756][T25545] ___kmalloc_large_node+0x84/0x1e0 [ 1000.484791][T25545] ? wiphy_new_nm+0x701/0x2160 [ 1000.484814][T25545] __kmalloc_large_node_noprof+0x1c/0x70 [ 1000.484860][T25545] __kmalloc_noprof.cold+0xc/0x61 [ 1000.484904][T25545] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 1000.484934][T25545] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 1000.484962][T25545] wiphy_new_nm+0x701/0x2160 [ 1000.485000][T25545] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 1000.485029][T25545] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 1000.485058][T25545] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 1000.485085][T25545] ? __local_bh_enable_ip+0xa4/0x120 [ 1000.485121][T25545] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 1000.485174][T25545] ? __asan_memset+0x23/0x50 [ 1000.485207][T25545] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1000.485255][T25545] hwsim_new_radio_nl+0xb51/0x12c0 [ 1000.485294][T25545] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1000.485341][T25545] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1000.485374][T25545] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1000.485414][T25545] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1000.485447][T25545] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1000.485477][T25545] ? trace_cap_capable+0x18d/0x200 [ 1000.485512][T25545] ? bpf_lsm_capable+0x9/0x10 [ 1000.485540][T25545] ? security_capable+0x7e/0x260 [ 1000.485567][T25545] ? ns_capable+0xd7/0x110 [ 1000.485597][T25545] genl_rcv_msg+0x55c/0x800 [ 1000.485631][T25545] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1000.485662][T25545] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1000.485711][T25545] netlink_rcv_skb+0x158/0x420 [ 1000.485737][T25545] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1000.485768][T25545] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1000.485810][T25545] ? netlink_deliver_tap+0x1ae/0xd30 [ 1000.485860][T25545] genl_rcv+0x28/0x40 [ 1000.485888][T25545] netlink_unicast+0x53a/0x7f0 [ 1000.485919][T25545] ? __pfx_netlink_unicast+0x10/0x10 [ 1000.485959][T25545] netlink_sendmsg+0x8d1/0xdd0 [ 1000.485993][T25545] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1000.486035][T25545] ____sys_sendmsg+0xa98/0xc70 [ 1000.486064][T25545] ? copy_msghdr_from_user+0x10a/0x160 [ 1000.486098][T25545] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1000.486135][T25545] ? __pfx_futex_wake_mark+0x10/0x10 [ 1000.486175][T25545] ___sys_sendmsg+0x134/0x1d0 [ 1000.486214][T25545] ? __pfx____sys_sendmsg+0x10/0x10 [ 1000.486246][T25545] ? __lock_acquire+0x622/0x1c90 [ 1000.486326][T25545] __sys_sendmsg+0x16d/0x220 [ 1000.486362][T25545] ? __pfx___sys_sendmsg+0x10/0x10 [ 1000.486397][T25545] ? __x64_sys_futex+0x1e0/0x4c0 [ 1000.486449][T25545] do_syscall_64+0xcd/0x490 [ 1000.486487][T25545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.486514][T25545] RIP: 0033:0x7f38fc18e929 [ 1000.486536][T25545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1000.486562][T25545] RSP: 002b:00007f38fd07d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1000.486589][T25545] RAX: ffffffffffffffda RBX: 00007f38fc3b6080 RCX: 00007f38fc18e929 [ 1000.486606][T25545] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000006 [ 1000.486622][T25545] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1000.486638][T25545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1000.486654][T25545] R13: 0000000000000000 R14: 00007f38fc3b6080 R15: 00007ffd0eae4c48 [ 1000.486688][T25545] [ 1000.950090][T25548] ERROR: Out of memory at tomoyo_memory_ok. [ 1001.356361][T25555] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6723'. [ 1001.432908][T25555] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1001.465103][T25555] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1001.529448][T25555] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1001.537618][T25555] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1001.762006][T25563] netlink: 504 bytes leftover after parsing attributes in process `syz.3.6726'. [ 1001.781102][T25563] netlink: 350 bytes leftover after parsing attributes in process `syz.3.6726'. [ 1001.983295][ T5849] Bluetooth: hci1: unexpected event 0x3e length: 728 > 260 [ 1001.983333][ T5849] Bluetooth: hci1: unexpected subevent 0x0c length: 727 > 5 [ 1002.003542][T25570] FAULT_INJECTION: forcing a failure. [ 1002.003542][T25570] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.008492][T25572] FAULT_INJECTION: forcing a failure. [ 1002.008492][T25572] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.029903][T25572] CPU: 1 UID: 0 PID: 25572 Comm: syz.4.6728 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1002.029957][T25572] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1002.029968][T25572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1002.029984][T25572] Call Trace: [ 1002.029993][T25572] [ 1002.030004][T25572] dump_stack_lvl+0x16c/0x1f0 [ 1002.030048][T25572] should_fail_ex+0x512/0x640 [ 1002.030082][T25572] ? fs_reclaim_acquire+0xae/0x150 [ 1002.030116][T25572] should_failslab+0xc2/0x120 [ 1002.030142][T25572] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1002.030179][T25572] ? security_inode_alloc+0x3b/0x2b0 [ 1002.030213][T25572] security_inode_alloc+0x3b/0x2b0 [ 1002.030242][T25572] inode_init_always_gfp+0xce4/0x1030 [ 1002.030284][T25572] alloc_inode+0x86/0x240 [ 1002.030311][T25572] new_inode+0x22/0x1c0 [ 1002.030340][T25572] shmem_get_inode+0x19a/0xfb0 [ 1002.030377][T25572] shmem_mknod+0x1a8/0x450 [ 1002.030411][T25572] vfs_create+0x4dd/0x7a0 [ 1002.030447][T25572] do_mknodat+0x3d3/0x5d0 [ 1002.030485][T25572] ? __pfx_do_mknodat+0x10/0x10 [ 1002.030518][T25572] ? getname_flags.part.0+0x1c5/0x550 [ 1002.030554][T25572] __x64_sys_mknod+0x87/0xb0 [ 1002.030590][T25572] do_syscall_64+0xcd/0x490 [ 1002.030629][T25572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.030654][T25572] RIP: 0033:0x7fc6bfb8e929 [ 1002.030676][T25572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1002.030702][T25572] RSP: 002b:00007fc6c0996038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1002.030727][T25572] RAX: ffffffffffffffda RBX: 00007fc6bfdb5fa0 RCX: 00007fc6bfb8e929 [ 1002.030745][T25572] RDX: 000000007fffffff RSI: 0000000000000402 RDI: 0000000000000000 [ 1002.030761][T25572] RBP: 00007fc6bfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1002.030778][T25572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1002.030793][T25572] R13: 0000000000000000 R14: 00007fc6bfdb5fa0 R15: 00007ffd65ebc168 [ 1002.030828][T25572] [ 1002.242026][T25570] CPU: 0 UID: 0 PID: 25570 Comm: syz.1.6729 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1002.242075][T25570] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1002.242086][T25570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1002.242103][T25570] Call Trace: [ 1002.242112][T25570] [ 1002.242123][T25570] dump_stack_lvl+0x16c/0x1f0 [ 1002.242166][T25570] should_fail_ex+0x512/0x640 [ 1002.242201][T25570] ? __kmalloc_noprof+0xbf/0x510 [ 1002.242241][T25570] ? ieee80211_register_hw+0x158c/0x4140 [ 1002.242270][T25570] should_failslab+0xc2/0x120 [ 1002.242296][T25570] __kmalloc_noprof+0xd2/0x510 [ 1002.242330][T25570] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1002.242375][T25570] ieee80211_register_hw+0x158c/0x4140 [ 1002.242409][T25570] ? __debug_object_init+0x281/0x3d0 [ 1002.242437][T25570] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1002.242470][T25570] ? find_held_lock+0x2b/0x80 [ 1002.242497][T25570] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1002.242535][T25570] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1002.242562][T25570] ? __hrtimer_setup+0x176/0x280 [ 1002.242605][T25570] mac80211_hwsim_new_radio+0x3034/0x54d0 [ 1002.242675][T25570] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1002.242726][T25570] hwsim_new_radio_nl+0xb51/0x12c0 [ 1002.242769][T25570] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1002.242814][T25570] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1002.242848][T25570] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1002.242891][T25570] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1002.242925][T25570] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1002.242958][T25570] ? trace_cap_capable+0x18d/0x200 [ 1002.242991][T25570] ? bpf_lsm_capable+0x9/0x10 [ 1002.243016][T25570] ? security_capable+0x7e/0x260 [ 1002.243042][T25570] ? ns_capable+0xd7/0x110 [ 1002.243069][T25570] genl_rcv_msg+0x55c/0x800 [ 1002.243103][T25570] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1002.243135][T25570] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1002.243185][T25570] netlink_rcv_skb+0x158/0x420 [ 1002.243213][T25570] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1002.243246][T25570] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1002.243289][T25570] ? netlink_deliver_tap+0x1ae/0xd30 [ 1002.243334][T25570] genl_rcv+0x28/0x40 [ 1002.243362][T25570] netlink_unicast+0x53a/0x7f0 [ 1002.243393][T25570] ? __pfx_netlink_unicast+0x10/0x10 [ 1002.243432][T25570] netlink_sendmsg+0x8d1/0xdd0 [ 1002.243465][T25570] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1002.243503][T25570] ____sys_sendmsg+0xa98/0xc70 [ 1002.243531][T25570] ? copy_msghdr_from_user+0x10a/0x160 [ 1002.243565][T25570] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1002.243604][T25570] ? __pfx_futex_wake_mark+0x10/0x10 [ 1002.243646][T25570] ___sys_sendmsg+0x134/0x1d0 [ 1002.243698][T25570] ? __pfx____sys_sendmsg+0x10/0x10 [ 1002.243730][T25570] ? __lock_acquire+0x622/0x1c90 [ 1002.243810][T25570] __sys_sendmsg+0x16d/0x220 [ 1002.243847][T25570] ? __pfx___sys_sendmsg+0x10/0x10 [ 1002.243883][T25570] ? __x64_sys_futex+0x1e0/0x4c0 [ 1002.243936][T25570] do_syscall_64+0xcd/0x490 [ 1002.243974][T25570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.244000][T25570] RIP: 0033:0x7f62b458e929 [ 1002.244023][T25570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1002.244049][T25570] RSP: 002b:00007f62b538e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1002.244072][T25570] RAX: ffffffffffffffda RBX: 00007f62b47b5fa0 RCX: 00007f62b458e929 [ 1002.244090][T25570] RDX: 00000000040000c0 RSI: 0000200000000300 RDI: 0000000000000005 [ 1002.244107][T25570] RBP: 00007f62b4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1002.244124][T25570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1002.244141][T25570] R13: 0000000000000000 R14: 00007f62b47b5fa0 R15: 00007ffe2c488738 [ 1002.244178][T25570] [ 1004.123035][ T30] audit: type=1807 audit(4294977379.170:31): UNKNOWN=( res=0 [ 1004.131700][T25611] netlink: 'syz.3.6739': attribute type 1 has an invalid length. [ 1004.141107][ T30] audit: type=1802 audit(4294977379.170:32): pid=25611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.6739" res=0 errno=0 [ 1004.168030][T25611] netlink: 190 bytes leftover after parsing attributes in process `syz.3.6739'. [ 1004.182800][T25615] netlink: 'syz.3.6739': attribute type 1 has an invalid length. [ 1004.203425][T25615] netlink: 54 bytes leftover after parsing attributes in process `syz.3.6739'. [ 1004.229343][T25609] ima: policy update failed [ 1004.244530][ T30] audit: type=1802 audit(4294977379.291:33): pid=25609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.6739" res=0 errno=0 [ 1004.467554][T25621] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6743'. [ 1004.504868][T25621] netlink: 274 bytes leftover after parsing attributes in process `syz.3.6743'. [ 1004.697219][T25623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6744'. [ 1005.401971][T25633] FAULT_INJECTION: forcing a failure. [ 1005.401971][T25633] name failslab, interval 1, probability 0, space 0, times 0 [ 1005.435214][T25633] CPU: 1 UID: 0 PID: 25633 Comm: syz.3.6747 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1005.435265][T25633] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1005.435277][T25633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1005.435292][T25633] Call Trace: [ 1005.435302][T25633] [ 1005.435313][T25633] dump_stack_lvl+0x16c/0x1f0 [ 1005.435356][T25633] should_fail_ex+0x512/0x640 [ 1005.435411][T25633] ? __kmalloc_noprof+0xbf/0x510 [ 1005.435451][T25633] ? slhc_init+0x3dd/0x570 [ 1005.435481][T25633] should_failslab+0xc2/0x120 [ 1005.435506][T25633] __kmalloc_noprof+0xd2/0x510 [ 1005.435550][T25633] slhc_init+0x3dd/0x570 [ 1005.435580][T25633] ? kasan_save_track+0x14/0x30 [ 1005.435618][T25633] slip_open+0x8ee/0x1150 [ 1005.435652][T25633] ? __pfx_n_tty_close+0x10/0x10 [ 1005.435684][T25633] ? __pfx_slip_open+0x10/0x10 [ 1005.435714][T25633] ? down_write+0x14d/0x200 [ 1005.435743][T25633] ? __pfx_slip_open+0x10/0x10 [ 1005.435774][T25633] tty_ldisc_open+0x9c/0x120 [ 1005.435808][T25633] tty_set_ldisc+0x32b/0x780 [ 1005.435845][T25633] tty_ioctl+0xc2e/0x1640 [ 1005.435883][T25633] ? __pfx_tty_ioctl+0x10/0x10 [ 1005.435928][T25633] ? find_held_lock+0x2b/0x80 [ 1005.435955][T25633] ? hook_file_ioctl_common+0x145/0x410 [ 1005.435991][T25633] ? __fget_files+0x20e/0x3c0 [ 1005.436031][T25633] ? __pfx_tty_ioctl+0x10/0x10 [ 1005.436070][T25633] __x64_sys_ioctl+0x18e/0x210 [ 1005.436100][T25633] do_syscall_64+0xcd/0x490 [ 1005.436135][T25633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1005.436159][T25633] RIP: 0033:0x7f38fc18e929 [ 1005.436180][T25633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1005.436202][T25633] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1005.436224][T25633] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 1005.436241][T25633] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000006 [ 1005.436255][T25633] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1005.436270][T25633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1005.436285][T25633] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 1005.436318][T25633] [ 1006.403933][T25645] netlink: 354 bytes leftover after parsing attributes in process `syz.1.6751'. [ 1007.702414][T25664] zswap: compressor not available [ 1008.000668][T25675] FAULT_INJECTION: forcing a failure. [ 1008.000668][T25675] name failslab, interval 1, probability 0, space 0, times 0 [ 1008.030562][T25675] CPU: 1 UID: 0 PID: 25675 Comm: syz.4.6759 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1008.030610][T25675] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1008.030622][T25675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1008.030637][T25675] Call Trace: [ 1008.030647][T25675] [ 1008.030657][T25675] dump_stack_lvl+0x16c/0x1f0 [ 1008.030700][T25675] should_fail_ex+0x512/0x640 [ 1008.030741][T25675] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1008.030781][T25675] should_failslab+0xc2/0x120 [ 1008.030808][T25675] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1008.030841][T25675] ? slhc_init+0x7d/0x570 [ 1008.030878][T25675] slhc_init+0x7d/0x570 [ 1008.030910][T25675] ? kasan_save_track+0x14/0x30 [ 1008.030951][T25675] slip_open+0x8ee/0x1150 [ 1008.030985][T25675] ? __pfx_n_tty_close+0x10/0x10 [ 1008.031017][T25675] ? __pfx_slip_open+0x10/0x10 [ 1008.031048][T25675] ? down_write+0x14d/0x200 [ 1008.031076][T25675] ? __pfx_slip_open+0x10/0x10 [ 1008.031109][T25675] tty_ldisc_open+0x9c/0x120 [ 1008.031153][T25675] tty_set_ldisc+0x32b/0x780 [ 1008.031193][T25675] tty_ioctl+0xc2e/0x1640 [ 1008.031232][T25675] ? __pfx_tty_ioctl+0x10/0x10 [ 1008.031279][T25675] ? find_held_lock+0x2b/0x80 [ 1008.031305][T25675] ? hook_file_ioctl_common+0x145/0x410 [ 1008.031339][T25675] ? __fget_files+0x20e/0x3c0 [ 1008.031378][T25675] ? __pfx_tty_ioctl+0x10/0x10 [ 1008.031416][T25675] __x64_sys_ioctl+0x18e/0x210 [ 1008.031449][T25675] do_syscall_64+0xcd/0x490 [ 1008.031487][T25678] netlink: 'syz.3.6761': attribute type 10 has an invalid length. [ 1008.031488][T25675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.031514][T25675] RIP: 0033:0x7fc6bfb8e929 [ 1008.031533][T25675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1008.031556][T25675] RSP: 002b:00007fc6c0996038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1008.031580][T25675] RAX: ffffffffffffffda RBX: 00007fc6bfdb5fa0 RCX: 00007fc6bfb8e929 [ 1008.031599][T25675] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000006 [ 1008.031615][T25675] RBP: 00007fc6bfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1008.031631][T25675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1008.031647][T25675] R13: 0000000000000000 R14: 00007fc6bfdb5fa0 R15: 00007ffd65ebc168 [ 1008.031681][T25675] [ 1008.274525][T25678] netlink: 230 bytes leftover after parsing attributes in process `syz.3.6761'. [ 1008.304818][T25678] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1009.275873][T25701] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1009.702359][T25714] random: crng reseeded on system resumption [ 1010.812344][T25727] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6772'. [ 1010.910949][T25727] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6772'. [ 1012.220277][T25753] device-mapper: ioctl: Invalid ioctl structure: name , dev 8000010007 [ 1012.254013][T25753] Unable to find swap-space signature [ 1012.603022][T25762] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18000 [ 1012.629500][T25762] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1012.655859][T25762] raw: 00fff00000002000 ffffea0000600008 ffffea0000600008 0000000000000000 [ 1012.678511][T25762] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1012.696864][T25762] page dumped because: unmovable page [ 1012.713518][T25762] page_owner info is not present (never set?) [ 1013.143122][T25770] netlink: 'syz.1.6783': attribute type 1 has an invalid length. [ 1013.609969][T25760] kexec: Could not allocate control_code_buffer [ 1014.936597][ T30] audit: type=1804 audit(4294977390.037:34): pid=25812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.6794" name="/newroot/1654/file0" dev="tmpfs" ino=8544 res=1 errno=0 [ 1015.617421][T25822] netlink: 252 bytes leftover after parsing attributes in process `syz.3.6797'. [ 1015.724744][T25826] netlink: 252 bytes leftover after parsing attributes in process `syz.3.6797'. [ 