last executing test programs: 3.328482556s ago: executing program 1 (id=3061): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001280), 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mprotect$auto(0x0, 0x8000000000000001, 0x6) 2.422413724s ago: executing program 3 (id=3066): open(&(0x7f0000000000)='./file0\x00', 0xa61c2, 0x84) socket(0x15, 0x5, 0x0) socket(0x22, 0x2, 0x24) socket(0x28, 0x5, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) 2.230986573s ago: executing program 3 (id=3068): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/loginuid\x00', 0x1a1081, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x62342, 0x0) read$auto(r0, 0x0, 0x101) write$auto(0x3, 0x0, 0xfdef) 2.203505239s ago: executing program 2 (id=3069): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x3, 0x71) socket(0xa, 0x2, 0x88) setresuid$auto(0x0, 0x8, 0x8000) ioctl$auto(0x1, 0x890c, 0x8) 2.070307927s ago: executing program 3 (id=3071): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x30, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NL80211_ATTR_COLOR_CHANGE_ELEMS={0x1c, 0x131, 0x0, 0x1, [@NL80211_ATTR_PMKID={0x15, 0x55, "9da6b8c2443745ef10de92b9528279a9a0"}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x20048014) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(r0, 0x0, 0x40000) sendmsg$auto_NL80211_CMD_DEL_PMK(r0, 0x0, 0xa040) 2.024755031s ago: executing program 1 (id=3072): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, 0xfffffffffffff000, 0x2) socket(0x2, 0x3, 0x1) socket(0x15, 0x5, 0x0) timerfd_create$auto(0x9, 0x0) select$auto(0x6, 0x0, &(0x7f00000000c0)={[0xbb0, 0x8101, 0x80, 0x1, 0xb, 0x4db11da, 0x3, 0x7f, 0x2, 0x0, 0x32, 0x1, 0x10000, 0x7, 0x6, 0xb83]}, 0x0, 0x0) 1.95220799s ago: executing program 0 (id=3073): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2b, 0x1, 0x1) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1000000c, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) setsockopt$auto(r0, 0x29, 0x20, 0x0, 0x20) 1.88093893s ago: executing program 3 (id=3074): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose11/tx_queue_len\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) 1.868238732s ago: executing program 2 (id=3075): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) move_pages$auto(0x1, 0x2000000000003, 0xffffffffffffffff, 0x0, 0x0, 0x8000000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x5, 0x1, 0x4b, 0x0, 0x9) 1.786659714s ago: executing program 1 (id=3076): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setreuid$auto(0x0, 0x0) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 1.74700558s ago: executing program 0 (id=3077): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) recvfrom$auto(0x3, 0x0, 0x142e, 0x2, 0x0, 0x0) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, 0x0, 0x151001, 0x0) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_GET_TXSC(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002b00)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB='{o'], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x0) 1.264606242s ago: executing program 2 (id=3078): mmap$auto(0x0, 0x400006, 0xfffffffffffffff9, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x2, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/smbd_keep_alive_interval\x00', 0x8f3b7a51b80ebc01, 0x0) close_range$auto(r0, r1, 0x3) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)='\x00', 0x1) 1.07663553s ago: executing program 0 (id=3079): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty46\x00', 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB="5de1523353782950330a"], 0x1ac}}, 0x40000) read$auto(r1, &(0x7f0000000000)='$-]&@\x00', 0xfdef) ioctl$auto(r0, 0x540a, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000140)) 1.076556412s ago: executing program 2 (id=3080): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000001100), r1) sendmsg$auto_CTRL_CMD_GETFAMILY(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="01002dbd7000ffdbdf25030000000600010030"], 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000044) r3 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), r1) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000036c0)=ANY=[@ANYBLOB='\x006\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fedbdfa503000000e43501805b"], 0x3600}, 0x1, 0x0, 0x0, 0x4008000}, 0x8084) 905.213629ms ago: executing program 3 (id=3081): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000001280), 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mprotect$auto(0x0, 0x8000000000000001, 0x6) 904.539278ms ago: executing program 1 (id=3089): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48004}, 0x4050) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) 786.431256ms ago: executing program 0 (id=3082): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgsnd$auto(0x5, 0x0, 0x3, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0xfbe8, 0x4) mlockall$auto(0x7) arch_prctl$auto(0x5005, 0x9) 639.894314ms ago: executing program 2 (id=3083): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/loginuid\x00', 0x1a1081, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/i8042/serio1/resetafter\x00', 0x129102, 0x0) read$auto(r0, 0x0, 0x18) write$auto(0x3, 0x0, 0xfdef) 469.988363ms ago: executing program 0 (id=3084): open(&(0x7f0000000000)='./file0\x00', 0xa61c2, 0x84) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfdef) 332.93342ms ago: executing program 1 (id=3085): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1b00"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 65.630039ms ago: executing program 3 (id=3086): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\rV'], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='^'], 0x1ac}, 0x1, 0x0, 0x0, 0xc000}, 0xc814) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 46.566687ms ago: executing program 2 (id=3087): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x5, 0x2, 0x7, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x72, 0x0, &(0x7f0000000100)=0x22a) r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) write$auto(r1, 0x0, 0xe) 24.306014ms ago: executing program 1 (id=3088): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4030ae7b, r0) 0s ago: executing program 0 (id=3090): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) ioctl$auto_PPPIOCGDEBUG(0xffffffffffffffff, 0x80047441, 0x0) close_range$auto(0x2, 0x8000, 0x0) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r0, r0, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi2\x00', 0xa200, 0x0) ioctl$auto(r1, 0xc0585611, r1) kernel console output (not intermixed with test programs): exists on: batadv_slave_1 [ 123.364099][ T6209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.405401][ T6209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.476845][ T6209] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.524000][ T6209] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.533235][ T6209] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.564294][ T6209] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.858631][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.904496][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.937509][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.955138][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.327799][ T6458] netlink: 28 bytes leftover after parsing attributes in process `syz.0.186'. [ 124.364704][ T6458] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.373966][ T6458] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.413871][ T6458] bridge0: entered promiscuous mode [ 124.440247][ T6458] bridge0: entered allmulticast mode [ 124.895764][ T6460] mmap: syz.3.184 (6460) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 125.310238][ T6491] netlink: 28 bytes leftover after parsing attributes in process `syz.1.199'. [ 125.354991][ T6491] ipvlan1: entered allmulticast mode [ 125.360377][ T6491] veth0_vlan: entered allmulticast mode [ 126.960775][ T6538] netlink: 28 bytes leftover after parsing attributes in process `syz.3.204'. [ 127.019406][ T6538] ipvlan1: entered allmulticast mode [ 127.054392][ T6538] veth0_vlan: entered allmulticast mode [ 129.004769][ T6571] netlink: 28 bytes leftover after parsing attributes in process `syz.0.218'. [ 133.504628][ T6680] sock: sock_set_timeout: `syz.1.262' (pid 6680) tries to set negative timeout [ 138.440426][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.457413][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.071042][ T6786] netlink: 342 bytes leftover after parsing attributes in process `syz.2.304'. [ 139.319366][ T6790] netlink: 24 bytes leftover after parsing attributes in process `syz.0.306'. [ 139.330983][ T6790] netlink: 23 bytes leftover after parsing attributes in process `syz.0.306'. [ 141.359381][ T6806] kexec: Could not allocate control_code_buffer [ 142.845990][ T6848] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 143.535091][ T6854] capability: warning: `syz.3.332' uses 32-bit capabilities (legacy support in use) [ 151.049141][ T7007] netlink: 28 bytes leftover after parsing attributes in process `syz.2.388'. [ 151.074538][ T7007] macvlan1: entered allmulticast mode [ 151.080000][ T7007] veth1_vlan: entered allmulticast mode [ 151.409548][ T7016] netlink: 28 bytes leftover after parsing attributes in process `syz.3.393'. [ 151.726020][ T7022] nbd: socks must be embedded in a SOCK_ITEM attr [ 151.743605][ T7022] block nbd0: shutting down sockets [ 153.338940][ T7064] netlink: 28 bytes leftover after parsing attributes in process `syz.0.412'. [ 158.517213][ T7198] Console: switching to colour VGA+ 80x25 [ 160.067803][ T7247] sd 0:0:1:0: PR command failed: 1026 [ 160.073477][ T7247] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 160.082950][ T7247] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 162.412934][ T7317] sock: sock_timestamping_bind_phc: sock not bind to device [ 162.867313][ T5838] Bluetooth: hci2: Malformed HCI Event [ 163.473241][ T7355] syz.2.528 (7355): /proc/7354/oom_adj is deprecated, please use /proc/7354/oom_score_adj instead. [ 163.839752][ T7361] zswap: compressor not available [ 164.395161][ T7388] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 165.290859][ T7409] netlink: 93 bytes leftover after parsing attributes in process `syz.0.549'. [ 165.564106][ T7415] netlink: 'syz.0.551': attribute type 1 has an invalid length. [ 165.585260][ T7415] netlink: 'syz.0.551': attribute type 3 has an invalid length. [ 168.962887][ T7502] netlink: 'syz.1.585': attribute type 1 has an invalid length. [ 168.988590][ T7502] netlink: 206 bytes leftover after parsing attributes in process `syz.1.585'. [ 171.735167][ T7552] GUP no longer grows the stack in syz.3.603 (7552): 14000-401000 (4000) [ 171.754210][ T7552] CPU: 0 UID: 0 PID: 7552 Comm: syz.3.603 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 171.754251][ T7552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 171.754274][ T7552] Call Trace: [ 171.754283][ T7552] [ 171.754295][ T7552] dump_stack_lvl+0x16c/0x1f0 [ 171.754360][ T7552] gup_vma_lookup+0x1d2/0x220 [ 171.754408][ T7552] __get_user_pages+0x236/0x36f0 [ 171.754473][ T7552] ? hlock_class+0x4e/0x130 [ 171.754508][ T7552] ? __lock_acquire+0x15a9/0x3c40 [ 171.754555][ T7552] ? __pfx___get_user_pages+0x10/0x10 [ 171.754619][ T7552] __gup_longterm_locked+0x212/0x1870 [ 171.754670][ T7552] ? __pfx___lock_acquire+0x10/0x10 [ 171.754724][ T7552] ? __pfx___gup_longterm_locked+0x10/0x10 [ 171.754775][ T7552] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 171.754825][ T7552] ? rwsem_read_trylock+0x12d/0x250 [ 171.754879][ T7552] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 171.754932][ T7552] ? process_vm_rw_core.constprop.0+0x3ff/0x9c0 [ 171.754973][ T7552] pin_user_pages_remote+0xee/0x150 [ 171.755025][ T7552] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 171.755073][ T7552] ? down_read+0xc9/0x330 [ 171.755161][ T7552] process_vm_rw_core.constprop.0+0x42b/0x9c0 [ 171.755204][ T7552] ? futex_wait_queue+0x103/0x1f0 [ 171.755259][ T7552] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 171.755325][ T7552] process_vm_rw+0x301/0x360 [ 171.755361][ T7552] ? __pfx_process_vm_rw+0x10/0x10 [ 171.755448][ T7552] ? xfd_validate_state+0x5d/0x180 [ 171.755495][ T7552] ? rcu_is_watching+0x12/0xc0 [ 171.755535][ T7552] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 171.755570][ T7552] ? do_syscall_64+0x91/0x250 [ 171.755618][ T7552] ? lockdep_hardirqs_on+0x7c/0x110 [ 171.755662][ T7552] do_syscall_64+0xcd/0x250 [ 171.755712][ T7552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.755759][ T7552] RIP: 0033:0x7f265578d169 [ 171.755786][ T7552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.755822][ T7552] RSP: 002b:00007f2656511038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 171.755852][ T7552] RAX: ffffffffffffffda RBX: 00007f26559a5fa0 RCX: 00007f265578d169 [ 171.755873][ T7552] RDX: 0000000000000004 RSI: 0000400000000040 RDI: 0000000000000191 [ 171.755892][ T7552] RBP: 00007f265580e2a0 R08: 0000000000000003 R09: 0000000000000000 [ 171.755910][ T7552] R10: 00004000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 171.755929][ T7552] R13: 0000000000000000 R14: 00007f26559a5fa0 R15: 00007ffe107c59c8 [ 171.755968][ T7552] [ 175.013368][ T7630] netlink: 294 bytes leftover after parsing attributes in process `syz.3.635'. [ 176.465674][ T7673] hub 2-0:1.0: USB hub found [ 176.476896][ T7673] hub 2-0:1.0: 1 port detected [ 177.002944][ T7686] netlink: 346 bytes leftover after parsing attributes in process `syz.2.659'. [ 178.079686][ T7713] sctp: [Deprecated]: syz.2.668 (pid 7713) Use of int in max_burst socket option deprecated. [ 178.079686][ T7713] Use struct sctp_assoc_value instead [ 181.703947][ T7768] kexec: Could not allocate control_code_buffer [ 183.602500][ T7841] netlink: 342 bytes leftover after parsing attributes in process `syz.0.720'. [ 183.886476][ T7850] hub 2-0:1.0: USB hub found [ 183.911950][ T7850] hub 2-0:1.0: 1 port detected [ 186.300076][ T7912] netlink: 8 bytes leftover after parsing attributes in process `syz.2.748'. [ 187.577846][ T7939] Loading of unsigned module is rejected [ 187.904421][ T7946] nbd: socks must be embedded in a SOCK_ITEM attr [ 187.954407][ T7946] block nbd0: shutting down sockets syzkaller syzkaller login: [ 191.829388][ T8023] Loading of unsigned module is rejected [ 192.274908][ T5838] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 192.274954][ T5838] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 192.290336][ T5838] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 192.290413][ T5838] Bluetooth: hci1: adv larger than maximum supported [ 192.298094][ T5838] Bluetooth: hci1: adv larger than maximum supported [ 192.304963][ T5838] Bluetooth: hci1: adv larger than maximum supported [ 192.311799][ T5838] Bluetooth: hci1: Malformed LE Event: 0x0d [ 193.512892][ T8075] CIFS: VFS: Invalid SecurityFlags: 0x00 [ 194.345946][ T8087] Loading of unsigned module is rejected [ 195.127453][ T8114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.831'. [ 195.206665][ T8117] netlink: 4 bytes leftover after parsing attributes in process `syz.2.831'. [ 196.020846][ T8128] Loading of unsigned module is rejected [ 196.279038][ T8135] netlink: 28 bytes leftover after parsing attributes in process `syz.3.837'. [ 197.061298][ T8119] kexec: Could not allocate control_code_buffer [ 197.701506][ T30] audit: type=1800 audit(1742363558.919:2): pid=8176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.854" name="lu_gp_id" dev="configfs" ino=15568 res=0 errno=0 [ 197.740010][ T8176] ALUA lu_gp_id: 393216 exceeds maximum: 0x0000ffff [ 197.963606][ T8182] perf: Dynamic interrupt throttling disabled, can hang your system! [ 198.203419][ T8192] delete_channel: no stack [ 198.765465][ T8207] sctp: [Deprecated]: syz.1.867 (pid 8207) Use of int in max_burst socket option deprecated. [ 198.765465][ T8207] Use struct sctp_assoc_value instead [ 198.861110][ T8210] netlink: 12 bytes leftover after parsing attributes in process `syz.0.869'. [ 198.874773][ T8211] Device name cannot be null; rc = [-22] [ 198.893091][ T8210] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 199.878141][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.894162][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.377321][ T8241] sctp: [Deprecated]: syz.0.881 (pid 8241) Use of int in max_burst socket option deprecated. [ 200.377321][ T8241] Use struct sctp_assoc_value instead [ 201.204846][ T30] audit: type=1800 