last executing test programs: 20.147829234s ago: executing program 0 (id=3060): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x401, 0x1) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x2c) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc) mmap$auto(0x0, 0x4, 0xffb, 0x8000000008012, 0x3, 0x0) ioctl$auto_SNDCTL_DSP_GETFMTS(r0, 0x8004500b, 0x0) 19.952182059s ago: executing program 0 (id=3063): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x0, 0x0) r0 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r0, &(0x7f0000000040)=""/4096, 0xfffffe82) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 18.70461935s ago: executing program 0 (id=3072): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x311) timer_settime$auto(0x66c8ece6, 0x617e, &(0x7f0000000000)={{0x9, 0xc}, {0xa, 0x3ff}}, 0x0) lseek$auto(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0x3, 0x8108551b, 0x1) ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000240)={0x1, 0x81, 0x5b, 0x4, &(0x7f0000000000), 0x9, 0xeb90, 0x2, @stream_id=0x100, 0x7, 0x476, 0x0}) close_range$auto(0x2, 0x8, 0x0) 18.329657556s ago: executing program 0 (id=3073): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 17.858926605s ago: executing program 0 (id=3075): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0xc) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000003740)={&(0x7f0000000000)=ANY=[@ANYBLOB="b10000", @ANYBLOB="01002dbd7000"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x40080) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r2, @ANYRES8=r0], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r1, &(0x7f0000000000)='-\x00', 0xfdef) 16.605927032s ago: executing program 0 (id=3079): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x800) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x19, 0x21, "64b6698fa876c13434397b82dd574e5da012ca6618"}, @NL80211_ATTR_HE_BSS_COLOR={0x20, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20004800}, 0x48080) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 16.117078844s ago: executing program 32 (id=3079): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0xffffffffffffffff, 0x8, 0x8000) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x800) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x19, 0x21, "64b6698fa876c13434397b82dd574e5da012ca6618"}, @NL80211_ATTR_HE_BSS_COLOR={0x20, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20004800}, 0x48080) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.080943135s ago: executing program 4 (id=3144): openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto_EVIOCSMASK(r1, 0x40104593, &(0x7f00000001c0)={0x401, 0x8}) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event\x00', 0xa00, 0x0) pread64$auto(r2, 0x0, 0xc404, 0x1000) 3.69556959s ago: executing program 2 (id=3147): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) write$auto(0x3, 0x0, 0xfdef) read$auto(0x3, 0x0, 0x1f40) read$auto(0x3, 0x0, 0x1f40) 2.859917475s ago: executing program 3 (id=3150): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000f5, 0x400, 0x2}]}) 2.740903994s ago: executing program 4 (id=3151): mmap$auto(0x0, 0xf, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0xf, 0x0) socket(0x2, 0x1, 0x0) socket(0x2, 0xa, 0xb) epoll_create$auto(0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) epoll_ctl$auto(0x5, 0x3, r0, 0x0) 2.661612208s ago: executing program 2 (id=3152): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) capset$auto(0x0, 0x0) setsockopt$auto(r0, 0x10000000084, 0x8, 0x0, 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) 2.525625799s ago: executing program 4 (id=3154): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/pci0000:00/0000:00:03.0/consistent_dma_mask_bits\x00', 0x0, 0x0) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, &(0x7f0000000000), 0x80100, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000004180)='/dev/snd/controlC1\x00', 0x28180, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/slab/kmalloc-64/min_partial\x00', 0x501, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/009/001\x00', 0x0, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, 0x0) 2.435975636s ago: executing program 3 (id=3155): mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) r0 = socket(0xa, 0x5, 0x84) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x82, 0x0, 0x8) bpf$auto(0xfffffffd, &(0x7f0000000000)=@bpf_attr_5={@target_ifindex, 0xffffffffffffffff, 0x4, 0x6, 0xffffffffffffffff, @relative_fd=r0, 0x9}, 0xa3) sendto$auto(r0, 0x0, 0x401, 0xffff, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) 2.3322582s ago: executing program 4 (id=3156): unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x1) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xcc, 0x0, 0x566) socket(0x10, 0x2, 0x0) r0 = openat$auto_output_bpc_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/output_bpc\x00', 0x121102, 0x0) read$auto_output_bpc_fops_(r0, &(0x7f0000000300)=""/247, 0xf7) 2.199314527s ago: executing program 3 (id=3157): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x20499d, 0x9) lsm_list_modules$auto(0x0, 0x0, 0x8) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) pread64$auto(r0, 0x0, 0x6, 0x7) 1.97750184s ago: executing program 1 (id=3159): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x3b, 0x400, 0x9}]}) 1.918758903s ago: executing program 3 (id=3160): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/rose14/carrier_changes\x00', 0x103000, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/usb_storage/parameters/delay_use\x00', 0x181942, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) 1.911813091s ago: executing program 4 (id=3161): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0x100082) open(0x0, 0x12600, 0x52) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0xfffe, 0x52, 0x0) 1.706361842s ago: executing program 1 (id=3162): mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x401, r1, @relative_fd=r2, 0xe600}, 0xf) bpf$auto(0x4, &(0x7f00000002c0)=@bpf_attr_11={0x5, 0x8000000000000005, 0x7, 0x1621, 0xf870e9f, 0xa4ea, 0x8}, 0x9) 1.591266809s ago: executing program 2 (id=3163): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sigaltstack$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) memfd_secret$auto(0x0) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r0, r0, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video67\x00', 0x169000, 0x0) ioctl$auto(r1, 0xc0285629, r1) 1.224787732s ago: executing program 2 (id=3164): r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x14}}, 0x6a) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, r0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3) accept$auto(r2, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 1.106685871s ago: executing program 1 (id=3165): r0 = socket(0x10, 0x2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000004", @ANYRES16, @ANYBLOB="93ab2dbd7000fcdbdf2508"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8000) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x800) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 659.509884ms ago: executing program 1 (id=3166): close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) writev$auto(r0, &(0x7f0000000100)={0x0, 0x407114}, 0x8) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) write$auto(0x1, 0x0, 0x80000000) 628.119215ms ago: executing program 2 (id=3167): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = gettid() lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0xdb35, 0xe4, 0xeb1, 0x405, 0x8000) tkill$auto(r0, 0x7) 415.014219ms ago: executing program 3 (id=3168): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000011c0)='./cgroup.cpu/hugetlb.1GB.rsvd.failcnt\x00', 0x40300, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x104) read$auto(r0, 0x0, 0x35cb) write$auto(0x3, 0x0, 0xfdef) 342.822899ms ago: executing program 2 (id=3169): unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x1f40) stat$auto(0x0, &(0x7f0000000380)={0x3, 0x3, 0x6, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0xa, 0xff, 0x100, 0x401, 0x5f57, 0x80000000, 0xaa}) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0xfffffdef) 191.029355ms ago: executing program 1 (id=3170): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x8a403, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) io_uring_setup$auto(0x6, 0x0) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) close_range$auto(0x2, 0x8, 0x0) 186.196596ms ago: executing program 3 (id=3171): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x179, 0x400, 0x9}]}) 173.101425ms ago: executing program 4 (id=3172): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x68400, 0x0) read$auto(r0, 0x0, 0x7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x9}, 0x3) r2 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r2, 0x405c5503, 0x0) ioctl$auto_UI_DEV_CREATE(r2, 0x5501, 0x0) mremap$auto(0x200000001000, 0x4, 0x4, 0x3, 0x100000000) 0s ago: executing program 1 (id=3173): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x0, r1, 0x4, 0x10008, 0x7, 0x1000049, r0, 0x7, 0xd3}, 0x1) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): 20][T12771] ? alloc_fd+0x471/0x7d0 [ 362.218765][T12771] do_sys_openat2+0x11b/0x1d0 [ 362.218794][T12771] ? __pfx_do_sys_openat2+0x10/0x10 [ 362.218839][T12771] __x64_sys_openat+0x174/0x210 [ 362.218869][T12771] ? __pfx___x64_sys_openat+0x10/0x10 [ 362.218914][T12771] do_syscall_64+0xcd/0x490 [ 362.218955][T12771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.218983][T12771] RIP: 0033:0x7f427d98e929 [ 362.219005][T12771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.219033][T12771] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 362.219065][T12771] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 362.219084][T12771] RDX: 00000000000a2300 RSI: 0000200000000d40 RDI: ffffffffffffff9c [ 362.219101][T12771] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 362.219118][T12771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.219136][T12771] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 362.219172][T12771] [ 362.574048][T12775] netlink: 'syz.1.2638': attribute type 5 has an invalid length. [ 362.583525][T12775] netlink: 314 bytes leftover after parsing attributes in process `syz.1.2638'. [ 362.929690][T12781] FAULT_INJECTION: forcing a failure. [ 362.929690][T12781] name failslab, interval 1, probability 0, space 0, times 0 [ 362.949235][T12781] CPU: 1 UID: 0 PID: 12781 Comm: syz.0.2643 Tainted: G U 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 362.949288][T12781] Tainted: [U]=USER [ 362.949295][T12781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 362.949311][T12781] Call Trace: [ 362.949320][T12781] [ 362.949330][T12781] dump_stack_lvl+0x16c/0x1f0 [ 362.949375][T12781] should_fail_ex+0x512/0x640 [ 362.949411][T12781] ? __kmalloc_noprof+0xbf/0x510 [ 362.949450][T12781] ? rfkill_alloc+0xac/0x330 [ 362.949476][T12781] should_failslab+0xc2/0x120 [ 362.949502][T12781] __kmalloc_noprof+0xd2/0x510 [ 362.949547][T12781] rfkill_alloc+0xac/0x330 [ 362.949580][T12781] wiphy_new_nm+0x136a/0x2160 [ 362.949608][T12781] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 362.949640][T12781] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 362.949669][T12781] ieee80211_alloc_hw_nm+0x1b7a/0x2260 [ 362.949698][T12781] ? __local_bh_enable_ip+0xa4/0x120 [ 362.949732][T12781] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 362.949788][T12781] ? __asan_memset+0x23/0x50 [ 362.949823][T12781] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 362.949872][T12781] hwsim_new_radio_nl+0xb51/0x12c0 [ 362.949914][T12781] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 362.949963][T12781] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 362.949998][T12781] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 362.950041][T12781] genl_family_rcv_msg_doit+0x209/0x2f0 [ 362.950077][T12781] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 362.950110][T12781] ? trace_cap_capable+0x18d/0x200 [ 362.950161][T12781] ? bpf_lsm_capable+0x9/0x10 [ 362.950192][T12781] ? security_capable+0x7e/0x260 [ 362.950233][T12781] ? ns_capable+0xd7/0x110 [ 362.950268][T12781] genl_rcv_msg+0x55c/0x800 [ 362.950304][T12781] ? __pfx_genl_rcv_msg+0x10/0x10 [ 362.950338][T12781] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 362.950380][T12781] ? __lock_acquire+0x622/0x1c90 [ 362.950420][T12781] netlink_rcv_skb+0x158/0x420 [ 362.950448][T12781] ? __pfx_genl_rcv_msg+0x10/0x10 [ 362.950481][T12781] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 362.950525][T12781] ? netlink_deliver_tap+0x1ae/0xd30 [ 362.950549][T12781] ? is_vmalloc_addr+0x86/0xa0 [ 362.950590][T12781] genl_rcv+0x28/0x40 [ 362.950617][T12781] netlink_unicast+0x53a/0x7f0 [ 362.950649][T12781] ? __pfx_netlink_unicast+0x10/0x10 [ 362.950688][T12781] netlink_sendmsg+0x8d1/0xdd0 [ 362.950723][T12781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 362.950766][T12781] ____sys_sendmsg+0xa95/0xc70 [ 362.950797][T12781] ? copy_msghdr_from_user+0x10a/0x160 [ 362.950835][T12781] ? __pfx_____sys_sendmsg+0x10/0x10 [ 362.950874][T12781] ? __pfx_futex_wake_mark+0x10/0x10 [ 362.950917][T12781] ___sys_sendmsg+0x134/0x1d0 [ 362.950974][T12781] ? __pfx____sys_sendmsg+0x10/0x10 [ 362.951011][T12781] ? __lock_acquire+0x622/0x1c90 [ 362.951093][T12781] __sys_sendmsg+0x16d/0x220 [ 362.951133][T12781] ? __pfx___sys_sendmsg+0x10/0x10 [ 362.951171][T12781] ? __x64_sys_futex+0x1e0/0x4c0 [ 362.951225][T12781] do_syscall_64+0xcd/0x490 [ 362.951272][T12781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.951300][T12781] RIP: 0033:0x7effd938e929 [ 362.951322][T12781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.951348][T12781] RSP: 002b:00007effda29d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 362.951374][T12781] RAX: ffffffffffffffda RBX: 00007effd95b5fa0 RCX: 00007effd938e929 [ 362.951392][T12781] RDX: 0000000004048000 RSI: 0000200000004240 RDI: 0000000000000003 [ 362.951409][T12781] RBP: 00007effd9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 362.951426][T12781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 362.951441][T12781] R13: 0000000000000000 R14: 00007effd95b5fa0 R15: 00007ffed96dbf88 [ 362.951476][T12781] [ 363.110480][T12783] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2642'. [ 364.762757][T12817] serio: Serial port pty233 [ 365.570872][T12833] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2661'. [ 365.724603][T12837] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2663'. [ 365.789740][T12835] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to 0. Contact your vendor for updates. [ 366.059404][T12848] syz.1.2668: vmalloc error: size 12288, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 366.118347][T12848] CPU: 0 UID: 0 PID: 12848 Comm: syz.1.2668 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 366.118394][T12848] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 366.118404][T12848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 366.118419][T12848] Call Trace: [ 366.118427][T12848] [ 366.118438][T12848] dump_stack_lvl+0x16c/0x1f0 [ 366.118484][T12848] warn_alloc+0x248/0x3a0 [ 366.118523][T12848] ? __pfx_warn_alloc+0x10/0x10 [ 366.118563][T12848] ? alloc_pages_mpol+0x25a/0x550 [ 366.118590][T12848] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 366.118630][T12848] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 366.118686][T12848] ? kernel_clone+0xfc/0x960 [ 366.118727][T12848] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 366.118775][T12848] ? kernel_clone+0xfc/0x960 [ 366.118805][T12848] __vmalloc_node_noprof+0xad/0xf0 [ 366.118838][T12848] ? kernel_clone+0xfc/0x960 [ 366.118872][T12848] copy_process+0x2c70/0x76a0 [ 366.118903][T12848] ? __pfx___futex_wait+0x10/0x10 [ 366.118951][T12848] ? __pfx_copy_process+0x10/0x10 [ 366.119000][T12848] kernel_clone+0xfc/0x960 [ 366.119034][T12848] ? __pfx_kernel_clone+0x10/0x10 [ 366.119086][T12848] __do_sys_clone+0xce/0x120 [ 366.119117][T12848] ? __pfx___do_sys_clone+0x10/0x10 [ 366.119144][T12848] ? __pfx_sigprocmask+0x10/0x10 [ 366.119197][T12848] ? xfd_validate_state+0x61/0x180 [ 366.119229][T12848] ? __pfx_do_writev+0x10/0x10 [ 366.119274][T12848] do_syscall_64+0xcd/0x490 [ 366.119315][T12848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.119342][T12848] RIP: 0033:0x7f427d98e929 [ 366.119365][T12848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.119392][T12848] RSP: 002b:00007f427e732fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 366.119417][T12848] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 366.119435][T12848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 366.119450][T12848] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 366.119466][T12848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.119482][T12848] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 366.119517][T12848] [ 366.119526][T12848] Mem-Info: [ 366.417533][T12848] active_anon:10275 inactive_anon:0 isolated_anon:0 [ 366.417533][T12848] active_file:18502 inactive_file:40094 isolated_file:0 [ 366.417533][T12848] unevictable:768 dirty:392 writeback:0 [ 366.417533][T12848] slab_reclaimable:10671 slab_unreclaimable:91833 [ 366.417533][T12848] mapped:24262 shmem:1786 pagetables:1124 [ 366.417533][T12848] sec_pagetables:0 bounce:0 [ 366.417533][T12848] kernel_misc_reclaimable:0 [ 366.417533][T12848] free:1293882 free_pcp:42389 free_cma:0 [ 366.476544][T12848] Node 