1015.860705][T25834] ERROR: Out of memory at tomoyo_memory_ok. [ 1016.078383][T25834] FAULT_INJECTION: forcing a failure. [ 1016.078383][T25834] name failslab, interval 1, probability 0, space 0, times 0 [ 1016.175032][T25834] CPU: 1 UID: 0 PID: 25834 Comm: syz.1.6800 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1016.175083][T25834] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1016.175096][T25834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1016.175116][T25834] Call Trace: [ 1016.175126][T25834] [ 1016.175137][T25834] dump_stack_lvl+0x16c/0x1f0 [ 1016.175181][T25834] should_fail_ex+0x512/0x640 [ 1016.175214][T25834] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1016.175263][T25834] should_failslab+0xc2/0x120 [ 1016.175289][T25834] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1016.175324][T25834] ? __asan_memset+0x23/0x50 [ 1016.175352][T25834] ? alloc_netdev_mqs+0xece/0x1570 [ 1016.175389][T25834] ? __xdp_rxq_info_reg+0x14e/0x2d0 [ 1016.175418][T25834] alloc_netdev_mqs+0xece/0x1570 [ 1016.175459][T25834] internal_dev_create+0x8a/0x520 [ 1016.175486][T25834] ovs_vport_add+0x147/0x4d0 [ 1016.175525][T25834] new_vport+0x16/0x1d0 [ 1016.175557][T25834] ovs_dp_cmd_new+0x6ba/0xe60 [ 1016.175596][T25834] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1016.175635][T25834] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1016.175666][T25834] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1016.175708][T25834] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1016.175740][T25834] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1016.175771][T25834] ? trace_cap_capable+0x18d/0x200 [ 1016.175804][T25834] ? bpf_lsm_capable+0x9/0x10 [ 1016.175834][T25834] ? security_capable+0x7e/0x260 [ 1016.175859][T25834] ? ns_capable+0xd7/0x110 [ 1016.175890][T25834] genl_rcv_msg+0x55c/0x800 [ 1016.175924][T25834] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1016.175957][T25834] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1016.176004][T25834] netlink_rcv_skb+0x158/0x420 [ 1016.176033][T25834] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1016.176066][T25834] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1016.176108][T25834] ? netlink_deliver_tap+0x1ae/0xd30 [ 1016.176152][T25834] genl_rcv+0x28/0x40 [ 1016.176179][T25834] netlink_unicast+0x53a/0x7f0 [ 1016.176211][T25834] ? __pfx_netlink_unicast+0x10/0x10 [ 1016.176259][T25834] netlink_sendmsg+0x8d1/0xdd0 [ 1016.176294][T25834] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1016.176336][T25834] ____sys_sendmsg+0xa98/0xc70 [ 1016.176368][T25834] ? copy_msghdr_from_user+0x10a/0x160 [ 1016.176406][T25834] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1016.176443][T25834] ? try_to_wake_up+0xa2f/0x1680 [ 1016.176476][T25834] ___sys_sendmsg+0x134/0x1d0 [ 1016.176514][T25834] ? __pfx____sys_sendmsg+0x10/0x10 [ 1016.176547][T25834] ? __lock_acquire+0x622/0x1c90 [ 1016.176624][T25834] __sys_sendmsg+0x16d/0x220 [ 1016.176661][T25834] ? __pfx___sys_sendmsg+0x10/0x10 [ 1016.176696][T25834] ? __x64_sys_futex+0x1e0/0x4c0 [ 1016.176748][T25834] do_syscall_64+0xcd/0x490 [ 1016.176788][T25834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1016.176815][T25834] RIP: 0033:0x7f62b458e929 [ 1016.176837][T25834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1016.176862][T25834] RSP: 002b:00007f62b538e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1016.176889][T25834] RAX: ffffffffffffffda RBX: 00007f62b47b5fa0 RCX: 00007f62b458e929 [ 1016.176908][T25834] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 1016.176925][T25834] RBP: 00007f62b4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1016.176942][T25834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1016.176958][T25834] R13: 0000000000000000 R14: 00007f62b47b5fa0 R15: 00007ffe2c488738 [ 1016.176991][T25834] [ 1016.670660][T25843] blktrace: Concurrent blktraces are not allowed on loop2 [ 1016.777131][T25843] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6801'. [ 1016.889088][T25843] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1016.934974][T25843] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1018.712427][T25869] zswap: compressor not available [ 1019.962933][T25903] ======================================================= [ 1019.962933][T25903] WARNING: The mand mount option has been deprecated and [ 1019.962933][T25903] and is ignored by this kernel. Remove the mand [ 1019.962933][T25903] option from the mount to silence this warning. [ 1019.962933][T25903] ======================================================= [ 1019.997766][ C0] vkms_vblank_simulate: vblank timer overrun [ 1020.040053][T25887] kexec: Could not allocate control_code_buffer [ 1020.976176][T25922] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1021.221329][T25929] input: 00 [ 1021.221329][T25929] as /devices/virtual/input/input23 [ 1021.234002][T25929] FAULT_INJECTION: forcing a failure. [ 1021.234002][T25929] name failslab, interval 1, probability 0, space 0, times 0 [ 1021.256276][T25929] CPU: 1 UID: 0 PID: 25929 Comm: syz.1.6821 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1021.256325][T25929] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1021.256338][T25929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1021.256354][T25929] Call Trace: [ 1021.256363][T25929] [ 1021.256375][T25929] dump_stack_lvl+0x16c/0x1f0 [ 1021.256421][T25929] should_fail_ex+0x512/0x640 [ 1021.256459][T25929] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1021.256498][T25929] should_failslab+0xc2/0x120 [ 1021.256525][T25929] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1021.256558][T25929] ? rcu_is_watching+0x12/0xc0 [ 1021.256586][T25929] ? device_add+0xccc/0x1a70 [ 1021.256620][T25929] device_add+0xccc/0x1a70 [ 1021.256652][T25929] ? __pfx_device_add+0x10/0x10 [ 1021.256679][T25929] ? __pfx_exact_lock+0x10/0x10 [ 1021.256722][T25929] ? kobject_get+0xbb/0x150 [ 1021.256764][T25929] cdev_device_add+0xc2/0x1e0 [ 1021.256804][T25929] evdev_connect+0x3a4/0x4c0 [ 1021.256844][T25929] input_attach_handler.isra.0+0x181/0x260 [ 1021.256881][T25929] input_register_device+0xa84/0x1130 [ 1021.256921][T25929] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 1021.256955][T25929] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1021.257002][T25929] ? find_held_lock+0x2b/0x80 [ 1021.257052][T25929] ? __pfx_uinput_ioctl+0x10/0x10 [ 1021.257082][T25929] __x64_sys_ioctl+0x18e/0x210 [ 1021.257118][T25929] do_syscall_64+0xcd/0x490 [ 1021.257157][T25929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1021.257185][T25929] RIP: 0033:0x7f62b458e929 [ 1021.257208][T25929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1021.257236][T25929] RSP: 002b:00007f62b538e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1021.257261][T25929] RAX: ffffffffffffffda RBX: 00007f62b47b5fa0 RCX: 00007f62b458e929 [ 1021.257280][T25929] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 1021.257295][T25929] RBP: 00007f62b4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1021.257311][T25929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1021.257330][T25929] R13: 0000000000000000 R14: 00007f62b47b5fa0 R15: 00007ffe2c488738 [ 1021.257367][T25929] [ 1021.501843][T25929] input: failed to attach handler evdev to device input23, error: -12 [ 1021.921951][T25940] FAULT_INJECTION: forcing a failure. [ 1021.921951][T25940] name failslab, interval 1, probability 0, space 0, times 0 [ 1021.943028][T25940] CPU: 0 UID: 0 PID: 25940 Comm: syz.1.6823 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1021.943078][T25940] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1021.943089][T25940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1021.943106][T25940] Call Trace: [ 1021.943122][T25940] [ 1021.943133][T25940] dump_stack_lvl+0x16c/0x1f0 [ 1021.943176][T25940] should_fail_ex+0x512/0x640 [ 1021.943210][T25940] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1021.943255][T25940] should_failslab+0xc2/0x120 [ 1021.943281][T25940] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1021.943320][T25940] ? trace_kmem_cache_alloc+0x28/0xc0 [ 1021.943346][T25940] ? key_alloc+0x43e/0x1330 [ 1021.943382][T25940] kmemdup_noprof+0x29/0x60 [ 1021.943420][T25940] key_alloc+0x43e/0x1330 [ 1021.943463][T25940] ? __pfx_key_alloc+0x10/0x10 [ 1021.943505][T25940] keyring_alloc+0x44/0xc0 [ 1021.943543][T25940] install_session_keyring_to_cred+0x190/0x230 [ 1021.943579][T25940] join_session_keyring+0x1b8/0x340 [ 1021.943611][T25940] lookup_user_key+0x576/0x1300 [ 1021.943642][T25940] ? __pfx_lookup_user_key+0x10/0x10 [ 1021.943675][T25940] ? __pfx_do_futex+0x10/0x10 [ 1021.943711][T25940] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1021.943758][T25940] keyctl_keyring_move+0xb4/0x150 [ 1021.943787][T25940] __do_sys_keyctl+0x171/0x590 [ 1021.943817][T25940] do_syscall_64+0xcd/0x490 [ 1021.943856][T25940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1021.943893][T25940] RIP: 0033:0x7f62b458e929 [ 1021.943916][T25940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1021.943942][T25940] RSP: 