last executing test programs: 8.894978273s ago: executing program 0 (id=5091): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00'}) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r1 = socket(0x18, 0x5, 0x1) connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x29, 0x2, 0x0) 7.824851952s ago: executing program 0 (id=5094): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x3, 0x6) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x80000000004, 0xfffffffffffffffd, 0x63, 0x0, 0x0, 0x0, 0x8, 0x200, 0x800000000100002, 0x40000406, 0x1, 0xc, 0x0, 0x11, 0x6, 0x7}) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket(0xf, 0x3, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:01/status\x00', 0x100, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 7.590054674s ago: executing program 2 (id=5096): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000000c0)=@can={0x1d, r3}, 0x18) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x82102, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) 7.315824711s ago: executing program 2 (id=5098): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0xa2902, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x100, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000100), r2) sendmsg$auto_SMC_PNETID_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x2c, r3, 0xd3bed26fbb0d8463, 0x70bd29, 0x25dfdbfe, {0x2, 0x0, 0x300}, [@SMC_PNETID_ETHNAME={0xc, 0x2, 'syz_tun\x00'}, @SMC_PNETID_NAME={0xc, 0x1, 'ethtool\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x1c054) unshare$auto(0x40000080) 6.583488261s ago: executing program 1 (id=5101): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) mmap$auto(0x0, 0x2, 0xdb, 0x9b72, 0x6, 0x100000000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x4040, 0x75) socket(0xa, 0x2, 0x3a) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000280), 0xffffffffffffffff) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdfffff500"}, 0x55) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 6.582783708s ago: executing program 0 (id=5109): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8000, 0x0) r0 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf) socketpair$auto(0x1, 0x801, 0x8000000000000000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) 6.314519932s ago: executing program 1 (id=5102): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) r0 = clone$auto(0x9000, 0x4, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) prctl$auto(0x43, 0x13, r0, 0x0, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 6.091901116s ago: executing program 0 (id=5103): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/acpi/parameters/acpica_version\x00', 0x400, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) ioctl$auto(r1, 0xc040563d, r0) 5.585572955s ago: executing program 0 (id=5105): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x4a, 0x0) close_range$auto(0x2, 0x8, 0x0) fsopen$auto(0x0, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/nfsd.export/channel\x00', 0x8f3b7a51b8162d21, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r1, r1, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video35\x00', 0xa200, 0x0) ioctl$auto(r2, 0xc0585611, r2) 5.583722443s ago: executing program 2 (id=5106): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff001, 0x2) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0xff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(0x0, 0x1e7d43, 0xa6) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'dummy0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_fd=r1, 0xe5fd}, 0xf) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) 4.606442759s ago: executing program 2 (id=5108): r0 = socket(0x15, 0x5, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x400800, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0xc8, 0x800454d7, 0x5c8d) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) unshare$auto(0x40000080) mbind$auto(0x8000, 0x7f, 0x2, 0x0, 0x3, 0x1) prctl$auto(0x29, 0x5, 0x0, 0x0, 0x0) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) 4.097439456s ago: executing program 0 (id=5111): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) clone$auto(0x400000000000007, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) 3.701557104s ago: executing program 3 (id=5113): getcwd$auto(0x0, 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) socket(0x11, 0x80003, 0x300) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r1, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) 3.088632195s ago: executing program 3 (id=5114): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0) sysfs$auto(0x2, 0x20, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) r1 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) ioctl$auto(r1, 0x400454d0, r1) 2.474423004s ago: executing program 1 (id=5115): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101900, 