0 active_anon:39500kB inactive_anon:0kB active_file:74008kB inactive_file:160168kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97044kB dirty:1560kB writeback:0kB shmem:4008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11388kB pagetables:4332kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 366.512635][T12848] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 366.562069][T12848] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 366.634489][T12848] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 366.640880][T12848] Node 0 DMA32 free:1292672kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36152kB inactive_anon:0kB active_file:74008kB inactive_file:158852kB unevictable:1536kB writepending:1560kB present:3129332kB managed:2540868kB mlocked:0kB bounce:0kB free_pcp:115080kB local_pcp:29424kB free_cma:0kB [ 366.681160][T12848] lowmem_reserve[]: 0 0 1 1 1 [ 366.685941][T12848] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 366.761375][T12848] lowmem_reserve[]: 0 0 0 0 0 [ 366.771168][T12848] Node 1 Normal free:3871428kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:53704kB local_pcp:27736kB free_cma:0kB [ 366.824053][T12861] serio: Serial port pty233 [ 366.836331][T12848] lowmem_reserve[]: 0 0 0 0 0 [ 366.841613][T12848] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 366.854699][T12848] Node 0 DMA32: 5721*4kB (UME) 2004*8kB (UME) 1047*16kB (UME) 1008*32kB (UME) 587*64kB (UME) 164*128kB (UME) 234*256kB (UME) 137*512kB (UME) 75*1024kB (UM) 21*2048kB (UME) 221*4096kB (UM) = 1301556kB [ 366.881702][T12848] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 366.894934][T12848] Node 1 Normal: 236*4kB (UME) 109*8kB (UME) 68*16kB (UME) 191*32kB (UM) 97*64kB (UME) 49*128kB (UME) 35*256kB (UME) 26*512kB (UME) 26*1024kB (UME) 14*2048kB (UME) 921*4096kB (UM) = 3871480kB [ 366.921085][T12848] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 366.931202][T12848] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 366.944775][T12848] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 366.950329][T12865] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2675'. [ 366.958406][T12848] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 366.975453][T12848] 59965 total pagecache pages [ 366.980965][T12848] 0 pages in swap cache [ 366.985246][T12848] Free swap = 124996kB [ 366.990645][T12848] Total swap = 124996kB [ 366.994950][T12848] 2097051 pages RAM [ 366.999556][T12848] 0 pages HighMem/MovableOnly [ 367.006418][T12848] 429856 pages reserved [ 367.006568][T12866] net_ratelimit: 20 callbacks suppressed [ 367.006585][T12866] bond0: mtu greater than device maximum [ 367.011356][T12848] 0 pages cma reserved [ 367.111521][T12871] size and base must be multiples of 4 kiB [ 367.112176][T12872] netlink: 146 bytes leftover after parsing attributes in process `syz.3.2678'. [ 367.117993][T12871] CPU: 0 UID: 0 PID: 12871 Comm: syz.1.2677 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 367.118040][T12871] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 367.118052][T12871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 367.118068][T12871] Call Trace: [ 367.118077][T12871] [ 367.118087][T12871] dump_stack_lvl+0x16c/0x1f0 [ 367.118129][T12871] mtrr_add+0xdf/0x110 [ 367.118160][T12871] mtrr_ioctl+0x7ef/0xcf0 [ 367.118191][T12871] ? __pfx_mtrr_ioctl+0x10/0x10 [ 367.118227][T12871] ? find_held_lock+0x2b/0x80 [ 367.118262][T12871] ? __fget_files+0x20e/0x3c0 [ 367.118297][T12871] ? __pfx_mtrr_ioctl+0x10/0x10 [ 367.118327][T12871] proc_reg_unlocked_ioctl+0x226/0x320 [ 367.118363][T12871] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 367.118402][T12871] __x64_sys_ioctl+0x18b/0x210 [ 367.118434][T12871] do_syscall_64+0xcd/0x490 [ 367.118473][T12871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.118509][T12871] RIP: 0033:0x7f427d98e929 [ 367.118529][T12871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.118555][T12871] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 367.118675][T12871] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 367.118694][T12871] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 367.118712][T12871] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 367.118732][T12871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 367.118749][T12871] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 367.118786][T12871] [ 367.186630][T12874] netlink: 350 bytes leftover after parsing attributes in process `syz.1.2679'. [ 367.324848][T12876] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2680'. [ 368.122604][T12909] FAULT_INJECTION: forcing a failure. [ 368.122604][T12909] name failslab, interval 1, probability 0, space 0, times 0 [ 368.150952][T12909] CPU: 0 UID: 0 PID: 12909 Comm: syz.1.2693 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 368.150997][T12909] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 368.151007][T12909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 368.151022][T12909] Call Trace: [ 368.151030][T12909] [ 368.151041][T12909] dump_stack_lvl+0x16c/0x1f0 [ 368.151084][T12909] should_fail_ex+0x512/0x640 [ 368.151118][T12909] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 368.151160][T12909] should_failslab+0xc2/0x120 [ 368.151186][T12909] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 368.151225][T12909] ? sk_prot_alloc+0x60/0x2a0 [ 368.151255][T12909] sk_prot_alloc+0x60/0x2a0 [ 368.151285][T12909] sk_alloc+0x36/0xc20 [ 368.151318][T12909] inet_create+0x3a1/0x1090 [ 368.151354][T12909] ? inet_create+0x93/0x1090 [ 368.151395][T12909] __sock_create+0x338/0x8d0 [ 368.151429][T12909] inet_ctl_sock_create+0x94/0x230 [ 368.151464][T12909] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 368.151495][T12909] ? lockdep_init_map_type+0x5c/0x280 [ 368.151533][T12909] ? lockdep_init_map_type+0x5c/0x280 [ 368.151571][T12909] ? __pfx_igmp_net_init+0x10/0x10 [ 368.151608][T12909] igmp_net_init+0xd0/0x1a0 [ 368.151644][T12909] ops_init+0x1e2/0x5f0 [ 368.151687][T12909] setup_net+0x1ff/0x510 [ 368.151709][T12909] ? lockdep_init_map_type+0x5c/0x280 [ 368.151749][T12909] ? __pfx_setup_net+0x10/0x10 [ 368.151776][T12909] ? debug_mutex_init+0x37/0x70 [ 368.151805][T12909] copy_net_ns+0x2a6/0x5f0 [ 368.151834][T12909] create_new_namespaces+0x3ea/0xa90 [ 368.151869][T12909] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 368.151901][T12909] ksys_unshare+0x45b/0xa40 [ 368.151938][T12909] ? __pfx_ksys_unshare+0x10/0x10 [ 368.151974][T12909] ? xfd_validate_state+0x61/0x180 [ 368.152014][T12909] __x64_sys_unshare+0x31/0x40 [ 368.152047][T12909] do_syscall_64+0xcd/0x490 [ 368.152089][T12909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.152114][T12909] RIP: 0033:0x7f427d98e929 [ 368.152135][T12909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.152161][T12909] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 368.152186][T12909] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 368.152203][T12909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 368.152219][T12909] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 368.152235][T12909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.152251][T12909] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 368.152286][T12909] [ 368.152461][T12909] Failed to initialize the IGMP autojoin socket (err -12) [ 368.223945][T12915] FAULT_INJECTION: forcing a failure. [ 368.223945][T12915] name failslab, interval 1, probability 0, space 0, times 0 [ 368.450542][T12915] CPU: 1 UID: 0 PID: 12915 Comm: syz.0.2694 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 368.450590][T12915] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 368.450601][T12915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 368.450616][T12915] Call Trace: [ 368.450626][T12915] [ 368.450636][T12915] dump_stack_lvl+0x16c/0x1f0 [ 368.450678][T12915] should_fail_ex+0x512/0x640 [ 368.450712][T12915] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 368.450753][T12915] should_failslab+0xc2/0x120 [ 368.450778][T12915] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 368.450815][T12915] ? tracefs_alloc_inode+0x2c/0x140 [ 368.450852][T12915] ? __pfx_tracefs_alloc_inode+0x10/0x10 [ 368.450882][T12915] tracefs_alloc_inode+0x2c/0x140 [ 368.450912][T12915] ? __pfx_tracefs_alloc_inode+0x10/0x10 [ 368.450943][T12915] alloc_inode+0x64/0x240 [ 368.450969][T12915] new_inode+0x22/0x1c0 [ 368.450999][T12915] tracefs_get_inode+0x19/0x80 [ 368.451031][T12915] eventfs_get_inode+0x53/0x520 [ 368.451069][T12915] eventfs_root_lookup+0x6f4/0xa50 [ 368.451105][T12915] ? __pfx_eventfs_root_lookup+0x10/0x10 [ 368.451143][T12915] ? lockdep_init_map_type+0x5c/0x280 [ 368.451180][T12915] ? lockdep_init_map_type+0x5c/0x280 [ 368.451221][T12915] __lookup_slow+0x24e/0x460 [ 368.451250][T12915] ? __pfx___lookup_slow+0x10/0x10 [ 368.451303][T12915] ? lookup_fast+0x156/0x610 [ 368.451340][T12915] walk_component+0x353/0x5b0 [ 368.451375][T12915] path_lookupat+0x142/0x6d0 [ 368.451413][T12915] path_openat+0x16f1/0x2cb0 [ 368.451446][T12915] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.451494][T12915] ? __pfx_path_openat+0x10/0x10 [ 368.451529][T12915] ? __lock_acquire+0xb8a/0x1c90 [ 368.451559][T12915] do_filp_open+0x20b/0x470 [ 368.451588][T12915] ? __pfx_do_filp_open+0x10/0x10 [ 368.451640][T12915] ? alloc_fd+0x471/0x7d0 [ 368.451676][T12915] do_sys_openat2+0x11b/0x1d0 [ 368.451699][T12915] ? __pfx_do_sys_openat2+0x10/0x10 [ 368.451734][T12915] __x64_sys_openat+0x174/0x210 [ 368.451758][T12915] ? __pfx___x64_sys_openat+0x10/0x10 [ 368.451794][T12915] do_syscall_64+0xcd/0x490 [ 368.451827][T12915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.451848][T12915] RIP: 0033:0x7effd938e929 [ 368.451866][T12915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.451887][T12915] RSP: 002b:00007effda27c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 368.451907][T12915] RAX: ffffffffffffffda RBX: 00007effd95b6080 RCX: 00007effd938e929 [ 368.451923][T12915] RDX: 0000000000600900 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 368.451937][T12915] RBP: 00007effd9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 368.451951][T12915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.451964][T12915] R13: 0000000000000000 R14: 00007effd95b6080 R15: 00007ffed96dbf88 [ 368.451993][T12915] [ 368.951983][T12920] netlink: 346 bytes leftover after parsing attributes in process `syz.0.2697'. [ 368.994293][T12923] FAULT_INJECTION: forcing a failure. [ 368.994293][T12923] name failslab, interval 1, probability 0, space 0, times 0 [ 369.040730][T12923] CPU: 0 UID: 0 PID: 12923 Comm: syz.2.2698 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 369.040781][T12923] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 369.040792][T12923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 369.040809][T12923] Call Trace: [ 369.040818][T12923] [ 369.040829][T12923] dump_stack_lvl+0x16c/0x1f0 [ 369.040875][T12923] should_fail_ex+0x512/0x640 [ 369.040911][T12923] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 369.040955][T12923] should_failslab+0xc2/0x120 [ 369.040982][T12923] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 369.041019][T12923] ? do_raw_spin_unlock+0x172/0x230 [ 369.041059][T12923] ? alloc_inode+0xc3/0x240 [ 369.041092][T12923] alloc_inode+0xc3/0x240 [ 369.041119][T12923] new_inode+0x22/0x1c0 [ 369.041150][T12923] nfsd_get_inode+0x1a/0x190 [ 369.041180][T12923] nfsd_fill_super+0x18e/0x530 [ 369.041216][T12923] ? __pfx_nfsd_fill_super+0x10/0x10 [ 369.041244][T12923] get_tree_keyed+0x10b/0x1d0 [ 369.041284][T12923] vfs_get_tree+0x8b/0x340 [ 369.041316][T12923] path_mount+0x1414/0x2020 [ 369.041356][T12923] ? kmem_cache_free+0x2d1/0x4d0 [ 369.041392][T12923] ? __pfx_path_mount+0x10/0x10 [ 369.041436][T12923] ? putname+0x154/0x1a0 [ 369.041465][T12923] __x64_sys_mount+0x28d/0x310 [ 369.041506][T12923] ? __pfx___x64_sys_mount+0x10/0x10 [ 369.041558][T12923] do_syscall_64+0xcd/0x490 [ 369.041598][T12923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.041625][T12923] RIP: 0033:0x7f3dbf98e929 [ 369.041647][T12923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.041673][T12923] RSP: 002b:00007f3dc07a2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 369.041704][T12923] RAX: ffffffffffffffda RBX: 00007f3dbfbb5fa0 RCX: 00007f3dbf98e929 [ 369.041723][T12923] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 369.041740][T12923] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 369.041758][T12923] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 369.041774][T12923] R13: 0000000000000000 R14: 00007f3dbfbb5fa0 R15: 00007ffc7aac7b78 [ 369.041811][T12923] [ 369.388908][T12930] FAULT_INJECTION: forcing a failure. [ 369.388908][T12930] name failslab, interval 1, probability 0, space 0, times 0 [ 369.410972][T12930] CPU: 0 UID: 0 PID: 12930 Comm: syz.2.2702 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 369.411022][T12930] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 369.411033][T12930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 369.411049][T12930] Call Trace: [ 369.411058][T12930] [ 369.411068][T12930] dump_stack_lvl+0x16c/0x1f0 [ 369.411111][T12930] should_fail_ex+0x512/0x640 [ 369.411146][T12930] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 369.411189][T12930] should_failslab+0xc2/0x120 [ 369.411215][T12930] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 369.411254][T12930] ? d_instantiate+0x77/0x90 [ 369.411290][T12930] ? alloc_empty_file+0x55/0x1e0 [ 369.411324][T12930] alloc_empty_file+0x55/0x1e0 [ 369.411351][T12930] alloc_file_pseudo+0x13a/0x230 [ 369.411379][T12930] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 369.411408][T12930] ? alloc_fd+0x471/0x7d0 [ 369.411446][T12930] __anon_inode_getfile+0xf7/0x3a0 [ 369.411488][T12930] anon_inode_getfile_fmode+0x37/0xa0 [ 369.411527][T12930] __do_sys_timerfd_create+0x216/0x3e0 [ 369.411563][T12930] ? do_syscall_64+0x91/0x490 [ 369.411602][T12930] do_syscall_64+0xcd/0x490 [ 369.411653][T12930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.411681][T12930] RIP: 0033:0x7f3dbf98e929 [ 369.411702][T12930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.411728][T12930] RSP: 002b:00007f3dc07a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000011b [ 369.411753][T12930] RAX: ffffffffffffffda RBX: 00007f3dbfbb5fa0 RCX: 00007f3dbf98e929 [ 369.411771][T12930] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 369.411785][T12930] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 369.411799][T12930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 369.411812][T12930] R13: 0000000000000000 R14: 00007f3dbfbb5fa0 R15: 00007ffc7aac7b78 [ 369.411843][T12930] [ 369.841118][T12942] netlink: 146 bytes leftover after parsing attributes in process `syz.1.2706'. [ 370.243547][T12949] dlm: Unknown command passed to DLM device : 0 [ 370.243547][T12949] [ 370.464677][T12963] FAULT_INJECTION: forcing a failure. [ 370.464677][T12963] name failslab, interval 1, probability 0, space 0, times 0 [ 370.497631][T12963] CPU: 0 UID: 0 PID: 12963 Comm: syz.0.2714 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 370.497680][T12963] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 370.497691][T12963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 370.497706][T12963] Call Trace: [ 370.497715][T12963] [ 370.497727][T12963] dump_stack_lvl+0x16c/0x1f0 [ 370.497772][T12963] should_fail_ex+0x512/0x640 [ 370.497808][T12963] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 370.497847][T12963] should_failslab+0xc2/0x120 [ 370.497874][T12963] __kmalloc_cache_noprof+0x6a/0x3e0 [ 370.497910][T12963] ? vkms_plane_duplicate_state+0x87/0x130 [ 370.497941][T12963] ? kasan_save_track+0x14/0x30 [ 370.497984][T12963] vkms_plane_duplicate_state+0x87/0x130 [ 370.498015][T12963] drm_atomic_get_plane_state+0x20e/0x590 [ 370.498047][T12963] drm_client_modeset_commit_atomic+0x237/0x7e0 [ 370.498078][T12963] ? __pfx___might_resched+0x10/0x10 [ 370.498116][T12963] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 370.498187][T12963] drm_client_modeset_commit_locked+0x14d/0x580 [ 370.498224][T12963] drm_client_modeset_commit+0x4f/0x80 [ 370.498254][T12963] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 370.498297][T12963] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 370.498334][T12963] drm_fbdev_client_restore+0x2c/0x40 [ 370.498368][T12963] drm_client_dev_restore+0x1f3/0x2a0 [ 370.498404][T12963] drm_release+0x2c4/0x360 [ 370.498430][T12963] ? __pfx_drm_release+0x10/0x10 [ 370.498455][T12963] __fput+0x3ff/0xb70 [ 370.498490][T12963] task_work_run+0x14d/0x240 [ 370.498530][T12963] ? __pfx_task_work_run+0x10/0x10 [ 370.498576][T12963] ? __pfx___do_sys_close_range+0x10/0x10 [ 370.498625][T12963] exit_to_user_mode_loop+0xeb/0x110 [ 370.498669][T12963] do_syscall_64+0x3f6/0x490 [ 370.498712][T12963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.498740][T12963] RIP: 0033:0x7effd938e929 [ 370.498762][T12963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.498788][T12963] RSP: 002b:00007effda29d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 370.498813][T12963] RAX: 0000000000000000 RBX: 00007effd95b5fa0 RCX: 00007effd938e929 [ 370.498831][T12963] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 370.498847][T12963] RBP: 00007effd9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 370.498864][T12963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.498881][T12963] R13: 0000000000000000 R14: 00007effd95b5fa0 R15: 