audit(1742363562.419:3): pid=8257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.889" name="lu_gp_id" dev="configfs" ino=15146 res=0 errno=0 [ 201.255846][ T8257] ALUA lu_gp_id: 393216 exceeds maximum: 0x0000ffff [ 203.106446][ T8293] netlink: 28 bytes leftover after parsing attributes in process `syz.0.906'. [ 203.282611][ T30] audit: type=1804 audit(1742363564.499:4): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.908" name="/newroot/239/file0" dev="tmpfs" ino=1235 res=1 errno=0 [ 203.324633][ T30] audit: type=1800 audit(1742363564.499:5): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.908" name="file0" dev="tmpfs" ino=1235 res=0 errno=0 [ 203.346224][ T30] audit: type=1804 audit(1742363564.509:6): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.908" name="/newroot/239/file0" dev="tmpfs" ino=1235 res=1 errno=0 [ 203.367835][ T30] audit: type=1800 audit(1742363564.509:7): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.908" name="file0" dev="tmpfs" ino=1235 res=0 errno=0 [ 203.395933][ T8304] ubi0: attaching mtd0 [ 203.436709][ T8304] ubi0: scanning is finished [ 203.441493][ T8304] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 203.649797][ T8304] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 204.694763][ T8341] tipc: Trying to set illegal importance in message [ 205.489609][ T8351] Loading of unsigned module is rejected [ 205.788994][ T8366] netlink: 342 bytes leftover after parsing attributes in process `syz.0.935'. [ 206.352878][ T5838] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 206.352924][ T5838] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 206.368029][ T5838] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 206.368098][ T5838] Bluetooth: hci3: adv larger than maximum supported [ 206.375669][ T5838] Bluetooth: hci3: adv larger than maximum supported [ 206.382405][ T5838] Bluetooth: hci3: adv larger than maximum supported [ 206.391185][ T5838] Bluetooth: hci3: Malformed LE Event: 0x0d syzkaller syzkaller login: [ 207.760892][ T5838] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 207.760942][ T5838] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 207.776232][ T5838] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 207.776299][ T5838] Bluetooth: hci0: adv larger than maximum supported [ 207.783725][ T5838] Bluetooth: hci0: adv larger than maximum supported [ 207.790576][ T5838] Bluetooth: hci0: adv larger than maximum supported [ 207.797508][ T5838] Bluetooth: hci0: Malformed LE Event: 0x0d [ 208.778975][ T8433] netlink: 342 bytes leftover after parsing attributes in process `syz.0.966'. [ 209.042125][ T8437] netlink: 18 bytes leftover after parsing attributes in process `syz.0.975'. [ 212.198577][ T5849] Bluetooth: hci2: command 0x0406 tx timeout [ 212.199348][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 212.204805][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 214.567338][ T8553] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1014'. [ 215.155487][ T30] audit: type=1800 audit(1742363576.369:8): pid=8567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1021" name=22050820 dev="tmpfs" ino=1379 res=0 errno=0 [ 216.843946][ T8602] sd 0:0:1:0: PR command failed: 1026 [ 216.849515][ T8602] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 216.899570][ T8602] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 218.308830][ T55] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 218.308878][ T55] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 218.324151][ T55] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 218.324217][ T55] Bluetooth: hci2: adv larger than maximum supported [ 218.331629][ T55] Bluetooth: hci2: adv larger than maximum supported [ 218.338494][ T55] Bluetooth: hci2: adv larger than maximum supported [ 218.346205][ T55] Bluetooth: hci2: Malformed LE Event: 0x0d [ 221.097041][ T8703] dyndbg: bad flag-op 1, at start of 15 [ 221.103066][ T8703] dyndbg: flags parse failed [ 222.410930][ T8727] Device name cannot be null; rc = [-22] [ 223.593402][ T8754] netlink: 'syz.0.1097': attribute type 9 has an invalid length. [ 223.624194][ T8754] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1097'. [ 223.871401][ T8759] ptrace attach of "./syz-executor exec"[5842] was attempted by ""[8759] [ 224.776867][ T8778] MTRR 1 not used [ 227.619683][ T8831] Loading of unsigned module is rejected [ 232.674175][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 233.148838][ T8941] zswap: compressor not available [ 233.195750][ T8949] netlink: 194 bytes leftover after parsing attributes in process `syz.0.1174'. [ 235.009548][ T8982] lo: entered promiscuous mode [ 235.033301][ T8979] lo: left promiscuous mode [ 236.174688][ T9004] snd_aloop snd_aloop.0: Parsing timer source 'QV&' failed with -22 [ 236.912560][ T9024] snd_aloop snd_aloop.0: Parsing timer source 'QV&' failed with -22 [ 236.954157][ T9024] snd_aloop snd_aloop.0: Parsing timer source 'QV&' failed with -22 [ 236.978129][ T9013] Loading of unsigned module is rejected [ 240.792854][ T9096] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1236'. [ 242.150006][ T9128] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1250'. [ 245.231562][ T9203] qrtr: Invalid version 0 [ 247.386422][ T9251] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1299'. [ 247.466046][ T9251] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1299'. [ 248.036087][ T9261] MTRR 1 not used [ 248.111306][ T9263] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1306'. [ 249.978955][ T9310] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1327'. [ 251.298570][ T9338] IPVS: length: 24 != 25769803800 [ 251.391709][ T9340] nbd: socks must be embedded in a SOCK_ITEM attr [ 251.415681][ T9340] block nbd0: shutting down sockets [ 251.535244][ T9345] ima: policy update failed [ 251.542717][ T30] audit: type=1802 audit(1742363612.759:9): pid=9345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm=20 res=0 errno=0 [ 253.004250][ T9397] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1358'. syzkaller syzkaller login: [ 254.298521][ T9442] CIFS: VFS: Unsupported security flags: 0x200 [ 255.718710][ T9485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1382'. [ 255.750273][ T9486] netlink: 280 bytes leftover after parsing attributes in process `syz.0.1381'. [ 255.760355][ T9485] vxcan1: entered promiscuous mode [ 258.794347][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 258.802806][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 260.295982][ T9575] MTRR 1 not used [ 260.334909][ T9578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1416'. [ 260.364157][ T9578] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 261.316120][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.323107][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.182124][ T9626] ======================================================= [ 262.182124][ T9626] WARNING: The mand mount option has been deprecated and [ 262.182124][ T9626] and is ignored by this kernel. Remove the mand [ 262.182124][ T9626] option from the mount to silence this warning. [ 262.182124][ T9626] ======================================================= [ 264.236843][ T55] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 264.236892][ T55] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 264.254848][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 264.254900][ T55] Bluetooth: hci0: adv larger than maximum supported [ 264.262021][ T55] Bluetooth: hci0: adv larger than maximum supported [ 264.268881][ T55] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 264.282929][ T55] Bluetooth: hci0: Malformed LE Event: 0x0d [ 264.714565][ T9682] nbd0: detected capacity change from 0 to 68719476736 [ 264.770923][ T5845] block nbd0: Send control failed (result -22) [ 264.804623][ T5845] block nbd0: Request send failed, requeueing [ 264.826403][ T55] block nbd0: Receive control failed (result -32) [ 264.846239][ T27] block nbd0: Dead connection, failed to find a fallback [ 264.853652][ T27] block nbd0: shutting down sockets [ 264.860583][ T27] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 264.871353][ T27] Buffer I/O error on dev nbd0, logical block 0, async page read [ 264.883301][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 264.954171][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.003810][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 265.013665][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.022895][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 265.032185][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.040298][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 265.050357][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.058422][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 265.068934][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.077047][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 265.090932][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.124255][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 265.133387][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.177649][ T5845] ldm_validate_partition_table(): Disk read failed. [ 265.195147][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 265.214074][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.236618][ T5845] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 265.263194][ T5845] Buffer I/O error on dev nbd0, logical block 0, async page read [ 265.286480][ T5845] Dev nbd0: unable to read RDB block 0 [ 265.292670][ T5845] nbd0: unable to read partition table [ 265.305591][ T5845] ldm_validate_partition_table(): Disk read failed. [ 265.312893][ T5845] Dev nbd0: unable to read RDB block 0 [ 265.321711][ T5845] nbd0: unable to read partition table [ 265.657171][ T9705] netlink: 58 bytes leftover after parsing attributes in process `syz.3.1470'. [ 265.672756][ T9706] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1472'. [ 265.695512][ T9706] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1472'. [ 265.707468][ T9708] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1473'. [ 267.090329][ T9739] nbd: socks must be embedded in a SOCK_ITEM attr [ 267.122465][ T9739] block nbd1: shutting down sockets [ 268.868139][ T9779] overlayfs: missing 'lowerdir' [ 270.396420][ T9808] netlink: 214 bytes leftover after parsing attributes in process `syz.1.1513'. [ 271.849019][ T9837] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1523'. [ 274.484195][ T30] audit: type=1804 audit(1742363635.699:10): pid=9881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1543" name=2F6E6577726F6F742F3432342F08 dev="tmpfs" ino=2178 res=1 errno=0 [ 275.867630][ T9924] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1559'. [ 277.854915][ T9962] TCP: TCP_TX_DELAY enabled [ 280.995785][T10028] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1602'. [ 284.505293][T10093] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1626'. [ 284.534961][T10093] veth1_macvtap: left promiscuous mode [ 284.546915][T10093] macsec0: entered allmulticast mode [ 285.371465][T10107] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 286.657090][T10135] nbd: socks must be embedded in a SOCK_ITEM attr [ 286.684511][T10135] block nbd1: shutting down sockets [ 288.902759][T10182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1660'. [ 288.913729][T10182] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1660'. [ 290.388350][T10213] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1673'. [ 291.060005][T10236] PM: Enabling pm_trace changes system date and time during resume. [ 291.060005][T10236] PM: Correct system time has to be restored manually after resume. [ 291.739239][T10262] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1696'. [ 292.290833][T10273] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1700'. [ 294.559357][T10328] ERROR: Out of memory at tomoyo_memory_ok. [ 294.604103][T10328] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /usr/sbin/sshd /usr/sbin/sshd /bin/sh /root/syz-executor /root/syz-executor /newroot/436/file0' not defined. [ 295.194831][T10351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1730'. [ 295.462505][T10358] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1733'. [ 296.170681][ T30] audit: type=1800 audit(1742363657.389:11): pid=10373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1739" name="lu_gp_id" dev="configfs" ino=22838 res=0 errno=0 [ 296.174422][T10373] ALUA LU Group already has a valid ID, ignoring request [ 297.397537][T10395] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1747'. [ 298.561791][T10422] Console: switching to colour frame buffer device 128x48 [ 299.574907][T10445] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1769'. [ 300.372947][T10463] netlink: 'syz.3.1776': attribute type 11 has an invalid length. [ 300.612595][ C0] vkms_vblank_simulate: vblank timer overrun [ 301.033242][ C0] vkms_vblank_simulate: vblank timer overrun [ 302.579868][T10517] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1797'. [ 302.756744][T10515] program syz.1.1795 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 304.444367][T10565] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1816'. [ 305.132677][T10589] netlink: 'syz.3.1824': attribute type 2 has an invalid length. [ 306.655224][T10636] nbd2: detected capacity change from 0 to 68719476736 [ 306.692827][ T5845] block nbd2: Send control failed (result -22) [ 306.707034][ T5845] block nbd2: Request send failed, requeueing [ 306.731608][ T5840] block nbd2: Receive control failed (result -32) [ 306.743349][ T27] block nbd2: Dead connection, failed to find a fallback [ 306.751914][ T27] block nbd2: shutting down sockets [ 306.757823][ T27] blk_print_req_error: 24 callbacks suppressed [ 306.757844][ T27] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.775135][ T27] buffer_io_error: 23 callbacks suppressed [ 306.775155][ T27] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.790450][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.800093][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.810563][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.820226][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.828497][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.838086][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.847860][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.857416][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.865708][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.875217][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.883293][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.893855][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.902268][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.911730][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.930438][ T5845] ldm_validate_partition_table(): Disk read failed. [ 306.937635][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.948541][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 306.984259][ T5845] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 306.993421][ T5845] Buffer I/O error on dev nbd2, logical block 0, async page read [ 307.024343][ T5845] Dev nbd2: unable to read RDB block 0 [ 307.030417][ T5845] nbd2: unable to read partition table [ 307.056861][ T5845] ldm_validate_partition_table(): Disk read failed. [ 307.085303][ T5845] Dev nbd2: unable to read RDB block 0 [ 307.091407][ T5845] nbd2: unable to read partition table [ 307.102639][T10641] netlink: 'syz.1.1836': attribute type 1 has an invalid length. [ 307.141323][T10641] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1836'. [ 307.945844][T10665] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 308.183347][T10670] netlink: 'syz.1.1847': attribute type 16 has an invalid length. [ 308.211639][T10670] netlink: 322 bytes leftover after parsing attributes in process `syz.1.1847'. [ 309.016759][T10692] FAULT_INJECTION: forcing a failure. [ 309.016759][T10692] name failslab, interval 1, probability 0, space 0, times 1 [ 309.070190][T10692] CPU: 0 UID: 0 PID: 10692 Comm: syz.3.1856 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 309.070233][T10692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 309.070257][T10692] Call Trace: [ 309.070266][T10692] [ 309.070278][T10692] dump_stack_lvl+0x16c/0x1f0 [ 309.070334][T10692] should_fail_ex+0x50a/0x650 [ 309.070366][T10692] ? fs_reclaim_acquire+0xae/0x150 [ 309.070411][T10692] should_failslab+0xc2/0x120 [ 309.070444][T10692] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 309.070492][T10692] ? down_write+0x14e/0x200 [ 309.070544][T10692] ? vm_area_dup+0x21/0x2f0 [ 309.070599][T10692] vm_area_dup+0x21/0x2f0 [ 309.070649][T10692] copy_process+0x776f/0x8c50 [ 309.070711][T10692] ? __pfx_copy_process+0x10/0x10 [ 309.070746][T10692] ? try_to_wake_up+0x953/0x1490 [ 309.070802][T10692] ? plist_check_head+0xa3/0x150 [ 309.070857][T10692] ? wake_up_q+0xb0/0x160 [ 309.070898][T10692] ? do_raw_spin_unlock+0x172/0x230 [ 309.070938][T10692] kernel_clone+0xfd/0x960 [ 309.070970][T10692] ? __pfx_futex_wake+0x10/0x10 [ 309.071016][T10692] ? __pfx_kernel_clone+0x10/0x10 [ 309.071045][T10692] ? __pfx_vfs_writev+0x10/0x10 [ 309.071112][T10692] __do_sys_clone+0xcf/0x120 [ 309.071144][T10692] ? __pfx___do_sys_clone+0x10/0x10 [ 309.071197][T10692] ? rcu_is_watching+0x12/0xc0 [ 309.071245][T10692] do_syscall_64+0xcd/0x250 [ 309.071297][T10692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.071343][T10692] RIP: 0033:0x7f265578d169 [ 309.071369][T10692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.071401][T10692] RSP: 002b:00007f2656510fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 309.071432][T10692] RAX: ffffffffffffffda RBX: 00007f26559a5fa0 RCX: 00007f265578d169 [ 309.071453][T10692] RDX: 0000000000000000 RSI: ffffffffffffff10 RDI: 0000000000000000 [ 309.071472][T10692] RBP: 00007f265580e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 309.071491][T10692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.071509][T10692] R13: 0000000000000000 R14: 00007f26559a5fa0 R15: 00007ffe107c59c8 [ 309.071551][T10692] [ 309.426329][ T30] audit: type=1800 audit(4294967297.750:12): pid=10703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1860" name="set_event" dev="tracefs" ino=1070 res=0 errno=0 [ 309.548831][T10709] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1861'. [ 309.784372][T10715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1862'. [ 309.828184][T10715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1862'. [ 310.877090][T10752] usb usb38: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 310.907585][T10752] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 311.481004][T10764] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1877'. [ 311.483253][T10763] netlink: 'syz.2.1876': attribute type 2 has an invalid length. [ 311.739228][T10770] netlink: 130 bytes leftover after parsing attributes in process `syz.3.1878'. [ 313.337646][T10797] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1892'. [ 314.526351][T10823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 314.975390][T10832] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1906'. [ 315.456787][T10843] random: crng reseeded on system resumption [ 315.494680][T10843] FAULT_INJECTION: forcing a failure. [ 315.494680][T10843] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 315.548994][T10843] CPU: 1 UID: 0 PID: 10843 Comm: syz.1.1910 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 315.549039][T10843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 315.549057][T10843] Call Trace: [ 315.549066][T10843] [ 315.549079][T10843] dump_stack_lvl+0x16c/0x1f0 [ 315.549132][T10843] should_fail_ex+0x50a/0x650 [ 315.549162][T10843] ? __pfx___might_resched+0x10/0x10 [ 315.549220][T10843] should_fail_alloc_page+0xe7/0x130 [ 315.549256][T10843] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 315.549306][T10843] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 315.549361][T10843] ? mark_held_locks+0x9f/0xe0 [ 315.549410][T10843] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 315.549451][T10843] ? lockdep_hardirqs_on+0x7c/0x110 [ 315.549494][T10843] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 315.549535][T10843] ? stack_depot_save_flags+0x38f/0x9c0 [ 315.549568][T10843] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 315.549625][T10843] ? kasan_save_stack+0x42/0x60 [ 315.549669][T10843] ? kasan_save_stack+0x33/0x60 [ 315.549712][T10843] ? kasan_save_track+0x14/0x30 [ 315.549763][T10843] ? vfs_open+0x82/0x3f0 [ 315.549791][T10843] ? path_openat+0x1e88/0x2d80 [ 315.549844][T10843] ? do_filp_open+0x20c/0x470 [ 315.549886][T10843] ? do_sys_openat2+0x17a/0x1e0 [ 315.549916][T10843] ? __x64_sys_openat+0x175/0x210 [ 315.549949][T10843] ? do_syscall_64+0xcd/0x250 [ 315.550004][T10843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.550054][T10843] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 315.550105][T10843] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 315.550158][T10843] ? policy_nodemask+0xea/0x4e0 [ 315.550193][T10843] alloc_pages_mpol+0x1fc/0x540 [ 315.550226][T10843] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 315.550267][T10843] alloc_pages_noprof+0x131/0x390 [ 315.550299][T10843] get_zeroed_page_noprof+0x14/0x50 [ 315.550337][T10843] get_image_page+0x18/0x190 [ 315.550371][T10843] alloc_rtree_node+0x3c/0xb0 [ 315.550406][T10843] memory_bm_create+0x517/0x810 [ 315.550455][T10843] create_basic_memory_bitmaps+0x111/0x680 [ 315.550500][T10843] snapshot_open+0x235/0x2b0 [ 315.550541][T10843] ? __pfx_snapshot_open+0x10/0x10 [ 315.550583][T10843] misc_open+0x35a/0x420 [ 315.550616][T10843] ? __pfx_misc_open+0x10/0x10 [ 315.550648][T10843] chrdev_open+0x237/0x6a0 [ 315.550700][T10843] ? __pfx_chrdev_open+0x10/0x10 [ 315.550751][T10843] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 315.550801][T10843] do_dentry_open+0x735/0x1c40 [ 315.550848][T10843] ? __pfx_chrdev_open+0x10/0x10 [ 315.550901][T10843] ? inode_permission+0xdd/0x5f0 [ 315.550939][T10843] vfs_open+0x82/0x3f0 [ 315.550980][T10843] ? may_open+0x1f2/0x400 [ 315.551019][T10843] path_openat+0x1e88/0x2d80 [ 315.551078][T10843] ? __pfx_path_openat+0x10/0x10 [ 315.551124][T10843] ? __pfx___lock_acquire+0x10/0x10 [ 315.551167][T10843] ? lock_acquire.part.0+0x11b/0x380 [ 315.551212][T10843] ? find_held_lock+0x2d/0x110 [ 315.551249][T10843] do_filp_open+0x20c/0x470 [ 315.551295][T10843] ? __pfx_do_filp_open+0x10/0x10 [ 315.551338][T10843] ? find_held_lock+0x2d/0x110 [ 315.551397][T10843] ? alloc_fd+0x41f/0x760 [ 315.551455][T10843] do_sys_openat2+0x17a/0x1e0 [ 315.551489][T10843] ? __pfx_do_sys_openat2+0x10/0x10 [ 315.551539][T10843] __x64_sys_openat+0x175/0x210 [ 315.551575][T10843] ? __pfx___x64_sys_openat+0x10/0x10 [ 315.551627][T10843] do_syscall_64+0xcd/0x250 [ 315.551678][T10843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.551724][T10843] RIP: 0033:0x7f874078d169 [ 315.551749][T10843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.551778][T10843] RSP: 002b:00007f874157a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 315.551807][T10843] RAX: ffffffffffffffda RBX: 00007f87409a5fa0 RCX: 00007f874078d169 [ 315.551827][T10843] RDX: 0000000000180b01 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 315.551846][T10843] RBP: 00007f874080e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 315.551863][T10843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 315.551880][T10843] R13: 0000000000000000 R14: 00007f87409a5fa0 R15: 00007ffc3acd3148 [ 315.551918][T10843] [ 316.932719][T10862] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1918'. [ 316.976372][T10862] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1918'. [ 317.166663][T10869] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1919'. [ 317.386018][T10872] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1922'. [ 318.012196][T10885] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1926'. [ 319.373293][T10899] netlink: 'syz.0.1932': attribute type 19 has an invalid length. [ 319.373375][T10899] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1932'. [ 319.849133][T10911] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1936'. [ 321.186952][T10902] kexec: Could not allocate control_code_buffer [ 321.533764][T10935] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1945'. [ 322.027019][T10945] ubi0: attaching mtd0 [ 322.033106][T10945] ubi0 error: ubi_attach_mtd_dev: bad VID header (65536) or data offsets (65600) [ 322.486847][T10952] ERROR: Out of memory at tomoyo_memory_ok. [ 322.759276][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.765855][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.333371][T10965] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1958'. [ 324.913032][T10964] kexec: Could not allocate control_code_buffer [ 325.277223][T10992] lo: entered allmulticast mode [ 325.390193][T10997] lo: left allmulticast mode [ 326.029059][T11008] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1976'. [ 326.740413][T11023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1983'. [ 326.775950][T11023] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1983'. [ 326.903056][T11029] netlink: 'syz.1.1985': attribute type 3 has an invalid length. [ 327.595625][T11049] ERROR: Out of memory at tomoyo_memory_ok. [ 328.249705][T11067] FAULT_INJECTION: forcing a failure. [ 328.249705][T11067] name failslab, interval 1, probability 0, space 0, times 0 [ 328.268914][T11067] CPU: 0 UID: 0 PID: 11067 Comm: syz.2.2000 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 328.268955][T11067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 328.268973][T11067] Call Trace: [ 328.268982][T11067] [ 328.268993][T11067] dump_stack_lvl+0x16c/0x1f0 [ 328.269046][T11067] should_fail_ex+0x50a/0x650 [ 328.269074][T11067] ? fs_reclaim_acquire+0xae/0x150 [ 328.269113][T11067] should_failslab+0xc2/0x120 [ 328.269140][T11067] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 328.269182][T11067] ? alloc_vfsmnt+0x23/0x6f0 [ 328.269210][T11067] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 328.269256][T11067] alloc_vfsmnt+0x23/0x6f0 [ 328.269291][T11067] clone_mnt+0x6d/0xf90 [ 328.269330][T11067] ? lock_acquire+0x2f/0xb0 [ 328.269370][T11067] ? copy_mnt_ns+0x14d/0xa70 [ 328.269405][T11067] copy_tree+0xeb/0x9c0 [ 328.269451][T11067] ? __pfx_down_write+0x10/0x10 [ 328.269510][T11067] ? alloc_mnt_ns+0x325/0x520 [ 328.269556][T11067] copy_mnt_ns+0x1b5/0xa70 [ 328.269587][T11067] ? kmem_cache_alloc_noprof+0x279/0x3d0 [ 328.269639][T11067] ? create_new_namespaces+0x30/0xad0 [ 328.269699][T11067] create_new_namespaces+0xd3/0xad0 [ 328.269751][T11067] ? bpf_lsm_capable+0x9/0x10 [ 328.269785][T11067] ? security_capable+0x7e/0x260 [ 328.269825][T11067] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 328.269904][T11067] ksys_unshare+0x45d/0xa40 [ 328.269940][T11067] ? __pfx_ksys_unshare+0x10/0x10 [ 328.269974][T11067] ? xfd_validate_state+0x5d/0x180 [ 328.270034][T11067] __x64_sys_unshare+0x31/0x40 [ 328.270068][T11067] do_syscall_64+0xcd/0x250 [ 328.270119][T11067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.270165][T11067] RIP: 0033:0x7fa140d8d169 [ 328.270191][T11067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.270223][T11067] RSP: 002b:00007fa141cd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 328.270255][T11067] RAX: ffffffffffffffda RBX: 00007fa140fa5fa0 RCX: 00007fa140d8d169 [ 328.270276][T11067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 328.270295][T11067] RBP: 00007fa140e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 328.270315][T11067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.270333][T11067] R13: 0000000000000000 R14: 00007fa140fa5fa0 R15: 00007ffcad19e0f8 [ 328.270373][T11067] [ 328.518985][T11060] sctp: [Deprecated]: syz.3.1995 (pid 11060) Use of struct sctp_assoc_value in delayed_ack socket option. [ 328.518985][T11060] Use struct sctp_sack_info instead [ 331.347072][T11122] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[11122] [ 331.557900][T11126] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2021'. [ 331.954516][T11138] FAULT_INJECTION: forcing a failure. [ 331.954516][T11138] name failslab, interval 1, probability 0, space 0, times 0 [ 331.982638][T11138] CPU: 1 UID: 0 PID: 11138 Comm: syz.0.2025 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 331.982682][T11138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 331.982701][T11138] Call Trace: [ 331.982710][T11138] [ 331.982723][T11138] dump_stack_lvl+0x16c/0x1f0 [ 331.982787][T11138] should_fail_ex+0x50a/0x650 [ 331.982819][T11138] ? fs_reclaim_acquire+0xae/0x150 [ 331.982864][T11138] ? sample_init_net+0x56/0x270 [ 331.982908][T11138] should_failslab+0xc2/0x120 [ 331.982940][T11138] __kmalloc_cache_noprof+0x68/0x410 [ 331.982994][T11138] ? __pfx_sample_init_net+0x10/0x10 [ 331.983042][T11138] sample_init_net+0x56/0x270 [ 331.983088][T11138] ops_init+0x1df/0x5f0 [ 331.983126][T11138] setup_net+0x21f/0x860 [ 331.983162][T11138] ? __pfx_setup_net+0x10/0x10 [ 331.983193][T11138] ? down_read_killable+0xcc/0x380 [ 331.983246][T11138] ? __pfx_down_read_killable+0x10/0x10 [ 331.983296][T11138] ? __raw_spin_lock_init+0x3a/0x110 [ 331.983331][T11138] ? debug_mutex_init+0x37/0x70 [ 331.983370][T11138] copy_net_ns+0x2a6/0x5f0 [ 331.983411][T11138] create_new_namespaces+0x3ea/0xad0 [ 331.983474][T11138] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 331.983530][T11138] ksys_unshare+0x45d/0xa40 [ 331.983565][T11138] ? __pfx_ksys_unshare+0x10/0x10 [ 331.983597][T11138] ? xfd_validate_state+0x5d/0x180 [ 331.983658][T11138] __x64_sys_unshare+0x31/0x40 [ 331.983692][T11138] do_syscall_64+0xcd/0x250 [ 331.983753][T11138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.983801][T11138] RIP: 0033:0x7efcd118d169 [ 331.983827][T11138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.983858][T11138] RSP: 002b:00007efcd1fff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 331.983890][T11138] RAX: ffffffffffffffda RBX: 00007efcd13a5fa0 RCX: 00007efcd118d169 [ 331.983912][T11138] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 331.983934][T11138] RBP: 00007efcd120e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 331.983951][T11138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 331.983967][T11138] R13: 0000000000000000 R14: 00007efcd13a5fa0 R15: 00007ffc41853328 [ 331.984004][T11138] [ 336.744479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 337.269718][T11212] netlink: 'syz.1.2054': attribute type 35 has an invalid length. [ 338.264526][T11227] FAULT_INJECTION: forcing a failure. [ 338.264526][T11227] name failslab, interval 1, probability 0, space 0, times 0 [ 338.295893][T11227] CPU: 1 UID: 0 PID: 11227 Comm: syz.3.2058 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 338.295937][T11227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 338.295956][T11227] Call Trace: [ 338.295965][T11227] [ 338.295978][T11227] dump_stack_lvl+0x16c/0x1f0 [ 338.296031][T11227] should_fail_ex+0x50a/0x650 [ 338.296060][T11227] ? fs_reclaim_acquire+0xae/0x150 [ 338.296122][T11227] ? lsm_blob_alloc+0x68/0x90 [ 338.296170][T11227] should_failslab+0xc2/0x120 [ 338.296202][T11227] __kmalloc_noprof+0xcb/0x510 [ 338.296275][T11227] lsm_blob_alloc+0x68/0x90 [ 338.296326][T11227] security_sk_alloc+0x30/0x270 [ 338.296362][T11227] sk_prot_alloc+0x1c7/0x2a0 [ 338.296403][T11227] sk_alloc+0x36/0xc20 [ 338.296454][T11227] pfkey_create+0x105/0x600 [ 338.296497][T11227] __sock_create+0x335/0x8d0 [ 338.296545][T11227] __sys_socket+0x14f/0x260 [ 338.296588][T11227] ? __pfx___sys_socket+0x10/0x10 [ 338.296631][T11227] ? rcu_is_watching+0x12/0xc0 [ 338.296673][T11227] __x64_sys_socket+0x72/0xb0 [ 338.296712][T11227] ? lockdep_hardirqs_on+0x7c/0x110 [ 338.296758][T11227] do_syscall_64+0xcd/0x250 [ 338.296809][T11227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.296855][T11227] RIP: 0033:0x7f265578d169 [ 338.296880][T11227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 338.296911][T11227] RSP: 002b:00007f2656511038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 338.296942][T11227] RAX: ffffffffffffffda RBX: 00007f26559a5fa0 RCX: 00007f265578d169 [ 338.296962][T11227] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 338.296981][T11227] RBP: 00007f265580e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 338.296999][T11227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 338.297017][T11227] R13: 0000000000000000 R14: 00007f26559a5fa0 R15: 00007ffe107c59c8 [ 338.297054][T11227] [ 340.815235][T11264] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2072'. [ 341.847986][ T5840] Bluetooth: hci2: unexpected event 0x03 length: 725 > 11 [ 342.300560][T11298] zswap: compressor not available [ 342.887550][T11322] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2094'. [ 343.790422][T11335] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2098'. [ 344.149287][T11339] sg_write: data in/out 32732/16086 bytes for SCSI command 0x0-- guessing data in; [ 344.149287][T11339] program syz.3.2102 not setting count and/or reply_len properly [ 346.707595][ T5840] Bluetooth: hci3: ISO packet too small [ 350.552196][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.762710][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.934882][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.096197][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.380100][ T36] bridge_slave_1: left allmulticast mode [ 351.406109][ T36] bridge_slave_1: left promiscuous mode [ 351.412052][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.519114][ T36] bridge_slave_0: left allmulticast mode [ 351.533485][ T36] bridge_slave_0: left promiscuous mode [ 351.561988][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.642610][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 351.667423][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 351.682140][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 351.698813][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 351.735111][ T5838] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 351.748269][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 352.385475][T11499] netlink: 130 bytes leftover after parsing attributes in process `syz.1.2156'. [ 352.899291][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 352.933192][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 352.960714][ T36] bond0 (unregistering): Released all slaves [ 353.751278][T11478] chnl_net:caif_netlink_parms(): no params data found [ 353.863675][ T36] hsr_slave_0: left promiscuous mode [ 353.874382][ T5840] Bluetooth: hci4: command tx timeout [ 353.892740][ T36] hsr_slave_1: left promiscuous mode [ 353.903326][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 353.921375][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 353.931946][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 353.944707][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 353.982047][ T36] veth0_macvtap: left promiscuous mode [ 353.989622][ T36] veth1_vlan: left allmulticast mode [ 353.998062][ T36] veth1_vlan: left promiscuous mode [ 354.003396][ T36] veth0_vlan: left promiscuous mode [ 354.557709][ T36] team0 (unregistering): Port device team_slave_1 removed [ 354.611068][ T36] team0 (unregistering): Port device team_slave_0 removed [ 355.064649][T11478] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.071895][T11478] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.079876][T11478] bridge_slave_0: entered allmulticast mode [ 355.087698][T11478] bridge_slave_0: entered promiscuous mode [ 355.096469][T11478] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.103603][T11478] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.110999][T11478] bridge_slave_1: entered allmulticast mode [ 355.118195][T11478] bridge_slave_1: entered promiscuous mode [ 355.185633][T11478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 355.199441][T11478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 355.263273][T11478] team0: Port device team_slave_0 added [ 355.274807][T11478] team0: Port device team_slave_1 added [ 355.328740][T11478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 355.340181][T11478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 355.377961][T11478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 355.400848][T11478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 355.418392][T11478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 355.452838][T11478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 355.527296][T11478] hsr_slave_0: entered promiscuous mode [ 355.537135][T11478] hsr_slave_1: entered promiscuous mode [ 355.543225][T11478] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 355.554414][T11478] Cannot create hsr debugfs directory [ 355.954235][ T5840] Bluetooth: hci4: command tx timeout [ 356.082103][T11478] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 356.105947][T11478] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 356.126930][T11478] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 356.147001][T11478] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 356.239244][T11478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 356.275501][T11478] 8021q: adding VLAN 0 to HW filter on device team0 [ 356.300760][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.308021][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 356.340345][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.347573][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 356.613240][T11478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 356.663808][T11478] veth0_vlan: entered promiscuous mode [ 356.695086][T11478] veth1_vlan: entered promiscuous mode [ 356.735223][T11478] veth0_macvtap: entered promiscuous mode [ 356.750468][T11478] veth1_macvtap: entered promiscuous mode [ 356.790989][T11478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 356.801786][T11478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.820452][T11478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 356.832633][T11478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.851380][T11478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 356.863224][T11478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.887881][T11478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.913627][T11478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.925402][T11478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.936942][T11478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.947889][T11478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.960649][T11478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.972619][T11478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.989492][T11478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 357.004889][T11478] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.013820][T11478] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.025053][T11478] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.033817][T11478] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.147600][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.167646][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.218223][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.227916][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 358.034184][ T5840] Bluetooth: hci4: command tx timeout [ 359.596130][T11670] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2172'. [ 359.661544][T11666] Loading of unsigned module is rejected [ 359.853705][T11676] netlink: 74 bytes leftover after parsing attributes in process `syz.3.2176'. [ 360.114226][ T5840] Bluetooth: hci4: command tx timeout [ 360.290303][T11689] snd_aloop snd_aloop.0: control 772:1:8:1Յ:-4095 is already present [ 360.758624][T11698] bond0: option all_slaves_active: invalid value (7) [ 361.237337][T11709] FAULT_INJECTION: forcing a failure. [ 361.237337][T11709] name failslab, interval 1, probability 0, space 0, times 0 [ 361.256363][T11709] CPU: 0 UID: 0 PID: 11709 Comm: syz.1.2190 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 361.256407][T11709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 361.256426][T11709] Call Trace: [ 361.256435][T11709] [ 361.256447][T11709] dump_stack_lvl+0x16c/0x1f0 [ 361.256504][T11709] should_fail_ex+0x50a/0x650 [ 361.256535][T11709] ? fs_reclaim_acquire+0xae/0x150 [ 361.256580][T11709] should_failslab+0xc2/0x120 [ 361.256611][T11709] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 361.256659][T11709] ? lockdep_init_map_type+0x16d/0x7d0 [ 361.256708][T11709] ? security_inode_alloc+0x3b/0x2b0 [ 361.256752][T11709] security_inode_alloc+0x3b/0x2b0 [ 361.256789][T11709] inode_init_always_gfp+0xce4/0x1030 [ 361.256842][T11709] alloc_inode+0x82/0x230 [ 361.256873][T11709] path_from_stashed+0x560/0xec0 [ 361.256920][T11709] ? __pfx_lock_release+0x10/0x10 [ 361.256971][T11709] ? __pfx_path_from_stashed+0x10/0x10 [ 361.257020][T11709] ? lock_acquire+0x2f/0xb0 [ 361.257067][T11709] ? pidns_get+0x32/0x320 [ 361.257101][T11709] ns_get_path+0x5f/0x80 [ 361.257140][T11709] proc_ns_get_link+0x122/0x260 [ 361.257179][T11709] ? __pfx_proc_ns_get_link+0x10/0x10 [ 361.257217][T11709] ? __pfx___might_resched+0x10/0x10 [ 361.257264][T11709] ? __pfx_proc_ns_get_link+0x10/0x10 [ 361.257302][T11709] step_into+0x1aba/0x2220 [ 361.257342][T11709] ? __pfx_step_into+0x10/0x10 [ 361.257378][T11709] ? __pfx___up_read+0x10/0x10 [ 361.257428][T11709] path_openat+0x74c/0x2d80 [ 361.257478][T11709] ? __pfx_path_openat+0x10/0x10 [ 361.257518][T11709] ? __pfx___lock_acquire+0x10/0x10 [ 361.257554][T11709] ? lock_acquire.part.0+0x11b/0x380 [ 361.257591][T11709] ? find_held_lock+0x2d/0x110 [ 361.257623][T11709] do_filp_open+0x20c/0x470 [ 361.257663][T11709] ? __pfx_do_filp_open+0x10/0x10 [ 361.257701][T11709] ? find_held_lock+0x2d/0x110 [ 361.257748][T11709] ? alloc_fd+0x41f/0x760 [ 361.257812][T11709] do_sys_openat2+0x17a/0x1e0 [ 361.257841][T11709] ? __pfx_do_sys_openat2+0x10/0x10 [ 361.257881][T11709] __x64_sys_openat+0x175/0x210 [ 361.257911][T11709] ? __pfx___x64_sys_openat+0x10/0x10 [ 361.257952][T11709] do_syscall_64+0xcd/0x250 [ 361.257995][T11709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.258034][T11709] RIP: 0033:0x7f874078bad0 [ 361.258061][T11709] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 361.258086][T11709] RSP: 002b:00007f8741579f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 361.258112][T11709] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f874078bad0 [ 361.258129][T11709] RDX: 0000000000000002 RSI: 00007f8741579fa0 RDI: 00000000ffffff9c [ 361.258146][T11709] RBP: 00007f8741579fa0 R08: 0000000000000000 R09: 0000000000000000 [ 361.258162][T11709] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 361.258178][T11709] R13: 0000000000000000 R14: 00007f87409a5fa0 R15: 00007ffc3acd3148 [ 361.258209][T11709] [ 363.615331][T11761] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2212'. [ 365.432245][T11806] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2229'. [ 365.612592][T11800] Loading of unsigned module is rejected [ 365.658595][T11812] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2231'. [ 367.083022][T11852] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 367.110405][T11852] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 367.406874][T11848] Loading of unsigned module is rejected [ 367.955406][T11867] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2253'. [ 368.480140][T11884] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 368.899774][T11894] Process accounting resumed [ 370.068536][T11925] netlink: 130 bytes leftover after parsing attributes in process `syz.0.2275'. [ 370.165707][T11927] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2276'. [ 370.315764][T11931] netlink: 'syz.0.2278': attribute type 3 has an invalid length. [ 371.211860][T11962] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2290'. [ 371.902614][T11978] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2296'. [ 372.510902][T11986] Loading of unsigned module is rejected [ 372.860490][T11995] random: crng reseeded on system resumption [ 372.883509][T11995] FAULT_INJECTION: forcing a failure. [ 372.883509][T11995] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 372.924321][T11995] CPU: 1 UID: 0 PID: 11995 Comm: syz.0.2302 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 372.924368][T11995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 372.924387][T11995] Call Trace: [ 372.924396][T11995] [ 372.924408][T11995] dump_stack_lvl+0x16c/0x1f0 [ 372.924463][T11995] should_fail_ex+0x50a/0x650 [ 372.924493][T11995] ? __pfx___might_resched+0x10/0x10 [ 372.924551][T11995] should_fail_alloc_page+0xe7/0x130 [ 372.924587][T11995] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 372.924639][T11995] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 372.924702][T11995] ? stack_trace_save+0x95/0xd0 [ 372.924740][T11995] ? __pfx_stack_trace_save+0x10/0x10 [ 372.924777][T11995] ? hlock_class+0x4e/0x130 [ 372.924811][T11995] ? stack_depot_save_flags+0x28/0x9c0 [ 372.924845][T11995] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 372.924905][T11995] ? kasan_save_stack+0x42/0x60 [ 372.924951][T11995] ? kasan_save_stack+0x33/0x60 [ 372.924997][T11995] ? kasan_save_track+0x14/0x30 [ 372.925107][T11995] ? vfs_open+0x82/0x3f0 [ 372.925140][T11995] ? path_openat+0x1e88/0x2d80 [ 372.925187][T11995] ? do_filp_open+0x20c/0x470 [ 372.925233][T11995] ? do_sys_openat2+0x17a/0x1e0 [ 372.925265][T11995] ? __x64_sys_openat+0x175/0x210 [ 372.925298][T11995] ? do_syscall_64+0xcd/0x250 [ 372.925349][T11995] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.925400][T11995] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 372.925452][T11995] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 372.925506][T11995] ? policy_nodemask+0xea/0x4e0 [ 372.925541][T11995] alloc_pages_mpol+0x1fc/0x540 [ 372.925575][T11995] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 372.925619][T11995] alloc_pages_noprof+0x131/0x390 [ 372.925652][T11995] get_zeroed_page_noprof+0x14/0x50 [ 372.925689][T11995] get_image_page+0x18/0x190 [ 372.925725][T11995] alloc_rtree_node+0x3c/0xb0 [ 372.925772][T11995] memory_bm_create+0x517/0x810 [ 372.925825][T11995] create_basic_memory_bitmaps+0x111/0x680 [ 372.925873][T11995] snapshot_open+0x235/0x2b0 [ 372.925916][T11995] ? __pfx_snapshot_open+0x10/0x10 [ 372.925960][T11995] misc_open+0x35a/0x420 [ 372.925997][T11995] ? __pfx_misc_open+0x10/0x10 [ 372.926031][T11995] chrdev_open+0x237/0x6a0 [ 372.926081][T11995] ? __pfx_apparmor_file_open+0x10/0x10 [ 372.926126][T11995] ? __pfx_chrdev_open+0x10/0x10 [ 372.926181][T11995] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 372.926235][T11995] do_dentry_open+0x735/0x1c40 [ 372.926282][T11995] ? __pfx_chrdev_open+0x10/0x10 [ 372.926333][T11995] ? inode_permission+0xdd/0x5f0 [ 372.926375][T11995] vfs_open+0x82/0x3f0 [ 372.926405][T11995] ? may_open+0x1f2/0x400 [ 372.926446][T11995] path_openat+0x1e88/0x2d80 [ 372.926511][T11995] ? __pfx_path_openat+0x10/0x10 [ 372.926559][T11995] ? __pfx___lock_acquire+0x10/0x10 [ 372.926604][T11995] ? lock_acquire.part.0+0x11b/0x380 [ 372.926651][T11995] ? find_held_lock+0x2d/0x110 [ 372.926691][T11995] do_filp_open+0x20c/0x470 [ 372.926741][T11995] ? __pfx_do_filp_open+0x10/0x10 [ 372.926797][T11995] ? find_held_lock+0x2d/0x110 [ 372.926863][T11995] ? alloc_fd+0x41f/0x760 [ 372.926922][T11995] do_sys_openat2+0x17a/0x1e0 [ 372.926956][T11995] ? __pfx_do_sys_openat2+0x10/0x10 [ 372.927011][T11995] __x64_sys_openat+0x175/0x210 [ 372.927050][T11995] ? __pfx___x64_sys_openat+0x10/0x10 [ 372.927105][T11995] do_syscall_64+0xcd/0x250 [ 372.927159][T11995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.927206][T11995] RIP: 0033:0x7efcd118d169 [ 372.927232][T11995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.927263][T11995] RSP: 002b:00007efcd1fff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 372.927295][T11995] RAX: ffffffffffffffda RBX: 00007efcd13a5fa0 RCX: 00007efcd118d169 [ 372.927317][T11995] RDX: 0000000000180b01 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 372.927338][T11995] RBP: 00007efcd120e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 372.927358][T11995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 372.927376][T11995] R13: 0000000000000000 R14: 00007efcd13a5fa0 R15: 00007ffc41853328 [ 372.927417][T11995] [ 373.754889][T12005] FAULT_INJECTION: forcing a failure. [ 373.754889][T12005] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 373.824085][T12005] CPU: 1 UID: 0 PID: 12005 Comm: syz.0.2308 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 373.824130][T12005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 373.824150][T12005] Call Trace: [ 373.824159][T12005] [ 373.824171][T12005] dump_stack_lvl+0x16c/0x1f0 [ 373.824224][T12005] should_fail_ex+0x50a/0x650 [ 373.824255][T12005] ? __pfx___might_resched+0x10/0x10 [ 373.824314][T12005] should_fail_alloc_page+0xe7/0x130 [ 373.824349][T12005] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 373.824402][T12005] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 373.824458][T12005] ? is_bpf_text_address+0x94/0x1a0 [ 373.824504][T12005] ? kernel_text_address+0x8d/0x100 [ 373.824549][T12005] ? __kernel_text_address+0xd/0x40 [ 373.824593][T12005] ? unwind_get_return_address+0x59/0xa0 [ 373.824645][T12005] ? arch_stack_walk+0xa7/0x100 [ 373.824679][T12005] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 373.824757][T12005] ? stack_depot_save_flags+0x28/0x9c0 [ 373.824797][T12005] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 373.824852][T12005] ? policy_nodemask+0xea/0x4e0 [ 