0x0) r0 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r0, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x4, 0xeb5, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x6, 0x3) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x5, 0x0, 0x8004) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) fcntl$auto(0x3, 0x4, 0xa553) 2.143811529s ago: executing program 3 (id=5116): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendto$auto(0x3, 0x0, 0xfffffffffffffdef, 0x101, 0x0, 0x1c) ioctl$auto(0x3, 0x80000541b, 0x38) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) 1.300828372s ago: executing program 1 (id=5117): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x3, 0x6) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_0={0x1, 0x7, 0x2817, 0x4, 0x200004, 0xffffffffffffffff, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x8, 0x7, 0x5, 0x8}, 0x10) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x4, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) memfd_create$auto(0x0, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) 1.092861986s ago: executing program 3 (id=5118): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) timerfd_create$auto(0x9, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x800, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x64842, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ptyq3\x00', 0x40001, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(0x3, 0x40085400, 0x5) 649.04471ms ago: executing program 3 (id=5119): mmap$auto(0x0, 0xa4b2, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) memfd_create$auto(0x0, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) fcntl$auto(0x3, 0x4, 0xa553) 561.109875ms ago: executing program 2 (id=5120): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) pipe$auto(0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x6, 0x7bd6, 0x0) 502.492569ms ago: executing program 1 (id=5121): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0x2, 0x5, 0x0) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xff80}, 0x7, 0x0, 0x2, 0xb}, 0x40000fff}, 0x5, 0x7fffffff) 86.023918ms ago: executing program 2 (id=5122): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r0 = socket(0x2, 0x80802, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(r0, 0x11, 0x67, 0x0, 0x8) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 3.039823ms ago: executing program 3 (id=5123): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='\b\x00\x00', @ANYRES16, @ANYBLOB="00082bbd7000fddbdf250b00000004000f000600140006000000080031000700000005"], 0x48}, 0x1, 0x0, 0x0, 0x20000040}, 0x20000001) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x1f40) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x40246f4c, 0x38) 0s ago: executing program 1 (id=5124): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x2240, 0x154) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) epoll_ctl$auto(0x5, 0x2, 0x8000000000000000, 0x0) kernel console output (not intermixed with test programs): 743.855691][T15655] [ 743.855744][T15655] ACPI Error: [ 744.548642][T15639] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #248: comm syz.0.3818: checksumming directory block 0 [ 744.584514][T15639] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 744.604442][T15639] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 744.644452][T15639] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 745.036551][T15655] Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20240827/psparse-529) [ 745.919596][T15682] ERROR: Out of memory at tomoyo_memory_ok. [ 746.311114][T15686] could not allocate digest TFM handle [ 746.339826][T15692] FAULT_INJECTION: forcing a failure. [ 746.339826][T15692] name failslab, interval 1, probability 0, space 0, times 0 [ 746.431240][T15692] CPU: 1 UID: 0 PID: 15692 Comm: syz.3.3838 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 746.431283][T15692] Tainted: [U]=USER [ 746.431291][T15692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 746.431306][T15692] Call Trace: [ 746.431313][T15692] [ 746.431323][T15692] dump_stack_lvl+0x16c/0x1f0 [ 746.431362][T15692] should_fail_ex+0x512/0x640 [ 746.431395][T15692] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 746.431440][T15692] should_failslab+0xc2/0x120 [ 746.431470][T15692] __kmalloc_cache_noprof+0x6a/0x3e0 [ 746.431509][T15692] ? ktime_get_coarse_real_ts64_mg+0x26c/0x320 [ 746.431541][T15692] ? ktime_get_coarse_real_ts64_mg+0x200/0x320 [ 746.431571][T15692] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 746.431600][T15692] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 746.431626][T15692] hugetlb_reserve_pages+0x149/0xd90 [ 746.431668][T15692] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 746.431707][T15692] ? atime_needs_update+0x8b/0x710 [ 746.431747][T15692] hugetlbfs_file_mmap+0x4a1/0x730 [ 