00007ffed96dbf88 [ 370.498920][T12963] [ 371.588774][T12987] FAULT_INJECTION: forcing a failure. [ 371.588774][T12987] name failslab, interval 1, probability 0, space 0, times 0 [ 371.618330][T12987] CPU: 0 UID: 0 PID: 12987 Comm: syz.1.2722 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 371.618380][T12987] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 371.618392][T12987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 371.618408][T12987] Call Trace: [ 371.618423][T12987] [ 371.618433][T12987] dump_stack_lvl+0x16c/0x1f0 [ 371.618477][T12987] should_fail_ex+0x512/0x640 [ 371.618513][T12987] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 371.618552][T12987] should_failslab+0xc2/0x120 [ 371.618579][T12987] __kmalloc_cache_noprof+0x6a/0x3e0 [ 371.618614][T12987] ? mqueue_init_fs_context+0x4b/0x480 [ 371.618645][T12987] ? __pfx_mqueue_init_fs_context+0x10/0x10 [ 371.618670][T12987] mqueue_init_fs_context+0x4b/0x480 [ 371.618694][T12987] ? __pfx_mqueue_init_fs_context+0x10/0x10 [ 371.618722][T12987] alloc_fs_context+0x54a/0x9c0 [ 371.618767][T12987] mq_init_ns+0x172/0x620 [ 371.618798][T12987] copy_ipcs+0x383/0x610 [ 371.618824][T12987] ? copy_utsname+0xab/0x470 [ 371.618861][T12987] create_new_namespaces+0x20a/0xa90 [ 371.618890][T12987] ? security_capable+0x7e/0x260 [ 371.618935][T12987] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 371.618968][T12987] ksys_unshare+0x45b/0xa40 [ 371.619002][T12987] ? __pfx_ksys_unshare+0x10/0x10 [ 371.619037][T12987] ? xfd_validate_state+0x61/0x180 [ 371.619081][T12987] __x64_sys_unshare+0x31/0x40 [ 371.619114][T12987] do_syscall_64+0xcd/0x490 [ 371.619157][T12987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.619184][T12987] RIP: 0033:0x7f427d98e929 [ 371.619206][T12987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.619232][T12987] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 371.619258][T12987] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 371.619276][T12987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000000 [ 371.619292][T12987] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 371.619309][T12987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 371.619324][T12987] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 371.619359][T12987] [ 371.970476][T12993] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 372.146959][T13004] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 372.507013][T13017] FAULT_INJECTION: forcing a failure. [ 372.507013][T13017] name failslab, interval 1, probability 0, space 0, times 0 [ 372.527421][T13017] CPU: 0 UID: 0 PID: 13017 Comm: syz.1.2735 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 372.527473][T13017] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 372.527483][T13017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 372.527497][T13017] Call Trace: [ 372.527505][T13017] [ 372.527515][T13017] dump_stack_lvl+0x16c/0x1f0 [ 372.527557][T13017] should_fail_ex+0x512/0x640 [ 372.527592][T13017] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 372.527632][T13017] should_failslab+0xc2/0x120 [ 372.527653][T13017] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 372.527690][T13017] ? dup_fd+0x4e/0xb90 [ 372.527723][T13017] ? do_futex+0x122/0x350 [ 372.527755][T13017] dup_fd+0x4e/0xb90 [ 372.527784][T13017] ? _raw_spin_unlock+0x28/0x50 [ 372.527817][T13017] ? do_set_mempolicy+0x220/0x480 [ 372.527865][T13017] __do_sys_close_range+0x4ca/0x730 [ 372.527901][T13017] ? __pfx___do_sys_close_range+0x10/0x10 [ 372.527945][T13017] do_syscall_64+0xcd/0x490 [ 372.527985][T13017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.528012][T13017] RIP: 0033:0x7f427d98e929 [ 372.528034][T13017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.528059][T13017] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 372.528084][T13017] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 372.528101][T13017] RDX: 0000000000000002 RSI: fffffffffffff000 RDI: 0000000000000000 [ 372.528126][T13017] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 372.528141][T13017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 372.528157][T13017] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 372.528191][T13017] [ 372.721071][T13018] FAULT_INJECTION: forcing a failure. [ 372.721071][T13018] name failslab, interval 1, probability 0, space 0, times 0 [ 372.737318][T13018] CPU: 1 UID: 0 PID: 13018 Comm: syz.1.2735 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 372.737378][T13018] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 372.737389][T13018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 372.737405][T13018] Call Trace: [ 372.737414][T13018] [ 372.737424][T13018] dump_stack_lvl+0x16c/0x1f0 [ 372.737470][T13018] should_fail_ex+0x512/0x640 [ 372.737505][T13018] ? __kvmalloc_node_noprof+0x124/0x620 [ 372.737545][T13018] should_failslab+0xc2/0x120 [ 372.737572][T13018] __kvmalloc_node_noprof+0x137/0x620 [ 372.737609][T13018] ? alloc_fdtable+0xee/0x2b0 [ 372.737646][T13018] ? alloc_fdtable+0xee/0x2b0 [ 372.737676][T13018] alloc_fdtable+0xee/0x2b0 [ 372.737709][T13018] dup_fd+0x83b/0xb90 [ 372.737745][T13018] ? find_held_lock+0x2b/0x80 [ 372.737778][T13018] ksys_unshare+0x831/0xa40 [ 372.737811][T13018] ? __pfx_ksys_unshare+0x10/0x10 [ 372.737845][T13018] ? xfd_validate_state+0x61/0x180 [ 372.737889][T13018] __x64_sys_unshare+0x31/0x40 [ 372.737922][T13018] do_syscall_64+0xcd/0x490 [ 372.737964][T13018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.737992][T13018] RIP: 0033:0x7f427d98e929 [ 372.738013][T13018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.738039][T13018] RSP: 002b:00007f427e712038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 372.738064][T13018] RAX: ffffffffffffffda RBX: 00007f427dbb6080 RCX: 00007f427d98e929 [ 372.738083][T13018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008000400 [ 372.738097][T13018] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 372.738113][T13018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 372.738129][T13018] R13: 0000000000000000 R14: 00007f427dbb6080 R15: 00007ffd1874d9a8 [ 372.738165][T13018] [ 373.266692][T13032] netlink: 'syz.1.2740': attribute type 21 has an invalid length. [ 373.275437][T13032] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2740'. [ 373.516867][T13036] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2742'. [ 375.024554][T13069] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2754'. [ 375.058819][T13069] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2754'. [ 375.081525][T13069] netlink: 'syz.2.2754': attribute type 2 has an invalid length. [ 375.114693][T13069] netlink: 'syz.2.2754': attribute type 3 has an invalid length. [ 375.177633][T13069] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2754'. [ 375.950074][T13090] netlink: 'syz.1.2763': attribute type 20 has an invalid length. [ 375.975997][T13090] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2763'. [ 375.998003][T13090] IPv6: NLM_F_CREATE should be specified when creating new route [ 376.411898][T13107] FAULT_INJECTION: forcing a failure. [ 376.411898][T13107] name failslab, interval 1, probability 0, space 0, times 0 [ 376.446384][T13107] CPU: 0 UID: 0 PID: 13107 Comm: syz.0.2770 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 376.446435][T13107] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 376.446446][T13107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 376.446461][T13107] Call Trace: [ 376.446470][T13107] [ 376.446481][T13107] dump_stack_lvl+0x16c/0x1f0 [ 376.446527][T13107] should_fail_ex+0x512/0x640 [ 376.446562][T13107] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 376.446606][T13107] should_failslab+0xc2/0x120 [ 376.446632][T13107] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 376.446672][T13107] ? __d_alloc+0x31/0xaa0 [ 376.446713][T13107] __d_alloc+0x31/0xaa0 [ 376.446753][T13107] ? __pfx_nfsd_fill_super+0x10/0x10 [ 376.446782][T13107] d_alloc+0x4a/0x1e0 [ 376.446819][T13107] ? __pfx_nfsd_fill_super+0x10/0x10 [ 376.446847][T13107] d_alloc_name+0x83/0xb0 [ 376.446885][T13107] ? __pfx_d_alloc_name+0x10/0x10 [ 376.446933][T13107] nfsd_fill_super+0x12a/0x530 [ 376.446976][T13107] ? __pfx_nfsd_fill_super+0x10/0x10 [ 376.447004][T13107] get_tree_keyed+0x10b/0x1d0 [ 376.447044][T13107] vfs_get_tree+0x8b/0x340 [ 376.447075][T13107] path_mount+0x1414/0x2020 [ 376.447116][T13107] ? kmem_cache_free+0x2d1/0x4d0 [ 376.447150][T13107] ? __pfx_path_mount+0x10/0x10 [ 376.447195][T13107] ? putname+0x154/0x1a0 [ 376.447225][T13107] __x64_sys_mount+0x28d/0x310 [ 376.447264][T13107] ? __pfx___x64_sys_mount+0x10/0x10 [ 376.447315][T13107] do_syscall_64+0xcd/0x490 [ 376.447356][T13107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.447384][T13107] RIP: 0033:0x7effd938e929 [ 376.447405][T13107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.447431][T13107] RSP: 002b:00007effda29d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 376.447461][T13107] RAX: ffffffffffffffda RBX: 00007effd95b5fa0 RCX: 00007effd938e929 [ 376.447477][T13107] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 376.447492][T13107] RBP: 00007effd9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 376.447506][T13107] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 376.447520][T13107] R13: 0000000000000000 R14: 00007effd95b5fa0 R15: 00007ffed96dbf88 [ 376.447552][T13107] [ 376.943126][T13117] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.066418][T13123] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2774'. [ 377.162044][T13123] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2774'. [ 377.180076][T13127] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2776'. [ 377.682391][T13139] syz.3.2783 (13139) used greatest stack depth: 19800 bytes left [ 377.812967][T13147] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2786'. [ 378.168462][T13164] FAULT_INJECTION: forcing a failure. [ 378.168462][T13164] name failslab, interval 1, probability 0, space 0, times 0 [ 378.200563][T13164] CPU: 1 UID: 0 PID: 13164 Comm: syz.1.2793 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 378.200615][T13164] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 378.200626][T13164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 378.200642][T13164] Call Trace: [ 378.200651][T13164] [ 378.200662][T13164] dump_stack_lvl+0x16c/0x1f0 [ 378.200708][T13164] should_fail_ex+0x512/0x640 [ 378.200751][T13164] should_failslab+0xc2/0x120 [ 378.200778][T13164] __kmalloc_cache_noprof+0x6a/0x3e0 [ 378.200815][T13164] ? sctp_add_bind_addr+0xae/0x3f0 [ 378.200863][T13164] sctp_add_bind_addr+0xae/0x3f0 [ 378.200909][T13164] sctp_copy_local_addr_list+0x39d/0x5a0 [ 378.200941][T13164] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 378.200982][T13164] ? sctp_bind_addr_copy+0xe0/0x530 [ 378.201018][T13164] sctp_bind_addr_copy+0xe0/0x530 [ 378.201061][T13164] sctp_sf_do_unexpected_init.isra.0+0x90c/0x16f0 [ 378.201111][T13164] ? __pfx_sctp_sf_do_unexpected_init.isra.0+0x10/0x10 [ 378.201152][T13164] ? __pfx_sctp_sm_lookup_event+0x10/0x10 [ 378.201198][T13164] ? __pfx_sctp_cname+0x10/0x10 [ 378.201232][T13164] sctp_do_sm+0x181/0x5c80 [ 378.201267][T13164] ? sctp_packet_singleton+0x1a5/0x370 [ 378.201297][T13164] ? __pfx_sctp_packet_singleton+0x10/0x10 [ 378.201334][T13164] ? __pfx_sctp_do_sm+0x10/0x10 [ 378.201415][T13164] ? ktime_get+0x200/0x310 [ 378.201444][T13164] ? lockdep_hardirqs_on+0x7c/0x110 [ 378.201487][T13164] sctp_assoc_bh_rcv+0x392/0x6f0 [ 378.201528][T13164] sctp_inq_push+0x1db/0x270 [ 378.201560][T13164] sctp_backlog_rcv+0x169/0x590 [ 378.201599][T13164] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 378.201632][T13164] __release_sock+0x35f/0x400 [ 378.201672][T13164] ? lockdep_hardirqs_on+0x7c/0x110 [ 378.201716][T13164] release_sock+0x5a/0x220 [ 378.201754][T13164] sctp_wait_for_connect+0x1c4/0x5c0 [ 378.201787][T13164] ? __pfx_sctp_wait_for_connect+0x10/0x10 [ 378.201815][T13164] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 378.201846][T13164] ? __pfx_autoremove_wake_function+0x10/0x10 [ 378.201892][T13164] ? sctp_primitive_ASSOCIATE+0x9c/0xd0 [ 378.201932][T13164] __sctp_connect+0x9c7/0xc60 [ 378.201969][T13164] ? do_raw_spin_lock+0x12c/0x2b0 [ 378.202010][T13164] ? __pfx___sctp_connect+0x10/0x10 [ 378.202045][T13164] ? __pfx_sctp_inet_connect+0x10/0x10 [ 378.202079][T13164] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 378.202121][T13164] ? __pfx_sctp_inet_connect+0x10/0x10 [ 378.202151][T13164] sctp_inet_connect+0x15f/0x200 [ 378.202186][T13164] __sys_connect_file+0x141/0x1a0 [ 378.202224][T13164] __sys_connect+0x13b/0x160 [ 378.202257][T13164] ? __pfx___sys_connect+0x10/0x10 [ 378.202301][T13164] ? xfd_validate_state+0x61/0x180 [ 378.202332][T13164] ? __pfx_do_writev+0x10/0x10 [ 378.202371][T13164] __x64_sys_connect+0x72/0xb0 [ 378.202403][T13164] ? lockdep_hardirqs_on+0x7c/0x110 [ 378.202436][T13164] do_syscall_64+0xcd/0x490 [ 378.202475][T13164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.202501][T13164] RIP: 0033:0x7f427d98e929 [ 378.202522][T13164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.202548][T13164] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 378.202574][T13164] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 378.202592][T13164] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 378.202608][T13164] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 378.202624][T13164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.202639][T13164] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 378.202675][T13164] [ 378.601423][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.607883][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.912971][T13175] __nla_validate_parse: 2 callbacks suppressed [ 378.912993][T13175] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2798'. [ 379.009522][T13175] veth0_macvtap: left promiscuous mode [ 379.715971][T13200] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2806'. [ 380.871262][T13226] capability: warning: `syz.0.2815' uses 32-bit capabilities (legacy support in use) [ 381.016044][T13231] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2816'. [ 381.339870][T13243] netlink: 266 bytes leftover after parsing attributes in process `syz.1.2822'. [ 381.349456][T13243] IPv6: NLM_F_CREATE should be specified when creating new route [ 381.735757][T13262] FAULT_INJECTION: forcing a failure. [ 381.735757][T13262] name failslab, interval 1, probability 0, space 0, times 0 [ 381.755612][T13262] CPU: 0 UID: 0 PID: 13262 Comm: syz.2.2830 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 381.755661][T13262] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 381.755672][T13262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 381.755687][T13262] Call Trace: [ 381.755696][T13262] [ 381.755707][T13262] dump_stack_lvl+0x16c/0x1f0 [ 381.755750][T13262] should_fail_ex+0x512/0x640 [ 381.755785][T13262] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 381.755824][T13262] should_failslab+0xc2/0x120 [ 381.755849][T13262] __kmalloc_cache_noprof+0x6a/0x3e0 [ 381.755884][T13262] ? mpi_alloc+0x46/0x230 [ 381.755912][T13262] ? mpi_normalize+0xc9/0x100 [ 381.755939][T13262] mpi_alloc+0x46/0x230 [ 381.755966][T13262] rsa_check_payload+0x3b/0xc0 [ 381.756004][T13262] rsa_enc+0x198/0x3b0 [ 381.756040][T13262] ? __pfx_rsa_enc+0x10/0x10 [ 381.756073][T13262] ? __virt_addr_valid+0x81/0x610 [ 381.756097][T13262] ? __phys_addr+0xe8/0x180 [ 381.756123][T13262] ? sg_init_one+0xf5/0x1b0 [ 381.756156][T13262] rsassa_pkcs1_verify+0x502/0xb60 [ 381.756192][T13262] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 381.756235][T13262] ? rsa_max_size+0xd/0x70 [ 381.756281][T13262] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 381.756312][T13262] public_key_verify_signature+0x672/0x970 [ 381.756349][T13262] ? __pfx_public_key_verify_signature+0x10/0x10 [ 381.756397][T13264] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2831'. [ 381.756408][T13262] x509_check_for_self_signed+0x31a/0x500 [ 381.756443][T13262] x509_cert_parse+0x5f8/0x900 [ 381.756467][T13262] ? kasan_save_stack+0x42/0x60 [ 381.756501][T13262] ? kasan_save_stack+0x33/0x60 [ 381.756536][T13262] ? kasan_save_track+0x14/0x30 [ 381.756575][T13262] pkcs7_extract_cert+0xa4/0x320 [ 381.756614][T13262] asn1_ber_decoder+0xc5f/0x1df0 [ 381.756668][T13262] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 381.756732][T13262] pkcs7_parse_message+0x288/0x720 [ 381.756771][T13262] verify_pkcs7_signature+0x30/0xa0 [ 381.756802][T13262] valid_regdb+0x215/0x590 [ 381.756829][T13262] ? __pfx___mutex_lock+0x10/0x10 [ 381.756870][T13262] ? __pfx_valid_regdb+0x10/0x10 [ 381.756905][T13262] reg_reload_regdb+0x11e/0x460 [ 381.756937][T13262] ? __pfx_reg_reload_regdb+0x10/0x10 [ 381.756968][T13262] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 381.757002][T13262] ? nl80211_pre_doit+0x1b0/0xb10 [ 381.757043][T13262] genl_family_rcv_msg_doit+0x209/0x2f0 [ 381.757077][T13262] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 381.757106][T13262] ? rcu_is_watching+0x12/0xc0 [ 381.757145][T13262] ? bpf_lsm_capable+0x9/0x10 [ 381.757175][T13262] ? security_capable+0x7e/0x260 [ 381.757221][T13262] genl_rcv_msg+0x55c/0x800 [ 381.757263][T13262] ? __pfx_genl_rcv_msg+0x10/0x10 [ 381.757295][T13262] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 381.757331][T13262] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 381.757360][T13262] ? __pfx_nl80211_post_doit+0x10/0x10 [ 381.757442][T13262] netlink_rcv_skb+0x158/0x420 [ 381.757473][T13262] ? __pfx_genl_rcv_msg+0x10/0x10 [ 381.757505][T13262] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 381.757547][T13262] ? netlink_deliver_tap+0x1ae/0xd30 [ 381.757577][T13262] genl_rcv+0x28/0x40 [ 381.757604][T13262] netlink_unicast+0x53a/0x7f0 [ 381.757635][T13262] ? __pfx_netlink_unicast+0x10/0x10 [ 381.757673][T13262] netlink_sendmsg+0x8d1/0xdd0 [ 381.757705][T13262] ? __pfx_netlink_sendmsg+0x10/0x10 [ 381.757746][T13262] ____sys_sendmsg+0xa95/0xc70 [ 381.757776][T13262] ? copy_msghdr_from_user+0x10a/0x160 [ 381.757812][T13262] ? __pfx_____sys_sendmsg+0x10/0x10 [ 381.757848][T13262] ? __pfx_futex_wake_mark+0x10/0x10 [ 381.757890][T13262] ___sys_sendmsg+0x134/0x1d0 [ 381.757928][T13262] ? __pfx____sys_sendmsg+0x10/0x10 [ 381.757961][T13262] ? __lock_acquire+0x622/0x1c90 [ 381.758036][T13262] __sys_sendmsg+0x16d/0x220 [ 381.758073][T13262] ? __pfx___sys_sendmsg+0x10/0x10 [ 381.758110][T13262] ? __x64_sys_futex+0x1e0/0x4c0 [ 381.758162][T13262] do_syscall_64+0xcd/0x490 [ 381.758201][T13262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.758227][T13262] RIP: 0033:0x7f3dbf98e929 [ 381.758254][T13262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 381.758280][T13262] RSP: 002b:00007f3dc07a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 381.758305][T13262] RAX: ffffffffffffffda RBX: 00007f3dbfbb5fa0 RCX: 00007f3dbf98e929 [ 381.758323][T13262] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 381.758339][T13262] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 381.758355][T13262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 381.758371][T13262] R13: 0000000000000000 R14: 00007f3dbfbb5fa0 R15: 00007ffc7aac7b78 [ 381.758405][T13262] [ 382.224577][T13264] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 382.232434][T13264] IPv6: NLM_F_CREATE should be set when creating new route [ 382.239692][T13264] IPv6: NLM_F_CREATE should be set when creating new route [ 382.483069][T13277] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2835'. [ 382.494388][T13269] zswap: compressor not available [ 382.623961][T13279] sctp: [Deprecated]: syz.1.2836 (pid 13279) Use of struct sctp_assoc_value in delayed_ack socket option. [ 382.623961][T13279] Use struct sctp_sack_info instead [ 383.272239][T13292] [U] [ 383.274576][T13294] FAULT_INJECTION: forcing a failure. [ 383.274576][T13294] name failslab, interval 1, probability 0, space 0, times 0 [ 383.275062][T13292] [U] [ 383.287803][T13294] CPU: 1 UID: 0 PID: 13294 Comm: syz.0.2841 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 383.287849][T13294] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 383.287859][T13294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 383.287876][T13294] Call Trace: [ 383.287885][T13294] [ 383.287895][T13294] dump_stack_lvl+0x16c/0x1f0 [ 383.287939][T13294] should_fail_ex+0x512/0x640 [ 383.287975][T13294] ? __kmalloc_noprof+0xbf/0x510 [ 383.288014][T13294] ? mpi_alloc_limb_space+0x31/0x60 [ 383.288043][T13294] should_failslab+0xc2/0x120 [ 383.288068][T13294] __kmalloc_noprof+0xd2/0x510 [ 383.288111][T13294] mpi_alloc_limb_space+0x31/0x60 [ 383.288140][T13294] mpi_powm+0xbe2/0x1bf0 [ 383.288178][T13294] ? kasan_quarantine_put+0x10a/0x240 [ 383.288217][T13294] ? __pfx_mpi_powm+0x10/0x10 [ 383.288245][T13294] ? kfree+0x2b4/0x4d0 [ 383.288275][T13294] ? mpi_free+0xe1/0x160 [ 383.288309][T13294] ? mpi_free+0xe1/0x160 [ 383.288347][T13294] rsa_enc+0x1fe/0x3b0 [ 383.288389][T13294] ? __pfx_rsa_enc+0x10/0x10 [ 383.288425][T13294] ? __virt_addr_valid+0x81/0x610 [ 383.288452][T13294] ? __phys_addr+0xe8/0x180 [ 383.288478][T13294] ? sg_init_one+0xf5/0x1b0 [ 383.288513][T13294] rsassa_pkcs1_verify+0x502/0xb60 [ 383.288551][T13294] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 383.288597][T13294] ? rsa_max_size+0xd/0x70 [ 383.288630][T13294] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 383.288662][T13294] public_key_verify_signature+0x672/0x970 [ 383.288698][T13294] ? __pfx_public_key_verify_signature+0x10/0x10 [ 383.288757][T13294] x509_check_for_self_signed+0x31a/0x500 [ 383.288801][T13294] x509_cert_parse+0x5f8/0x900 [ 383.288829][T13294] ? kasan_save_stack+0x42/0x60 [ 383.288863][T13294] ? kasan_save_stack+0x33/0x60 [ 383.288897][T13294] ? kasan_save_track+0x14/0x30 [ 383.288936][T13294] pkcs7_extract_cert+0xa4/0x320 [ 383.288976][T13294] asn1_ber_decoder+0xc5f/0x1df0 [ 383.289029][T13294] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 383.289109][T13294] pkcs7_parse_message+0x288/0x720 [ 383.289149][T13294] verify_pkcs7_signature+0x30/0xa0 [ 383.289181][T13294] valid_regdb+0x215/0x590 [ 383.289209][T13294] ? __pfx___mutex_lock+0x10/0x10 [ 383.289247][T13294] ? __pfx_valid_regdb+0x10/0x10 [ 383.289283][T13294] reg_reload_regdb+0x11e/0x460 [ 383.289314][T13294] ? __pfx_reg_reload_regdb+0x10/0x10 [ 383.289351][T13294] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 383.289387][T13294] ? nl80211_pre_doit+0x1b0/0xb10 [ 383.289430][T13294] genl_family_rcv_msg_doit+0x209/0x2f0 [ 383.289466][T13294] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 383.289496][T13294] ? rcu_is_watching+0x12/0xc0 [ 383.289534][T13294] ? bpf_lsm_capable+0x9/0x10 [ 383.289563][T13294] ? security_capable+0x7e/0x260 [ 383.289609][T13294] genl_rcv_msg+0x55c/0x800 [ 383.289645][T13294] ? __pfx_genl_rcv_msg+0x10/0x10 [ 383.289675][T13294] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 383.289709][T13294] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 383.289736][T13294] ? __pfx_nl80211_post_doit+0x10/0x10 [ 383.289779][T13294] ? __lock_acquire+0x622/0x1c90 [ 383.289816][T13294] netlink_rcv_skb+0x158/0x420 [ 383.289843][T13294] ? __pfx_genl_rcv_msg+0x10/0x10 [ 383.289876][T13294] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 383.289917][T13294] ? netlink_deliver_tap+0x1ae/0xd30 [ 383.289941][T13294] ? is_vmalloc_addr+0x86/0xa0 [ 383.289980][T13294] genl_rcv+0x28/0x40 [ 383.290006][T13294] netlink_unicast+0x53a/0x7f0 [ 383.290037][T13294] ? __pfx_netlink_unicast+0x10/0x10 [ 383.290074][T13294] netlink_sendmsg+0x8d1/0xdd0 [ 383.290107][T13294] ? __pfx_netlink_sendmsg+0x10/0x10 [ 383.290148][T13294] ____sys_sendmsg+0xa95/0xc70 [ 383.290178][T13294] ? copy_msghdr_from_user+0x10a/0x160 [ 383.290213][T13294] ? __pfx_____sys_sendmsg+0x10/0x10 [ 383.290250][T13294] ? __pfx_futex_wake_mark+0x10/0x10 [ 383.290291][T13294] ___sys_sendmsg+0x134/0x1d0 [ 383.290337][T13294] ? __pfx____sys_sendmsg+0x10/0x10 [ 383.290372][T13294] ? __lock_acquire+0x622/0x1c90 [ 383.290446][T13294] __sys_sendmsg+0x16d/0x220 [ 383.290484][T13294] ? __pfx___sys_sendmsg+0x10/0x10 [ 383.290520][T13294] ? __x64_sys_futex+0x1e0/0x4c0 [ 383.290571][T13294] do_syscall_64+0xcd/0x490 [ 383.290611][T13294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.290637][T13294] RIP: 0033:0x7effd938e929 [ 383.290659][T13294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.290683][T13294] RSP: 002b:00007effda29d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 383.290709][T13294] RAX: ffffffffffffffda RBX: 00007effd95b5fa0 RCX: 00007effd938e929 [ 383.290727][T13294] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 383.290744][T13294] RBP: 00007effd9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 383.290760][T13294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.290777][T13294] R13: 0000000000000000 R14: 00007effd95b5fa0 R15: 00007ffed96dbf88 [ 383.290811][T13294] [ 383.769750][T13292] [U] [ 383.772459][T13292] [U] [ 383.794719][T13292] [U] [ 383.797465][T13292] [U] [ 383.800183][T13292] [U] [ 383.802891][T13292] [U] [ 383.820861][T13292] [U] [ 383.823628][T13292] [U] [ 383.826351][T13292] [U] [ 383.829098][T13292] [U] [ 383.835834][T13292] [U] [ 383.838575][T13292] [U] [ 383.841300][T13292] [U] [ 383.844019][T13292] [U] [ 383.848238][T13292] [U] [ 383.850975][T13292] [U] [ 383.853696][T13292] [U] [ 383.856422][T13292] [U] [ 383.859148][T13302] FAULT_INJECTION: forcing a failure. [ 383.859148][T13302] name failslab, interval 1, probability 0, space 0, times 0 [ 383.862789][T13292] [U] [ 383.874471][T13292] [U] [ 383.877196][T13292] [U] [ 383.879916][T13292] [U] [ 383.895636][T13302] CPU: 1 UID: 0 PID: 13302 Comm: syz.0.2844 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 383.895686][T13302] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 383.895697][T13302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 383.895712][T13302] Call Trace: [ 383.895721][T13302] [ 383.895731][T13302] dump_stack_lvl+0x16c/0x1f0 [ 383.895775][T13302] should_fail_ex+0x512/0x640 [ 383.895808][T13302] ? fs_reclaim_acquire+0xae/0x150 [ 383.895840][T13302] ? tomoyo_encode2+0x100/0x3e0 [ 383.895871][T13302] should_failslab+0xc2/0x120 [ 383.895898][T13302] __kmalloc_noprof+0xd2/0x510 [ 383.895935][T13302] ? d_absolute_path+0x136/0x1a0 [ 383.895966][T13302] tomoyo_encode2+0x100/0x3e0 [ 383.896004][T13302] tomoyo_encode+0x29/0x50 [ 383.896036][T13302] tomoyo_realpath_from_path+0x18f/0x6e0 [ 383.896080][T13302] tomoyo_check_open_permission+0x2ab/0x3c0 [ 383.896111][T13302] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 383.896180][T13302] ? find_held_lock+0x2b/0x80 [ 383.896216][T13302] tomoyo_file_open+0x6b/0x90 [ 383.896253][T13302] security_file_open+0x84/0x1e0 [ 383.896287][T13302] do_dentry_open+0x596/0x1c10 [ 383.896338][T13302] vfs_open+0x82/0x3f0 [ 383.896372][T13302] path_openat+0x1de4/0x2cb0 [ 383.896418][T13302] ? __pfx_path_openat+0x10/0x10 [ 383.896454][T13302] ? __lock_acquire+0xb8a/0x1c90 [ 383.896490][T13302] do_filp_open+0x20b/0x470 [ 383.896528][T13302] ? __pfx_do_filp_open+0x10/0x10 [ 383.896590][T13302] ? alloc_fd+0x471/0x7d0 [ 383.896634][T13302] do_sys_openat2+0x11b/0x1d0 [ 383.896662][T13302] ? __pfx_do_sys_openat2+0x10/0x10 [ 383.896706][T13302] __x64_sys_openat+0x174/0x210 [ 383.896734][T13302] ? __pfx___x64_sys_openat+0x10/0x10 [ 383.896778][T13302] do_syscall_64+0xcd/0x490 [ 383.896817][T13302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.896843][T13302] RIP: 0033:0x7effd938e929 [ 383.896864][T13302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.896889][T13302] RSP: 002b:00007effda29d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 383.896914][T13302] RAX: ffffffffffffffda RBX: 00007effd95b5fa0 RCX: 00007effd938e929 [ 383.896933][T13302] RDX: 0000000000002002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 383.896949][T13302] RBP: 00007effd9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 383.896965][T13302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.896980][T13302] R13: 0000000000000000 R14: 00007effd95b5fa0 R15: 00007ffed96dbf88 [ 383.897015][T13302] [ 383.897112][T13302] ERROR: Out of memory at tomoyo_realpath_from_path. [ 384.069078][T13296] zswap: compressor 000 not available [ 384.072663][T13292] [U] [ 384.134819][T13292] [U] [ 384.134862][T13292] [U] [ 384.173944][T13292] [U] [ 384.182084][T13292] [U] [ 384.585245][T13319] netlink: 'syz.2.2849': attribute type 21 has an invalid length. [ 384.615074][T13319] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2849'. [ 385.257728][T13338] zswap: compressor 000 not available [ 385.838253][T13365] FAULT_INJECTION: forcing a failure. [ 385.838253][T13365] name failslab, interval 1, probability 0, space 0, times 0 [ 385.857760][T13365] CPU: 1 UID: 0 PID: 13365 Comm: syz.1.2865 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 385.857810][T13365] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 385.857821][T13365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 385.857837][T13365] Call Trace: [ 385.857847][T13365] [ 385.857857][T13365] dump_stack_lvl+0x16c/0x1f0 [ 385.857901][T13365] should_fail_ex+0x512/0x640 [ 385.857936][T13365] ? __kmalloc_noprof+0xbf/0x510 [ 385.857979][T13365] ? mpi_resize+0x188/0x230 [ 385.858006][T13365] should_failslab+0xc2/0x120 [ 385.858033][T13365] __kmalloc_noprof+0xd2/0x510 [ 385.858080][T13365] mpi_resize+0x188/0x230 [ 385.858112][T13365] mpi_sub_ui+0x173/0x8d0 [ 385.858144][T13365] ? __kasan_kmalloc+0xaa/0xb0 [ 385.858187][T13365] rsa_check_payload+0x58/0xc0 [ 385.858229][T13365] rsa_enc+0x198/0x3b0 [ 385.858270][T13365] ? __pfx_rsa_enc+0x10/0x10 [ 385.858307][T13365] ? __virt_addr_valid+0x81/0x610 [ 385.858334][T13365] ? __phys_addr+0xe8/0x180 [ 385.858357][T13365] ? sg_init_one+0xf5/0x1b0 [ 385.858391][T13365] rsassa_pkcs1_verify+0x502/0xb60 [ 385.858428][T13365] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 385.858473][T13365] ? rsa_max_size+0xd/0x70 [ 385.858506][T13365] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 385.858535][T13365] public_key_verify_signature+0x672/0x970 [ 385.858569][T13365] ? __pfx_public_key_verify_signature+0x10/0x10 [ 385.858623][T13365] x509_check_for_self_signed+0x31a/0x500 [ 385.858659][T13365] x509_cert_parse+0x5f8/0x900 [ 385.858686][T13365] ? kasan_save_stack+0x42/0x60 [ 385.858717][T13365] ? kasan_save_stack+0x33/0x60 [ 385.858752][T13365] ? kasan_save_track+0x14/0x30 [ 385.858787][T13365] pkcs7_extract_cert+0xa4/0x320 [ 385.858824][T13365] asn1_ber_decoder+0xc5f/0x1df0 [ 385.858874][T13365] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 385.858933][T13365] pkcs7_parse_message+0x288/0x720 [ 385.858970][T13365] verify_pkcs7_signature+0x30/0xa0 [ 385.858999][T13365] valid_regdb+0x215/0x590 [ 385.859025][T13365] ? __pfx___mutex_lock+0x10/0x10 [ 385.859061][T13365] ? __pfx_valid_regdb+0x10/0x10 [ 385.859094][T13365] reg_reload_regdb+0x11e/0x460 [ 385.859123][T13365] ? __pfx_reg_reload_regdb+0x10/0x10 [ 385.859159][T13365] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 385.859194][T13365] ? nl80211_pre_doit+0x1b0/0xb10 [ 385.859233][T13365] genl_family_rcv_msg_doit+0x209/0x2f0 [ 385.859266][T13365] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 385.859295][T13365] ? rcu_is_watching+0x12/0xc0 [ 385.859332][T13365] ? bpf_lsm_capable+0x9/0x10 [ 385.859361][T13365] ? security_capable+0x7e/0x260 [ 385.859404][T13365] genl_rcv_msg+0x55c/0x800 [ 385.859437][T13365] ? __pfx_genl_rcv_msg+0x10/0x10 [ 385.859466][T13365] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 385.859499][T13365] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 385.859524][T13365] ? __pfx_nl80211_post_doit+0x10/0x10 [ 385.859570][T13365] netlink_rcv_skb+0x158/0x420 [ 385.859595][T13365] ? __pfx_genl_rcv_msg+0x10/0x10 [ 385.859626][T13365] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 385.859665][T13365] ? netlink_deliver_tap+0x1ae/0xd30 [ 385.859693][T13365] genl_rcv+0x28/0x40 [ 385.859717][T13365] netlink_unicast+0x53a/0x7f0 [ 385.859747][T13365] ? __pfx_netlink_unicast+0x10/0x10 [ 385.859782][T13365] netlink_sendmsg+0x8d1/0xdd0 [ 385.859812][T13365] ? __pfx_netlink_sendmsg+0x10/0x10 [ 385.859850][T13365] ____sys_sendmsg+0xa95/0xc70 [ 385.859878][T13365] ? copy_msghdr_from_user+0x10a/0x160 [ 385.859913][T13365] ? __pfx_____sys_sendmsg+0x10/0x10 [ 385.859938][T13365] ? preempt_schedule_thunk+0x16/0x30 [ 385.859973][T13365] ? try_to_wake_up+0xa2f/0x1680 [ 385.860002][T13365] ___sys_sendmsg+0x134/0x1d0 [ 385.860039][T13365] ? __pfx____sys_sendmsg+0x10/0x10 [ 385.860070][T13365] ? __lock_acquire+0x622/0x1c90 [ 385.860145][T13365] __sys_sendmsg+0x16d/0x220 [ 385.860181][T13365] ? __pfx___sys_sendmsg+0x10/0x10 [ 385.860215][T13365] ? __x64_sys_futex+0x1e0/0x4c0 [ 385.860265][T13365] do_syscall_64+0xcd/0x490 [ 385.860304][T13365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.860329][T13365] RIP: 0033:0x7f427d98e929 [ 385.860348][T13365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.860373][T13365] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 385.860395][T13365] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 385.860412][T13365] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 385.860427][T13365] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 385.860442][T13365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.860457][T13365] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 385.860490][T13365] [ 387.291623][T13387] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2875'. [ 387.362071][T13389] netlink: 30 bytes leftover after parsing attributes in process `syz.2.2876'. [ 387.955467][T13394] FAULT_INJECTION: forcing a failure. [ 387.955467][T13394] name failslab, interval 1, probability 0, space 0, times 0 [ 387.969223][T13394] CPU: 0 UID: 0 PID: 13394 Comm: syz.0.2878 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 387.969273][T13394] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 387.969284][T13394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 387.969299][T13394] Call Trace: [ 387.969308][T13394] [ 387.969319][T13394] dump_stack_lvl+0x16c/0x1f0 [ 387.969361][T13394] should_fail_ex+0x512/0x640 [ 387.969398][T13394] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 387.969440][T13394] should_failslab+0xc2/0x120 [ 387.969466][T13394] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 387.969505][T13394] ? prepare_creds+0x2c/0x7d0 [ 387.969547][T13394] prepare_creds+0x2c/0x7d0 [ 387.969585][T13394] join_session_keyring+0x17/0x340 [ 387.969617][T13394] lookup_user_key+0x576/0x1300 [ 387.969651][T13394] ? __pfx_lookup_user_key+0x10/0x10 [ 387.969684][T13394] ? __pfx_do_futex+0x10/0x10 [ 387.969719][T13394] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 387.969760][T13394] ? __pfx___x64_sys_futex+0x10/0x10 [ 387.969796][T13394] keyctl_keyring_move+0xb4/0x150 [ 387.969823][T13394] __do_sys_keyctl+0x171/0x590 [ 