002b:00007f62b538e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1021.943968][T25940] RAX: ffffffffffffffda RBX: 00007f62b47b5fa0 RCX: 00007f62b458e929 [ 1021.943987][T25940] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 000000000000001e [ 1021.944003][T25940] RBP: 00007f62b4610b39 R08: 0000000000000001 R09: 0000000000000000 [ 1021.944019][T25940] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 1021.944035][T25940] R13: 0000000000000000 R14: 00007f62b47b5fa0 R15: 00007ffe2c488738 [ 1021.944068][T25940] [ 1022.671765][T25943] zswap: compressor not available [ 1022.737924][T25951] FAULT_INJECTION: forcing a failure. [ 1022.737924][T25951] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.771312][T25951] CPU: 0 UID: 0 PID: 25951 Comm: syz.1.6826 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1022.771363][T25951] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1022.771374][T25951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1022.771391][T25951] Call Trace: [ 1022.771401][T25951] [ 1022.771412][T25951] dump_stack_lvl+0x16c/0x1f0 [ 1022.771454][T25951] should_fail_ex+0x512/0x640 [ 1022.771489][T25951] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 1022.771530][T25951] should_failslab+0xc2/0x120 [ 1022.771557][T25951] __kmalloc_cache_node_noprof+0x6d/0x420 [ 1022.771610][T25951] ? lockdep_init_map_type+0x5c/0x280 [ 1022.771646][T25951] ? __alloc_workqueue+0x506/0x1810 [ 1022.771686][T25951] __alloc_workqueue+0x506/0x1810 [ 1022.771724][T25951] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1022.771761][T25951] alloc_workqueue+0xd2/0x200 [ 1022.771787][T25951] ? __pfx_alloc_workqueue+0x10/0x10 [ 1022.771810][T25951] ? __pfx___debug_object_init+0x10/0x10 [ 1022.771832][T25951] nci_register_device+0x511/0xb80 [ 1022.771855][T25951] ? __pfx_nci_register_device+0x10/0x10 [ 1022.771877][T25951] ? lockdep_init_map_type+0x5c/0x280 [ 1022.771901][T25951] virtual_ncidev_open+0x141/0x220 [ 1022.771920][T25951] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1022.771938][T25951] misc_open+0x35d/0x420 [ 1022.771957][T25951] ? __pfx_misc_open+0x10/0x10 [ 1022.771974][T25951] chrdev_open+0x234/0x6a0 [ 1022.771997][T25951] ? __pfx_apparmor_file_open+0x10/0x10 [ 1022.772016][T25951] ? __pfx_chrdev_open+0x10/0x10 [ 1022.772039][T25951] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 1022.772062][T25951] do_dentry_open+0x741/0x1c10 [ 1022.772084][T25951] ? __pfx_chrdev_open+0x10/0x10 [ 1022.772110][T25951] vfs_open+0x82/0x3f0 [ 1022.772128][T25951] path_openat+0x1de4/0x2cb0 [ 1022.772155][T25951] ? __pfx_path_openat+0x10/0x10 [ 1022.772177][T25951] ? __lock_acquire+0xb8a/0x1c90 [ 1022.772199][T25951] do_filp_open+0x20b/0x470 [ 1022.772220][T25951] ? __pfx_do_filp_open+0x10/0x10 [ 1022.772254][T25951] ? alloc_fd+0x471/0x7d0 [ 1022.772279][T25951] do_sys_openat2+0x11b/0x1d0 [ 1022.772295][T25951] ? __pfx_do_sys_openat2+0x10/0x10 [ 1022.772319][T25951] __x64_sys_openat+0x174/0x210 [ 1022.772340][T25951] ? __pfx___x64_sys_openat+0x10/0x10 [ 1022.772364][T25951] do_syscall_64+0xcd/0x490 [ 1022.772402][T25951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1022.772419][T25951] RIP: 0033:0x7f62b458e929 [ 1022.772433][T25951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1022.772448][T25951] RSP: 002b:00007f62b538e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1022.772463][T25951] RAX: ffffffffffffffda RBX: 00007f62b47b5fa0 RCX: 00007f62b458e929 [ 1022.772474][T25951] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 1022.772484][T25951] RBP: 00007f62b4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1022.772493][T25951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1022.772502][T25951] R13: 0000000000000000 R14: 00007f62b47b5fa0 R15: 00007ffe2c488738 [ 1022.772522][T25951] [ 1023.723244][T25968] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1023.891978][T25938] kexec: Could not allocate control_code_buffer [ 1024.164170][T25979] ERROR: Out of memory at tomoyo_memory_ok. [ 1024.211611][T25979] FAULT_INJECTION: forcing a failure. [ 1024.211611][T25979] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.244968][T25981] netlink: zone id is out of range [ 1024.258298][T25979] CPU: 1 UID: 0 PID: 25979 Comm: syz.3.6832 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1024.258349][T25979] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1024.258360][T25979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1024.258377][T25979] Call Trace: [ 1024.258386][T25979] [ 1024.258398][T25979] dump_stack_lvl+0x16c/0x1f0 [ 1024.258442][T25979] should_fail_ex+0x512/0x640 [ 1024.258485][T25979] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1024.258531][T25979] should_failslab+0xc2/0x120 [ 1024.258558][T25979] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1024.258600][T25979] ? find_held_lock+0x2b/0x80 [ 1024.258625][T25979] ? kstrdup_const+0x63/0x80 [ 1024.258666][T25979] kstrdup+0x53/0x100 [ 1024.258703][T25979] kstrdup_const+0x63/0x80 [ 1024.258737][T25979] __kernfs_new_node+0x9b/0x8e0 [ 1024.258776][T25979] ? __pfx___kernfs_new_node+0x10/0x10 [ 1024.258819][T25979] ? find_held_lock+0x2b/0x80 [ 1024.258847][T25979] ? kernfs_root+0xee/0x2a0 [ 1024.258887][T25979] kernfs_new_node+0x13c/0x1e0 [ 1024.258924][T25979] ? net_ns_get_ownership+0xf8/0x1b0 [ 1024.258965][T25979] kernfs_create_dir_ns+0x4c/0x1a0 [ 1024.259006][T25979] sysfs_create_dir_ns+0x13a/0x2b0 [ 1024.259041][T25979] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1024.259071][T25979] ? find_held_lock+0x2b/0x80 [ 1024.259101][T25979] ? net_namespace+0x12/0x50 [ 1024.259125][T25979] ? device_namespace+0x76/0xa0 [ 1024.259155][T25979] kobject_add_internal+0x2c4/0x9b0 [ 1024.259188][T25979] kobject_add+0x16e/0x240 [ 1024.259213][T25979] ? __pfx_kobject_add+0x10/0x10 [ 1024.259241][T25979] ? get_device_parent+0x1c5/0x4e0 [ 1024.259284][T25979] ? kobject_put+0xab/0x5a0 [ 1024.259331][T25979] device_add+0x288/0x1a70 [ 1024.259358][T25979] ? __pfx_dev_set_name+0x10/0x10 [ 1024.259389][T25979] ? __pfx_device_add+0x10/0x10 [ 1024.259416][T25979] ? lockdep_init_map_type+0x5c/0x280 [ 1024.259460][T25979] ? __init_waitqueue_head+0xca/0x150 [ 1024.259495][T25979] netdev_register_kobject+0x182/0x3a0 [ 1024.259529][T25979] register_netdevice+0x13dc/0x2270 [ 1024.259562][T25979] ? __pfx_register_netdevice+0x10/0x10 [ 1024.259600][T25979] internal_dev_create+0x2d3/0x520 [ 1024.259629][T25979] ovs_vport_add+0x147/0x4d0 [ 1024.259670][T25979] new_vport+0x16/0x1d0 [ 1024.259701][T25979] ovs_dp_cmd_new+0x6ba/0xe60 [ 1024.259745][T25979] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1024.259787][T25979] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1024.259820][T25979] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1024.259860][T25979] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1024.259894][T25979] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1024.259924][T25979] ? trace_cap_capable+0x18d/0x200 [ 1024.259961][T25979] ? bpf_lsm_capable+0x9/0x10 [ 1024.259991][T25979] ? security_capable+0x7e/0x260 [ 1024.260019][T25979] ? ns_capable+0xd7/0x110 [ 1024.260050][T25979] genl_rcv_msg+0x55c/0x800 [ 1024.260085][T25979] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1024.260117][T25979] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1024.260165][T25979] netlink_rcv_skb+0x158/0x420 [ 1024.260192][T25979] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1024.260224][T25979] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1024.260267][T25979] ? netlink_deliver_tap+0x1ae/0xd30 [ 1024.260313][T25979] genl_rcv+0x28/0x40 [ 1024.260339][T25979] netlink_unicast+0x53a/0x7f0 [ 1024.260371][T25979] ? __pfx_netlink_unicast+0x10/0x10 [ 1024.260410][T25979] netlink_sendmsg+0x8d1/0xdd0 [ 1024.260451][T25979] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1024.260495][T25979] ____sys_sendmsg+0xa98/0xc70 [ 1024.260528][T25979] ? copy_msghdr_from_user+0x10a/0x160 [ 1024.260566][T25979] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1024.260604][T25979] ? __pfx_futex_wake_mark+0x10/0x10 [ 1024.260642][T25979] ___sys_sendmsg+0x134/0x1d0 [ 1024.260684][T25979] ? __pfx____sys_sendmsg+0x10/0x10 [ 1024.260719][T25979] ? __lock_acquire+0x622/0x1c90 [ 1024.260803][T25979] __sys_sendmsg+0x16d/0x220 [ 1024.260841][T25979] ? __pfx___sys_sendmsg+0x10/0x10 [ 1024.260877][T25979] ? __x64_sys_futex+0x1e0/0x4c0 [ 1024.260932][T25979] do_syscall_64+0xcd/0x490 [ 1024.260970][T25979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1024.260995][T25979] RIP: 0033:0x7f38fc18e929 [ 1024.261019][T25979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1024.261045][T25979] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1024.261072][T25979] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 1024.261091][T25979] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 1024.261109][T25979] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1024.261127][T25979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1024.261144][T25979] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 