746.431781][T15692] __mmap_region+0x1485/0x27c0 [ 746.431812][T15692] ? __pfx___mmap_region+0x10/0x10 [ 746.431838][T15692] ? kernel_text_address+0x8d/0x100 [ 746.431899][T15692] ? stack_depot_save_flags+0x28/0xa50 [ 746.431990][T15692] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 746.432039][T15692] mmap_region+0x32b/0x3f0 [ 746.432073][T15692] do_mmap+0xd8e/0x11b0 [ 746.432114][T15692] ? __pfx_do_mmap+0x10/0x10 [ 746.432151][T15692] ? __pfx_down_write_killable+0x10/0x10 [ 746.432195][T15692] vm_mmap_pgoff+0x281/0x450 [ 746.432236][T15692] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 746.432269][T15692] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 746.432302][T15692] ? hugetlbfs_get_inode+0x31f/0x730 [ 746.432340][T15692] ksys_mmap_pgoff+0x1c8/0x5c0 [ 746.432375][T15692] ? rcu_is_watching+0x12/0xc0 [ 746.432401][T15692] __x64_sys_mmap+0x125/0x190 [ 746.432428][T15692] do_syscall_64+0xcd/0x230 [ 746.432465][T15692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.432491][T15692] RIP: 0033:0x7f493cb8e969 [ 746.432510][T15692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 746.432534][T15692] RSP: 002b:00007f493da72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 746.432557][T15692] RAX: ffffffffffffffda RBX: 00007f493cdb5fa0 RCX: 00007f493cb8e969 [ 746.432572][T15692] RDX: 0000000000000002 RSI: 0000000000a00006 RDI: 0000000000c00000 [ 746.432587][T15692] RBP: 00007f493cc10ab1 R08: 0000000000000602 R09: 0000300000000000 [ 746.432602][T15692] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 746.432616][T15692] R13: 0000000000000000 R14: 00007f493cdb5fa0 R15: 00007ffc5d9a5538 [ 746.432646][T15692] [ 746.794567][T15698] FAULT_INJECTION: forcing a failure. [ 746.794567][T15698] name failslab, interval 1, probability 0, space 0, times 0 [ 746.808594][T15698] CPU: 1 UID: 0 PID: 15698 Comm: syz.1.3837 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 746.808633][T15698] Tainted: [U]=USER [ 746.808641][T15698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 746.808655][T15698] Call Trace: [ 746.808663][T15698] [ 746.808671][T15698] dump_stack_lvl+0x16c/0x1f0 [ 746.808709][T15698] should_fail_ex+0x512/0x640 [ 746.808744][T15698] ? fs_reclaim_acquire+0xae/0x150 [ 746.808784][T15698] should_failslab+0xc2/0x120 [ 746.808813][T15698] __kmalloc_cache_noprof+0x6a/0x3e0 [ 746.808855][T15698] ? tomoyo_write_log2+0x33d/0xc10 [ 746.808897][T15698] tomoyo_write_log2+0x33d/0xc10 [ 746.808935][T15698] tomoyo_supervisor+0x15e/0x13b0 [ 746.808979][T15698] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 746.809031][T15698] ? lockdep_hardirqs_on+0x7c/0x110 [ 746.809068][T15698] ? tomoyo_check_path_acl+0xad/0x210 [ 746.809097][T15698] ? tomoyo_check_acl+0x1f7/0x410 [ 746.809125][T15698] tomoyo_path_permission+0x270/0x3b0 [ 746.809156][T15698] tomoyo_check_open_permission+0x349/0x3c0 [ 746.809186][T15698] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 746.809245][T15698] ? do_raw_spin_lock+0x12c/0x2b0 [ 746.809290][T15698] tomoyo_file_open+0x6b/0x90 [ 746.809330][T15698] security_file_open+0x84/0x1e0 [ 746.809362][T15698] do_dentry_open+0x596/0x1c10 [ 746.809395][T15698] vfs_open+0x82/0x3f0 [ 746.809429][T15698] path_openat+0x1e5e/0x2d40 [ 746.809463][T15698] ? __pfx_path_openat+0x10/0x10 [ 746.809494][T15698] do_filp_open+0x20b/0x470 [ 746.809517][T15698] ? __pfx_do_filp_open+0x10/0x10 [ 746.809561][T15698] ? alloc_fd+0x471/0x7d0 [ 746.809606][T15698] do_sys_openat2+0x11b/0x1d0 [ 746.809638][T15698] ? __pfx_do_sys_openat2+0x10/0x10 [ 746.809682][T15698] __x64_sys_openat+0x174/0x210 [ 746.809715][T15698] ? __pfx___x64_sys_openat+0x10/0x10 [ 746.809750][T15698] ? rcu_is_watching+0x12/0xc0 [ 746.809780][T15698] do_syscall_64+0xcd/0x230 [ 746.809816][T15698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.809841][T15698] RIP: 0033:0x7fc04598e969 [ 746.809859][T15698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 746.809883][T15698] RSP: 002b:00007fc04676f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 746.809913][T15698] RAX: ffffffffffffffda RBX: 00007fc045bb6080 RCX: 00007fc04598e969 [ 746.809928][T15698] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 746.809944][T15698] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 746.809959][T15698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 746.809973][T15698] R13: 0000000000000000 R14: 00007fc045bb6080 R15: 00007ffe02f21b88 [ 746.810003][T15698] [ 749.073574][T15729] sctp: [Deprecated]: syz.0.3850 (pid 15729) Use of struct sctp_assoc_value in delayed_ack socket option. [ 749.073574][T15729] Use struct sctp_sack_info instead [ 749.544478][T15737] ERROR: Out of memory at tomoyo_memory_ok. [ 750.499067][T15752] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3859'. [ 750.573001][T15752] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3859'. [ 750.621477][T15752] netlink: 170 bytes leftover