387.969853][T13394] do_syscall_64+0xcd/0x490 [ 387.969900][T13394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.969925][T13394] RIP: 0033:0x7effd938e929 [ 387.969946][T13394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.969972][T13394] RSP: 002b:00007effda29d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 387.969988][T13394] RAX: ffffffffffffffda RBX: 00007effd95b5fa0 RCX: 00007effd938e929 [ 387.969998][T13394] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 000000000000001e [ 387.970007][T13394] RBP: 00007effd9410b39 R08: 0000000000000001 R09: 0000000000000000 [ 387.970016][T13394] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 387.970025][T13394] R13: 0000000000000000 R14: 00007effd95b5fa0 R15: 00007ffed96dbf88 [ 387.970043][T13394] [ 389.183260][T13418] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2888'. [ 390.338547][T13444] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2898'. [ 390.704805][T13451] sctp: [Deprecated]: syz.0.2899 (pid 13451) Use of struct sctp_assoc_value in delayed_ack socket option. [ 390.704805][T13451] Use struct sctp_sack_info instead [ 390.767072][T13454] netlink: 'syz.1.2902': attribute type 4 has an invalid length. [ 392.366731][T13507] FAULT_INJECTION: forcing a failure. [ 392.366731][T13507] name failslab, interval 1, probability 0, space 0, times 0 [ 392.381129][T13507] CPU: 0 UID: 0 PID: 13507 Comm: syz.1.2922 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 392.381178][T13507] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 392.381189][T13507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 392.381205][T13507] Call Trace: [ 392.381214][T13507] [ 392.381224][T13507] dump_stack_lvl+0x16c/0x1f0 [ 392.381270][T13507] should_fail_ex+0x512/0x640 [ 392.381316][T13507] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 392.381356][T13507] should_failslab+0xc2/0x120 [ 392.381382][T13507] __kmalloc_cache_noprof+0x6a/0x3e0 [ 392.381417][T13507] ? kernfs_fop_open+0xa3a/0xda0 [ 392.381450][T13507] kernfs_fop_open+0xa3a/0xda0 [ 392.381477][T13507] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 392.381515][T13507] do_dentry_open+0x744/0x1c10 [ 392.381552][T13507] ? __pfx_kernfs_fop_open+0x10/0x10 [ 392.381585][T13507] vfs_open+0x82/0x3f0 [ 392.381617][T13507] path_openat+0x1de4/0x2cb0 [ 392.381665][T13507] ? __pfx_path_openat+0x10/0x10 [ 392.381704][T13507] ? __lock_acquire+0xb8a/0x1c90 [ 392.381743][T13507] do_filp_open+0x20b/0x470 [ 392.381779][T13507] ? __pfx_do_filp_open+0x10/0x10 [ 392.381844][T13507] ? alloc_fd+0x471/0x7d0 [ 392.381890][T13507] do_sys_openat2+0x11b/0x1d0 [ 392.381919][T13507] ? __pfx_do_sys_openat2+0x10/0x10 [ 392.381962][T13507] __x64_sys_openat+0x174/0x210 [ 392.381992][T13507] ? __pfx___x64_sys_openat+0x10/0x10 [ 392.382038][T13507] do_syscall_64+0xcd/0x490 [ 392.382080][T13507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.382107][T13507] RIP: 0033:0x7f427d98e929 [ 392.382128][T13507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.382155][T13507] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 392.382180][T13507] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 392.382199][T13507] RDX: 0000000000002002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 392.382217][T13507] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 392.382233][T13507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.382249][T13507] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 392.382293][T13507] [ 394.043954][T13514] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2932'. [ 394.045951][T13513] FAULT_INJECTION: forcing a failure. [ 394.045951][T13513] name failslab, interval 1, probability 0, space 0, times 0 [ 394.068758][T13513] CPU: 0 UID: 0 PID: 13513 Comm: syz.1.2924 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 394.068808][T13513] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 394.068820][T13513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 394.068836][T13513] Call Trace: [ 394.068845][T13513] [ 394.068855][T13513] dump_stack_lvl+0x16c/0x1f0 [ 394.068901][T13513] should_fail_ex+0x512/0x640 [ 394.068938][T13513] ? fs_reclaim_acquire+0xae/0x150 [ 394.068972][T13513] should_failslab+0xc2/0x120 [ 394.068999][T13513] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 394.069040][T13513] ? security_inode_alloc+0x3b/0x2b0 [ 394.069073][T13513] security_inode_alloc+0x3b/0x2b0 [ 394.069099][T13513] inode_init_always_gfp+0xce4/0x1030 [ 394.069137][T13513] alloc_inode+0x86/0x240 [ 394.069162][T13513] new_inode+0x22/0x1c0 [ 394.069191][T13513] proc_sys_make_inode+0x47/0x5c0 [ 394.069234][T13513] proc_sys_lookup+0x282/0x410 [ 394.069273][T13513] ? __pfx_proc_sys_lookup+0x10/0x10 [ 394.069321][T13513] ? do_raw_spin_unlock+0x172/0x230 [ 394.069363][T13513] ? _raw_spin_unlock+0x28/0x50 [ 394.069397][T13513] ? proc_sys_permission+0x149/0x1a0 [ 394.069437][T13513] ? inode_permission+0x156/0x630 [ 394.069469][T13513] ? __pfx_proc_sys_lookup+0x10/0x10 [ 394.069505][T13513] lookup_open.isra.0+0x4d7/0x1580 [ 394.069547][T13513] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 394.069600][T13513] ? __pfx_down_write+0x10/0x10 [ 394.069623][T13513] ? mnt_get_write_access+0x20c/0x300 [ 394.069659][T13513] path_openat+0x893/0x2cb0 [ 394.069709][T13513] ? __pfx_path_openat+0x10/0x10 [ 394.069749][T13513] ? __lock_acquire+0xb8a/0x1c90 [ 394.069788][T13513] do_filp_open+0x20b/0x470 [ 394.069825][T13513] ? __pfx_do_filp_open+0x10/0x10 [ 394.069891][T13513] ? alloc_fd+0x471/0x7d0 [ 394.069937][T13513] do_sys_openat2+0x11b/0x1d0 [ 394.069966][T13513] ? __pfx_do_sys_openat2+0x10/0x10 [ 394.070012][T13513] __x64_sys_openat+0x174/0x210 [ 394.070042][T13513] ? __pfx___x64_sys_openat+0x10/0x10 [ 394.070085][T13513] do_syscall_64+0xcd/0x490 [ 394.070127][T13513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.070154][T13513] RIP: 0033:0x7f427d98e929 [ 394.070177][T13513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.070203][T13513] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 394.070229][T13513] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 394.070249][T13513] RDX: 0000000000103142 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 394.070267][T13513] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 394.070285][T13513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 394.070302][T13513] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 394.070345][T13513] [ 394.634856][T13520] FAULT_INJECTION: forcing a failure. [ 394.634856][T13520] name failslab, interval 1, probability 0, space 0, times 0 [ 394.648237][T13520] CPU: 0 UID: 0 PID: 13520 Comm: syz.2.2927 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 394.648286][T13520] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 394.648297][T13520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 394.648313][T13520] Call Trace: [ 394.648322][T13520] [ 394.648332][T13520] dump_stack_lvl+0x16c/0x1f0 [ 394.648377][T13520] should_fail_ex+0x512/0x640 [ 394.648411][T13520] ? __kmalloc_noprof+0xbf/0x510 [ 394.648450][T13520] ? __register_sysctl_table+0xea2/0x1900 [ 394.648496][T13520] should_failslab+0xc2/0x120 [ 394.648521][T13520] __kmalloc_noprof+0xd2/0x510 [ 394.648555][T13520] ? __register_sysctl_table+0xe8e/0x1900 [ 394.648600][T13520] __register_sysctl_table+0xea2/0x1900 [ 394.648646][T13520] ? __pfx___register_sysctl_table+0x10/0x10 [ 394.648680][T13520] ? is_module_address+0x69/0xf0 [ 394.648713][T13520] ? register_net_sysctl_sz+0x228/0x3e0 [ 394.648741][T13520] ? __asan_memcpy+0x3c/0x60 [ 394.648775][T13520] vrf_netns_init+0x152/0x1f0 [ 394.648814][T13520] ? __pfx_vrf_netns_init+0x10/0x10 [ 394.648851][T13520] ops_init+0x1e2/0x5f0 [ 394.648894][T13520] setup_net+0x1ff/0x510 [ 394.648915][T13520] ? lockdep_init_map_type+0x5c/0x280 [ 394.648950][T13520] ? __pfx_setup_net+0x10/0x10 [ 394.648977][T13520] ? debug_mutex_init+0x37/0x70 [ 394.649006][T13520] copy_net_ns+0x2a6/0x5f0 [ 394.649044][T13520] create_new_namespaces+0x3ea/0xa90 [ 394.649083][T13520] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 394.649117][T13520] ksys_unshare+0x45b/0xa40 [ 394.649150][T13520] ? __pfx_ksys_unshare+0x10/0x10 [ 394.649185][T13520] ? xfd_validate_state+0x61/0x180 [ 394.649228][T13520] __x64_sys_unshare+0x31/0x40 [ 394.649261][T13520] do_syscall_64+0xcd/0x490 [ 394.649302][T13520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.649329][T13520] RIP: 0033:0x7f3dbf98e929 [ 394.649351][T13520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.649377][T13520] RSP: 002b:00007f3dc07a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 394.649402][T13520] RAX: ffffffffffffffda RBX: 00007f3dbfbb5fa0 RCX: 00007f3dbf98e929 [ 394.649421][T13520] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 394.649438][T13520] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 394.649456][T13520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 394.649473][T13520] R13: 0000000000000000 R14: 00007f3dbfbb5fa0 R15: 00007ffc7aac7b78 [ 394.649511][T13520] [ 394.649522][T13520] sysctl could not get directory: /net/vrf -12 [ 395.107409][T13531] netlink: 302 bytes leftover after parsing attributes in process `syz.1.2933'. [ 395.241605][T13538] netlink: zone id is out of range [ 395.256977][T13538] netlink: zone id is out of range [ 395.262396][T13538] netlink: zone id is out of range [ 395.268190][T13538] netlink: zone id is out of range [ 395.273333][T13538] netlink: zone id is out of range [ 395.284907][T13538] netlink: zone id is out of range [ 395.290632][T13538] netlink: zone id is out of range [ 395.307650][T13538] netlink: zone id is out of range [ 395.312895][T13538] netlink: zone id is out of range [ 395.328006][T13538] netlink: zone id is out of range [ 395.388913][T13540] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2938'. [ 396.264948][T13565] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2947'. [ 397.546667][T13605] FAULT_INJECTION: forcing a failure. [ 397.546667][T13605] name failslab, interval 1, probability 0, space 0, times 0 [ 397.568173][T13605] CPU: 1 UID: 0 PID: 13605 Comm: syz.0.2962 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 397.568225][T13605] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 397.568236][T13605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 397.568252][T13605] Call Trace: [ 397.568261][T13605] [ 397.568272][T13605] dump_stack_lvl+0x16c/0x1f0 [ 397.568317][T13605] should_fail_ex+0x512/0x640 [ 397.568352][T13605] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 397.568392][T13605] should_failslab+0xc2/0x120 [ 397.568418][T13605] __kmalloc_cache_noprof+0x6a/0x3e0 [ 397.568452][T13605] ? __vb2_init_fileio+0x253/0x1100 [ 397.568485][T13605] __vb2_init_fileio+0x253/0x1100 [ 397.568513][T13605] ? __mutex_lock+0x1ca/0xb90 [ 397.568555][T13605] ? __pfx___futex_wait+0x10/0x10 [ 397.568592][T13605] ? vb2_fop_write+0xe6/0x3f0 [ 397.568635][T13605] __vb2_perform_fileio+0x9c2/0x1660 [ 397.568673][T13605] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 397.568715][T13605] vb2_fop_write+0x207/0x3f0 [ 397.568762][T13605] v4l2_write+0x226/0x360 [ 397.568798][T13605] ? __pfx_v4l2_write+0x10/0x10 [ 397.568831][T13605] vfs_write+0x29d/0x1150 [ 397.568875][T13605] ? __pfx_vfs_write+0x10/0x10 [ 397.568908][T13605] ? find_held_lock+0x2b/0x80 [ 397.568937][T13605] ? __fget_files+0x204/0x3c0 [ 397.568977][T13605] ? __fget_files+0x20e/0x3c0 [ 397.569031][T13605] ksys_write+0x12a/0x250 [ 397.569068][T13605] ? __pfx_ksys_write+0x10/0x10 [ 397.569118][T13605] do_syscall_64+0xcd/0x490 [ 397.569161][T13605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.569189][T13605] RIP: 0033:0x7effd938e929 [ 397.569212][T13605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.569238][T13605] RSP: 002b:00007effda29d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 397.569263][T13605] RAX: ffffffffffffffda RBX: 00007effd95b5fa0 RCX: 00007effd938e929 [ 397.569282][T13605] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005 [ 397.569299][T13605] RBP: 00007effd9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 397.569316][T13605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 397.569333][T13605] R13: 0000000000000000 R14: 00007effd95b5fa0 R15: 00007ffed96dbf88 [ 397.569370][T13605] [ 397.805117][ C1] vkms_vblank_simulate: vblank timer overrun [ 398.303519][T13618] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2967'. [ 398.348308][T13618] : renamed from gre0 [ 398.384301][T13618] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2967'. [ 398.400541][T13620] deleting an unspecified loop device is not supported. [ 398.904285][T13635] FAULT_INJECTION: forcing a failure. [ 398.904285][T13635] name failslab, interval 1, probability 0, space 0, times 0 [ 398.988892][T13635] CPU: 1 UID: 0 PID: 13635 Comm: syz.1.2974 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 398.988955][T13635] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 398.988966][T13635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 398.988983][T13635] Call Trace: [ 398.988993][T13635] [ 398.989004][T13635] dump_stack_lvl+0x16c/0x1f0 [ 398.989048][T13635] should_fail_ex+0x512/0x640 [ 398.989085][T13635] ? __kvmalloc_node_noprof+0x124/0x620 [ 398.989126][T13635] should_failslab+0xc2/0x120 [ 398.989152][T13635] __kvmalloc_node_noprof+0x137/0x620 [ 398.989191][T13635] ? v4l2_ctrl_new+0x97d/0x2180 [ 398.989227][T13635] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 398.989272][T13635] ? v4l2_ctrl_new+0x97d/0x2180 [ 398.989309][T13635] v4l2_ctrl_new+0x97d/0x2180 [ 398.989360][T13635] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 398.989396][T13635] ? __pfx_v4l2_ctrl_new+0x10/0x10 [ 398.989445][T13635] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 398.989487][T13635] v4l2_ctrl_new_std+0x1be/0x290 [ 398.989540][T13635] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 398.989576][T13635] ? __pfx_v4l2_ctrl_new_std+0x10/0x10 [ 398.989620][T13635] ? rcu_is_watching+0x12/0xc0 [ 398.989646][T13635] ? trace_kmalloc+0x2b/0xd0 [ 398.989670][T13635] ? __kvmalloc_node_noprof+0x298/0x620 [ 398.989716][T13635] ? media_request_object_init+0x100/0x180 [ 398.989753][T13635] vicodec_open+0x1f7/0xf90 [ 398.989796][T13635] v4l2_open+0x222/0x490 [ 398.989829][T13635] ? __pfx_v4l2_open+0x10/0x10 [ 398.989863][T13635] chrdev_open+0x231/0x6a0 [ 398.989901][T13635] ? __pfx_apparmor_file_open+0x10/0x10 [ 398.989940][T13635] ? __pfx_chrdev_open+0x10/0x10 [ 398.989983][T13635] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 398.990026][T13635] do_dentry_open+0x744/0x1c10 [ 398.990065][T13635] ? __pfx_chrdev_open+0x10/0x10 [ 398.990111][T13635] vfs_open+0x82/0x3f0 [ 398.990145][T13635] path_openat+0x1de4/0x2cb0 [ 398.990195][T13635] ? __pfx_path_openat+0x10/0x10 [ 398.990235][T13635] ? __lock_acquire+0xb8a/0x1c90 [ 398.990273][T13635] do_filp_open+0x20b/0x470 [ 398.990311][T13635] ? __pfx_do_filp_open+0x10/0x10 [ 398.990376][T13635] ? alloc_fd+0x471/0x7d0 [ 398.990421][T13635] do_sys_openat2+0x11b/0x1d0 [ 398.990451][T13635] ? __pfx_do_sys_openat2+0x10/0x10 [ 398.990495][T13635] __x64_sys_openat+0x174/0x210 [ 398.990526][T13635] ? __pfx___x64_sys_openat+0x10/0x10 [ 398.990571][T13635] do_syscall_64+0xcd/0x490 [ 398.990613][T13635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.990641][T13635] RIP: 0033:0x7f427d98e929 [ 398.990663][T13635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.990690][T13635] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 398.990716][T13635] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 398.990736][T13635] RDX: 00000000000c4400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 398.990754][T13635] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 398.990771][T13635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.990787][T13635] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 398.990823][T13635] [ 399.313739][ C1] vkms_vblank_simulate: vblank timer overrun [ 400.041844][T13651] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2979'. [ 400.298728][T13654] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2980'. [ 400.779250][T13668] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2986'. [ 400.803052][T13666] net_ratelimit: 20 callbacks suppressed [ 400.803072][T13666] netlink: zone id is out of range [ 400.824435][T13666] netlink: zone id is out of range [ 400.826222][T13670] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2987'. [ 400.841308][T13666] netlink: zone id is out of range [ 400.846465][T13666] netlink: zone id is out of range [ 400.874551][T13666] netlink: zone id is out of range [ 400.887572][T13666] netlink: zone id is out of range [ 400.900319][T13666] netlink: zone id is out of range [ 400.907719][T13666] netlink: zone id is out of range [ 400.922024][T13666] netlink: zone id is out of range [ 400.946913][T13666] netlink: zone id is out of range [ 401.236781][T13684] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2992'. [ 401.835984][T13704] FAULT_INJECTION: forcing a failure. [ 401.835984][T13704] name failslab, interval 1, probability 0, space 0, times 0 [ 401.896130][T13704] CPU: 0 UID: 0 PID: 13704 Comm: syz.1.2998 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 401.896180][T13704] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 401.896191][T13704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 401.896206][T13704] Call Trace: [ 401.896215][T13704] [ 401.896225][T13704] dump_stack_lvl+0x16c/0x1f0 [ 401.896270][T13704] should_fail_ex+0x512/0x640 [ 