373.824887][T12005] alloc_pages_mpol+0x1fc/0x540 [ 373.824919][T12005] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 373.824962][T12005] alloc_pages_noprof+0x131/0x390 [ 373.824995][T12005] kimage_alloc_pages+0x75/0x300 [ 373.825048][T12005] kimage_alloc_control_pages+0x148/0x8e0 [ 373.825111][T12005] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 373.825177][T12005] do_kexec_load+0x47e/0x8c0 [ 373.825211][T12005] ? __pfx_do_kexec_load+0x10/0x10 [ 373.825246][T12005] ? _copy_from_user+0x59/0xd0 [ 373.825285][T12005] __x64_sys_kexec_load+0x1bf/0x230 [ 373.825322][T12005] do_syscall_64+0xcd/0x250 [ 373.825372][T12005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.825417][T12005] RIP: 0033:0x7efcd118d169 [ 373.825443][T12005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.825474][T12005] RSP: 002b:00007efcd1fff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 373.825504][T12005] RAX: ffffffffffffffda RBX: 00007efcd13a5fa0 RCX: 00007efcd118d169 [ 373.825521][T12005] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000005 [ 373.825536][T12005] RBP: 00007efcd120e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 373.825552][T12005] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 373.825567][T12005] R13: 0000000000000000 R14: 00007efcd13a5fa0 R15: 00007ffc41853328 [ 373.825598][T12005] [ 373.831466][T12005] kexec: Could not allocate control_code_buffer [ 374.182614][T12012] netlink: 'syz.3.2310': attribute type 27 has an invalid length. [ 374.194180][T12012] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2310'. [ 374.936196][T12029] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2317'. [ 375.205911][T12035] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2320'. [ 375.226383][T12035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2320'. [ 375.637755][T12044] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2324'. [ 375.893570][T12053] program syz.1.2328 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 377.537526][T12102] FAULT_INJECTION: forcing a failure. [ 377.537526][T12102] name fail_futex, interval 1, probability 0, space 0, times 1 [ 377.557651][T12102] CPU: 1 UID: 0 PID: 12102 Comm: syz.3.2349 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 377.557694][T12102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 377.557714][T12102] Call Trace: [ 377.557723][T12102] [ 377.557735][T12102] dump_stack_lvl+0x16c/0x1f0 [ 377.557788][T12102] should_fail_ex+0x50a/0x650 [ 377.557825][T12102] get_futex_key+0x4a3/0x1000 [ 377.557870][T12102] ? __pfx_get_futex_key+0x10/0x10 [ 377.557921][T12102] futex_wake+0xe8/0x4e0 [ 377.557971][T12102] ? __pfx_futex_wake+0x10/0x10 [ 377.558022][T12102] ? kmem_cache_free+0x2e2/0x4d0 [ 377.558071][T12102] ? putname+0x13c/0x180 [ 377.558108][T12102] do_futex+0x1e5/0x350 [ 377.558148][T12102] ? __pfx_do_futex+0x10/0x10 [ 377.558199][T12102] __x64_sys_futex+0x1e1/0x4c0 [ 377.558243][T12102] ? __x64_sys_openat+0x175/0x210 [ 377.558279][T12102] ? __pfx___x64_sys_futex+0x10/0x10 [ 377.558336][T12102] do_syscall_64+0xcd/0x250 [ 377.558388][T12102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.558435][T12102] RIP: 0033:0x7f265578d169 [ 377.558460][T12102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.558490][T12102] RSP: 002b:00007f26565110e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 377.558521][T12102] RAX: ffffffffffffffda RBX: 00007f26559a5fa8 RCX: 00007f265578d169 [ 377.558547][T12102] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f26559a5fac [ 377.558577][T12102] RBP: 00007f26559a5fa0 R08: 00007f2656512000 R09: 0000000000000000 [ 377.558598][T12102] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f26559a5fac [ 377.558618][T12102] R13: 0000000000000000 R14: 00007ffe107c58e0 R15: 00007ffe107c59c8 [ 377.558657][T12102] [ 379.171600][T12140] netlink: 'syz.1.2365': attribute type 13 has an invalid length. [ 380.556048][T12175] FAULT_INJECTION: forcing a failure. [ 380.556048][T12175] name failslab, interval 1, probability 0, space 0, times 0 [ 380.568996][T12175] CPU: 0 UID: 0 PID: 12175 Comm: syz.0.2378 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 380.569033][T12175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 380.569050][T12175] Call Trace: [ 380.569058][T12175] [ 380.569068][T12175] dump_stack_lvl+0x16c/0x1f0 [ 380.569115][T12175] should_fail_ex+0x50a/0x650 [ 380.569141][T12175] ? fs_reclaim_acquire+0xae/0x150 [ 380.569179][T12175] should_failslab+0xc2/0x120 [ 380.569206][T12175] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 380.569246][T12175] ? lockdep_init_map_type+0x16d/0x7d0 [ 380.569287][T12175] ? security_inode_alloc+0x3b/0x2b0 [ 380.569329][T12175] security_inode_alloc+0x3b/0x2b0 [ 380.569362][T12175] inode_init_always_gfp+0xce4/0x1030 [ 380.569408][T12175] alloc_inode+0x82/0x230 [ 380.569433][T12175] path_from_stashed+0x560/0xec0 [ 380.569474][T12175] ? __pfx_lock_release+0x10/0x10 [ 380.569514][T12175] ? __pfx_path_from_stashed+0x10/0x10 [ 380.569554][T12175] ? lock_acquire+0x2f/0xb0 [ 380.569590][T12175] ? pidns_get+0x32/0x320 [ 380.569622][T12175] ns_get_path+0x5f/0x80 [ 380.569660][T12175] proc_ns_get_link+0x122/0x260 [ 380.569697][T12175] ? __pfx_proc_ns_get_link+0x10/0x10 [ 380.569735][T12175] ? __pfx___might_resched+0x10/0x10 [ 380.569784][T12175] ? __pfx_proc_ns_get_link+0x10/0x10 [ 380.569826][T12175] step_into+0x1aba/0x2220 [ 380.569869][T12175] ? __pfx_step_into+0x10/0x10 [ 380.569904][T12175] ? __pfx___up_read+0x10/0x10 [ 380.569954][T12175] path_openat+0x74c/0x2d80 [ 380.570004][T12175] ? __pfx_path_openat+0x10/0x10 [ 380.570044][T12175] ? __pfx___lock_acquire+0x10/0x10 [ 380.570081][T12175] ? lock_acquire.part.0+0x11b/0x380 [ 380.570118][T12175] ? find_held_lock+0x2d/0x110 [ 380.570150][T12175] do_filp_open+0x20c/0x470 [ 380.570190][T12175] ? __pfx_do_filp_open+0x10/0x10 [ 380.570227][T12175] ? find_held_lock+0x2d/0x110 [ 380.570275][T12175] ? alloc_fd+0x41f/0x760 [ 380.570326][T12175] do_sys_openat2+0x17a/0x1e0 [ 380.570354][T12175] ? __pfx_do_sys_openat2+0x10/0x10 [ 380.570394][T12175] __x64_sys_openat+0x175/0x210 [ 380.570424][T12175] ? __pfx___x64_sys_openat+0x10/0x10 [ 380.570465][T12175] do_syscall_64+0xcd/0x250 [ 380.570508][T12175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.570546][T12175] RIP: 0033:0x7efcd118bad0 [ 380.570567][T12175] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 380.570592][T12175] RSP: 002b:00007efcd1ffef10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 380.570617][T12175] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007efcd118bad0 [ 380.570634][T12175] RDX: 0000000000000002 RSI: 00007efcd1ffefa0 RDI: 00000000ffffff9c [ 380.570650][T12175] RBP: 00007efcd1ffefa0 R08: 0000000000000000 R09: 0000000000000000 [ 380.570665][T12175] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 380.570681][T12175] R13: 0000000000000000 R14: 00007efcd13a5fa0 R15: 00007ffc41853328 [ 380.570711][T12175] [ 381.313890][T12187] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2383'. [ 381.809281][T12203] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2389'. [ 382.079784][T12210] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2391'. [ 383.091524][T12235] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2399'. [ 383.874950][T12255] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2406'. [ 384.018516][T12255] bond0: (slave bond_slave_1): Releasing backup interface [ 384.204551][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.211090][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.617932][T12284] openvswitch: netlink: Unknown nsh attribute 0 [ 385.325312][T12307] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2426'. [ 386.074236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 386.464971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 387.032509][T12352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2444'. [ 387.740260][T12361] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2446'. [ 388.767370][T12390] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2465'. [ 389.260686][T12396] netlink: 'syz.2.2458': attribute type 4 has an invalid length. [ 390.480284][ T30] audit: type=1326 audit(4294967378.850:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12420 comm="syz.1.2470" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f874078d169 code=0x0 [ 391.284396][T12435] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2476'. [ 391.848780][T12454] tc_dump_action: action bad kind [ 393.291917][T12472] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2488'. [ 395.376570][T12515] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2505'. [ 395.445821][T12519] netlink: 'syz.3.2506': attribute type 2 has an invalid length. [ 395.486843][T12519] netlink: 'syz.3.2506': attribute type 2 has an invalid length. [ 395.655274][T12523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2508'. [ 395.700819][T12525] netlink: 'syz.3.2509': attribute type 4 has an invalid length. [ 396.450061][T12547] lo: entered promiscuous mode [ 396.461434][T12547] lo: left promiscuous mode [ 396.786131][T12561] netlink: 'syz.1.2533': attribute type 1 has an invalid length. [ 396.913830][T12564] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2525'. [ 397.070024][T12564] bond0: (slave bond_slave_1): Releasing backup interface [ 398.610832][T12602] snd_aloop snd_aloop.0: Parsing timer source 'QV&' failed with -22 [ 399.004815][T12609] Process accounting paused [ 399.175054][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 401.319796][T12681] FAULT_INJECTION: forcing a failure. [ 401.319796][T12681] name failslab, interval 1, probability 0, space 0, times 0 [ 401.388884][T12681] CPU: 0 UID: 0 PID: 12681 Comm: syz.1.2569 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 401.388929][T12681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 401.388948][T12681] Call Trace: [ 401.388957][T12681] [ 401.388970][T12681] dump_stack_lvl+0x16c/0x1f0 [ 401.389023][T12681] should_fail_ex+0x50a/0x650 [ 401.389054][T12681] ? fs_reclaim_acquire+0xae/0x150 [ 401.389100][T12681] should_failslab+0xc2/0x120 [ 401.389132][T12681] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 401.389187][T12681] ? page_ext_put+0x3e/0xd0 [ 401.389235][T12681] ? snd_pcm_hw_rule_add+0x41c/0x5b0 [ 401.389276][T12681] krealloc_noprof+0x1fb/0x380 [ 401.389332][T12681] snd_pcm_hw_rule_add+0x41c/0x5b0 [ 401.389367][T12681] ? __pfx_snd_pcm_hw_rule_format+0x10/0x10 [ 401.389422][T12681] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 401.389456][T12681] ? lockdep_init_map_type+0x16d/0x7d0 [ 401.389511][T12681] ? debug_mutex_init+0x37/0x70 [ 401.389548][T12681] ? snd_pcm_attach_substream+0x871/0xd20 [ 401.389608][T12681] snd_pcm_open_substream+0x526/0x17c0 [ 401.389662][T12681] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 401.389724][T12681] snd_pcm_open+0x29b/0x700 [ 401.389777][T12681] ? __pfx_snd_pcm_open+0x10/0x10 [ 401.389830][T12681] ? __pfx_default_wake_function+0x10/0x10 [ 401.389895][T12681] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 401.389945][T12681] snd_pcm_capture_open+0x89/0xe0 [ 401.389994][T12681] snd_open+0x1fe/0x450 [ 401.390031][T12681] ? __pfx_snd_open+0x10/0x10 [ 401.390065][T12681] chrdev_open+0x237/0x6a0 [ 401.390118][T12681] ? __pfx_chrdev_open+0x10/0x10 [ 401.390173][T12681] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 401.390221][T12681] do_dentry_open+0x735/0x1c40 [ 401.390267][T12681] ? __pfx_chrdev_open+0x10/0x10 [ 401.390318][T12681] ? inode_permission+0xdd/0x5f0 [ 401.390357][T12681] vfs_open+0x82/0x3f0 [ 401.390388][T12681] ? may_open+0x1f2/0x400 [ 401.390435][T12681] path_openat+0x1e88/0x2d80 [ 401.390500][T12681] ? __pfx_path_openat+0x10/0x10 [ 401.390549][T12681] ? __pfx___lock_acquire+0x10/0x10 [ 401.390594][T12681] ? lock_acquire.part.0+0x11b/0x380 [ 401.390640][T12681] ? find_held_lock+0x2d/0x110 [ 401.390680][T12681] do_filp_open+0x20c/0x470 [ 401.390729][T12681] ? __pfx_do_filp_open+0x10/0x10 [ 401.390775][T12681] ? find_held_lock+0x2d/0x110 [ 401.390837][T12681] ? alloc_fd+0x41f/0x760 [ 401.390895][T12681] do_sys_openat2+0x17a/0x1e0 [ 401.390929][T12681] ? __pfx_do_sys_openat2+0x10/0x10 [ 401.390979][T12681] __x64_sys_openat+0x175/0x210 [ 401.391015][T12681] ? __pfx___x64_sys_openat+0x10/0x10 [ 401.391068][T12681] do_syscall_64+0xcd/0x250 [ 401.391119][T12681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.391168][T12681] RIP: 0033:0x7f874078d169 [ 401.391194][T12681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.391226][T12681] RSP: 002b:00007f874157a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 401.391257][T12681] RAX: ffffffffffffffda RBX: 00007f87409a5fa0 RCX: 00007f874078d169 [ 401.391278][T12681] RDX: 0000000000000000 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 401.391297][T12681] RBP: 00007f874080e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 401.391316][T12681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 401.391335][T12681] R13: 0000000000000000 R14: 00007f87409a5fa0 R15: 00007ffc3acd3148 [ 401.391375][T12681] [ 402.160972][T12699] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2576'. [ 402.577839][T12710] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2580'. [ 402.707825][T12712] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2581'. [ 404.698641][T12774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2601'. [ 404.756034][T12775] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2601'. [ 405.709382][T12795] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2605'. [ 405.730937][T12795] openvswitch: netlink: IP tunnel dst address not specified [ 406.277276][T12812] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2609'. [ 406.336239][T12815] ubi4: attaching mtd0 [ 407.000769][T12835] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2620'. [ 409.300405][T12900] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2646'. [ 409.831773][T12915] FAULT_INJECTION: forcing a failure. [ 409.831773][T12915] name failslab, interval 1, probability 0, space 0, times 0 [ 409.846644][T12915] CPU: 1 UID: 0 PID: 12915 Comm: syz.1.2652 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 409.846687][T12915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 409.846706][T12915] Call Trace: [ 409.846716][T12915] [ 409.846728][T12915] dump_stack_lvl+0x16c/0x1f0 [ 409.846784][T12915] should_fail_ex+0x50a/0x650 [ 409.846815][T12915] ? fs_reclaim_acquire+0xae/0x150 [ 409.846863][T12915] should_failslab+0xc2/0x120 [ 409.846895][T12915] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 409.846947][T12915] ? vm_area_dup+0x21/0x2f0 [ 409.847000][T12915] vm_area_dup+0x21/0x2f0 [ 409.847047][T12915] __split_vma+0x181/0x1160 [ 409.847099][T12915] ? __pfx___split_vma+0x10/0x10 [ 409.847157][T12915] ? mtree_range_walk+0x715/0xbe0 [ 409.847201][T12915] vma_modify.constprop.0+0x348/0x410 [ 409.847256][T12915] vma_modify_policy+0x234/0x2e0 [ 409.847311][T12915] ? __pfx_vma_modify_policy+0x10/0x10 [ 409.847388][T12915] ? mas_walk+0x6a6/0x910 [ 409.847436][T12915] mbind_range+0x17b/0x530 [ 409.847478][T12915] do_mbind+0x818/0xed0 [ 409.847525][T12915] ? __pfx_do_mbind+0x10/0x10 [ 409.847584][T12915] ? __pfx_get_nodes+0x10/0x10 [ 409.847646][T12915] kernel_mbind+0x1e8/0x200 [ 409.847686][T12915] ? __pfx_kernel_mbind+0x10/0x10 [ 409.847735][T12915] do_syscall_64+0xcd/0x250 [ 409.847784][T12915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.847828][T12915] RIP: 0033:0x7f874078d169 [ 409.847853][T12915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 409.847883][T12915] RSP: 002b:00007f874157a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 409.847914][T12915] RAX: ffffffffffffffda RBX: 00007f87409a5fa0 RCX: 00007f874078d169 [ 409.847935][T12915] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000002000 [ 409.847953][T12915] RBP: 00007f874080e2a0 R08: 0000000000000006 R09: 0000000000000002 [ 409.847971][T12915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 409.847989][T12915] R13: 0000000000000000 R14: 00007f87409a5fa0 R15: 00007ffc3acd3148 [ 409.848027][T12915] [ 410.759350][T12934] openvswitch: netlink: IP tunnel dst address not specified [ 410.785958][T12934] openvswitch: netlink: IP tunnel dst address not specified [ 410.954599][T12939] FAULT_INJECTION: forcing a failure. [ 410.954599][T12939] name failslab, interval 1, probability 0, space 0, times 0 [ 411.004128][T12939] CPU: 1 UID: 0 PID: 12939 Comm: syz.1.2661 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 411.004174][T12939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 411.004200][T12939] Call Trace: [ 