after parsing attributes in process `syz.3.3859'. [ 752.466186][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.478703][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.668805][T15787] FAULT_INJECTION: forcing a failure. [ 752.668805][T15787] name failslab, interval 1, probability 0, space 0, times 0 [ 752.756368][T15787] CPU: 1 UID: 0 PID: 15787 Comm: syz.3.3874 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 752.756409][T15787] Tainted: [U]=USER [ 752.756416][T15787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 752.756431][T15787] Call Trace: [ 752.756439][T15787] [ 752.756448][T15787] dump_stack_lvl+0x16c/0x1f0 [ 752.756486][T15787] should_fail_ex+0x512/0x640 [ 752.756520][T15787] ? fs_reclaim_acquire+0xae/0x150 [ 752.756559][T15787] should_failslab+0xc2/0x120 [ 752.756589][T15787] __kmalloc_cache_noprof+0x6a/0x3e0 [ 752.756630][T15787] ? tomoyo_write_log2+0x33d/0xc10 [ 752.756666][T15787] tomoyo_write_log2+0x33d/0xc10 [ 752.756704][T15787] tomoyo_supervisor+0x15e/0x13b0 [ 752.756747][T15787] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 752.756798][T15787] ? lockdep_hardirqs_on+0x7c/0x110 [ 752.756835][T15787] ? tomoyo_check_path_acl+0xad/0x210 [ 752.756863][T15787] ? tomoyo_check_acl+0x1f7/0x410 [ 752.756891][T15787] tomoyo_path_permission+0x270/0x3b0 [ 752.756921][T15787] tomoyo_check_open_permission+0x349/0x3c0 [ 752.756952][T15787] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 752.757010][T15787] ? do_raw_spin_lock+0x12c/0x2b0 [ 752.757056][T15787] tomoyo_file_open+0x6b/0x90 [ 752.757095][T15787] security_file_open+0x84/0x1e0 [ 752.757127][T15787] do_dentry_open+0x596/0x1c10 [ 752.757161][T15787] vfs_open+0x82/0x3f0 [ 752.757195][T15787] path_openat+0x1e5e/0x2d40 [ 752.757229][T15787] ? __pfx_path_openat+0x10/0x10 [ 752.757259][T15787] do_filp_open+0x20b/0x470 [ 752.757283][T15787] ? __pfx_do_filp_open+0x10/0x10 [ 752.757327][T15787] ? alloc_fd+0x471/0x7d0 [ 752.757377][T15787] do_sys_openat2+0x11b/0x1d0 [ 752.757409][T15787] ? __pfx_do_sys_openat2+0x10/0x10 [ 752.757454][T15787] __x64_sys_openat+0x174/0x210 [ 752.757487][T15787] ? __pfx___x64_sys_openat+0x10/0x10 [ 752.757521][T15787] ? rcu_is_watching+0x12/0xc0 [ 752.757552][T15787] do_syscall_64+0xcd/0x230 [ 752.757588][T15787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.757613][T15787] RIP: 0033:0x7f493cb8e969 [ 752.757631][T15787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 752.757655][T15787] RSP: 002b:00007f493da72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 752.757677][T15787] RAX: ffffffffffffffda RBX: 00007f493cdb5fa0 RCX: 00007f493cb8e969 [ 752.757693][T15787] RDX: 00000000001c1041 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 752.757708][T15787] RBP: 00007f493cc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 752.757722][T15787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 752.757736][T15787] R13: 0000000000000000 R14: 00007f493cdb5fa0 R15: 00007ffc5d9a5538 [ 752.757767][T15787] [ 753.503638][T15801] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3880'. [ 754.202035][T15810] mkiss: ax0: crc mode is auto. [ 755.714513][T15842] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3894'. [ 756.162082][T15849] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3898'. [ 756.222417][T15849] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3898'. [ 756.285881][T15855] netlink: 210 bytes leftover after parsing attributes in process `syz.2.3898'. [ 756.636243][T15183] Bluetooth: hci2: unexpected subevent 0x01 length: 5 < 18 [ 757.931112][T15881] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 759.273212][T15913] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3923'. [ 761.368997][T15942] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3932'. [ 761.449545][T15942] bridge0: left promiscuous mode [ 761.983987][T15950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3935'. [ 762.076889][T15953] netlink: 13 bytes leftover after parsing attributes in process `syz.2.3935'. [ 763.658056][T15969] sp0: Synchronizing with TNC [ 764.286036][T15973] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3944'. [ 765.656029][T15987] mkiss: ax0: crc mode is auto. [ 766.712856][T16006] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3956'. [ 766.802533][T16006] netlink: 306 bytes leftover after parsing attributes in process `syz.1.3956'. [ 767.672626][T16017] netlink: 504 bytes leftover after parsing attributes in process `syz.0.3960'. [ 767.738853][T16017] netlink: 504 bytes leftover after parsing attributes in process `syz.0.3960'. [ 768.144921][T16023] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3961'. [ 769.363636][T16040] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3968'. [ 769.440761][T16040] unsupported nlmsg_type 40 [ 769.891288][T16052] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3973'. [ 