401.896306][T13704] ? fs_reclaim_acquire+0xae/0x150 [ 401.896341][T13704] should_failslab+0xc2/0x120 [ 401.896375][T13704] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 401.896415][T13704] ? security_inode_alloc+0x3b/0x2b0 [ 401.896450][T13704] security_inode_alloc+0x3b/0x2b0 [ 401.896481][T13704] inode_init_always_gfp+0xce4/0x1030 [ 401.896523][T13704] alloc_inode+0x86/0x240 [ 401.896551][T13704] new_inode+0x22/0x1c0 [ 401.896581][T13704] debugfs_create_dir+0xdd/0x5f0 [ 401.896617][T13704] ptp_open+0x307/0x520 [ 401.896653][T13704] ? __pfx_ptp_open+0x10/0x10 [ 401.896694][T13704] ? __pfx_ptp_open+0x10/0x10 [ 401.896724][T13704] posix_clock_open+0x17b/0x290 [ 401.896755][T13704] ? __pfx_posix_clock_open+0x10/0x10 [ 401.896783][T13704] chrdev_open+0x231/0x6a0 [ 401.896821][T13704] ? __pfx_apparmor_file_open+0x10/0x10 [ 401.896853][T13704] ? __pfx_chrdev_open+0x10/0x10 [ 401.896895][T13704] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 401.896935][T13704] do_dentry_open+0x744/0x1c10 [ 401.896973][T13704] ? __pfx_chrdev_open+0x10/0x10 [ 401.897019][T13704] vfs_open+0x82/0x3f0 [ 401.897051][T13704] path_openat+0x1de4/0x2cb0 [ 401.897100][T13704] ? __pfx_path_openat+0x10/0x10 [ 401.897138][T13704] ? __lock_acquire+0xb8a/0x1c90 [ 401.897179][T13704] do_filp_open+0x20b/0x470 [ 401.897217][T13704] ? __pfx_do_filp_open+0x10/0x10 [ 401.897288][T13704] ? alloc_fd+0x471/0x7d0 [ 401.897332][T13704] do_sys_openat2+0x11b/0x1d0 [ 401.897366][T13704] ? __pfx_do_sys_openat2+0x10/0x10 [ 401.897410][T13704] __x64_sys_openat+0x174/0x210 [ 401.897441][T13704] ? __pfx___x64_sys_openat+0x10/0x10 [ 401.897480][T13704] do_syscall_64+0xcd/0x490 [ 401.897519][T13704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.897547][T13704] RIP: 0033:0x7f427d98e929 [ 401.897569][T13704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.897595][T13704] RSP: 002b:00007f427e712038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 401.897622][T13704] RAX: ffffffffffffffda RBX: 00007f427dbb6080 RCX: 00007f427d98e929 [ 401.897639][T13704] RDX: 0000000000000440 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 401.897656][T13704] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 401.897672][T13704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 401.897688][T13704] R13: 0000000000000000 R14: 00007f427dbb6080 R15: 00007ffd1874d9a8 [ 401.897724][T13704] [ 402.197056][T13704] debugfs: out of free dentries, can not create directory '0xffff88807a750000' [ 403.654862][T13723] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 403.667230][T13723] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 403.692516][T13733] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3008'. [ 403.693548][T13723] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 403.762431][T13723] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 403.790212][T13723] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 403.814466][T13723] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 403.832588][T13723] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 403.847649][T13723] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 403.857338][T13723] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 403.872188][T13723] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 403.878636][T13723] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 403.887137][T13723] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 404.065931][T13745] FAULT_INJECTION: forcing a failure. [ 404.065931][T13745] name failslab, interval 1, probability 0, space 0, times 0 [ 404.087564][T13745] CPU: 1 UID: 0 PID: 13745 Comm: syz.2.3020 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 404.087659][T13745] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 404.087678][T13745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 404.087705][T13745] Call Trace: [ 404.087714][T13745] [ 404.087723][T13745] dump_stack_lvl+0x16c/0x1f0 [ 404.087765][T13745] should_fail_ex+0x512/0x640 [ 404.087799][T13745] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 404.087841][T13745] should_failslab+0xc2/0x120 [ 404.087867][T13745] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 404.087906][T13745] ? acpi_ut_create_thread_state+0x63/0x170 [ 404.087946][T13745] acpi_ut_create_thread_state+0x63/0x170 [ 404.087981][T13745] acpi_ps_parse_aml+0x79/0xcb0 [ 404.088025][T13745] acpi_ps_execute_method+0x55a/0xb30 [ 404.088069][T13745] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 404.088101][T13745] acpi_ns_evaluate+0x76c/0xca0 [ 404.088141][T13745] ? kasan_save_track+0x14/0x30 [ 404.088184][T13745] acpi_evaluate_object+0x1fa/0xa90 [ 404.088224][T13745] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.088252][T13745] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 404.088291][T13745] ? __mutex_trylock_common+0xe9/0x250 [ 404.088333][T13745] acpi_evaluate_integer+0xdd/0x200 [ 404.088365][T13745] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 404.088413][T13745] ? __pfx_status_show+0x10/0x10 [ 404.088447][T13745] status_show+0xa0/0x120 [ 404.088483][T13745] ? __pfx_status_show+0x10/0x10 [ 404.088529][T13745] dev_attr_show+0x56/0xe0 [ 404.088557][T13745] ? __pfx_dev_attr_show+0x10/0x10 [ 404.088580][T13745] sysfs_kf_seq_show+0x213/0x3e0 [ 404.088621][T13745] seq_read_iter+0x509/0x12c0 [ 404.088671][T13745] kernfs_fop_read_iter+0x40f/0x5a0 [ 404.088698][T13745] ? rw_verify_area+0xcf/0x680 [ 404.088734][T13745] vfs_read+0x8bf/0xc60 [ 404.088773][T13745] ? __pfx___mutex_lock+0x10/0x10 [ 404.088813][T13745] ? __pfx_vfs_read+0x10/0x10 [ 404.088883][T13745] ksys_read+0x12a/0x250 [ 404.088919][T13745] ? __pfx_ksys_read+0x10/0x10 [ 404.088965][T13745] do_syscall_64+0xcd/0x490 [ 404.089005][T13745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.089033][T13745] RIP: 0033:0x7f3dbf98e929 [ 404.089055][T13745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.089081][T13745] RSP: 002b:00007f3dc07a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 404.089106][T13745] RAX: ffffffffffffffda RBX: 00007f3dbfbb5fa0 RCX: 00007f3dbf98e929 [ 404.089132][T13745] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000003 [ 404.089150][T13745] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 404.089166][T13745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.089183][T13745] R13: 0000000000000000 R14: 00007f3dbfbb5fa0 R15: 00007ffc7aac7b78 [ 404.089221][T13745] [ 404.089314][T13745] ACPI Error: ffff88802989d000 walk still has a scope list (20250404/dswstate-694) [ 404.853497][T13753] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3014'. [ 404.872612][T13754] netlink: 222 bytes leftover after parsing attributes in process `syz.2.3023'. [ 404.904036][T13754] netlink: 222 bytes leftover after parsing attributes in process `syz.2.3023'. [ 405.069030][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 405.120500][T13762] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3016'. [ 405.120587][T13762] IPv6: Can't replace route, no match found [ 405.286481][T13768] FAULT_INJECTION: forcing a failure. [ 405.286481][T13768] name failslab, interval 1, probability 0, space 0, times 0 [ 405.317658][T13768] CPU: 0 UID: 0 PID: 13768 Comm: syz.1.3018 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 405.317705][T13768] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 405.317716][T13768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 405.317731][T13768] Call Trace: [ 405.317740][T13768] [ 405.317750][T13768] dump_stack_lvl+0x16c/0x1f0 [ 405.317791][T13768] should_fail_ex+0x512/0x640 [ 405.317827][T13768] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 405.317863][T13768] should_failslab+0xc2/0x120 [ 405.317883][T13768] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 405.317918][T13768] ? security_file_alloc+0x34/0x2b0 [ 405.317955][T13768] security_file_alloc+0x34/0x2b0 [ 405.317984][T13768] init_file+0x93/0x4c0 [ 405.318008][T13768] alloc_empty_file+0x73/0x1e0 [ 405.318035][T13768] path_openat+0xda/0x2cb0 [ 405.318065][T13768] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.318106][T13768] ? __pfx_path_openat+0x10/0x10 [ 405.318144][T13768] ? __lock_acquire+0xb8a/0x1c90 [ 405.318180][T13768] do_filp_open+0x20b/0x470 [ 405.318213][T13768] ? __pfx_do_filp_open+0x10/0x10 [ 405.318273][T13768] ? alloc_fd+0x471/0x7d0 [ 405.318326][T13768] do_sys_openat2+0x11b/0x1d0 [ 405.318357][T13768] ? __pfx_do_sys_openat2+0x10/0x10 [ 405.318386][T13768] ? find_held_lock+0x2b/0x80 [ 405.318413][T13768] ? handle_mm_fault+0x2ab/0xd10 [ 405.318457][T13768] __x64_sys_openat+0x174/0x210 [ 405.318486][T13768] ? __pfx___x64_sys_openat+0x10/0x10 [ 405.318530][T13768] do_syscall_64+0xcd/0x490 [ 405.318571][T13768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.318599][T13768] RIP: 0033:0x7f427d98d290 [ 405.318621][T13768] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 405.318647][T13768] RSP: 002b:00007f427e732f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 405.318674][T13768] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f427d98d290 [ 405.318692][T13768] RDX: 0000000000000002 RSI: 00007f427e732fa0 RDI: 00000000ffffff9c [ 405.318709][T13768] RBP: 00007f427e732fa0 R08: 0000000000000000 R09: 0000000000000000 [ 405.318726][T13768] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 405.318743][T13768] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 405.318779][T13768] [ 405.700438][T13776] FAULT_INJECTION: forcing a failure. [ 405.700438][T13776] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 405.713582][T13776] CPU: 0 UID: 0 PID: 13776 Comm: syz.2.3025 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 405.713629][T13776] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 405.713639][T13776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 405.713654][T13776] Call Trace: [ 405.713663][T13776] [ 405.713673][T13776] dump_stack_lvl+0x16c/0x1f0 [ 405.713717][T13776] should_fail_ex+0x512/0x640 [ 405.713757][T13776] _copy_from_iter+0x463/0x16f0 [ 405.713806][T13776] ? __pfx__copy_from_iter+0x10/0x10 [ 405.713841][T13776] ? do_raw_spin_lock+0x12c/0x2b0 [ 405.713881][T13776] ? find_held_lock+0x2b/0x80 [ 405.713909][T13776] ? rcu_is_watching+0x12/0xc0 [ 405.713934][T13776] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 405.713974][T13776] write_pool_user+0xe8/0x2f0 [ 405.714005][T13776] ? __pfx_write_pool_user+0x10/0x10 [ 405.714039][T13776] ? __futex_wait+0x24c/0x2f0 [ 405.714076][T13776] ? copy_iovec_from_user+0x131/0x170 [ 405.714118][T13776] do_iter_readv_writev+0x657/0x950 [ 405.714154][T13776] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 405.714193][T13776] ? bpf_lsm_file_permission+0x9/0x10 [ 405.714220][T13776] ? security_file_permission+0x71/0x210 [ 405.714264][T13776] ? rw_verify_area+0xcf/0x680 [ 405.714300][T13776] vfs_writev+0x35f/0xde0 [ 405.714341][T13776] ? __pfx_vfs_writev+0x10/0x10 [ 405.714376][T13776] ? kmem_cache_free+0x2d1/0x4d0 [ 405.714431][T13776] ? __fget_files+0x20e/0x3c0 [ 405.714474][T13776] ? do_writev+0x132/0x340 [ 405.714504][T13776] do_writev+0x132/0x340 [ 405.714537][T13776] ? __pfx_do_writev+0x10/0x10 [ 405.714580][T13776] do_syscall_64+0xcd/0x490 [ 405.714620][T13776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 405.714647][T13776] RIP: 0033:0x7f3dbf98e929 [ 405.714667][T13776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 405.714693][T13776] RSP: 002b:00007f3dc07a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 405.714718][T13776] RAX: ffffffffffffffda RBX: 00007f3dbfbb5fa0 RCX: 00007f3dbf98e929 [ 405.714736][T13776] RDX: 0000000000000003 RSI: 00002000000003c0 RDI: 0000000000000005 [ 405.714753][T13776] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 405.714770][T13776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 405.714786][T13776] R13: 0000000000000000 R14: 00007f3dbfbb5fa0 R15: 00007ffc7aac7b78 [ 405.714819][T13776] [ 405.969051][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 405.975128][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 405.984469][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 406.636719][T13791] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3031'. [ 407.147699][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 407.392018][T13812] netlink: 504 bytes leftover after parsing attributes in process `syz.1.3039'. [ 407.417848][T13812] netlink: 504 bytes leftover after parsing attributes in process `syz.1.3039'. [ 407.632961][T13814] FAULT_INJECTION: forcing a failure. [ 407.632961][T13814] name failslab, interval 1, probability 0, space 0, times 0 [ 407.707711][T13814] CPU: 0 UID: 0 PID: 13814 Comm: syz.3.3040 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 407.707758][T13814] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 407.707768][T13814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 407.707784][T13814] Call Trace: [ 407.707792][T13814] [ 407.707801][T13814] dump_stack_lvl+0x16c/0x1f0 [ 407.707843][T13814] should_fail_ex+0x512/0x640 [ 407.707885][T13814] ? __kmalloc_noprof+0xbf/0x510 [ 407.707923][T13814] ? __register_sysctl_table+0xb3/0x1900 [ 407.707961][T13814] should_failslab+0xc2/0x120 [ 407.707985][T13814] __kmalloc_noprof+0xd2/0x510 [ 407.708027][T13814] __register_sysctl_table+0xb3/0x1900 [ 407.708063][T13814] ? is_module_address+0x5f/0xf0 [ 407.708102][T13814] ? __pfx___register_sysctl_table+0x10/0x10 [ 407.708140][T13814] ? is_module_address+0x69/0xf0 [ 407.708171][T13814] ? register_net_sysctl_sz+0x228/0x3e0 [ 407.708198][T13814] ? __asan_memcpy+0x3c/0x60 [ 407.708232][T13814] sctp_sysctl_net_register+0x15d/0x200 [ 407.708260][T13814] ? __pfx_sctp_defaults_init+0x10/0x10 [ 407.708284][T13814] sctp_defaults_init+0x6c4/0xd80 [ 407.708310][T13814] ? __pfx_sctp_defaults_init+0x10/0x10 [ 407.708334][T13814] ops_init+0x1e2/0x5f0 [ 407.708376][T13814] setup_net+0x1ff/0x510 [ 407.708399][T13814] ? lockdep_init_map_type+0x5c/0x280 [ 407.708433][T13814] ? __pfx_setup_net+0x10/0x10 [ 407.708459][T13814] ? debug_mutex_init+0x37/0x70 [ 407.708486][T13814] copy_net_ns+0x2a6/0x5f0 [ 407.708513][T13814] create_new_namespaces+0x3ea/0xa90 [ 407.708548][T13814] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 407.708579][T13814] ksys_unshare+0x45b/0xa40 [ 407.708612][T13814] ? __pfx_ksys_unshare+0x10/0x10 [ 407.708646][T13814] ? xfd_validate_state+0x61/0x180 [ 407.708689][T13814] __x64_sys_unshare+0x31/0x40 [ 407.708726][T13814] do_syscall_64+0xcd/0x490 [ 407.708767][T13814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.708795][T13814] RIP: 0033:0x7fa40178e929 [ 407.708817][T13814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.708842][T13814] RSP: 002b:00007fa4025c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 407.708876][T13814] RAX: ffffffffffffffda RBX: 00007fa4019b5fa0 RCX: 00007fa40178e929 [ 407.708895][T13814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 407.708911][T13814] RBP: 00007fa401810b39 R08: 0000000000000000 R09: 0000000000000000 [ 407.708928][T13814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 407.708944][T13814] R13: 0000000000000000 R14: 00007fa4019b5fa0 R15: 00007ffc4cd780c8 [ 407.708980][T13814] [ 407.742409][T13820] FAULT_INJECTION: forcing a failure. [ 407.742409][T13820] name failslab, interval 1, probability 0, space 0, times 0 [ 408.017703][T13820] CPU: 1 UID: 0 PID: 13820 Comm: syz.0.3043 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 408.017762][T13820] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 408.017773][T13820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 408.017788][T13820] Call Trace: [ 408.017798][T13820] [ 408.017809][T13820] dump_stack_lvl+0x16c/0x1f0 [ 408.017852][T13820] should_fail_ex+0x512/0x640 [ 408.017889][T13820] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 408.017932][T13820] should_failslab+0xc2/0x120 [ 408.017957][T13820] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 408.017996][T13820] ? __kernfs_new_node+0xd2/0x8e0 [ 408.018036][T13820] __kernfs_new_node+0xd2/0x8e0 [ 408.018077][T13820] ? __pfx___kernfs_new_node+0x10/0x10 [ 408.018121][T13820] ? find_held_lock+0x2b/0x80 [ 408.018148][T13820] ? kernfs_root+0xee/0x2a0 [ 408.018191][T13820] kernfs_new_node+0x13c/0x1e0 [ 408.018237][T13820] __kernfs_create_file+0x53/0x350 [ 408.018271][T13820] sysfs_add_file_mode_ns+0x207/0x3c0 [ 408.018314][T13820] internal_create_group+0x578/0xf30 [ 408.018361][T13820] ? __pfx_internal_create_group+0x10/0x10 [ 408.018403][T13820] ? kernfs_create_link+0x1bd/0x240 [ 408.018439][T13820] internal_create_groups+0x9d/0x150 [ 408.018486][T13820] device_add+0x77f/0x1a70 [ 408.018519][T13820] ? __pfx_device_add+0x10/0x10 [ 408.018546][T13820] ? lockdep_init_map_type+0x5c/0x280 [ 408.018584][T13820] ? __init_waitqueue_head+0xca/0x150 [ 408.018633][T13820] netdev_register_kobject+0x182/0x3a0 [ 408.018667][T13820] register_netdevice+0x13dc/0x2270 [ 408.018699][T13820] ? idr_alloc+0xdd/0x130 [ 408.018737][T13820] ? __pfx_register_netdevice+0x10/0x10 [ 408.018782][T13820] ppp_dev_configure+0x99b/0xc80 [ 408.018822][T13820] ppp_ioctl+0x17e0/0x2660 [ 408.018855][T13820] ? find_held_lock+0x2b/0x80 [ 408.018879][T13820] ? __pfx_ppp_ioctl+0x10/0x10 [ 408.018914][T13820] ? __fget_files+0x20e/0x3c0 [ 408.018953][T13820] ? __pfx_ppp_ioctl+0x10/0x10 [ 408.018985][T13820] __x64_sys_ioctl+0x18b/0x210 [ 408.019017][T13820] do_syscall_64+0xcd/0x490 [ 408.019058][T13820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.019085][T13820] RIP: 0033:0x7effd938e929 [ 