1024.261183][T25979] [ 1024.783378][T25979] kobject: kobject_add_internal failed for HfR (error: -12 parent: net) [ 1024.840316][T25981] netlink: del zone limit has 4 unknown bytes [ 1024.946515][T25977] netlink: set zone limit has 8 unknown bytes [ 1025.618405][T25995] FAULT_INJECTION: forcing a failure. [ 1025.618405][T25995] name failslab, interval 1, probability 0, space 0, times 0 [ 1025.646610][T25995] CPU: 0 UID: 0 PID: 25995 Comm: syz.1.6836 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1025.646640][T25995] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1025.646647][T25995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1025.646656][T25995] Call Trace: [ 1025.646662][T25995] [ 1025.646668][T25995] dump_stack_lvl+0x16c/0x1f0 [ 1025.646696][T25995] should_fail_ex+0x512/0x640 [ 1025.646718][T25995] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1025.646743][T25995] should_failslab+0xc2/0x120 [ 1025.646758][T25995] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1025.646781][T25995] ? locks_get_lock_context+0x243/0x410 [ 1025.646805][T25995] locks_get_lock_context+0x243/0x410 [ 1025.646828][T25995] generic_setlease+0x5e7/0x1300 [ 1025.646847][T25995] ? find_held_lock+0x2b/0x80 [ 1025.646864][T25995] ? __pfx_generic_setlease+0x10/0x10 [ 1025.646885][T25995] kernel_setlease+0x106/0x140 [ 1025.646902][T25995] vfs_setlease+0x258/0x2d0 [ 1025.646920][T25995] fcntl_setlease+0x3ed/0x5a0 [ 1025.646935][T25995] ? __pfx_fcntl_setlease+0x10/0x10 [ 1025.646960][T25995] do_fcntl+0x751/0x15a0 [ 1025.646976][T25995] ? __pfx_do_fcntl+0x10/0x10 [ 1025.646995][T25995] ? tomoyo_file_fcntl+0x6c/0xc0 [ 1025.647020][T25995] __x64_sys_fcntl+0x163/0x200 [ 1025.647037][T25995] do_syscall_64+0xcd/0x490 [ 1025.647060][T25995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1025.647075][T25995] RIP: 0033:0x7f62b458e929 [ 1025.647088][T25995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1025.647102][T25995] RSP: 002b:00007f62b536d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 1025.647116][T25995] RAX: ffffffffffffffda RBX: 00007f62b47b6080 RCX: 00007f62b458e929 [ 1025.647126][T25995] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000005 [ 1025.647134][T25995] RBP: 00007f62b4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1025.647143][T25995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1025.647152][T25995] R13: 0000000000000000 R14: 00007f62b47b6080 R15: 00007ffe2c488738 [ 1025.647170][T25995] [ 1026.322192][T26005] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6840'. [ 1026.520708][T26014] ERROR: Out of memory at tomoyo_memory_ok. [ 1026.559799][T26014] HfR: entered promiscuous mode [ 1026.893116][T26023] netlink: 246 bytes leftover after parsing attributes in process `syz.3.6846'. [ 1027.411828][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1027.418240][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1027.448241][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1027.454597][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1027.476177][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1027.483648][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1027.508970][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1027.515732][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1027.577565][T26034] busy [ 1027.818007][T26043] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6852'. [ 1030.710549][T26084] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6862'. [ 1030.719322][T26083] netlink: 246 bytes leftover after parsing attributes in process `syz.0.6861'. [ 1030.887109][T26084] team0: Port device team_slave_1 removed [ 1031.076327][T26088] ERROR: Out of memory at tomoyo_memory_ok. [ 1031.123980][T26088] FAULT_INJECTION: forcing a failure. [ 1031.123980][T26088] name failslab, interval 1, probability 0, space 0, times 0 [ 1031.143404][T26088] CPU: 0 UID: 0 PID: 26088 Comm: syz.3.6864 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1031.143456][T26088] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1031.143467][T26088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1031.143483][T26088] Call Trace: [ 1031.143493][T26088] [ 1031.143503][T26088] dump_stack_lvl+0x16c/0x1f0 [ 1031.143548][T26088] should_fail_ex+0x512/0x640 [ 1031.143582][T26088] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1031.143622][T26088] should_failslab+0xc2/0x120 [ 1031.143648][T26088] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1031.143689][T26088] ? __asan_memset+0x23/0x50 [ 1031.143721][T26088] ? alloc_netdev_mqs+0xece/0x1570 [ 1031.143759][T26088] ? __xdp_rxq_info_reg+0x14e/0x2d0 [ 1031.143790][T26088] alloc_netdev_mqs+0xece/0x1570 [ 1031.143835][T26088] internal_dev_create+0x8a/0x520 [ 1031.143866][T26088] ovs_vport_add+0x147/0x4d0 [ 1031.143906][T26088] new_vport+0x16/0x1d0 [ 1031.143938][T26088] ovs_dp_cmd_new+0x6ba/0xe60 [ 1031.143982][T26088] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1031.144023][T26088] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1031.144058][T26088] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1031.144098][T26088] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1031.144132][T26088] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1031.144163][T26088] ? trace_cap_capable+0x18d/0x200 [ 1031.144199][T26088] ? bpf_lsm_capable+0x9/0x10 [ 1031.144228][T26088] ? security_capable+0x7e/0x260 [ 1031.144254][T26088] ? ns_capable+0xd7/0x110 [ 1031.144285][T26088] genl_rcv_msg+0x55c/0x800 [ 1031.144321][T26088] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1031.144352][T26088] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1031.144399][T26088] netlink_rcv_skb+0x158/0x420 [ 1031.144427][T26088] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1031.144460][T26088] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1031.144503][T26088] ? netlink_deliver_tap+0x1ae/0xd30 [ 1031.144548][T26088] genl_rcv+0x28/0x40 [ 1031.144574][T26088] netlink_unicast+0x53a/0x7f0 [ 1031.144606][T26088] ? __pfx_netlink_unicast+0x10/0x10 [ 1031.144644][T26088] netlink_sendmsg+0x8d1/0xdd0 [ 1031.144684][T26088] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1031.144728][T26088] ____sys_sendmsg+0xa98/0xc70 [ 1031.144759][T26088] ? copy_msghdr_from_user+0x10a/0x160 [ 1031.144795][T26088] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1031.144833][T26088] ? __pfx_futex_wake_mark+0x10/0x10 [ 1031.144873][T26088] ___sys_sendmsg+0x134/0x1d0 [ 1031.144909][T26088] ? __pfx____sys_sendmsg+0x10/0x10 [ 1031.144941][T26088] ? __lock_acquire+0x622/0x1c90 [ 1031.145020][T26088] __sys_sendmsg+0x16d/0x220 [ 1031.145057][T26088] ? __pfx___sys_sendmsg+0x10/0x10 [ 1031.145092][T26088] ? __x64_sys_futex+0x1e0/0x4c0 [ 1031.145145][T26088] do_syscall_64+0xcd/0x490 [ 1031.145184][T26088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1031.145211][T26088] RIP: 0033:0x7f38fc18e929 [ 1031.145234][T26088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1031.145260][T26088] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1031.145286][T26088] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 1031.145305][T26088] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 1031.145321][T26088] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1031.145337][T26088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1031.145353][T26088] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 1031.145389][T26088] [ 1034.253642][T26148] ERROR: Out of memory at tomoyo_memory_ok. [ 1034.413753][T26148] FAULT_INJECTION: forcing a failure. [ 1034.413753][T26148] name failslab, interval 1, probability 0, space 0, times 0 [ 1034.493166][T26148] CPU: 1 UID: 0 PID: 26148 Comm: syz.3.6881 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1034.493218][T26148] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1034.493231][T26148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1034.493246][T26148] Call Trace: [ 1034.493257][T26148] [ 1034.493269][T26148] dump_stack_lvl+0x16c/0x1f0 [ 1034.493314][T26148] should_fail_ex+0x512/0x640 [ 1034.493350][T26148] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1034.493389][T26148] should_failslab+0xc2/0x120 [ 1034.493413][T26148] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1034.493446][T26148] ? device_add+0xccc/0x1a70 [ 1034.493481][T26148] device_add+0xccc/0x1a70 [ 1034.493506][T26148] ? dev_set_name+0xc7/0x100 [ 1034.493537][T26148] ? __pfx_dev_set_name+0x10/0x10 [ 1034.493568][T26148] ? __pfx_device_add+0x10/0x10 [ 1034.493607][T26148] ? lockdep_init_map_type+0x5c/0x280 [ 1034.493647][T26148] ? __init_waitqueue_head+0xca/0x150 [ 1034.493683][T26148] netdev_register_kobject+0x182/0x3a0 [ 1034.493718][T26148] register_netdevice+0x13dc/0x2270 [ 1034.493753][T26148] ? __pfx_register_netdevice+0x10/0x10 [ 1034.493790][T26148] internal_dev_create+0x2d3/0x520 [ 1034.493821][T26148] ovs_vport_add+0x147/0x4d0 [ 1034.493862][T26148] new_vport+0x16/0x1d0 [ 1034.493895][T26148] ovs_dp_cmd_new+0x6ba/0xe60 [ 