769.942982][T16052] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3973'. [ 769.990940][T16052] netlink: 190 bytes leftover after parsing attributes in process `syz.0.3973'. [ 770.794833][T16066] netlink: 'syz.1.3978': attribute type 4 has an invalid length. [ 770.847090][T16066] netlink: 314 bytes leftover after parsing attributes in process `syz.1.3978'. [ 771.316346][T16075] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 771.676228][T16085] FAULT_INJECTION: forcing a failure. [ 771.676228][T16085] name failslab, interval 1, probability 0, space 0, times 0 [ 771.763152][T16085] CPU: 1 UID: 0 PID: 16085 Comm: syz.2.3985 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 771.763196][T16085] Tainted: [U]=USER [ 771.763203][T16085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 771.763217][T16085] Call Trace: [ 771.763225][T16085] [ 771.763234][T16085] dump_stack_lvl+0x16c/0x1f0 [ 771.763274][T16085] should_fail_ex+0x512/0x640 [ 771.763308][T16085] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 771.763339][T16085] should_failslab+0xc2/0x120 [ 771.763369][T16085] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 771.763398][T16085] ? sock_alloc_inode+0x25/0x1c0 [ 771.763434][T16085] ? __pfx_sock_alloc_inode+0x10/0x10 [ 771.763465][T16085] sock_alloc_inode+0x25/0x1c0 [ 771.763496][T16085] alloc_inode+0x61/0x240 [ 771.763526][T16085] sock_alloc+0x40/0x280 [ 771.763556][T16085] __sock_create+0xc1/0x8d0 [ 771.763596][T16085] __sys_socketpair+0x25c/0x5a0 [ 771.763634][T16085] ? __pfx___sys_socketpair+0x10/0x10 [ 771.763681][T16085] ? xfd_validate_state+0x5d/0x180 [ 771.763722][T16085] ? rcu_is_watching+0x12/0xc0 [ 771.763750][T16085] __x64_sys_socketpair+0x96/0x100 [ 771.763786][T16085] ? lockdep_hardirqs_on+0x7c/0x110 [ 771.763818][T16085] do_syscall_64+0xcd/0x230 [ 771.763854][T16085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.763879][T16085] RIP: 0033:0x7f403498e969 [ 771.763898][T16085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.763922][T16085] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 771.763945][T16085] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 771.763961][T16085] RDX: 8000000000000000 RSI: 0000000000000004 RDI: 000000000000001e [ 771.763975][T16085] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 771.763989][T16085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.764004][T16085] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 771.764032][T16085] [ 771.764043][T16085] socket: no more sockets [ 773.013451][T16104] [U]  [ 773.016588][T16104] [U] [ 773.019570][T16104] [U] [ 773.022549][T16104] [U] [ 773.078138][T16104] [U] [ 773.081165][T16104] [U] [ 773.084139][T16104] [U] [ 773.087135][T16104] [U] [ 773.158792][T16104] [U] [ 773.161819][T16104] [U] [ 773.164795][T16104] [U] [ 773.167767][T16104] [U] [ 773.220873][T16104] [U] [ 773.223895][T16104] [U] [ 773.226875][T16104] [U] [ 773.229846][T16104] [U] [ 773.249826][T16110] netlink: 'syz.0.3995': attribute type 21 has an invalid length. [ 773.286004][T16104] [U] [ 773.289024][T16104] [U] [ 773.292001][T16104] [U] [ 773.294988][T16104] [U] [ 773.304174][T16110] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3995'. [ 773.340430][T16110] IPv6: NLM_F_CREATE should be specified when creating new route [ 773.355899][T16104] [U] [ 773.358922][T16104] [U] [ 773.361899][T16104] [U] [ 773.364873][T16104] [U] [ 773.406825][T16104] [U] [ 773.409864][T16104] [U] [ 773.412862][T16104] [U] [ 773.415855][T16104] [U] [ 773.464589][T16104] [U] [ 773.467622][T16104] [U] [ 773.470617][T16104] [U] [ 773.473595][T16104] [U] [ 773.534737][T16104] [U] [ 773.537770][T16104] [U] [ 773.540746][T16104] [U] [ 773.543730][T16104] [U] [ 773.582920][T16104] [U] [ 773.586001][T16104] [U] [ 773.588977][T16104] [U] [ 773.591950][T16104] [U] [ 773.670876][T16104] [U] [ 773.673902][T16104] [U] [ 773.676876][T16104] [U] [ 773.679849][T16104] [U] [ 773.713181][T16104] [U] [ 773.716205][T16104] [U] [ 773.719180][T16104] [U] [ 773.722150][T16104] [U] [ 773.778522][T16104] [U] [ 773.781551][T16104] [U] [ 773.784545][T16104] [U] [ 773.787553][T16104] [U] [ 773.812061][T16120] mkiss: ax0: crc mode is auto. [ 773.905074][T16104] [U] [ 773.908215][T16104] [U] [ 773.911193][T16104] [U] [ 773.914169][T16104] [U] [ 773.982822][T16104] [U] [ 773.985856][T16104] [U] [ 773.988831][T16104] [U] [ 773.991809][T16104] [U] [ 774.045020][T16104] [U] [ 774.456644][T16127] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 774.543718][T16127] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 774.629592][T16127] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 774.754010][T16127] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 775.005733][T16139] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 775.135682][T16139] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 775.231693][T16139] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 