408.019107][T13820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.019139][T13820] RSP: 002b:00007effda29d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 408.019164][T13820] RAX: ffffffffffffffda RBX: 00007effd95b5fa0 RCX: 00007effd938e929 [ 408.019183][T13820] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000006 [ 408.019199][T13820] RBP: 00007effd9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 408.019216][T13820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 408.019232][T13820] R13: 0000000000000000 R14: 00007effd95b5fa0 R15: 00007ffed96dbf88 [ 408.019269][T13820] [ 408.385851][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 408.392094][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 408.398467][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 408.699776][T13830] mkiss: ax0: crc mode is auto. [ 408.786740][T13834] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3049'. [ 409.247504][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 409.383478][T13839] netlink: 110 bytes leftover after parsing attributes in process `syz.0.3054'. [ 409.707312][T13862] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3061'. [ 410.424617][T13879] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.437557][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 410.443220][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 410.443592][ T5839] Bluetooth: hci3: command 0x0406 tx timeout [ 410.772558][ T5839] Bluetooth: hci1: ACL packet too small [ 410.782413][ T5839] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 410.790317][ T5839] Bluetooth: hci1: Invalid handle: 0xe200 > 0x0eff [ 412.705907][T13905] FAULT_INJECTION: forcing a failure. [ 412.705907][T13905] name failslab, interval 1, probability 0, space 0, times 0 [ 412.733010][T13905] CPU: 1 UID: 0 PID: 13905 Comm: syz.3.3078 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 412.733061][T13905] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 412.733072][T13905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.733088][T13905] Call Trace: [ 412.733096][T13905] [ 412.733107][T13905] dump_stack_lvl+0x16c/0x1f0 [ 412.733150][T13905] should_fail_ex+0x512/0x640 [ 412.733183][T13905] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 412.733227][T13905] should_failslab+0xc2/0x120 [ 412.733253][T13905] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 412.733294][T13905] ? neigh_parms_alloc+0x85/0x5d0 [ 412.733325][T13905] kmemdup_noprof+0x29/0x60 [ 412.733372][T13905] neigh_parms_alloc+0x85/0x5d0 [ 412.733403][T13905] inetdev_init+0x13c/0x5a0 [ 412.733438][T13905] inetdev_event+0xc5f/0x18a0 [ 412.733472][T13905] ? ib_netdevice_event+0xfc/0x330 [ 412.733501][T13905] ? __pfx_inetdev_event+0x10/0x10 [ 412.733535][T13905] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 412.733578][T13905] notifier_call_chain+0xb9/0x410 [ 412.733606][T13905] ? __pfx_inetdev_event+0x10/0x10 [ 412.733643][T13905] call_netdevice_notifiers_info+0xbe/0x140 [ 412.733676][T13905] register_netdevice+0x182e/0x2270 [ 412.733706][T13905] ? idr_alloc+0xdd/0x130 [ 412.733740][T13905] ? __pfx_register_netdevice+0x10/0x10 [ 412.733778][T13905] ppp_dev_configure+0x99b/0xc80 [ 412.733817][T13905] ppp_ioctl+0x17e0/0x2660 [ 412.733850][T13905] ? find_held_lock+0x2b/0x80 [ 412.733875][T13905] ? __pfx_ppp_ioctl+0x10/0x10 [ 412.733911][T13905] ? __fget_files+0x20e/0x3c0 [ 412.733951][T13905] ? __pfx_ppp_ioctl+0x10/0x10 [ 412.733982][T13905] __x64_sys_ioctl+0x18b/0x210 [ 412.734015][T13905] do_syscall_64+0xcd/0x490 [ 412.734056][T13905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.734083][T13905] RIP: 0033:0x7fa40178e929 [ 412.734105][T13905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.734130][T13905] RSP: 002b:00007fa4025c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 412.734155][T13905] RAX: ffffffffffffffda RBX: 00007fa4019b5fa0 RCX: 00007fa40178e929 [ 412.734174][T13905] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000006 [ 412.734190][T13905] RBP: 00007fa401810b39 R08: 0000000000000000 R09: 0000000000000000 [ 412.734206][T13905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 412.734220][T13905] R13: 0000000000000000 R14: 00007fa4019b5fa0 R15: 00007ffc4cd780c8 [ 412.734254][T13905] [ 413.392213][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.701518][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.750432][T13908] input: f¬ as /devices/virtual/input/input5 [ 413.967512][ T36] bridge0: port 3(netdevsim1) entered disabled state [ 414.202160][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): left allmulticast mode [ 414.304461][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): left promiscuous mode [ 414.328579][ T36] bridge0: port 3(netdevsim1) entered disabled state [ 414.411575][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.470965][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 414.480619][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 414.488747][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 414.494895][T13925] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3086'. [ 414.497120][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 414.513591][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 414.740714][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.391109][ T36] bridge_slave_1: left allmulticast mode [ 415.428321][ T36] bridge_slave_1: left promiscuous mode [ 415.456197][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.488176][ T36] bridge_slave_0: left allmulticast mode [ 415.503399][ T36] bridge_slave_0: left promiscuous mode [ 415.516940][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.528139][T13974] FAULT_INJECTION: forcing a failure. [ 416.528139][T13974] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 416.589967][ T5836] Bluetooth: hci3: command tx timeout [ 416.606537][T13974] CPU: 0 UID: 0 PID: 13974 Comm: syz.1.3101 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 416.606585][T13974] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 416.606596][T13974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 416.606611][T13974] Call Trace: [ 416.606620][T13974] [ 416.606630][T13974] dump_stack_lvl+0x16c/0x1f0 [ 416.606675][T13974] should_fail_ex+0x512/0x640 [ 416.606717][T13974] should_fail_alloc_page+0xe7/0x130 [ 416.606746][T13974] prepare_alloc_pages+0x3c2/0x610 [ 416.606784][T13974] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 416.606823][T13974] ? kasan_save_stack+0x33/0x60 [ 416.606858][T13974] ? kasan_save_track+0x14/0x30 [ 416.606892][T13974] ? __kasan_kmalloc+0xaa/0xb0 [ 416.606926][T13974] ? __kmalloc_node_track_caller_noprof+0x221/0x510 [ 416.606967][T13974] ? kstrdup+0x53/0x100 [ 416.607003][T13974] ? apply_subsystem_event_filter+0x46d/0x17a0 [ 416.607036][T13974] ? subsystem_filter_write+0x95/0x120 [ 416.607068][T13974] ? vfs_write+0x29d/0x1150 [ 416.607101][T13974] ? ksys_write+0x12a/0x250 [ 416.607133][T13974] ? do_syscall_64+0xcd/0x490 [ 416.607168][T13974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.607205][T13974] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 416.607293][T13974] __alloc_pages_noprof+0xb/0x1b0 [ 416.607332][T13974] ___kmalloc_large_node+0x84/0x1e0 [ 416.607370][T13974] __kmalloc_large_noprof+0x1c/0x70 [ 416.607403][T13974] append_filter_err+0x8f/0x5e0 [ 416.607442][T13974] apply_subsystem_event_filter+0x740/0x17a0 [ 416.607483][T13974] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 416.607522][T13974] ? _copy_from_user+0x59/0xd0 [ 416.607564][T13974] subsystem_filter_write+0x95/0x120 [ 416.607596][T13974] ? __pfx_subsystem_filter_write+0x10/0x10 [ 416.607628][T13974] vfs_write+0x29d/0x1150 [ 416.607668][T13974] ? __pfx___mutex_lock+0x10/0x10 [ 416.607707][T13974] ? __pfx_vfs_write+0x10/0x10 [ 416.607753][T13974] ? __fget_files+0x20e/0x3c0 [ 416.607801][T13974] ksys_write+0x12a/0x250 [ 416.607836][T13974] ? __pfx_ksys_write+0x10/0x10 [ 416.607881][T13974] do_syscall_64+0xcd/0x490 [ 416.607918][T13974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.607943][T13974] RIP: 0033:0x7f427d98e929 [ 416.607964][T13974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.607989][T13974] RSP: 002b:00007f427e733038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 416.608013][T13974] RAX: ffffffffffffffda RBX: 00007f427dbb5fa0 RCX: 00007f427d98e929 [ 416.608029][T13974] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005 [ 416.608043][T13974] RBP: 00007f427da10b39 R08: 0000000000000000 R09: 0000000000000000 [ 416.608059][T13974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 416.608075][T13974] R13: 0000000000000000 R14: 00007f427dbb5fa0 R15: 00007ffd1874d9a8 [ 416.608112][T13974] [ 417.097293][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 417.138024][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 417.192863][ T36] bond0 (unregistering): Released all slaves [ 417.279178][T13920] chnl_net:caif_netlink_parms(): no params data found [ 417.887020][T14002] FAULT_INJECTION: forcing a failure. [ 417.887020][T14002] name failslab, interval 1, probability 0, space 0, times 0 [ 417.916281][T14002] CPU: 1 UID: 0 PID: 14002 Comm: syz.2.3109 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 417.916334][T14002] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 417.916346][T14002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 417.916363][T14002] Call Trace: [ 417.916371][T14002] [ 417.916381][T14002] dump_stack_lvl+0x16c/0x1f0 [ 417.916432][T14002] should_fail_ex+0x512/0x640 [ 417.916475][T14002] ? fs_reclaim_acquire+0xae/0x150 [ 417.916514][T14002] should_failslab+0xc2/0x120 [ 417.916543][T14002] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 417.916588][T14002] ? security_inode_alloc+0x3b/0x2b0 [ 417.916622][T14002] security_inode_alloc+0x3b/0x2b0 [ 417.916651][T14002] inode_init_always_gfp+0xce4/0x1030 [ 417.916694][T14002] alloc_inode+0x86/0x240 [ 417.916723][T14002] path_from_stashed+0x2be/0xb00 [ 417.916759][T14002] ? do_raw_spin_lock+0x12c/0x2b0 [ 417.916801][T14002] ? __pfx_path_from_stashed+0x10/0x10 [ 417.916841][T14002] ? do_raw_spin_unlock+0x172/0x230 [ 417.916887][T14002] ns_get_path+0x5f/0x80 [ 417.916922][T14002] proc_ns_get_link+0x121/0x260 [ 417.916957][T14002] ? __pfx_proc_ns_get_link+0x10/0x10 [ 417.916996][T14002] ? atime_needs_update+0x8b/0x710 [ 417.917027][T14002] ? __pfx_proc_ns_get_link+0x10/0x10 [ 417.917063][T14002] step_into+0x1a2c/0x2270 [ 417.917112][T14002] ? __pfx_step_into+0x10/0x10 [ 417.917145][T14002] ? find_held_lock+0x2b/0x80 [ 417.917184][T14002] path_openat+0x6db/0x2cb0 [ 417.917234][T14002] ? __pfx_path_openat+0x10/0x10 [ 417.917271][T14002] ? __lock_acquire+0xb8a/0x1c90 [ 417.917307][T14002] do_filp_open+0x20b/0x470 [ 417.917343][T14002] ? __pfx_do_filp_open+0x10/0x10 [ 417.917402][T14002] ? alloc_fd+0x471/0x7d0 [ 417.917448][T14002] do_sys_openat2+0x11b/0x1d0 [ 417.917474][T14002] ? __pfx_do_sys_openat2+0x10/0x10 [ 417.917516][T14002] __x64_sys_openat+0x174/0x210 [ 417.917545][T14002] ? __pfx___x64_sys_openat+0x10/0x10 [ 417.917589][T14002] do_syscall_64+0xcd/0x490 [ 417.917632][T14002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.917659][T14002] RIP: 0033:0x7f3dbf98d290 [ 417.917680][T14002] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 417.917706][T14002] RSP: 002b:00007f3dc07a1f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 417.917732][T14002] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f3dbf98d290 [ 417.917750][T14002] RDX: 0000000000000002 RSI: 00007f3dc07a1fa0 RDI: 00000000ffffff9c [ 417.917767][T14002] RBP: 00007f3dc07a1fa0 R08: 0000000000000000 R09: 0000000000000000 [ 417.917783][T14002] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 417.917798][T14002] R13: 0000000000000000 R14: 00007f3dbfbb5fa0 R15: 00007ffc7aac7b78 [ 417.917833][T14002] [ 418.357656][T13995] sp0: Synchronizing with TNC [ 418.519964][T13920] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.535420][T13920] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.546621][T13920] bridge_slave_0: entered allmulticast mode [ 418.568487][T13920] bridge_slave_0: entered promiscuous mode [ 418.677499][ T5836] Bluetooth: hci3: command tx timeout [ 418.693388][T13920] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.727173][T13920] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.777861][T13920] bridge_slave_1: entered allmulticast mode [ 418.817606][T13920] bridge_slave_1: entered promiscuous mode [ 418.981922][T14032] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3116'. [ 418.984779][T13920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 419.059780][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 419.074676][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 419.088036][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 419.106141][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 419.148208][ T36] veth0_macvtap: left promiscuous mode [ 419.680419][ T36] team0 (unregistering): Port device team_slave_0 removed [ 420.392283][T13920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 420.474252][ T5836] Bluetooth: hci2: unexpected event 0x3e length: 1020 > 260 [ 420.474291][ T5836] Bluetooth: hci2: unexpected subevent 0x01 length: 1019 > 18 [ 420.596523][T13920] team0: Port device team_slave_0 added [ 420.661561][T13920] team0: Port device team_slave_1 added [ 420.748791][ T5836] Bluetooth: hci3: command tx timeout [ 420.835796][T13920] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 420.843300][T13920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.890965][T13920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.974122][T13920] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.991123][T13920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.019001][T13920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 421.117048][T13920] hsr_slave_0: entered promiscuous mode [ 421.130036][T13920] hsr_slave_1: entered promiscuous mode [ 421.571057][T13920] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 421.598316][T13920] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 421.611352][T13920] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 421.621819][T13920] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 421.753058][T13920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 421.782168][T13920] 8021q: adding VLAN 0 to HW filter on device team0 [ 421.804091][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.811303][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.839526][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.846679][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 422.174520][T13920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 422.561149][T13920] veth0_vlan: entered promiscuous mode [ 422.584225][T13920] veth1_vlan: entered promiscuous mode [ 422.639303][T13920] veth0_macvtap: entered promiscuous mode [ 422.655975][T13920] veth1_macvtap: entered promiscuous mode [ 422.694180][T13920] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 422.723647][T13920] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 422.743578][T13920] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.756084][T13920] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.764883][T13920] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.777198][T13920] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.827891][ T5836] Bluetooth: hci3: command tx timeout [ 422.928066][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.935930][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.975590][ T2936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.999096][ T2936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 423.229320][T14132] netlink: 202 bytes leftover after parsing attributes in process `syz.1.3133'. [ 424.963535][T14177] [U]  [ 424.966394][T14177] [U] [ 424.969125][T14177] [U] [ 424.971850][T14177] [U] [ 425.011495][T14177] [U] [ 425.014263][T14177] [U] [ 425.016993][T14177] [U] [ 425.019715][T14177] [U] [ 425.109932][T14177] [U] [ 425.112701][T14177] [U] [ 425.115422][T14177] [U] [ 425.118147][T14177] [U] [ 425.175113][T14177] [U] [ 425.177886][T14177] [U] [ 425.180608][T14177] [U] [ 425.183324][T14177] [U] [ 425.238891][T14177] [U] [ 425.241656][T14177] [U] [ 425.244383][T14177] [U] [ 425.247107][T14177] [U] [ 425.292472][T14177] [U] [ 425.295239][T14177] [U] [ 425.297966][T14177] [U] [ 425.300687][T14177] [U] [ 425.401739][T14177] [U] [ 425.404505][T14177] [U] [ 425.407229][T14177] [U] [ 425.409949][T14177] [U] [ 425.423129][T14177] [U] [ 425.425891][T14177] [U] [ 425.428617][T14177] [U] [ 425.431339][T14177] [U] [ 425.500559][T14177] [U] [ 425.503330][T14177] [U] [ 425.506057][T14177] [U] [ 425.508789][T14177] [U] [ 425.526963][T14177] [U] [ 425.529723][T14177] [U] [ 425.532458][T14177] [U] [ 425.535174][T14177] [U] [ 425.550096][T14177] [U] [ 425.552854][T14177] [U] [ 425.555577][T14177] [U] [ 425.558302][T14177] [U] [ 425.577747][T14177] [U] [ 425.580507][T14177] [U] [ 425.583236][T14177] [U] [ 425.585963][T14177] [U] [ 425.604911][T14177] [U] [ 425.607663][T14177] [U] [ 425.610399][T14177] [U] [ 425.613132][T14177] [U] [ 425.647603][T14177] [U] [ 425.921355][T14207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3145'. [ 425.978837][T14207] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3145'. [ 426.218650][ T30] audit: type=1804 audit(4294967581.000:12): pid=14218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3146" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=1069 