1034.493939][T26148] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1034.493982][T26148] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1034.494016][T26148] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1034.494058][T26148] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1034.494092][T26148] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1034.494124][T26148] ? trace_cap_capable+0x18d/0x200 [ 1034.494161][T26148] ? bpf_lsm_capable+0x9/0x10 [ 1034.494192][T26148] ? security_capable+0x7e/0x260 [ 1034.494220][T26148] ? ns_capable+0xd7/0x110 [ 1034.494252][T26148] genl_rcv_msg+0x55c/0x800 [ 1034.494288][T26148] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1034.494319][T26148] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 1034.494368][T26148] netlink_rcv_skb+0x158/0x420 [ 1034.494395][T26148] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1034.494428][T26148] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1034.494472][T26148] ? netlink_deliver_tap+0x1ae/0xd30 [ 1034.494518][T26148] genl_rcv+0x28/0x40 [ 1034.494545][T26148] netlink_unicast+0x53a/0x7f0 [ 1034.494576][T26148] ? __pfx_netlink_unicast+0x10/0x10 [ 1034.494622][T26148] netlink_sendmsg+0x8d1/0xdd0 [ 1034.494656][T26148] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1034.494699][T26148] ____sys_sendmsg+0xa98/0xc70 [ 1034.494731][T26148] ? copy_msghdr_from_user+0x10a/0x160 [ 1034.494769][T26148] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1034.494808][T26148] ? __pfx_futex_wake_mark+0x10/0x10 [ 1034.494850][T26148] ___sys_sendmsg+0x134/0x1d0 [ 1034.494889][T26148] ? __pfx____sys_sendmsg+0x10/0x10 [ 1034.494922][T26148] ? __lock_acquire+0x622/0x1c90 [ 1034.495005][T26148] __sys_sendmsg+0x16d/0x220 [ 1034.495042][T26148] ? __pfx___sys_sendmsg+0x10/0x10 [ 1034.495077][T26148] ? __x64_sys_futex+0x1e0/0x4c0 [ 1034.495132][T26148] do_syscall_64+0xcd/0x490 [ 1034.495172][T26148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1034.495200][T26148] RIP: 0033:0x7f38fc18e929 [ 1034.495224][T26148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1034.495251][T26148] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1034.495278][T26148] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 1034.495297][T26148] RDX: 0000000000000080 RSI: 0000200000000140 RDI: 0000000000000006 [ 1034.495313][T26148] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1034.495330][T26148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1034.495346][T26148] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 1034.495383][T26148] [ 1035.933173][T26149] kexec: Could not allocate control_code_buffer [ 1037.162530][T26187] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1037.172585][ T5849] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 1037.172620][ T5849] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 1037.191625][ T5849] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 1037.191659][ T5849] Bluetooth: hci1: adv larger than maximum supported [ 1037.216466][ T5849] Bluetooth: hci1: adv larger than maximum supported [ 1037.223221][ T5849] Bluetooth: hci1: Malformed LE Event: 0x0d [ 1037.479739][T26197] netlink: zone id is out of range [ 1037.486740][T26197] netlink: del zone limit has 4 unknown bytes [ 1037.563876][T26196] netlink: set zone limit has 8 unknown bytes [ 1039.892059][T26230] mkiss: ax0: crc mode is auto. [ 1040.234972][T26236] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6907'. [ 1040.391673][ T5849] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 1040.391719][ T5849] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 1040.406659][ T5849] Bluetooth: hci1: Dropping invalid advertising data [ 1040.414852][ T5849] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 1040.414886][ T5849] Bluetooth: hci1: Dropping invalid advertising data [ 1040.429752][ T5849] Bluetooth: hci1: Dropping invalid advertising data [ 1040.436522][ T5849] Bluetooth: hci1: Malformed LE Event: 0x02 [ 1040.647268][T26242] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6909'. [ 1040.662194][T26244] FAULT_INJECTION: forcing a failure. [ 1040.662194][T26244] name failslab, interval 1, probability 0, space 0, times 0 [ 1040.693577][T26242] netlink: 93 bytes leftover after parsing attributes in process `syz.0.6909'. [ 1040.740741][T26244] CPU: 0 UID: 0 PID: 26244 Comm: syz.3.6910 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1040.740799][T26244] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1040.740810][T26244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1040.740825][T26244] Call Trace: [ 1040.740834][T26244] [ 1040.740843][T26244] dump_stack_lvl+0x16c/0x1f0 [ 1040.740885][T26244] should_fail_ex+0x512/0x640 [ 1040.740920][T26244] ? __kmalloc_noprof+0xbf/0x510 [ 1040.740956][T26244] ? mkiss_open+0x34f/0x9a0 [ 1040.740986][T26244] should_failslab+0xc2/0x120 [ 1040.741009][T26244] __kmalloc_noprof+0xd2/0x510 [ 1040.741043][T26244] ? uart_flush_buffer+0x37f/0x8a0 [ 1040.741086][T26244] mkiss_open+0x34f/0x9a0 [ 1040.741122][T26244] ? __pfx_mkiss_open+0x10/0x10 [ 1040.741155][T26244] tty_ldisc_open+0x9c/0x120 [ 1040.741191][T26244] tty_set_ldisc+0x32b/0x780 [ 1040.741231][T26244] tty_ioctl+0xc2e/0x1640 [ 1040.741271][T26244] ? __pfx_tty_ioctl+0x10/0x10 [ 1040.741320][T26244] ? find_held_lock+0x2b/0x80 [ 1040.741348][T26244] ? hook_file_ioctl_common+0x145/0x410 [ 1040.741386][T26244] ? __fget_files+0x20e/0x3c0 [ 1040.741425][T26244] ? __pfx_tty_ioctl+0x10/0x10 [ 1040.741464][T26244] __x64_sys_ioctl+0x18e/0x210 [ 1040.741498][T26244] do_syscall_64+0xcd/0x490 [ 1040.741538][T26244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1040.741565][T26244] RIP: 0033:0x7f38fc18e929 [ 1040.741589][T26244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1040.741615][T26244] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1040.741641][T26244] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 1040.741660][T26244] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000005 [ 1040.741677][T26244] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1040.741693][T26244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1040.741710][T26244] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 1040.741748][T26244] [ 1043.217198][T26295] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6921'. [ 1043.268352][T26297] netlink: 93 bytes leftover after parsing attributes in process `syz.3.6921'. [ 1043.989108][T26285] delete_channel: no stack [ 1044.099229][T26306] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6927'. [ 1044.133671][T26306] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6927'. [ 1045.210242][T26324] FAULT_INJECTION: forcing a failure. [ 1045.210242][T26324] name failslab, interval 1, probability 0, space 0, times 0 [ 1045.227929][T26324] CPU: 1 UID: 0 PID: 26324 Comm: syz.3.6934 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1045.227993][T26324] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1045.228004][T26324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1045.228021][T26324] Call Trace: [ 1045.228030][T26324] [ 1045.228040][T26324] dump_stack_lvl+0x16c/0x1f0 [ 1045.228082][T26324] should_fail_ex+0x512/0x640 [ 1045.228117][T26324] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1045.228156][T26324] should_failslab+0xc2/0x120 [ 1045.228181][T26324] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1045.228226][T26324] ? do_epoll_ctl+0x10ef/0x2ff0 [ 1045.228264][T26324] do_epoll_ctl+0x10ef/0x2ff0 [ 1045.228310][T26324] ? __pfx_do_epoll_ctl+0x10/0x10 [ 1045.228341][T26324] ? find_held_lock+0x2b/0x80 [ 1045.228367][T26324] ? __might_fault+0xe3/0x190 [ 1045.228400][T26324] ? __might_fault+0xe3/0x190 [ 1045.228447][T26324] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 1045.228477][T26324] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 1045.228510][T26324] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 1045.228554][T26324] do_syscall_64+0xcd/0x490 [ 1045.228593][T26324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1045.228617][T26324] RIP: 0033:0x7f38fc18e929 [ 1045.228638][T26324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1045.228664][T26324] RSP: 002b:00007f38fd09e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 1045.228689][T26324] RAX: ffffffffffffffda RBX: 00007f38fc3b5fa0 RCX: 00007f38fc18e929 [ 1045.228705][T26324] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000004 [ 1045.228719][T26324] RBP: 00007f38fc210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1045.228733][T26324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1045.228748][T26324] R13: 0000000000000000 R14: 00007f38fc3b5fa0 R15: 00007ffd0eae4c48 [ 1045.228782][T26324] [ 1046.320698][T26334] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1047.877917][T26365] netlink: 266 bytes leftover after parsing attributes in process `syz.1.6945'. [ 1048.066001][T26367] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6947'. [ 1048.096786][T26367] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6947'. [ 1048.196218][T26377] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6947'. [ 