411.004210][T12939] [ 411.004221][T12939] dump_stack_lvl+0x16c/0x1f0 [ 411.004287][T12939] should_fail_ex+0x50a/0x650 [ 411.004318][T12939] ? fs_reclaim_acquire+0xae/0x150 [ 411.004364][T12939] ? snd_rawmidi_open+0x3b7/0xbd0 [ 411.004407][T12939] should_failslab+0xc2/0x120 [ 411.004437][T12939] __kmalloc_cache_noprof+0x68/0x410 [ 411.004482][T12939] ? _raw_spin_unlock+0x28/0x50 [ 411.004521][T12939] ? snd_card_file_add+0x25f/0x320 [ 411.004566][T12939] snd_rawmidi_open+0x3b7/0xbd0 [ 411.004613][T12939] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 411.004666][T12939] ? lock_acquire.part.0+0x11b/0x380 [ 411.004716][T12939] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 411.004772][T12939] ? kobject_get_unless_zero+0x157/0x1e0 [ 411.004829][T12939] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 411.004876][T12939] snd_open+0x1fe/0x450 [ 411.004911][T12939] ? __pfx_snd_open+0x10/0x10 [ 411.004944][T12939] chrdev_open+0x237/0x6a0 [ 411.004991][T12939] ? __pfx_apparmor_file_open+0x10/0x10 [ 411.005033][T12939] ? __pfx_chrdev_open+0x10/0x10 [ 411.005087][T12939] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 411.005139][T12939] do_dentry_open+0x735/0x1c40 [ 411.005187][T12939] ? __pfx_chrdev_open+0x10/0x10 [ 411.005240][T12939] ? inode_permission+0xdd/0x5f0 [ 411.005291][T12939] vfs_open+0x82/0x3f0 [ 411.005322][T12939] ? may_open+0x1f2/0x400 [ 411.005365][T12939] path_openat+0x1e88/0x2d80 [ 411.005429][T12939] ? __pfx_path_openat+0x10/0x10 [ 411.005477][T12939] ? __pfx___lock_acquire+0x10/0x10 [ 411.005523][T12939] ? lock_acquire.part.0+0x11b/0x380 [ 411.005570][T12939] ? find_held_lock+0x2d/0x110 [ 411.005611][T12939] do_filp_open+0x20c/0x470 [ 411.005659][T12939] ? __pfx_do_filp_open+0x10/0x10 [ 411.005706][T12939] ? find_held_lock+0x2d/0x110 [ 411.005769][T12939] ? alloc_fd+0x41f/0x760 [ 411.005827][T12939] do_sys_openat2+0x17a/0x1e0 [ 411.005862][T12939] ? __pfx_do_sys_openat2+0x10/0x10 [ 411.005913][T12939] __x64_sys_openat+0x175/0x210 [ 411.005949][T12939] ? __pfx___x64_sys_openat+0x10/0x10 [ 411.006003][T12939] do_syscall_64+0xcd/0x250 [ 411.006056][T12939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.006103][T12939] RIP: 0033:0x7f874078d169 [ 411.006129][T12939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.006159][T12939] RSP: 002b:00007f874157a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 411.006190][T12939] RAX: ffffffffffffffda RBX: 00007f87409a5fa0 RCX: 00007f874078d169 [ 411.006211][T12939] RDX: 0000000000002841 RSI: 0000400000000000 RDI: ffffffffffffff9c [ 411.006231][T12939] RBP: 00007f874080e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 411.006260][T12939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 411.006279][T12939] R13: 0000000000000000 R14: 00007f87409a5fa0 R15: 00007ffc3acd3148 [ 411.006319][T12939] [ 412.350260][T12956] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2668'. [ 412.372666][T12956] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2668'. [ 413.021560][T12971] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2673'. [ 413.197498][T12973] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2674'. [ 413.595781][T12977] netlink: 29 bytes leftover after parsing attributes in process `syz.1.2676'. [ 415.646759][T13024] WARNING! power/level is deprecated; use power/control instead [ 415.865079][T13027] netlink: 346 bytes leftover after parsing attributes in process `syz.0.2697'. [ 417.041536][T13068] netlink: 206 bytes leftover after parsing attributes in process `syz.1.2713'. [ 417.394153][T13079] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2717'. [ 417.566174][T13086] netlink: 'syz.0.2720': attribute type 2 has an invalid length. [ 417.970804][T13099] sd 0:0:1:0: PR command failed: 1026 [ 417.984197][T13099] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 417.991008][T13099] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 418.768659][T13122] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2734'. [ 419.125162][T13133] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2737'. [ 419.565216][T13139] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2741'. [ 421.345913][T13185] FAULT_INJECTION: forcing a failure. [ 421.345913][T13185] name failslab, interval 1, probability 0, space 0, times 0 [ 421.364010][T13185] CPU: 1 UID: 0 PID: 13185 Comm: syz.3.2759 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 421.364057][T13185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 421.364075][T13185] Call Trace: [ 421.364084][T13185] [ 421.364096][T13185] dump_stack_lvl+0x16c/0x1f0 [ 421.364150][T13185] should_fail_ex+0x50a/0x650 [ 421.364181][T13185] ? fs_reclaim_acquire+0xae/0x150 [ 421.364226][T13185] ? ring_buffer_read_prepare+0x159/0x300 [ 421.364265][T13185] should_failslab+0xc2/0x120 [ 421.364298][T13185] __kmalloc_noprof+0xcb/0x510 [ 421.364353][T13185] ? kasan_save_track+0x14/0x30 [ 421.364404][T13185] ring_buffer_read_prepare+0x159/0x300 [ 421.364451][T13185] tracing_open+0x92e/0xfa0 [ 421.364495][T13185] do_dentry_open+0x735/0x1c40 [ 421.364544][T13185] ? __pfx_tracing_open+0x10/0x10 [ 421.364582][T13185] ? inode_permission+0xdd/0x5f0 [ 421.364631][T13185] vfs_open+0x82/0x3f0 [ 421.364663][T13185] ? may_open+0x1f2/0x400 [ 421.364705][T13185] path_openat+0x1e88/0x2d80 [ 421.364769][T13185] ? __pfx_path_openat+0x10/0x10 [ 421.364818][T13185] ? __pfx___lock_acquire+0x10/0x10 [ 421.364862][T13185] ? lock_acquire.part.0+0x11b/0x380 [ 421.364909][T13185] ? find_held_lock+0x2d/0x110 [ 421.364949][T13185] do_filp_open+0x20c/0x470 [ 421.364999][T13185] ? __pfx_do_filp_open+0x10/0x10 [ 421.365044][T13185] ? find_held_lock+0x2d/0x110 [ 421.365108][T13185] ? alloc_fd+0x41f/0x760 [ 421.365166][T13185] do_sys_openat2+0x17a/0x1e0 [ 421.365201][T13185] ? __pfx_do_sys_openat2+0x10/0x10 [ 421.365251][T13185] __x64_sys_openat+0x175/0x210 [ 421.365285][T13185] ? __pfx___x64_sys_openat+0x10/0x10 [ 421.365338][T13185] do_syscall_64+0xcd/0x250 [ 421.365392][T13185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.365437][T13185] RIP: 0033:0x7f265578d169 [ 421.365463][T13185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.365494][T13185] RSP: 002b:00007f2656511038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 421.365525][T13185] RAX: ffffffffffffffda RBX: 00007f26559a5fa0 RCX: 00007f265578d169 [ 421.365547][T13185] RDX: 0000000000000600 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 421.365566][T13185] RBP: 00007f265580e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 421.365585][T13185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 421.365602][T13185] R13: 0000000000000000 R14: 00007f26559a5fa0 R15: 00007ffe107c59c8 [ 421.365651][T13185] [ 422.291476][T13209] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2770'. [ 422.305648][T13208] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2769'. [ 422.310166][T13209] netlink: 23 bytes leftover after parsing attributes in process `syz.0.2770'. [ 422.572848][T13220] FAULT_INJECTION: forcing a failure. [ 422.572848][T13220] name failslab, interval 1, probability 0, space 0, times 0 [ 422.642936][T13220] CPU: 0 UID: 0 PID: 13220 Comm: syz.2.2774 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 422.642983][T13220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 422.643002][T13220] Call Trace: [ 422.643011][T13220] [ 422.643024][T13220] dump_stack_lvl+0x16c/0x1f0 [ 422.643077][T13220] should_fail_ex+0x50a/0x650 [ 422.643107][T13220] ? fs_reclaim_acquire+0xae/0x150 [ 422.643150][T13220] ? xfrm_hash_alloc+0xd1/0x100 [ 422.643180][T13220] should_failslab+0xc2/0x120 [ 422.643211][T13220] __kmalloc_noprof+0xcb/0x510 [ 422.643268][T13220] ? __pfx_xfrm_nat_keepalive_net_fini+0x1/0x10 [ 422.643319][T13220] xfrm_hash_alloc+0xd1/0x100 [ 422.643351][T13220] xfrm_state_init+0x11f/0x630 [ 422.643387][T13220] ? __pfx_xfrm_net_init+0x10/0x10 [ 422.643419][T13220] xfrm_net_init+0x211/0xcb0 [ 422.643459][T13220] ? __pfx_xfrm_net_init+0x10/0x10 [ 422.643491][T13220] ops_init+0x1df/0x5f0 [ 422.643527][T13220] setup_net+0x21f/0x860 [ 422.643561][T13220] ? __pfx_setup_net+0x10/0x10 [ 422.643590][T13220] ? down_read_killable+0xcc/0x380 [ 422.643640][T13220] ? __pfx_down_read_killable+0x10/0x10 [ 422.643709][T13220] ? __raw_spin_lock_init+0x3a/0x110 [ 422.643743][T13220] ? debug_mutex_init+0x37/0x70 [ 422.643781][T13220] copy_net_ns+0x2a6/0x5f0 [ 422.643821][T13220] create_new_namespaces+0x3ea/0xad0 [ 422.643884][T13220] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 422.643942][T13220] ksys_unshare+0x45d/0xa40 [ 422.643976][T13220] ? __pfx_ksys_unshare+0x10/0x10 [ 422.644026][T13220] __x64_sys_unshare+0x31/0x40 [ 422.644059][T13220] do_syscall_64+0xcd/0x250 [ 422.644108][T13220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.644155][T13220] RIP: 0033:0x7fa23438d169 [ 422.644179][T13220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.644210][T13220] RSP: 002b:00007fa2351aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 422.644247][T13220] RAX: ffffffffffffffda RBX: 00007fa2345a5fa0 RCX: 00007fa23438d169 [ 422.644268][T13220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 422.644288][T13220] RBP: 00007fa23440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 422.644307][T13220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 422.644327][T13220] R13: 0000000000000000 R14: 00007fa2345a5fa0 R15: 00007ffc48d2ce78 [ 422.644368][T13220] [ 423.095460][T13227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2777'. [ 423.183504][T13229] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2778'. [ 423.415602][T13238] FAULT_INJECTION: forcing a failure. [ 423.415602][T13238] name failslab, interval 1, probability 0, space 0, times 0 [ 423.462350][T13238] CPU: 0 UID: 0 PID: 13238 Comm: syz.2.2782 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 423.462394][T13238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 423.462412][T13238] Call Trace: [ 423.462421][T13238] [ 423.462433][T13238] dump_stack_lvl+0x16c/0x1f0 [ 423.462484][T13238] should_fail_ex+0x50a/0x650 [ 423.462515][T13238] ? fs_reclaim_acquire+0xae/0x150 [ 423.462562][T13238] should_failslab+0xc2/0x120 [ 423.462595][T13238] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 423.462645][T13238] ? lockdep_init_map_type+0x16d/0x7d0 [ 423.462694][T13238] ? security_inode_alloc+0x3b/0x2b0 [ 423.462737][T13238] security_inode_alloc+0x3b/0x2b0 [ 423.462775][T13238] inode_init_always_gfp+0xce4/0x1030 [ 423.462830][T13238] alloc_inode+0x82/0x230 [ 423.462862][T13238] path_from_stashed+0x560/0xec0 [ 423.462912][T13238] ? do_raw_spin_lock+0x12d/0x2c0 [ 423.462946][T13238] ? __pfx_path_from_stashed+0x10/0x10 [ 423.462993][T13238] ? cgroupns_get+0x21/0x170 [ 423.463031][T13238] ? do_raw_spin_unlock+0x172/0x230 [ 423.463067][T13238] ns_get_path+0x5f/0x80 [ 423.463110][T13238] proc_ns_get_link+0x122/0x260 [ 423.463168][T13238] ? __pfx_proc_ns_get_link+0x10/0x10 [ 423.463215][T13238] ? __pfx___might_resched+0x10/0x10 [ 423.463274][T13238] ? __pfx_proc_ns_get_link+0x10/0x10 [ 423.463320][T13238] step_into+0x1aba/0x2220 [ 423.463371][T13238] ? __pfx_step_into+0x10/0x10 [ 423.463416][T13238] ? __pfx___up_read+0x10/0x10 [ 423.463469][T13238] ? lookup_fast+0x153/0x5f0 [ 423.463516][T13238] path_openat+0x74c/0x2d80 [ 423.463577][T13238] ? __pfx_path_openat+0x10/0x10 [ 423.463627][T13238] ? __pfx___lock_acquire+0x10/0x10 [ 423.463671][T13238] ? lock_acquire.part.0+0x11b/0x380 [ 423.463718][T13238] ? find_held_lock+0x2d/0x110 [ 423.463757][T13238] do_filp_open+0x20c/0x470 [ 423.463807][T13238] ? __pfx_do_filp_open+0x10/0x10 [ 423.463851][T13238] ? find_held_lock+0x2d/0x110 [ 423.463914][T13238] ? alloc_fd+0x41f/0x760 [ 423.463969][T13238] do_sys_openat2+0x17a/0x1e0 [ 423.464002][T13238] ? __pfx_do_sys_openat2+0x10/0x10 [ 423.464049][T13238] __x64_sys_openat+0x175/0x210 [ 423.464086][T13238] ? __pfx___x64_sys_openat+0x10/0x10 [ 423.464146][T13238] do_syscall_64+0xcd/0x250 [ 423.464199][T13238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.464245][T13238] RIP: 0033:0x7fa23438d169 [ 423.464271][T13238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.464304][T13238] RSP: 002b:00007fa2351aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 423.464335][T13238] RAX: ffffffffffffffda RBX: 00007fa2345a5fa0 RCX: 00007fa23438d169 [ 423.464357][T13238] RDX: 0000000000000000 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 423.464378][T13238] RBP: 00007fa23440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 423.464398][T13238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.464417][T13238] R13: 0000000000000000 R14: 00007fa2345a5fa0 R15: 00007ffc48d2ce78 [ 423.464455][T13238] [ 423.561157][T13244] FAULT_INJECTION: forcing a failure. [ 423.561157][T13244] name failslab, interval 1, probability 0, space 0, times 0 [ 423.618122][T13245] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2786'. [ 423.721916][T13244] CPU: 1 UID: 0 PID: 13244 Comm: syz.0.2785 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 423.721966][T13244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 423.721988][T13244] Call Trace: [ 423.721997][T13244] [ 423.722011][T13244] dump_stack_lvl+0x16c/0x1f0 [ 423.722069][T13244] should_fail_ex+0x50a/0x650 [ 423.722103][T13244] ? fs_reclaim_acquire+0xae/0x150 [ 423.722151][T13244] ? loopback_open+0x145/0x13a0 [ 423.722181][T13244] should_failslab+0xc2/0x120 [ 423.722215][T13244] __kmalloc_cache_noprof+0x68/0x410 [ 423.722275][T13244] loopback_open+0x145/0x13a0 [ 423.722318][T13244] snd_pcm_open_substream+0xa50/0x17c0 [ 423.722384][T13244] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 423.722452][T13244] snd_pcm_open+0x29b/0x700 [ 423.722506][T13244] ? __pfx_snd_pcm_open+0x10/0x10 [ 423.722562][T13244] ? __pfx_default_wake_function+0x10/0x10 [ 423.722631][T13244] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 423.722684][T13244] snd_pcm_capture_open+0x89/0xe0 [ 423.722736][T13244] snd_open+0x1fe/0x450 [ 423.722776][T13244] ? __pfx_snd_open+0x10/0x10 [ 423.722812][T13244] chrdev_open+0x237/0x6a0 [ 423.722868][T13244] ? __pfx_chrdev_open+0x10/0x10 [ 423.722926][T13244] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 423.722981][T13244] do_dentry_open+0x735/0x1c40 [ 423.723033][T13244] ? __pfx_chrdev_open+0x10/0x10 [ 423.723089][T13244] ? inode_permission+0xdd/0x5f0 [ 423.723131][T13244] vfs_open+0x82/0x3f0 [ 423.723164][T13244] ? may_open+0x1f2/0x400 [ 423.723209][T13244] path_openat+0x1e88/0x2d80 [ 423.723276][T13244] ? __pfx_path_openat+0x10/0x10 [ 423.723328][T13244] ? __pfx___lock_acquire+0x10/0x10 [ 423.723382][T13244] ? lock_acquire.part.0+0x11b/0x380 [ 423.723431][T13244] ? find_held_lock+0x2d/0x110 [ 423.723474][T13244] do_filp_open+0x20c/0x470 [ 423.723526][T13244] ? __pfx_do_filp_open+0x10/0x10 [ 423.723576][T13244] ? find_held_lock+0x2d/0x110 [ 423.723646][T13244] ? alloc_fd+0x41f/0x760 [ 423.723709][T13244] do_sys_openat2+0x17a/0x1e0 [ 423.723746][T13244] ? __pfx_do_sys_openat2+0x10/0x10 [ 423.723800][T13244] __x64_sys_openat+0x175/0x210 [ 423.723838][T13244] ? __pfx___x64_sys_openat+0x10/0x10 [ 423.723900][T13244] do_syscall_64+0xcd/0x250 [ 423.723955][T13244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.724009][T13244] RIP: 0033:0x7efcd118d169 [ 423.724036][T13244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.724071][T13244] RSP: 002b:00007efcd1fff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 423.724102][T13244] RAX: ffffffffffffffda RBX: 00007efcd13a5fa0 RCX: 00007efcd118d169 [ 423.724125][T13244] RDX: 0000000000000000 RSI: 0000400000000100 RDI: ffffffffffffff9c [ 423.724148][T13244] RBP: 00007efcd120e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 423.724169][T13244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.724190][T13244] R13: 0000000000000000 R14: 00007efcd13a5fa0 R15: 00007ffc41853328 [ 423.724232][T13244] [ 424.000850][T13250] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2787'. [ 424.041395][T13247] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2786'. [ 424.153355][T13251] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2787'. [ 424.614538][T13269] random: crng reseeded on system resumption [ 425.486217][T13289] FAULT_INJECTION: forcing a failure. [ 425.486217][T13289] name failslab, interval 1, probability 0, space 0, times 0 [ 425.500268][T13289] CPU: 1 UID: 0 PID: 13289 Comm: syz.1.2800 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 425.500313][T13289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 425.500332][T13289] Call Trace: [ 425.500342][T13289] [ 425.500355][T13289] dump_stack_lvl+0x16c/0x1f0 [ 425.500410][T13289] should_fail_ex+0x50a/0x650 [ 425.500442][T13289] ? fs_reclaim_acquire+0xae/0x150 [ 425.500488][T13289] ? xfrm_hash_alloc+0xd1/0x100 [ 425.500519][T13289] should_failslab+0xc2/0x120 [ 425.500551][T13289] __kmalloc_noprof+0xcb/0x510 [ 425.500601][T13289] ? __pfx_xfrm_nat_keepalive_net_fini+0x1/0x10 [ 425.500651][T13289] ? __pfx_xfrm_net_init+0x10/0x10 [ 425.500687][T13289] xfrm_hash_alloc+0xd1/0x100 [ 425.500719][T13289] xfrm_state_init+0xde/0x630 [ 425.500758][T13289] ? __pfx_xfrm_net_init+0x10/0x10 [ 425.500792][T13289] xfrm_net_init+0x211/0xcb0 [ 425.500834][T13289] ? __pfx_xfrm_net_init+0x10/0x10 [ 425.500869][T13289] ops_init+0x1df/0x5f0 [ 425.500908][T13289] setup_net+0x21f/0x860 [ 425.500944][T13289] ? __pfx_setup_net+0x10/0x10 [ 425.500975][T13289] ? down_read_killable+0xcc/0x380 [ 425.501027][T13289] ? __pfx_down_read_killable+0x10/0x10 [ 425.501079][T13289] ? __raw_spin_lock_init+0x3a/0x110 [ 425.501114][T13289] ? debug_mutex_init+0x37/0x70 [ 425.501154][T13289] copy_net_ns+0x2a6/0x5f0 [ 425.501202][T13289] create_new_namespaces+0x3ea/0xad0 [ 425.501267][T13289] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 425.501326][T13289] ksys_unshare+0x45d/0xa40 [ 425.501361][T13289] ? __pfx_ksys_unshare+0x10/0x10 [ 425.501394][T13289] ? xfd_validate_state+0x5d/0x180 [ 425.501455][T13289] __x64_sys_unshare+0x31/0x40 [ 425.501489][T13289] do_syscall_64+0xcd/0x250 [ 425.501541][T13289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.501588][T13289] RIP: 0033:0x7f874078d169 [ 425.501614][T13289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.501646][T13289] RSP: 002b:00007f874157a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 425.501679][T13289] RAX: ffffffffffffffda RBX: 00007f87409a5fa0 RCX: 00007f874078d169 [ 425.501699][T13289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 425.501718][T13289] RBP: 00007f874080e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 425.501737][T13289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 425.501756][T13289] R13: 0000000000000000 R14: 00007f87409a5fa0 R15: 00007ffc3acd3148 [ 425.501796][T13289] [ 426.158432][T13299] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 426.336928][T13304] netlink: 'syz.0.2806': attribute type 2 has an invalid length. [ 428.896107][ T30] audit: type=1800 audit(4294967417.270:14): pid=13370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2832" name="discovery_nqn" dev="configfs" ino=33233 res=0 errno=0 [ 429.382293][ T30] audit: type=1800 audit(4294967417.750:15): pid=13386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2838" name="dbroot" dev="configfs" ino=33259 res=0 errno=0 [ 429.893293][T13396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2842'. [ 429.943520][T13369] Process accounting resumed [ 430.141076][T13402] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2848'. [ 430.500300][T13419] Loading of unsigned module is rejected [ 431.193837][T13433] FAULT_INJECTION: forcing a failure. [ 431.193837][T13433] name failslab, interval 1, probability 0, space 0, times 0 [ 431.235515][T13433] CPU: 1 UID: 0 PID: 13433 Comm: syz.3.2857 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 431.235560][T13433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 431.235579][T13433] Call Trace: [ 431.235588][T13433] [ 431.235600][T13433] dump_stack_lvl+0x16c/0x1f0 [ 431.235654][T13433] should_fail_ex+0x50a/0x650 [ 431.235684][T13433] ? fs_reclaim_acquire+0xae/0x150 [ 431.235728][T13433] ? xfrm_hash_alloc+0xd1/0x100 [ 431.235759][T13433] should_failslab+0xc2/0x120 [ 431.235791][T13433] __kmalloc_noprof+0xcb/0x510 [ 431.235840][T13433] ? __pfx_xfrm_statistics_seq_show+0x10/0x10 [ 431.235888][T13433] ? __pfx_xfrm_net_init+0x10/0x10 [ 431.235926][T13433] xfrm_hash_alloc+0xd1/0x100 [ 431.235958][T13433] xfrm_state_init+0x96/0x630 [ 431.235996][T13433] ? __pfx_xfrm_net_init+0x10/0x10 [ 431.236030][T13433] xfrm_net_init+0x211/0xcb0 [ 431.236072][T13433] ? __pfx_xfrm_net_init+0x10/0x10 [ 431.236107][T13433] ops_init+0x1df/0x5f0 [ 431.236144][T13433] setup_net+0x21f/0x860 [ 431.236181][T13433] ? __pfx_setup_net+0x10/0x10 [ 431.236212][T13433] ? down_read_killable+0xcc/0x380 [ 431.236267][T13433] ? __pfx_down_read_killable+0x10/0x10 [ 431.236320][T13433] ? __raw_spin_lock_init+0x3a/0x110 [ 431.236354][T13433] ? debug_mutex_init+0x37/0x70 [ 431.236394][T13433] copy_net_ns+0x2a6/0x5f0 [ 431.236443][T13433] create_new_namespaces+0x3ea/0xad0 [ 431.236507][T13433] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 431.236566][T13433] ksys_unshare+0x45d/0xa40 [ 431.236601][T13433] ? __pfx_ksys_unshare+0x10/0x10 [ 431.236634][T13433] ? xfd_validate_state+0x5d/0x180 [ 431.236695][T13433] __x64_sys_unshare+0x31/0x40 [ 431.236729][T13433] do_syscall_64+0xcd/0x250 [ 431.236781][T13433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.236828][T13433] RIP: 0033:0x7f265578d169 [ 431.236854][T13433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.236885][T13433] RSP: 002b:00007f2656511038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 431.236916][T13433] RAX: ffffffffffffffda RBX: 00007f26559a5fa0 RCX: 00007f265578d169 [ 431.236939][T13433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 431.236959][T13433] RBP: 00007f265580e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 431.236979][T13433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.236999][T13433] R13: 0000000000000000 R14: 00007f26559a5fa0 R15: 00007ffe107c59c8 [ 431.237039][T13433] [ 432.577564][T13457] sd 0:0:1:0: device reset [ 434.641088][T13510] random: crng reseeded on system resumption [ 434.655975][T13507] FAULT_INJECTION: forcing a failure. [ 434.655975][T13507] name failslab, interval 1, probability 0, space 0, times 0 [ 434.687827][T13507] CPU: 0 UID: 0 PID: 13507 Comm: syz.0.2888 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 434.687870][T13507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 434.687892][T13507] Call Trace: [ 434.687902][T13507] [ 434.687914][T13507] dump_stack_lvl+0x16c/0x1f0 [ 434.687970][T13507] should_fail_ex+0x50a/0x650 [ 434.687997][T13507] ? fs_reclaim_acquire+0xae/0x150 [ 434.688042][T13507] ? xfrm_hash_alloc+0xd1/0x100 [ 434.688073][T13507] should_failslab+0xc2/0x120 [ 434.688118][T13507] __kmalloc_noprof+0xcb/0x510 [ 434.688168][T13507] ? __pfx_xfrm_nat_keepalive_net_fini+0x1/0x10 [ 434.688220][T13507] xfrm_hash_alloc+0xd1/0x100 [ 434.688251][T13507] xfrm_state_init+0x160/0x630 [ 434.688290][T13507] ? __pfx_xfrm_net_init+0x10/0x10 [ 434.688324][T13507] xfrm_net_init+0x211/0xcb0 [ 434.688362][T13507] ? __pfx_xfrm_net_init+0x10/0x10 [ 434.688399][T13507] ops_init+0x1df/0x5f0 [ 434.688436][T13507] setup_net+0x21f/0x860 [ 434.688472][T13507] ? __pfx_setup_net+0x10/0x10 [ 434.688502][T13507] ? down_read_killable+0xcc/0x380 [ 434.688557][T13507] ? __pfx_down_read_killable+0x10/0x10 [ 434.688610][T13507] ? __raw_spin_lock_init+0x3a/0x110 [ 434.688645][T13507] ? debug_mutex_init+0x37/0x70 [ 434.688682][T13507] copy_net_ns+0x2a6/0x5f0 [ 434.688723][T13507] create_new_namespaces+0x3ea/0xad0 [ 434.688784][T13507] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 434.688838][T13507] ksys_unshare+0x45d/0xa40 [ 434.688873][T13507] ? __pfx_ksys_unshare+0x10/0x10 [ 434.688904][T13507] ? xfd_validate_state+0x5d/0x180 [ 434.688961][T13507] __x64_sys_unshare+0x31/0x40 [ 434.688993][T13507] do_syscall_64+0xcd/0x250 [ 434.689045][T13507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.689099][T13507] RIP: 0033:0x7efcd118d169 [ 434.689126][T13507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.689159][T13507] RSP: 002b:00007efcd1fff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 434.689188][T13507] RAX: ffffffffffffffda RBX: 00007efcd13a5fa0 RCX: 00007efcd118d169 [ 434.689209][T13507] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 434.689228][T13507] RBP: 00007efcd120e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 434.689245][T13507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.689262][T13507] R13: 0000000000000000 R14: 00007efcd13a5fa0 R15: 00007ffc41853328 [ 434.689296][T13507] [ 435.149801][T13518] FAULT_INJECTION: forcing a failure. [ 435.149801][T13518] name failslab, interval 1, probability 0, space 0, times 0 [ 435.163636][T13519] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2892'. [ 435.184004][T13518] CPU: 0 UID: 0 PID: 13518 Comm: syz.0.2899 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 435.184047][T13518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 435.184066][T13518] Call Trace: [ 435.184075][T13518] [ 435.184087][T13518] dump_stack_lvl+0x16c/0x1f0 [ 435.184140][T13518] should_fail_ex+0x50a/0x650 [ 435.184169][T13518] ? fs_reclaim_acquire+0xae/0x150 [ 435.184210][T13518] should_failslab+0xc2/0x120 [ 435.184238][T13518] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 435.184293][T13518] ? __xlate_proc_name+0x173/0x210 [ 435.184343][T13518] ? __proc_create+0x2c0/0x8b0 [ 435.184399][T13518] __proc_create+0x2c0/0x8b0 [ 435.184451][T13518] ? __pfx___proc_create+0x10/0x10 [ 435.184502][T13518] ? __pfx_lock_release+0x10/0x10 [ 435.184559][T13518] proc_create_reg+0x7d/0x180 [ 435.184591][T13518] ? __pfx_xfrm_statistics_seq_show+0x10/0x10 [ 435.184633][T13518] proc_create_net_single+0x87/0x170 [ 435.184659][T13518] ? __pfx_proc_create_net_single+0x10/0x10 [ 435.184695][T13518] ? __pfx_xfrm_net_init+0x10/0x10 [ 435.184724][T13518] xfrm_proc_init+0x4d/0x70 [ 435.184758][T13518] xfrm_net_init+0x1f1/0xcb0 [ 435.184791][T13518] ? __pfx_xfrm_net_init+0x10/0x10 [ 435.184820][T13518] ops_init+0x1df/0x5f0 [ 435.184850][T13518] setup_net+0x21f/0x860 [ 435.184879][T13518] ? __pfx_setup_net+0x10/0x10 [ 435.184905][T13518] ? down_read_killable+0xcc/0x380 [ 435.184948][T13518] ? __pfx_down_read_killable+0x10/0x10 [ 435.184991][T13518] ? __raw_spin_lock_init+0x3a/0x110 [ 435.185019][T13518] ? debug_mutex_init+0x37/0x70 [ 435.185055][T13518] copy_net_ns+0x2a6/0x5f0 [ 435.185090][T13518] create_new_namespaces+0x3ea/0xad0 [ 435.185143][T13518] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 435.185193][T13518] ksys_unshare+0x45d/0xa40 [ 435.185223][T13518] ? __pfx_ksys_unshare+0x10/0x10 [ 435.185250][T13518] ? xfd_validate_state+0x5d/0x180 [ 435.185310][T13518] __x64_sys_unshare+0x31/0x40 [ 435.185339][T13518] do_syscall_64+0xcd/0x250 [ 435.185383][T13518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.185421][T13518] RIP: 0033:0x7efcd118d169 [ 435.185444][T13518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.185473][T13518] RSP: 002b:00007efcd1fff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 435.185501][T13518] RAX: ffffffffffffffda RBX: 00007efcd13a5fa0 RCX: 00007efcd118d169 [ 435.185519][T13518] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 435.185536][T13518] RBP: 00007efcd120e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 435.185553][T13518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.185569][T13518] R13: 0000000000000000 R14: 00007efcd13a5fa0 R15: 00007ffc41853328 [ 435.185603][T13518] [ 437.299281][T13557] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2906'. [ 440.272322][T13632] FAULT_INJECTION: forcing a failure. [ 440.272322][T13632] name failslab, interval 1, probability 0, space 0, times 0 [ 440.354868][T13632] CPU: 1 UID: 0 PID: 13632 Comm: syz.2.2930 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 440.354913][T13632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 440.354931][T13632] Call Trace: [ 440.354941][T13632] [ 440.354953][T13632] dump_stack_lvl+0x16c/0x1f0 [ 440.355010][T13632] should_fail_ex+0x50a/0x650 [ 440.355041][T13632] ? fs_reclaim_acquire+0xae/0x150 [ 440.355086][T13632] ? snd_pcm_oss_open+0x60a/0x1400 [ 440.355124][T13632] should_failslab+0xc2/0x120 [ 440.355155][T13632] __kmalloc_cache_noprof+0x68/0x410 [ 440.355212][T13632] snd_pcm_oss_open+0x60a/0x1400 [ 440.355263][T13632] ? __pfx___lock_acquire+0x10/0x10 [ 440.355312][T13632] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 440.355358][T13632] ? __pfx_default_wake_function+0x10/0x10 [ 440.355409][T13632] ? find_held_lock+0x2d/0x110 [ 440.355452][T13632] ? __pfx_lock_release+0x10/0x10 [ 440.355498][T13632] ? do_raw_spin_lock+0x12d/0x2c0 [ 440.355533][T13632] ? lock_acquire+0x2f/0xb0 [ 440.355590][T13632] ? soundcore_open+0x8e/0x580 [ 440.355625][T13632] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 440.355669][T13632] soundcore_open+0x409/0x580 [ 440.355708][T13632] ? __pfx_soundcore_open+0x10/0x10 [ 440.355742][T13632] chrdev_open+0x237/0x6a0 [ 440.355793][T13632] ? __pfx_apparmor_file_open+0x10/0x10 [ 440.355837][T13632] ? __pfx_chrdev_open+0x10/0x10 [ 440.355893][T13632] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 440.355946][T13632] do_dentry_open+0x735/0x1c40 [ 440.355995][T13632] ? __pfx_chrdev_open+0x10/0x10 [ 440.356048][T13632] ? inode_permission+0xdd/0x5f0 [ 440.356087][T13632] vfs_open+0x82/0x3f0 [ 440.356118][T13632] ? may_open+0x1f2/0x400 [ 440.356160][T13632] path_openat+0x1e88/0x2d80 [ 440.356222][T13632] ? __pfx_path_openat+0x10/0x10 [ 440.356272][T13632] ? __pfx___lock_acquire+0x10/0x10 [ 440.356316][T13632] ? lock_acquire.part.0+0x11b/0x380 [ 440.356361][T13632] ? find_held_lock+0x2d/0x110 [ 440.356402][T13632] do_filp_open+0x20c/0x470 [ 440.356451][T13632] ? __pfx_do_filp_open+0x10/0x10 [ 440.356498][T13632] ? find_held_lock+0x2d/0x110 [ 440.356570][T13632] ? alloc_fd+0x41f/0x760 [ 440.356629][T13632] do_sys_openat2+0x17a/0x1e0 [ 440.356664][T13632] ? __pfx_do_sys_openat2+0x10/0x10 [ 440.356715][T13632] __x64_sys_openat+0x175/0x210 [ 440.356752][T13632] ? __pfx___x64_sys_openat+0x10/0x10 [ 440.356805][T13632] do_syscall_64+0xcd/0x250 [ 440.356859][T13632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.356905][T13632] RIP: 0033:0x7fa23438d169 [ 440.356932][T13632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.356965][T13632] RSP: 002b:00007fa2351aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 440.356997][T13632] RAX: ffffffffffffffda RBX: 00007fa2345a5fa0 RCX: 00007fa23438d169 [ 440.357018][T13632] RDX: 0000000000080002 RSI: 00004000000000c0 RDI: ffffffffffffff9c [ 440.357038][T13632] RBP: 00007fa23440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 440.357057][T13632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 440.357076][T13632] R13: 0000000000000000 R14: 00007fa2345a5fa0 R15: 00007ffc48d2ce78 [ 440.357116][T13632] [ 440.388937][T13638] mtrr: base(0x400000000000000) is not aligned on a size(0x0000) boundary [ 443.332361][T13694] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2949'. [ 443.434506][T13697] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2950'. [ 443.923787][T13713] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 444.244469][T13724] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2963'. [ 445.601849][T13751] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2973'. [ 445.639648][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.646722][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.015590][T13793] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2990'. [ 448.050845][T13823] netlink: 'syz.1.3005': attribute type 15 has an invalid length. [ 448.086288][T13823] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3005'. [ 450.895188][T13860] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3019'. [ 452.585814][T13900] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3036'. [ 452.610370][T13900] vxcan1: entered promiscuous mode [ 452.637763][T13903] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3037'. [ 453.139682][T13916] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3042'. [ 453.456350][T13925] FAULT_INJECTION: forcing a failure. [ 453.456350][T13925] name failslab, interval 1, probability 0, space 0, times 0 [ 453.484567][T13926] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3046'. [ 453.511995][T13925] CPU: 0 UID: 0 PID: 13925 Comm: syz.3.3047 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 453.512038][T13925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 453.512058][T13925] Call Trace: [ 453.512068][T13925] [ 453.512081][T13925] dump_stack_lvl+0x16c/0x1f0 [ 453.512139][T13925] should_fail_ex+0x50a/0x650 [ 453.512171][T13925] ? fs_reclaim_acquire+0xae/0x150 [ 453.512212][T13925] ? __alloc_workqueue+0xd92/0x1810 [ 453.512246][T13925] should_failslab+0xc2/0x120 [ 453.512278][T13925] __kmalloc_cache_noprof+0x68/0x410 [ 453.512324][T13925] ? vsnprintf+0x320/0x1180 [ 453.512366][T13925] ? __pfx_lock_release+0x10/0x10 [ 453.512420][T13925] __alloc_workqueue+0xd92/0x1810 [ 453.512457][T13925] ? __pfx_vsnprintf+0x10/0x10 [ 453.512508][T13925] ? lockdep_hardirqs_on+0x7c/0x110 [ 