775.300504][T16146] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4010'. [ 775.339616][T16139] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 775.611225][T16150] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 775.720708][T16150] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 775.794581][T16150] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 775.919993][T16150] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 776.605748][T16172] FAULT_INJECTION: forcing a failure. [ 776.605748][T16172] name failslab, interval 1, probability 0, space 0, times 0 [ 776.645689][T16172] CPU: 1 UID: 0 PID: 16172 Comm: syz.1.4020 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 776.645732][T16172] Tainted: [U]=USER [ 776.645739][T16172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 776.645754][T16172] Call Trace: [ 776.645761][T16172] [ 776.645771][T16172] dump_stack_lvl+0x16c/0x1f0 [ 776.645810][T16172] should_fail_ex+0x512/0x640 [ 776.645844][T16172] ? __kmalloc_noprof+0xbf/0x510 [ 776.645872][T16172] ? __register_sysctl_table+0xb3/0x1900 [ 776.645899][T16172] should_failslab+0xc2/0x120 [ 776.645929][T16172] __kmalloc_noprof+0xd2/0x510 [ 776.645961][T16172] __register_sysctl_table+0xb3/0x1900 [ 776.645990][T16172] ? is_module_address+0x5f/0xf0 [ 776.646027][T16172] ? __pfx___register_sysctl_table+0x10/0x10 [ 776.646054][T16172] ? is_module_address+0x69/0xf0 [ 776.646085][T16172] ? register_net_sysctl_sz+0x228/0x3e0 [ 776.646124][T16172] ? __asan_memcpy+0x3c/0x60 [ 776.646146][T16172] ? __pfx_nf_lwtunnel_net_init+0x10/0x10 [ 776.646175][T16172] nf_lwtunnel_net_init+0x60/0xf0 [ 776.646204][T16172] ops_init+0x1df/0x5f0 [ 776.646245][T16172] setup_net+0x21e/0x850 [ 776.646277][T16172] ? __pfx_setup_net+0x10/0x10 [ 776.646305][T16172] ? lockdep_init_map_type+0x5c/0x280 [ 776.646338][T16172] ? __pfx_down_read_killable+0x10/0x10 [ 776.646381][T16172] ? debug_mutex_init+0x37/0x70 [ 776.646406][T16172] copy_net_ns+0x2a6/0x5f0 [ 776.646441][T16172] create_new_namespaces+0x3ea/0xad0 [ 776.646476][T16172] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 776.646505][T16172] ksys_unshare+0x45b/0xa40 [ 776.646539][T16172] ? __pfx_ksys_unshare+0x10/0x10 [ 776.646570][T16172] ? xfd_validate_state+0x5d/0x180 [ 776.646611][T16172] ? rcu_is_watching+0x12/0xc0 [ 776.646644][T16172] __x64_sys_unshare+0x31/0x40 [ 776.646676][T16172] do_syscall_64+0xcd/0x230 [ 776.646713][T16172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 776.646737][T16172] RIP: 0033:0x7fc04598e969 [ 776.646756][T16172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 776.646780][T16172] RSP: 002b:00007fc046790038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 776.646803][T16172] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 776.646818][T16172] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 776.646833][T16172] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 776.646848][T16172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 776.646862][T16172] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 776.646892][T16172] [ 777.647912][T16188] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4026'. [ 778.458364][T16209] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4035'. [ 778.679361][T16215] CIFS: VFS: Invalid SecurityFlags: [ 779.507729][T16228] netlink: 346 bytes leftover after parsing attributes in process `syz.3.4042'. [ 780.096269][T16236] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4046'. [ 780.107363][T16237] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4047'. [ 780.151810][T16236] ipvlan1: entered promiscuous mode [ 780.158108][T16236] ipvlan1: entered allmulticast mode [ 780.212226][T16236] veth0_vlan: entered allmulticast mode [ 780.276794][T16246] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 780.929055][T16267] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4058'. [ 781.561118][T16282] netlink: 'syz.2.4064': attribute type 4 has an invalid length. [ 781.590253][T16282] netlink: 314 bytes leftover after parsing attributes in process `syz.2.4064'. [ 781.646333][T16286] netlink: 'syz.2.4064': attribute type 4 has an invalid length. [ 781.685154][T16286] netlink: 314 bytes leftover after parsing attributes in process `syz.2.4064'. [ 781.907042][T16293] FAULT_INJECTION: forcing a failure. [ 781.907042][T16293] name failslab, interval 1, probability 0, space 0, times 0 [ 781.941743][T16293] CPU: 1 UID: 0 PID: 16293 Comm: syz.2.4067 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 781.941785][T16293] Tainted: [U]=USER [ 781.941799][T16293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 781.941813][T16293] Call Trace: [ 781.941821][T16293] [ 781.941831][T16293] dump_stack_lvl+0x16c/0x1f0 [ 781.941869][T16293] should_fail_ex+0x512/0x640 [ 781.941903][T16293] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 