1048.644664][T26383] netlink: 186 bytes leftover after parsing attributes in process `syz.3.6952'. [ 1048.860459][T26398] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6957'. [ 1048.878266][T26398] netlink: 354 bytes leftover after parsing attributes in process `syz.3.6957'. [ 1049.622558][T26410] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1049.633028][ T5849] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 1049.633063][ T5849] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 1049.647982][ T5849] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 1049.648015][ T5849] Bluetooth: hci3: adv larger than maximum supported [ 1049.655187][ T5849] Bluetooth: hci3: adv larger than maximum supported [ 1049.662078][ T5849] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1050.065166][T26418] netlink: 338 bytes leftover after parsing attributes in process `syz.3.6963'. [ 1050.469032][T26430] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6967'. [ 1050.764347][T26439] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6970'. [ 1050.872673][T26443] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1050.906580][T26443] netlink: 'syz.4.6972': attribute type 10 has an invalid length. [ 1051.284767][ T5849] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 1051.284808][ T5849] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 1051.302779][ T5849] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 1051.302829][ T5849] Bluetooth: hci0: adv larger than maximum supported [ 1051.310245][ T5849] Bluetooth: hci0: adv larger than maximum supported [ 1051.318064][ T5849] Bluetooth: hci0: Malformed LE Event: 0x0d [ 1052.874139][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1052.880613][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1052.981628][T26496] __nla_validate_parse: 5 callbacks suppressed [ 1052.981653][T26496] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6996'. [ 1053.035021][T26496] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6996'. [ 1053.202569][T26496] netlink: 290 bytes leftover after parsing attributes in process `syz.0.6996'. [ 1053.293586][T26496] netlink: 290 bytes leftover after parsing attributes in process `syz.0.6996'. [ 1053.948979][T26505] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6991'. [ 1053.960193][T26505] netlink: 354 bytes leftover after parsing attributes in process `syz.0.6991'. [ 1054.003589][T26500] kexec: Could not allocate control_code_buffer [ 1054.304741][T26517] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6994'. [ 1054.424611][ T30] audit: type=1326 audit(4294977490.735:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26518 comm="syz.4.6997" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc6bfb8e929 code=0x0 [ 1054.490590][T26522] FAULT_INJECTION: forcing a failure. [ 1054.490590][T26522] name failslab, interval 1, probability 0, space 0, times 0 [ 1054.522019][T26513] could not allocate digest TFM handle [ 1054.537931][T26522] CPU: 1 UID: 0 PID: 26522 Comm: syz.4.6997 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1054.537982][T26522] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1054.537995][T26522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1054.538012][T26522] Call Trace: [ 1054.538022][T26522] [ 1054.538033][T26522] dump_stack_lvl+0x16c/0x1f0 [ 1054.538076][T26522] should_fail_ex+0x512/0x640 [ 1054.538112][T26522] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1054.538153][T26522] should_failslab+0xc2/0x120 [ 1054.538179][T26522] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1054.538214][T26522] ? snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 1054.538249][T26522] snd_pcm_oss_change_params_locked+0x1db/0x3a30 [ 1054.538284][T26522] ? rcu_is_watching+0x12/0xc0 [ 1054.538317][T26522] ? __mutex_lock+0x1ca/0xb90 [ 1054.538358][T26522] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1054.538391][T26522] ? __pfx___mutex_lock+0x10/0x10 [ 1054.538437][T26522] ? __fsnotify_parent+0x24b/0xc40 [ 1054.538482][T26522] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 1054.538522][T26522] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1054.538549][T26522] snd_pcm_oss_sync+0x1de/0x840 [ 1054.538582][T26522] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1054.538611][T26522] snd_pcm_oss_release+0x28b/0x310 [ 1054.538641][T26522] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 1054.538668][T26522] __fput+0x402/0xb70 [ 1054.538704][T26522] task_work_run+0x150/0x240 [ 1054.538744][T26522] ? __pfx_task_work_run+0x10/0x10 [ 1054.538782][T26522] ? __pfx___do_sys_close_range+0x10/0x10 [ 1054.538829][T26522] exit_to_user_mode_loop+0xeb/0x110 [ 1054.538870][T26522] do_syscall_64+0x3f6/0x490 [ 1054.538911][T26522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1054.538937][T26522] RIP: 0033:0x7fc6bfb8e929 [ 1054.538960][T26522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1054.538987][T26522] RSP: 002b:00007fc6c0975038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1054.539013][T26522] RAX: 0000000000000000 RBX: 00007fc6bfdb6080 RCX: 00007fc6bfb8e929 [ 1054.539031][T26522] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 1054.539048][T26522] RBP: 00007fc6bfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1054.539065][T26522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1054.539082][T26522] R13: 0000000000000000 R14: 00007fc6bfdb6080 R15: 00007ffd65ebc168 [ 1054.539119][T26522] [ 1054.801348][T26519] netlink: set zone limit has 8 unknown bytes [ 1055.542542][T26537] netlink: 25 bytes leftover after parsing attributes in process `syz.1.7009'. [ 1056.657021][T26557] cougar: G6 mapped to space [ 1056.848198][T26570] netlink: 25 bytes leftover after parsing attributes in process `syz.1.7012'. [ 1056.921654][T26570] ima: policy update failed [ 1056.932021][ T30] audit: type=1802 audit(4294977493.258:36): pid=26570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.7012" res=0 errno=0 [ 1060.266681][T26633] kAFS: No cell specified [ 1060.273904][T26633] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7027'. [ 1060.835286][T26649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7034'. [ 1060.873403][T26649] netlink: 13 bytes leftover after parsing attributes in process `syz.3.7034'. [ 1065.231474][T26708] FAULT_INJECTION: forcing a failure. [ 1065.231474][T26708] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1065.246327][T26708] CPU: 0 UID: 0 PID: 26708 Comm: syz.1.7055 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1065.246356][T26708] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1065.246362][T26708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1065.246372][T26708] Call Trace: [ 1065.246378][T26708] [ 1065.246385][T26708] dump_stack_lvl+0x16c/0x1f0 [ 1065.246413][T26708] should_fail_ex+0x512/0x640 [ 1065.246438][T26708] should_fail_alloc_page+0xe7/0x130 [ 1065.246455][T26708] prepare_alloc_pages+0x3c2/0x610 [ 1065.246473][T26708] ? rcu_is_watching+0x12/0xc0 [ 1065.246492][T26708] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1065.246520][T26708] ? __lock_acquire+0x622/0x1c90 [ 1065.246544][T26708] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1065.246564][T26708] ? relay_open+0x653/0xad0 [ 1065.246589][T26708] ? rcu_read_unlock+0x17/0x60 [ 1065.246608][T26708] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1065.246631][T26708] ? policy_nodemask+0xea/0x4e0 [ 1065.246646][T26708] alloc_pages_mpol+0x1fb/0x550 [ 1065.246661][T26708] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1065.246675][T26708] ? __kvmalloc_node_noprof.cold+0x60/0x65 [ 1065.246697][T26708] ? trace_kmalloc+0x2b/0xd0 [ 1065.246711][T26708] ? __kmalloc_noprof.cold+0x5c/0x61 [ 1065.246730][T26708] ? relay_open_buf.part.0+0x194/0xc80 [ 1065.246751][T26708] alloc_pages_noprof+0x131/0x390 [ 1065.246766][T26708] relay_open_buf.part.0+0x262/0xc80 [ 1065.246792][T26708] relay_open+0x653/0xad0 [ 1065.246810][T26708] ? debugfs_create_file_full+0x41/0x60 [ 1065.246832][T26708] do_blk_trace_setup+0x503/0xb50 [ 1065.246852][T26708] blk_trace_setup+0xed/0x1b0 [ 1065.246868][T26708] ? __pfx_blk_trace_setup+0x10/0x10 [ 1065.246884][T26708] ? __pfx_snprintf+0x10/0x10 [ 1065.246913][T26708] blk_trace_ioctl+0x146/0x280 [ 1065.246931][T26708] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 1065.246951][T26708] ? find_held_lock+0x2b/0x80 [ 1065.246966][T26708] ? hook_file_ioctl_common+0x145/0x410 [ 1065.246985][T26708] blkdev_ioctl+0x108/0x6d0 [ 1065.247003][T26708] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1065.247022][T26708] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1065.247040][T26708] __x64_sys_ioctl+0x18e/0x210 [ 1065.247059][T26708] do_syscall_64+0xcd/0x490 [ 1065.247082][T26708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1065.247097][T26708] RIP: 0033:0x7f62b458e929 [ 1065.247111][T26708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1065.247125][T26708] RSP: 002b:00007f62b538e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1065.247146][T26708] RAX: ffffffffffffffda RBX: 00007f62b47b5fa0 