res=1 errno=0 [ 428.722752][T14286] FAULT_INJECTION: forcing a failure. [ 428.722752][T14286] name failslab, interval 1, probability 0, space 0, times 0 [ 428.760741][T14286] CPU: 0 UID: 0 PID: 14286 Comm: syz.2.3164 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 428.760795][T14286] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 428.760806][T14286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 428.760822][T14286] Call Trace: [ 428.760832][T14286] [ 428.760842][T14286] dump_stack_lvl+0x16c/0x1f0 [ 428.760887][T14286] should_fail_ex+0x512/0x640 [ 428.760933][T14286] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 428.760971][T14286] should_failslab+0xc2/0x120 [ 428.760997][T14286] __kmalloc_cache_noprof+0x6a/0x3e0 [ 428.761029][T14286] ? __asan_memcpy+0x3c/0x60 [ 428.761059][T14286] ? sctp_transport_new+0xa8/0x7b0 [ 428.761097][T14286] sctp_transport_new+0xa8/0x7b0 [ 428.761133][T14286] sctp_assoc_add_peer+0x2e3/0x1550 [ 428.761171][T14286] sctp_connect_new_asoc+0x208/0x790 [ 428.761207][T14286] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 428.761241][T14286] ? sctp_endpoint_lookup_assoc+0x15c/0x2a0 [ 428.761282][T14286] __sctp_connect+0x3f3/0xc60 [ 428.761317][T14286] ? do_raw_spin_lock+0x12c/0x2b0 [ 428.761356][T14286] ? __pfx___sctp_connect+0x10/0x10 [ 428.761390][T14286] ? __pfx_sctp_inet_connect+0x10/0x10 [ 428.761424][T14286] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 428.761465][T14286] ? __pfx_sctp_inet_connect+0x10/0x10 [ 428.761495][T14286] sctp_inet_connect+0x15f/0x200 [ 428.761528][T14286] __sys_connect_file+0x141/0x1a0 [ 428.761567][T14286] __sys_connect+0x13b/0x160 [ 428.761600][T14286] ? __pfx___sys_connect+0x10/0x10 [ 428.761646][T14286] ? xfd_validate_state+0x61/0x180 [ 428.761677][T14286] ? __pfx_do_writev+0x10/0x10 [ 428.761718][T14286] __x64_sys_connect+0x72/0xb0 [ 428.761748][T14286] ? lockdep_hardirqs_on+0x7c/0x110 [ 428.761785][T14286] do_syscall_64+0xcd/0x490 [ 428.761824][T14286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.761851][T14286] RIP: 0033:0x7f3dbf98e929 [ 428.761873][T14286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.761905][T14286] RSP: 002b:00007f3dc07a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 428.761932][T14286] RAX: ffffffffffffffda RBX: 00007f3dbfbb5fa0 RCX: 00007f3dbf98e929 [ 428.761950][T14286] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 428.761967][T14286] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 428.761983][T14286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.761999][T14286] R13: 0000000000000000 R14: 00007f3dbfbb5fa0 R15: 00007ffc7aac7b78 [ 428.762034][T14286] [ 429.638443][T14306] Console: switching to colour VGA+ 80x25 [ 429.702326][T14306] ================================================================== [ 429.702343][T14306] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 429.702388][T14306] Read of size 256 at addr ffff88807d805860 by task syz.2.3169/14306 [ 429.702410][T14306] [ 429.702426][T14306] CPU: 1 UID: 0 PID: 14306 Comm: syz.2.3169 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 429.702470][T14306] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 429.702481][T14306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 429.702498][T14306] Call Trace: [ 429.702506][T14306] [ 429.702515][T14306] dump_stack_lvl+0x116/0x1f0 [ 429.702553][T14306] print_report+0xcd/0x680 [ 429.702592][T14306] ? __virt_addr_valid+0x81/0x610 [ 429.702622][T14306] ? __phys_addr+0xe8/0x180 [ 429.702647][T14306] ? fbcon_prepare_logo+0xa03/0xc70 [ 429.702684][T14306] kasan_report+0xe0/0x110 [ 429.702708][T14306] ? fbcon_prepare_logo+0xa03/0xc70 [ 429.702748][T14306] kasan_check_range+0x100/0x1b0 [ 429.702785][T14306] __asan_memcpy+0x23/0x60 [ 429.702819][T14306] fbcon_prepare_logo+0xa03/0xc70 [ 429.702861][T14306] fbcon_init+0xd77/0x1900 [ 429.702895][T14306] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 429.702935][T14306] visual_init+0x320/0x620 [ 429.702966][T14306] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 429.703007][T14306] store_bind+0x61d/0x760 [ 429.703041][T14306] ? sysfs_file_kobj+0xe4/0x290 [ 429.703071][T14306] ? __pfx_store_bind+0x10/0x10 [ 429.703105][T14306] dev_attr_store+0x55/0x80 [ 429.703143][T14306] ? __pfx_dev_attr_store+0x10/0x10 [ 429.703181][T14306] sysfs_kf_write+0xef/0x150 [ 429.703212][T14306] kernfs_fop_write_iter+0x351/0x510 [ 429.703239][T14306] ? __pfx_sysfs_kf_write+0x10/0x10 [ 429.703270][T14306] vfs_write+0x6c7/0x1150 [ 429.703305][T14306] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 429.703332][T14306] ? __pfx___mutex_lock+0x10/0x10 [ 429.703371][T14306] ? __pfx_vfs_write+0x10/0x10 [ 429.703416][T14306] ksys_write+0x12a/0x250 [ 429.703450][T14306] ? __pfx_ksys_write+0x10/0x10 [ 429.703489][T14306] do_syscall_64+0xcd/0x490 [ 429.703527][T14306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.703554][T14306] RIP: 0033:0x7f3dbf98e929 [ 429.703575][T14306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.703601][T14306] RSP: 002b:00007f3dc0781038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 429.703626][T14306] RAX: ffffffffffffffda RBX: 00007f3dbfbb6080 RCX: 00007f3dbf98e929 [ 429.703644][T14306] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 429.703662][T14306] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 429.703679][T14306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 429.703695][T14306] R13: 0000000000000000 R14: 00007f3dbfbb6080 R15: 00007ffc7aac7b78 [ 429.703722][T14306] [ 429.703731][T14306] [ 429.703737][T14306] Allocated by task 13920: [ 429.703751][T14306] kasan_save_stack+0x33/0x60 [ 429.703793][T14306] kasan_save_track+0x14/0x30 [ 429.703829][T14306] __kasan_kmalloc+0xaa/0xb0 [ 429.703863][T14306] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 429.703902][T14306] kmalloc_reserve+0xef/0x2c0 [ 429.703927][T14306] pskb_expand_head+0x238/0x1030 [ 429.703960][T14306] netlink_trim+0x22d/0x310 [ 429.703993][T14306] netlink_broadcast_filtered+0xca/0xf10 [ 429.704015][T14306] nlmsg_notify+0x9e/0x220 [ 429.704039][T14306] rtmsg_ifinfo+0x174/0x1a0 [ 429.704062][T14306] __dev_notify_flags+0x24c/0x2e0 [ 429.704095][T14306] netif_change_flags+0x108/0x160 [ 429.704129][T14306] do_setlink.constprop.0+0xb53/0x4380 [ 429.704167][T14306] rtnl_newlink+0x1446/0x2000 [ 429.704203][T14306] rtnetlink_rcv_msg+0x95e/0xe90 [ 429.704239][T14306] netlink_rcv_skb+0x158/0x420 [ 429.704263][T14306] netlink_unicast+0x53a/0x7f0 [ 429.704287][T14306] netlink_sendmsg+0x8d1/0xdd0 [ 429.704310][T14306] __sys_sendto+0x4a0/0x520 [ 429.704341][T14306] __x64_sys_sendto+0xe0/0x1c0 [ 429.704372][T14306] do_syscall_64+0xcd/0x490 [ 429.704406][T14306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.704431][T14306] [ 429.704437][T14306] Freed by task 13920: [ 429.704449][T14306] kasan_save_stack+0x33/0x60 [ 429.704482][T14306] kasan_save_track+0x14/0x30 [ 429.704515][T14306] kasan_save_free_info+0x3b/0x60 [ 429.704543][T14306] __kasan_slab_free+0x51/0x70 [ 429.704577][T14306] kfree+0x2b4/0x4d0 [ 429.704604][T14306] skb_free_head+0x114/0x210 [ 429.704634][T14306] skb_release_data+0x776/0x9c0 [ 429.704668][T14306] consume_skb+0xbf/0x100 [ 429.704689][T14306] netlink_broadcast_filtered+0x3d5/0xf10 [ 429.704714][T14306] nlmsg_notify+0x9e/0x220 [ 429.704756][T14306] rtmsg_ifinfo+0x174/0x1a0 [ 429.704785][T14306] __dev_notify_flags+0x24c/0x2e0 [ 429.704820][T14306] netif_change_flags+0x108/0x160 [ 429.704854][T14306] do_setlink.constprop.0+0xb53/0x4380 [ 429.704893][T14306] rtnl_newlink+0x1446/0x2000 [ 429.704928][T14306] rtnetlink_rcv_msg+0x95e/0xe90 [ 429.704966][T14306] netlink_rcv_skb+0x158/0x420 [ 429.704989][T14306] netlink_unicast+0x53a/0x7f0 [ 429.705013][T14306] netlink_sendmsg+0x8d1/0xdd0 [ 429.705036][T14306] __sys_sendto+0x4a0/0x520 [ 429.705066][T14306] __x64_sys_sendto+0xe0/0x1c0 [ 429.705097][T14306] do_syscall_64+0xcd/0x490 [ 429.705132][T14306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.705156][T14306] [ 429.705162][T14306] The buggy address belongs to the object at ffff88807d805000 [ 429.705162][T14306] which belongs to the cache kmalloc-2k of size 2048 [ 429.705181][T14306] The buggy address is located 96 bytes to the right of [ 429.705181][T14306] allocated 2048-byte region [ffff88807d805000, ffff88807d805800) [ 429.705207][T14306] [ 429.705214][T14306] The buggy address belongs to the physical page: [ 429.705232][T14306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d800 [ 429.705256][T14306] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 429.705279][T14306] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 429.705302][T14306] page_type: f5(slab) [ 429.705325][T14306] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 429.705350][T14306] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 429.705375][T14306] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 429.705399][T14306] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 429.705423][T14306] head: 00fff00000000003 ffffea0001f60001 00000000ffffffff 00000000ffffffff [ 429.705446][T14306] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 429.705461][T14306] page dumped because: kasan: bad access detected [ 429.705477][T14306] page_owner tracks the page as allocated [ 429.705486][T14306] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13, tgid 13 (kworker/u8:1), ts 89040745849, free_ts 89005175662 [ 429.705532][T14306] post_alloc_hook+0x1c0/0x230 [ 429.705564][T14306] get_page_from_freelist+0x1321/0x3890 [ 429.705598][T14306] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 429.705634][T14306] alloc_pages_mpol+0x1fb/0x550 [ 429.705655][T14306] new_slab+0x23b/0x330 [ 429.705682][T14306] ___slab_alloc+0xd9c/0x1940 [ 429.705711][T14306] __slab_alloc.constprop.0+0x56/0xb0 [ 429.705740][T14306] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 429.705809][T14306] kmalloc_reserve+0xef/0x2c0 [ 429.705835][T14306] __alloc_skb+0x166/0x380 [ 429.705865][T14306] inet6_ifinfo_notify+0x77/0x150 [ 429.705895][T14306] addrconf_notify+0x81a/0x19e0 [ 429.705920][T14306] notifier_call_chain+0xb9/0x410 [ 429.705947][T14306] call_netdevice_notifiers_info+0xbe/0x140 [ 429.705974][T14306] netif_state_change+0x165/0x3b0 [ 429.705999][T14306] linkwatch_do_dev+0x12b/0x160 [ 429.706024][T14306] page last free pid 2936 tgid 2936 stack trace: [ 429.706038][T14306] __free_frozen_pages+0x7fe/0x1180 [ 429.706068][T14306] __put_partials+0x16d/0x1c0 [ 429.706098][T14306] qlist_free_all+0x4d/0x120 [ 429.706129][T14306] kasan_quarantine_reduce+0x195/0x1e0 [ 429.706161][T14306] __kasan_slab_alloc+0x69/0x90 [ 429.706197][T14306] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 429.706227][T14306] __ipv6_dev_mc_inc+0x2b9/0xc10 [ 429.706259][T14306] addrconf_dad_work+0x284/0x14e0 [ 429.706284][T14306] process_one_work+0x9cc/0x1b70 [ 429.706319][T14306] worker_thread+0x6c8/0xf10 [ 429.706353][T14306] kthread+0x3c5/0x780 [ 429.706382][T14306] ret_from_fork+0x5d4/0x6f0 [ 429.706413][T14306] ret_from_fork_asm+0x1a/0x30 [ 429.706439][T14306] [ 429.706445][T14306] Memory state around the buggy address: [ 429.706458][T14306] ffff88807d805700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 429.706477][T14306] ffff88807d805780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 429.706496][T14306] >ffff88807d805800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 429.706510][T14306] ^ [ 429.706524][T14306] ffff88807d805880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 429.706542][T14306] ffff88807d805900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 429.706556][T14306] ================================================================== [ 429.751388][T14313] FAULT_INJECTION: forcing a failure. [ 429.751388][T14313] name failslab, interval 1, probability 0, space 0, times 0 [ 429.751501][T14313] CPU: 1 UID: 0 PID: 14313 Comm: syz.4.3172 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 429.751546][T14313] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 429.751556][T14313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 429.751573][T14313] Call Trace: [ 429.751581][T14313] [ 429.751591][T14313] dump_stack_lvl+0x16c/0x1f0 [ 429.751635][T14313] should_fail_ex+0x512/0x640 [ 429.751671][T14313] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 429.751714][T14313] should_failslab+0xc2/0x120 [ 429.751740][T14313] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 429.751778][T14313] ? vm_area_dup+0x27/0x8d0 [ 429.751816][T14313] vm_area_dup+0x27/0x8d0 [ 429.751852][T14313] copy_vma+0x4fa/0xaa0 [ 429.751896][T14313] ? __pfx_copy_vma+0x10/0x10 [ 429.751931][T14313] ? lockdep_hardirqs_on+0x7c/0x110 [ 429.751977][T14313] ? __schedule+0x1181/0x5de0 [ 429.752035][T14313] ? __lock_acquire+0x622/0x1c90 [ 429.752077][T14313] copy_vma_and_data+0x1cf/0x750 [ 429.752119][T14313] ? __pfx_copy_vma_and_data+0x10/0x10 [ 429.752170][T14313] ? __vma_enter_locked+0x163/0x3f0 [ 429.752209][T14313] ? find_held_lock+0x2b/0x80 [ 429.752237][T14313] ? move_vma+0x536/0x1740 [ 429.752271][T14313] ? __vm_enough_memory+0x184/0x3f0 [ 429.752306][T14313] move_vma+0x548/0x1740 [ 429.752349][T14313] ? __pfx_move_vma+0x10/0x10 [ 429.752390][T14313] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 429.752420][T14313] ? cap_mmap_addr+0x4b/0x120 [ 429.752444][T14313] ? bpf_lsm_mmap_addr+0x9/0x10 [ 429.752470][T14313] ? security_mmap_addr+0x6c/0x1e0 [ 429.752500][T14313] ? __get_unmapped_area+0x267/0x440 [ 429.752533][T14313] ? vrm_set_new_addr+0x208/0x290 [ 429.752571][T14313] __do_sys_mremap+0xe07/0x1590 [ 429.752614][T14313] ? __pfx___do_sys_mremap+0x10/0x10 [ 429.752661][T14313] ? find_held_lock+0x2b/0x80 [ 429.752691][T14313] ? __x64_sys_futex+0x1e0/0x4c0 [ 429.752743][T14313] do_syscall_64+0xcd/0x490 [ 429.752782][T14313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.752810][T14313] RIP: 0033:0x7f0e9af8e929 [ 429.752832][T14313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.752858][T14313] RSP: 002b:00007f0e9bdf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 429.752883][T14313] RAX: ffffffffffffffda RBX: 00007f0e9b1b5fa0 RCX: 00007f0e9af8e929 [ 429.752900][T14313] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000001000 [ 429.752916][T14313] RBP: 00007f0e9b010b39 R08: 0000000100000000 R09: 0000000000000000 [ 429.752933][T14313] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 429.752948][T14313] R13: 0000000000000000 R14: 00007f0e9b1b5fa0 R15: 00007ffcbd09ba38 [ 429.752982][T14313] [ 429.773029][T14306] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 429.773054][T14306] CPU: 1 UID: 0 PID: 14306 Comm: syz.2.3169 Tainted: G U I 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 429.773100][T14306] Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND [ 429.773112][T14306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 429.773128][T14306] Call Trace: [ 429.773137][T14306] [ 429.773147][T14306] dump_stack_lvl+0x3d/0x1f0 [ 429.773191][T14306] panic+0x71c/0x800 [ 429.773225][T14306] ? __pfx_panic+0x10/0x10 [ 429.773258][T14306] ? irqentry_exit+0x3b/0x90 [ 429.773294][T14306] ? lockdep_hardirqs_on+0x7c/0x110 [ 429.773331][T14306] ? preempt_schedule_thunk+0x16/0x30 [ 429.773363][T14306] ? fbcon_prepare_logo+0xa03/0xc70 [ 429.773401][T14306] ? preempt_schedule_common+0x44/0xc0 [ 429.773441][T14306] ? fbcon_prepare_logo+0xa03/0xc70 [ 429.773478][T14306] check_panic_on_warn+0xab/0xb0 [ 429.773515][T14306] end_report+0x107/0x170 [ 429.773554][T14306] kasan_report+0xee/0x110 [ 429.773579][T14306] ? fbcon_prepare_logo+0xa03/0xc70 [ 429.773622][T14306] kasan_check_range+0x100/0x1b0 [ 429.773651][T14306] __asan_memcpy+0x23/0x60 [ 429.773685][T14306] fbcon_prepare_logo+0xa03/0xc70 [ 429.773730][T14306] fbcon_init+0xd77/0x1900 [ 429.773767][T14306] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 429.773809][T14306] visual_init+0x320/0x620 [ 429.773843][T14306] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 429.773886][T14306] store_bind+0x61d/0x760 [ 429.773924][T14306] ? sysfs_file_kobj+0xe4/0x290 [ 429.773955][T14306] ? __pfx_store_bind+0x10/0x10 [ 429.773997][T14306] dev_attr_store+0x55/0x80 [ 429.774038][T14306] ? __pfx_dev_attr_store+0x10/0x10 [ 429.774081][T14306] sysfs_kf_write+0xef/0x150 [ 429.774114][T14306] kernfs_fop_write_iter+0x351/0x510 [ 429.774142][T14306] ? __pfx_sysfs_kf_write+0x10/0x10 [ 429.774175][T14306] vfs_write+0x6c7/0x1150 [ 429.774211][T14306] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 429.774239][T14306] ? __pfx___mutex_lock+0x10/0x10 [ 429.774277][T14306] ? __pfx_vfs_write+0x10/0x10 [ 429.774323][T14306] ksys_write+0x12a/0x250 [ 429.774358][T14306] ? __pfx_ksys_write+0x10/0x10 [ 429.774398][T14306] do_syscall_64+0xcd/0x490 [ 429.774437][T14306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.774465][T14306] RIP: 0033:0x7f3dbf98e929 [ 429.774485][T14306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 429.774512][T14306] RSP: 002b:00007f3dc0781038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 429.774537][T14306] RAX: ffffffffffffffda RBX: 00007f3dbfbb6080 RCX: 00007f3dbf98e929 [ 429.774557][T14306] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 429.774574][T14306] RBP: 00007f3dbfa10b39 R08: 0000000000000000 R09: 0000000000000000 [ 429.774591][T14306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 429.774608][T14306] R13: 0000000000000000 R14: 00007f3dbfbb6080 R15: 00007ffc7aac7b78 [ 429.774635][T14306] [ 429.774897][T14306] Kernel Offset: disabled