781.941934][T16293] should_failslab+0xc2/0x120 [ 781.941964][T16293] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 781.941991][T16293] ? find_held_lock+0x2b/0x80 [ 781.942013][T16293] ? alloc_inode+0xc3/0x240 [ 781.942046][T16293] alloc_inode+0xc3/0x240 [ 781.942075][T16293] alloc_anon_inode+0x28/0x3e0 [ 781.942112][T16293] ? alloc_fd+0x471/0x7d0 [ 781.942148][T16293] __anon_inode_getfile+0x1ea/0x370 [ 781.942192][T16293] new_userfaultfd+0x25e/0x3d0 [ 781.942221][T16293] __x64_sys_userfaultfd+0x4b/0xb0 [ 781.942253][T16293] do_syscall_64+0xcd/0x230 [ 781.942289][T16293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 781.942314][T16293] RIP: 0033:0x7f403498e969 [ 781.942332][T16293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 781.942356][T16293] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 781.942378][T16293] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 781.942395][T16293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 781.942409][T16293] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 781.942424][T16293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 781.942439][T16293] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 781.942468][T16293] [ 783.579189][T16315] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 783.693111][T16315] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 783.755026][T16315] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 783.842422][T16315] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 784.069674][T16327] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 784.151309][T16327] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 784.230677][T16327] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 784.319075][T16327] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 784.543074][T16337] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 784.643591][T16337] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 784.737000][T16337] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 784.846205][T16337] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 787.142226][T15183] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 791.671821][T15183] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 792.734100][T15183] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 793.268087][T16478] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4128'. [ 793.335420][T16478] netlink: 302 bytes leftover after parsing attributes in process `syz.2.4128'. [ 797.403749][T16547] netlink: 'syz.0.4154': attribute type 4 has an invalid length. [ 797.445672][T16547] netlink: 314 bytes leftover after parsing attributes in process `syz.0.4154'. [ 797.640129][T16545] FAULT_INJECTION: forcing a failure. [ 797.640129][T16545] name failslab, interval 1, probability 0, space 0, times 0 [ 797.810423][T16545] CPU: 1 UID: 0 PID: 16545 Comm: syz.2.4150 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 797.810466][T16545] Tainted: [U]=USER [ 797.810474][T16545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 797.810489][T16545] Call Trace: [ 797.810497][T16545] [ 797.810506][T16545] dump_stack_lvl+0x16c/0x1f0 [ 797.810545][T16545] should_fail_ex+0x512/0x640 [ 797.810579][T16545] ? fs_reclaim_acquire+0xae/0x150 [ 797.810618][T16545] ? security_inode_init_security+0x13f/0x390 [ 797.810656][T16545] should_failslab+0xc2/0x120 [ 797.810690][T16545] __kmalloc_noprof+0xd2/0x510 [ 797.810723][T16545] security_inode_init_security+0x13f/0x390 [ 797.810764][T16545] ? __pfx_shmem_initxattrs+0x10/0x10 [ 797.810800][T16545] ? __pfx_security_inode_init_security+0x10/0x10 [ 797.810854][T16545] shmem_mknod+0x22e/0x450 [ 797.810896][T16545] ? __pfx_shmem_create+0x10/0x10 [ 797.810932][T16545] lookup_open.isra.0+0x11d0/0x1580 [ 797.810975][T16545] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 797.811026][T16545] ? __pfx_down_write+0x10/0x10 [ 797.811060][T16545] ? mnt_get_write_access+0x20c/0x300 [ 797.811096][T16545] path_openat+0x905/0x2d40 [ 797.811129][T16545] ? __pfx_path_openat+0x10/0x10 [ 797.811154][T16545] ? __lock_acquire+0xaa4/0x1ba0 [ 797.811188][T16545] do_filp_open+0x20b/0x470 [ 797.811211][T16545] ? __pfx_do_filp_open+0x10/0x10 [ 797.811256][T16545] ? _raw_spin_unlock+0x28/0x50 [ 797.811284][T16545] ? alloc_fd+0x471/0x7d0 [ 797.811338][T16545] do_sys_openat2+0x11b/0x1d0 [ 797.811371][T16545] ? __pfx_do_sys_openat2+0x10/0x10 [ 797.811415][T16545] __x64_sys_open+0x153/0x1e0 [ 797.811448][T16545] ? __pfx___x64_sys_open+0x10/0x10 [ 797.811486][T16545] ? rcu_is_watching+0x12/0xc0 [ 797.811512][T16545] do_syscall_64+0xcd/0x230 [ 797.811548][T16545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.811572][T16545] RIP: 0033:0x7f403498e969 [ 797.811591][T16545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 797.811615][T16545] RSP: 002b:00007f40327f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 797.811637][T16545] RAX: ffffffffffffffda