RCX: 00007f62b458e929 [ 1065.247156][T26708] RDX: 00002000000000c0 RSI: 00000000c0481273 RDI: 0000000000000006 [ 1065.247166][T26708] RBP: 00007f62b4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1065.247175][T26708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1065.247184][T26708] R13: 0000000000000000 R14: 00007f62b47b5fa0 R15: 00007ffe2c488738 [ 1065.247204][T26708] [ 1066.027626][T26718] [ 1066.030025][T26718] ====================================================== [ 1066.037054][T26718] WARNING: possible circular locking dependency detected [ 1066.044094][T26718] 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 Tainted: G U I [ 1066.052786][T26718] ------------------------------------------------------ [ 1066.059810][T26718] syz.4.7049/26718 is trying to acquire lock: [ 1066.065870][T26718] ffff8880795e3758 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4d0/0xcc0 [ 1066.077369][T26718] [ 1066.077369][T26718] but task is already holding lock: [ 1066.084725][T26718] ffff88807bc93058 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x378/0x5f0 [ 1066.093711][T26718] [ 1066.093711][T26718] which lock already depends on the new lock. [ 1066.093711][T26718] [ 1066.104108][T26718] [ 1066.104108][T26718] the existing dependency chain (in reverse order) is: [ 1066.113117][T26718] [ 1066.113117][T26718] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 1066.120869][T26718] lock_sock_nested+0x41/0xf0 [ 1066.126082][T26718] smc_listen_out+0x202/0x4a0 [ 1066.131289][T26718] smc_listen_work+0x5a3/0x50e0 [ 1066.136670][T26718] process_one_work+0x9cf/0x1b70 [ 1066.142141][T26718] worker_thread+0x6c8/0xf10 [ 1066.147263][T26718] kthread+0x3c2/0x780 [ 1066.151863][T26718] ret_from_fork+0x5d7/0x6f0 [ 1066.157003][T26718] ret_from_fork_asm+0x1a/0x30 [ 1066.162294][T26718] [ 1066.162294][T26718] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 1066.172471][T26718] __lock_acquire+0x126f/0x1c90 [ 1066.177853][T26718] lock_acquire+0x179/0x350 [ 1066.182883][T26718] __flush_work+0x4e4/0xcc0 [ 1066.187920][T26718] __cancel_work_sync+0x10c/0x130 [ 1066.193467][T26718] smc_clcsock_release+0x5f/0xe0 [ 1066.198936][T26718] __smc_release+0x5c2/0x880 [ 1066.204053][T26718] smc_close_non_accepted+0xda/0x200 [ 1066.209867][T26718] smc_close_active+0xc3c/0x1070 [ 1066.215339][T26718] __smc_release+0x634/0x880 [ 1066.220455][T26718] smc_release+0x1fc/0x5f0 [ 1066.225398][T26718] __sock_release+0xb0/0x270 [ 1066.230522][T26718] sock_close+0x1c/0x30 [ 1066.235211][T26718] __fput+0x402/0xb70 [ 1066.239715][T26718] task_work_run+0x150/0x240 [ 1066.244840][T26718] exit_to_user_mode_loop+0xeb/0x110 [ 1066.250664][T26718] do_syscall_64+0x3f6/0x490 [ 1066.255787][T26718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1066.262205][T26718] [ 1066.262205][T26718] other info that might help us debug this: [ 1066.262205][T26718] [ 1066.272429][T26718] Possible unsafe locking scenario: [ 1066.272429][T26718] [ 1066.279872][T26718] CPU0 CPU1 [ 1066.285231][T26718] ---- ---- [ 1066.290589][T26718] lock(sk_lock-AF_SMC/1); [ 1066.295104][T26718] lock((work_completion)(&new_smc->smc_listen_work)); [ 1066.304565][T26718] lock(sk_lock-AF_SMC/1); [ 1066.311612][T26718] lock((work_completion)(&new_smc->smc_listen_work)); [ 1066.318556][T26718] [ 1066.318556][T26718] *** DEADLOCK *** [ 1066.318556][T26718] [ 1066.326694][T26718] 3 locks held by syz.4.7049/26718: [ 1066.331888][T26718] #0: ffff88803aa37a08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270 [ 1066.342452][T26718] #1: ffff88807bc93058 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x378/0x5f0 [ 1066.351878][T26718] #2: ffffffff8e5c4d00 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfb/0xcc0 [ 1066.361056][T26718] [ 1066.361056][T26718] stack backtrace: [ 1066.366952][T26718] CPU: 1 UID: 0 PID: 26718 Comm: syz.4.7049 Tainted: G U I 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 1066.366988][T26718] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 1066.366997][T26718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1066.367011][T26718] Call Trace: [ 1066.367020][T26718] [ 1066.367029][T26718] dump_stack_lvl+0x116/0x1f0 [ 1066.367069][T26718] print_circular_bug+0x275/0x350 [ 1066.367098][T26718] check_noncircular+0x14c/0x170 [ 1066.367128][T26718] __lock_acquire+0x126f/0x1c90 [ 1066.367161][T26718] lock_acquire+0x179/0x350 [ 1066.367188][T26718] ? __flush_work+0x4d0/0xcc0 [ 1066.367210][T26718] ? mark_held_locks+0x49/0x80 [ 1066.367238][T26718] ? __flush_work+0x4d0/0xcc0 [ 1066.367258][T26718] __flush_work+0x4e4/0xcc0 [ 1066.367278][T26718] ? __flush_work+0x4d0/0xcc0 [ 1066.367301][T26718] ? __pfx___flush_work+0x10/0x10 [ 1066.367323][T26718] ? __pfx_wq_barrier_func+0x10/0x10 [ 1066.367357][T26718] ? do_raw_spin_lock+0x12c/0x2b0 [ 1066.367389][T26718] ? __pfx___might_resched+0x10/0x10 [ 1066.367416][T26718] __cancel_work_sync+0x10c/0x130 [ 1066.367438][T26718] smc_clcsock_release+0x5f/0xe0 [ 1066.367466][T26718] __smc_release+0x5c2/0x880 [ 1066.367492][T26718] ? __pfx_sock_def_readable+0x10/0x10 [ 1066.367520][T26718] smc_close_non_accepted+0xda/0x200 [ 1066.367548][T26718] smc_close_active+0xc3c/0x1070 [ 1066.367577][T26718] __smc_release+0x634/0x880 [ 1066.367602][T26718] smc_release+0x1fc/0x5f0 [ 1066.367626][T26718] __sock_release+0xb0/0x270 [ 1066.367658][T26718] ? __pfx_sock_close+0x10/0x10 [ 1066.367688][T26718] sock_close+0x1c/0x30 [ 1066.367717][T26718] __fput+0x402/0xb70 [ 1066.367742][T26718] task_work_run+0x150/0x240 [ 1066.367774][T26718] ? __pfx_task_work_run+0x10/0x10 [ 1066.367806][T26718] ? __pfx___do_sys_close_range+0x10/0x10 [ 1066.367839][T26718] exit_to_user_mode_loop+0xeb/0x110 [ 1066.367872][T26718] do_syscall_64+0x3f6/0x490 [ 1066.367924][T26718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1066.367947][T26718] RIP: 0033:0x7fc6bfb8e929 [ 1066.367966][T26718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1066.367987][T26718] RSP: 002b:00007ffd65ebc2c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1066.368008][T26718] RAX: 0000000000000000 RBX: 0000000000104a5d RCX: 00007fc6bfb8e929 [ 1066.368023][T26718] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1066.368041][T26718] RBP: 00007fc6bfdb7ba0 R08: 0000000000000001 R09: 0000000f65ebc5bf [ 1066.368055][T26718] R10: 00007fc6bfa00000 R11: 0000000000000246 R12: 00007fc6bfdb5fac SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1066.368070][T26718] R13: 00007fc6bfdb5fa0 R14: ffffffffffffffff R15: 00007ffd65ebc3e0 [ 1066.368091][T26718] [ 1068.010715][T23263] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.110015][T23263] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.198266][T23263] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.279236][T23263] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.604753][T23263] gretap0 (unregistering): left allmulticast mode [ 1068.753431][T23263] bond0 (unregistering): (slave ): Releasing backup interface [ 1068.761517][T23263] : left allmulticast mode [ 1068.766750][T23263] bond0 (unregistering): Released all slaves [ 1068.836292][T23263] ovs_: left promiscuous mode [ 1069.243964][T23263] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1069.251460][T23263] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1069.260047][T23263] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1069.268899][T23263] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1069.281558][T23263] veth1_macvtap: left allmulticast mode [ 1069.461844][T23263] team0 (unregistering): Port device team_slave_1 removed [ 1069.501298][T23263] team0 (unregistering): Port device team_slave_0 removed [ 1070.015128][T23263] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.051315][T23263] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.121761][T23263] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.173916][T23263] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.293328][T23263] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.330931][T23263] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.390095][T23263] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.428482][T23263] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.604502][T23263] erspan0 (unregistering): left allmulticast mode [ 1070.652610][T23263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1070.661565][T23263] bond_slave_1: left allmulticast mode [ 1070.669663][T23263] bond0 (unregistering): Released all slaves [ 1070.703398][T23263] erspan0 (unregistering): left allmulticast mode [ 1070.867137][T23263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1070.876594][T23263] bond0 (unregistering): Released all slaves [ 1070.938970][T23263] HfR: left promiscuous mode [ 1071.297589][T23263] hsr_slave_1: left promiscuous mode [ 1071.305418][T23263] hsr_slave_1: left promiscuous mode [ 1071.315131][T23263] veth1_macvtap: left promiscuous mode [ 1071.323936][T23263] veth1_vlan: left promiscuous mode [ 1071.329353][T23263] veth0_vlan: left promiscuous mode [ 1071.448237][T23263] team0 (unregistering): Port device team_slave_0 removed