453.512555][T13925] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 453.512613][T13925] alloc_workqueue+0xd3/0x200 [ 453.512650][T13925] ? __pfx_alloc_workqueue+0x10/0x10 [ 453.512699][T13925] ? __pfx___debug_object_init+0x10/0x10 [ 453.512755][T13925] nci_register_device+0x221/0xb80 [ 453.512795][T13925] ? __pfx_nci_register_device+0x10/0x10 [ 453.512848][T13925] virtual_ncidev_open+0x141/0x220 [ 453.512901][T13925] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 453.512950][T13925] misc_open+0x35a/0x420 [ 453.512983][T13925] ? __pfx_misc_open+0x10/0x10 [ 453.513016][T13925] chrdev_open+0x237/0x6a0 [ 453.513066][T13925] ? __pfx_apparmor_file_open+0x10/0x10 [ 453.513111][T13925] ? __pfx_chrdev_open+0x10/0x10 [ 453.513167][T13925] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 453.513220][T13925] do_dentry_open+0x735/0x1c40 [ 453.513270][T13925] ? __pfx_chrdev_open+0x10/0x10 [ 453.513324][T13925] ? inode_permission+0xdd/0x5f0 [ 453.513367][T13925] vfs_open+0x82/0x3f0 [ 453.513398][T13925] ? may_open+0x1f2/0x400 [ 453.513441][T13925] path_openat+0x1e88/0x2d80 [ 453.513507][T13925] ? __pfx_path_openat+0x10/0x10 [ 453.513556][T13925] ? __pfx___lock_acquire+0x10/0x10 [ 453.513609][T13925] ? lock_acquire.part.0+0x11b/0x380 [ 453.513656][T13925] ? find_held_lock+0x2d/0x110 [ 453.513696][T13925] do_filp_open+0x20c/0x470 [ 453.513747][T13925] ? __pfx_do_filp_open+0x10/0x10 [ 453.513794][T13925] ? find_held_lock+0x2d/0x110 [ 453.513857][T13925] ? alloc_fd+0x41f/0x760 [ 453.513914][T13925] do_sys_openat2+0x17a/0x1e0 [ 453.513947][T13925] ? __pfx_do_sys_openat2+0x10/0x10 [ 453.513995][T13925] __x64_sys_openat+0x175/0x210 [ 453.514029][T13925] ? __pfx___x64_sys_openat+0x10/0x10 [ 453.514080][T13925] do_syscall_64+0xcd/0x250 [ 453.514133][T13925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.514180][T13925] RIP: 0033:0x7f265578d169 [ 453.514207][T13925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.514241][T13925] RSP: 002b:00007f2656511038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 453.514274][T13925] RAX: ffffffffffffffda RBX: 00007f26559a5fa0 RCX: 00007f265578d169 [ 453.514296][T13925] RDX: 0000000000000002 RSI: 0000400000000040 RDI: ffffffffffffff9c [ 453.514316][T13925] RBP: 00007f265580e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 453.514335][T13925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.514354][T13925] R13: 0000000000000000 R14: 00007f26559a5fa0 R15: 00007ffe107c59c8 [ 453.514395][T13925] [ 454.373034][T13939] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3053'. [ 454.680912][T13949] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3058'. [ 456.010532][T13967] delete_channel: no stack [ 456.327223][T13979] netlink: 'syz.3.3071': attribute type 11 has an invalid length. [ 456.610224][T13986] FAULT_INJECTION: forcing a failure. [ 456.610224][T13986] name failslab, interval 1, probability 0, space 0, times 0 [ 456.644295][T13986] CPU: 0 UID: 0 PID: 13986 Comm: syz.3.3074 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 456.644340][T13986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 456.644359][T13986] Call Trace: [ 456.644369][T13986] [ 456.644382][T13986] dump_stack_lvl+0x16c/0x1f0 [ 456.644447][T13986] should_fail_ex+0x50a/0x650 [ 456.644479][T13986] ? fs_reclaim_acquire+0xae/0x150 [ 456.644526][T13986] should_failslab+0xc2/0x120 [ 456.644558][T13986] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 456.644609][T13986] ? __kernfs_new_node+0xd3/0x890 [ 456.644663][T13986] __kernfs_new_node+0xd3/0x890 [ 456.644714][T13986] ? __pfx___kernfs_new_node+0x10/0x10 [ 456.644759][T13986] ? __pfx_lock_release+0x10/0x10 [ 456.644806][T13986] ? kernfs_add_one+0x39d/0x520 [ 456.644870][T13986] ? up_write+0x1b2/0x520 [ 456.644927][T13986] kernfs_new_node+0x186/0x240 [ 456.644985][T13986] __kernfs_create_file+0x53/0x350 [ 456.645028][T13986] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 456.645080][T13986] internal_create_group+0x56c/0xf10 [ 456.645137][T13986] ? __pfx_internal_create_group+0x10/0x10 [ 456.645192][T13986] ? kernfs_create_link+0x1bd/0x240 [ 456.645236][T13986] internal_create_groups+0x9d/0x150 [ 456.645287][T13986] device_add+0x6d3/0x1a70 [ 456.645344][T13986] ? __pfx_device_add+0x10/0x10 [ 456.645392][T13986] ? __init_waitqueue_head+0xca/0x150 [ 456.645446][T13986] netdev_register_kobject+0x183/0x3a0 [ 456.645485][T13986] register_netdevice+0x147b/0x1eb0 [ 456.645529][T13986] ? __pfx_register_netdevice+0x10/0x10 [ 456.645576][T13986] __ip_tunnel_create+0x4aa/0x690 [ 456.645627][T13986] ? __pfx___ip_tunnel_create+0x10/0x10 [ 456.645679][T13986] ? read_word_at_a_time+0xe/0x20 [ 456.645720][T13986] ip_tunnel_init_net+0x22a/0x790 [ 456.645776][T13986] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 456.645836][T13986] ? __kmalloc_noprof+0x23b/0x510 [ 456.645893][T13986] ? __pfx_ipgre_tap_init_net+0x10/0x10 [ 456.645933][T13986] ops_init+0x1df/0x5f0 [ 456.645971][T13986] setup_net+0x21f/0x860 [ 456.646006][T13986] ? __pfx_setup_net+0x10/0x10 [ 456.646037][T13986] ? down_read_killable+0xcc/0x380 [ 456.646091][T13986] ? __pfx_down_read_killable+0x10/0x10 [ 456.646143][T13986] ? __raw_spin_lock_init+0x3a/0x110 [ 456.646179][T13986] ? debug_mutex_init+0x37/0x70 [ 456.646219][T13986] copy_net_ns+0x2a6/0x5f0 [ 456.646260][T13986] create_new_namespaces+0x3ea/0xad0 [ 456.646322][T13986] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 456.646379][T13986] ksys_unshare+0x45d/0xa40 [ 456.646420][T13986] ? __pfx_ksys_unshare+0x10/0x10 [ 456.646453][T13986] ? xfd_validate_state+0x5d/0x180 [ 456.646516][T13986] __x64_sys_unshare+0x31/0x40 [ 456.646551][T13986] do_syscall_64+0xcd/0x250 [ 456.646605][T13986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.646652][T13986] RIP: 0033:0x7f265578d169 [ 456.646679][T13986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.646711][T13986] RSP: 002b:00007f2656511038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 456.646743][T13986] RAX: ffffffffffffffda RBX: 00007f26559a5fa0 RCX: 00007f265578d169 [ 456.646764][T13986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 456.646784][T13986] RBP: 00007f265580e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 456.646803][T13986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 456.646821][T13986] R13: 0000000000000000 R14: 00007f26559a5fa0 R15: 00007ffe107c59c8 [ 456.646863][T13986] [ 457.515175][T14000] netlink: 'syz.2.3080': attribute type 1 has an invalid length. [ 457.539093][T14000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3080'. [ 458.532243][T14026] ================================================================== [ 458.540389][T14026] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330 [ 458.548372][T14026] Read of size 8 at addr ffff888031c2e000 by task syz.2.3087/14026 [ 458.556307][T14026] [ 458.558653][T14026] CPU: 0 UID: 0 PID: 14026 Comm: syz.2.3087 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 458.558689][T14026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 458.558707][T14026] Call Trace: [ 458.558716][T14026] [ 458.558726][T14026] dump_stack_lvl+0x116/0x1f0 [ 458.558772][T14026] print_report+0xc3/0x670 [ 458.558797][T14026] ? __virt_addr_valid+0x5e/0x590 [ 458.558825][T14026] ? __phys_addr+0xc6/0x150 [ 458.558853][T14026] kasan_report+0xd9/0x110 [ 458.558877][T14026] ? force_devcd_write+0x317/0x330 [ 458.558918][T14026] ? force_devcd_write+0x317/0x330 [ 458.558960][T14026] force_devcd_write+0x317/0x330 [ 458.558998][T14026] ? __pfx_force_devcd_write+0x10/0x10 [ 458.559037][T14026] ? __debugfs_file_get+0x1ff/0x850 [ 458.559073][T14026] ? __pfx___debugfs_file_get+0x10/0x10 [ 458.559109][T14026] ? rcu_is_watching+0x12/0xc0 [ 458.559137][T14026] ? trace_lock_acquire+0x14e/0x1f0 [ 458.559181][T14026] full_proxy_write+0x13c/0x200 [ 458.559218][T14026] ? __pfx_full_proxy_write+0x10/0x10 [ 458.559256][T14026] vfs_write+0x24c/0x1150 [ 458.559295][T14026] ? __fget_files+0x1fc/0x3a0 [ 458.559334][T14026] ? __pfx___mutex_lock+0x10/0x10 [ 458.559374][T14026] ? __pfx_vfs_write+0x10/0x10 [ 458.559415][T14026] ? __fget_files+0x206/0x3a0 [ 458.559457][T14026] ksys_write+0x12b/0x250 [ 458.559494][T14026] ? __pfx_ksys_write+0x10/0x10 [ 458.559535][T14026] do_syscall_64+0xcd/0x250 [ 458.559576][T14026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.559614][T14026] RIP: 0033:0x7fa23438d169 [ 458.559636][T14026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 458.559662][T14026] RSP: 002b:00007fa235189038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 458.559687][T14026] RAX: ffffffffffffffda RBX: 00007fa2345a6080 RCX: 00007fa23438d169 [ 458.559705][T14026] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 458.559721][T14026] RBP: 00007fa23440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 458.559738][T14026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 458.559755][T14026] R13: 0000000000000000 R14: 00007fa2345a6080 R15: 00007ffc48d2ce78 [ 458.559779][T14026] [ 458.559788][T14026] [ 458.782124][T14026] Allocated by task 36: [ 458.786292][T14026] kasan_save_stack+0x33/0x60 [ 458.791012][T14026] kasan_save_track+0x14/0x30 [ 458.795723][T14026] __kasan_kmalloc+0xaa/0xb0 [ 458.800345][T14026] __kmalloc_noprof+0x21c/0x510 [ 458.805233][T14026] ieee802_11_parse_elems_full+0x1d0/0x3240 [ 458.811171][T14026] ieee80211_ibss_rx_queued_mgmt+0xc4f/0x2f50 [ 458.817259][T14026] ieee80211_iface_work+0xc15/0xf50 [ 458.822482][T14026] cfg80211_wiphy_work+0x3ed/0x570 [ 458.827628][T14026] process_one_work+0x9c5/0x1ba0 [ 458.832594][T14026] worker_thread+0x6c8/0xf00 [ 458.837210][T14026] kthread+0x3af/0x750 [ 458.841300][T14026] ret_from_fork+0x45/0x80 [ 458.845743][T14026] ret_from_fork_asm+0x1a/0x30 [ 458.850545][T14026] [ 458.852891][T14026] Freed by task 36: [ 458.856719][T14026] kasan_save_stack+0x33/0x60 [ 458.861443][T14026] kasan_save_track+0x14/0x30 [ 458.866155][T14026] kasan_save_free_info+0x3b/0x60 [ 458.871209][T14026] __kasan_slab_free+0x51/0x70 [ 458.876009][T14026] kfree+0x2c4/0x4d0 [ 458.879934][T14026] ieee80211_ibss_rx_queued_mgmt+0x1a29/0x2f50 [ 458.886111][T14026] ieee80211_iface_work+0xc15/0xf50 [ 458.891354][T14026] cfg80211_wiphy_work+0x3ed/0x570 [ 458.896676][T14026] process_one_work+0x9c5/0x1ba0 [ 458.901647][T14026] worker_thread+0x6c8/0xf00 [ 458.906273][T14026] kthread+0x3af/0x750 [ 458.910369][T14026] ret_from_fork+0x45/0x80 [ 458.914822][T14026] ret_from_fork_asm+0x1a/0x30 [ 458.919610][T14026] [ 458.921938][T14026] The buggy address belongs to the object at ffff888031c2e000 [ 458.921938][T14026] which belongs to the cache kmalloc-1k of size 1024 [ 458.936027][T14026] The buggy address is located 0 bytes inside of [ 458.936027][T14026] freed 1024-byte region [ffff888031c2e000, ffff888031c2e400) [ 458.949773][T14026] [ 458.952107][T14026] The buggy address belongs to the physical page: [ 458.958538][T14026] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31c28 [ 458.967317][T14026] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 458.975836][T14026] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 458.983397][T14026] page_type: f5(slab) [ 458.987406][T14026] raw: 00fff00000000040 ffff88801b041dc0 ffffea0000d48800 dead000000000002 [ 458.996012][T14026] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 459.004670][T14026] head: 00fff00000000040 ffff88801b041dc0 ffffea0000d48800 dead000000000002 [ 459.013366][T14026] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 459.022057][T14026] head: 00fff00000000003 ffffea0000c70a01 ffffffffffffffff 0000000000000000 [ 459.030774][T14026] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 459.039456][T14026] page dumped because: kasan: bad access detected [ 459.045925][T14026] page_owner tracks the page as allocated [ 459.051670][T14026] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2952, tgid 2952 (kworker/u8:6), ts 98264637787, free_ts 98196904258 [ 459.070986][T14026] post_alloc_hook+0x181/0x1b0 [ 459.075796][T14026] get_page_from_freelist+0xfce/0x2f80 [ 459.081298][T14026] __alloc_frozen_pages_noprof+0x221/0x2470 [ 459.087231][T14026] alloc_pages_mpol+0x1fc/0x540 [ 459.092101][T14026] new_slab+0x23d/0x330 [ 459.096292][T14026] ___slab_alloc+0xc5d/0x1720 [ 459.100996][T14026] __slab_alloc.constprop.0+0x56/0xb0 [ 459.106400][T14026] __kmalloc_noprof+0x2ec/0x510 [ 459.111717][T14026] ieee802_11_parse_elems_full+0x1d0/0x3240 [ 459.117643][T14026] ieee80211_ibss_rx_queued_mgmt+0xc4f/0x2f50 [ 459.123769][T14026] ieee80211_iface_work+0xc15/0xf50 [ 459.128998][T14026] cfg80211_wiphy_work+0x3ed/0x570 [ 459.134148][T14026] process_one_work+0x9c5/0x1ba0 [ 459.139121][T14026] worker_thread+0x6c8/0xf00 [ 459.143739][T14026] kthread+0x3af/0x750 [ 459.147831][T14026] ret_from_fork+0x45/0x80 [ 459.152273][T14026] page last free pid 5928 tgid 5928 stack trace: [ 459.158629][T14026] free_frozen_pages+0x6db/0xfb0 [ 459.163605][T14026] qlist_free_all+0x4e/0x120 [ 459.168226][T14026] kasan_quarantine_reduce+0x195/0x1e0 [ 459.173716][T14026] __kasan_slab_alloc+0x69/0x90 [ 459.178602][T14026] __kmalloc_noprof+0x1cd/0x510 [ 459.183485][T14026] tomoyo_realpath_from_path+0xb9/0x720 [ 459.189065][T14026] tomoyo_path_perm+0x276/0x460 [ 459.193948][T14026] security_inode_getattr+0x116/0x290 [ 459.199353][T14026] vfs_fstat+0x4b/0xd0 [ 459.203472][T14026] vfs_fstatat+0xbc/0xf0 [ 459.207756][T14026] __do_sys_newfstatat+0xa2/0x130 [ 459.212806][T14026] do_syscall_64+0xcd/0x250 [ 459.217341][T14026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.223269][T14026] [ 459.225604][T14026] Memory state around the buggy address: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 459.231249][T14026] ffff888031c2df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 459.239330][T14026] ffff888031c2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 459.247409][T14026] >ffff888031c2e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 459.255490][T14026] ^ [ 459.259568][T14026] ffff888031c2e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 459.267653][T14026] ffff888031c2e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 459.275728][T14026] ================================================================== [ 459.361884][T14026] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 459.369159][T14026] CPU: 1 UID: 0 PID: 14026 Comm: syz.2.3087 Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 [ 459.379970][T14026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 459.390067][T14026] Call Trace: [ 459.393373][T14026] [ 459.396334][T14026] dump_stack_lvl+0x3d/0x1f0 [ 459.400983][T14026] panic+0x71d/0x800 [ 459.404935][T14026] ? __pfx_panic+0x10/0x10 [ 459.409400][T14026] ? preempt_schedule_thunk+0x1a/0x30 [ 459.414828][T14026] ? preempt_schedule_common+0x44/0xc0 [ 459.420360][T14026] check_panic_on_warn+0xab/0xb0 [ 459.425355][T14026] end_report+0x117/0x180 [ 459.429705][T14026] kasan_report+0xe9/0x110 [ 459.434141][T14026] ? force_devcd_write+0x317/0x330 [ 459.439292][T14026] ? force_devcd_write+0x317/0x330 [ 459.444458][T14026] force_devcd_write+0x317/0x330 [ 459.449452][T14026] ? __pfx_force_devcd_write+0x10/0x10 [ 459.454960][T14026] ? __debugfs_file_get+0x1ff/0x850 [ 459.460191][T14026] ? __pfx___debugfs_file_get+0x10/0x10 [ 459.465775][T14026] ? rcu_is_watching+0x12/0xc0 [ 459.470569][T14026] ? trace_lock_acquire+0x14e/0x1f0 [ 459.475797][T14026] full_proxy_write+0x13c/0x200 [ 459.480704][T14026] ? __pfx_full_proxy_write+0x10/0x10 [ 459.486108][T14026] vfs_write+0x24c/0x1150 [ 459.490474][T14026] ? __fget_files+0x1fc/0x3a0 [ 459.495187][T14026] ? __pfx___mutex_lock+0x10/0x10 [ 459.500248][T14026] ? __pfx_vfs_write+0x10/0x10 [ 459.505047][T14026] ? __fget_files+0x206/0x3a0 [ 459.509760][T14026] ksys_write+0x12b/0x250 [ 459.514130][T14026] ? __pfx_ksys_write+0x10/0x10 [ 459.519018][T14026] do_syscall_64+0xcd/0x250 [ 459.523564][T14026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.529502][T14026] RIP: 0033:0x7fa23438d169 [ 459.533961][T14026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.553602][T14026] RSP: 002b:00007fa235189038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 459.562039][T14026] RAX: ffffffffffffffda RBX: 00007fa2345a6080 RCX: 00007fa23438d169 [ 459.570029][T14026] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000006 [ 459.578021][T14026] RBP: 00007fa23440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 459.586018][T14026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.594007][T14026] R13: 0000000000000000 R14: 00007fa2345a6080 R15: 00007ffc48d2ce78 [ 459.602008][T14026] [ 459.605349][T14026] Kernel Offset: disabled [ 459.609703][T14026] Rebooting in 86400 seconds..