RBX: 00007f4034bb6080 RCX: 00007f403498e969 [ 797.811653][T16545] RDX: 0000000000000154 RSI: 0000000000022240 RDI: 0000200000000800 [ 797.811668][T16545] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 797.811683][T16545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 797.811697][T16545] R13: 0000000000000000 R14: 00007f4034bb6080 R15: 00007ffd027e1618 [ 797.811728][T16545] [ 799.001988][T16570] netlink: 504 bytes leftover after parsing attributes in process `syz.1.4164'. [ 799.067117][T16570] netlink: 504 bytes leftover after parsing attributes in process `syz.1.4164'. [ 799.584739][T16579] FAULT_INJECTION: forcing a failure. [ 799.584739][T16579] name failslab, interval 1, probability 0, space 0, times 0 [ 799.663261][T16579] CPU: 1 UID: 0 PID: 16579 Comm: syz.1.4167 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 799.663303][T16579] Tainted: [U]=USER [ 799.663311][T16579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 799.663326][T16579] Call Trace: [ 799.663334][T16579] [ 799.663343][T16579] dump_stack_lvl+0x16c/0x1f0 [ 799.663381][T16579] should_fail_ex+0x512/0x640 [ 799.663415][T16579] ? fs_reclaim_acquire+0xae/0x150 [ 799.663455][T16579] should_failslab+0xc2/0x120 [ 799.663486][T16579] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 799.663513][T16579] ? security_inode_alloc+0x3b/0x2b0 [ 799.663544][T16579] security_inode_alloc+0x3b/0x2b0 [ 799.663571][T16579] inode_init_always_gfp+0xce4/0x1030 [ 799.663615][T16579] alloc_inode+0x86/0x240 [ 799.663644][T16579] path_from_stashed+0x2be/0xb00 [ 799.663667][T16579] ? do_raw_spin_lock+0x12c/0x2b0 [ 799.663706][T16579] ? __pfx_path_from_stashed+0x10/0x10 [ 799.663731][T16579] ? do_raw_spin_unlock+0x172/0x230 [ 799.663773][T16579] ns_get_path+0x5f/0x80 [ 799.663809][T16579] proc_ns_get_link+0x121/0x260 [ 799.663848][T16579] ? __pfx_proc_ns_get_link+0x10/0x10 [ 799.663887][T16579] ? __pfx___might_resched+0x10/0x10 [ 799.663918][T16579] ? __pfx_proc_ns_get_link+0x10/0x10 [ 799.663956][T16579] step_into+0x1b22/0x2270 [ 799.663998][T16579] ? __pfx_step_into+0x10/0x10 [ 799.664032][T16579] ? find_held_lock+0x2b/0x80 [ 799.664064][T16579] path_openat+0x749/0x2d40 [ 799.664097][T16579] ? __pfx_path_openat+0x10/0x10 [ 799.664127][T16579] do_filp_open+0x20b/0x470 [ 799.664150][T16579] ? __pfx_do_filp_open+0x10/0x10 [ 799.664193][T16579] ? alloc_fd+0x471/0x7d0 [ 799.664243][T16579] do_sys_openat2+0x11b/0x1d0 [ 799.664276][T16579] ? __pfx_do_sys_openat2+0x10/0x10 [ 799.664320][T16579] __x64_sys_openat+0x174/0x210 [ 799.664354][T16579] ? __pfx___x64_sys_openat+0x10/0x10 [ 799.664389][T16579] ? rcu_is_watching+0x12/0xc0 [ 799.664419][T16579] do_syscall_64+0xcd/0x230 [ 799.664455][T16579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.664480][T16579] RIP: 0033:0x7fc04598d2d0 [ 799.664499][T16579] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 799.664522][T16579] RSP: 002b:00007fc04678ff10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 799.664544][T16579] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc04598d2d0 [ 799.664560][T16579] RDX: 0000000000000002 RSI: 00007fc04678ffa0 RDI: 00000000ffffff9c [ 799.664575][T16579] RBP: 00007fc04678ffa0 R08: 0000000000000000 R09: 0000000000000000 [ 799.664590][T16579] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 799.664604][T16579] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 799.664632][T16579] [ 800.614603][T16587] netlink: 'syz.3.4171': attribute type 4 has an invalid length. [ 800.638627][T16587] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4171'. [ 801.131787][T16595] netlink: 'syz.2.4174': attribute type 29 has an invalid length. [ 804.128466][T16631] FAULT_INJECTION: forcing a failure. [ 804.128466][T16631] name failslab, interval 1, probability 0, space 0, times 0 [ 804.294686][T16631] CPU: 1 UID: 0 PID: 16631 Comm: syz.2.4189 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 804.294729][T16631] Tainted: [U]=USER [ 804.294737][T16631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 804.294752][T16631] Call Trace: [ 804.294759][T16631] [ 804.294769][T16631] dump_stack_lvl+0x16c/0x1f0 [ 804.294815][T16631] should_fail_ex+0x512/0x640 [ 804.294850][T16631] ? __kmalloc_noprof+0xbf/0x510 [ 804.294878][T16631] ? lsm_blob_alloc+0x68/0x90 [ 804.294915][T16631] should_failslab+0xc2/0x120 [ 804.294945][T16631] __kmalloc_noprof+0xd2/0x510 [ 804.294979][T16631] lsm_blob_alloc+0x68/0x90 [ 804.295017][T16631] security_sk_alloc+0x30/0x270 [ 804.295043][T16631] sk_prot_alloc+0xfb/0x2a0 [ 804.295079][T16631] sk_alloc+0x36/0xc20 [ 804.295104][T16631] inet6_create+0x381/0x1300 [ 804.295131][T16631] ? inet6_create+0x7f/0x1300 [ 804.295158][T16631] __sock_create+0x335/0x8d0 [ 804.295201][T16631] smc_create_clcsk+0x37/0xd0 [ 804.295228][T16631] ? __pfx_smc_inet_init_sock+0x10/0x10 [ 804.295266][T16631] inet6_create+0xb2d/0x1300 [ 804.295291][T16631] ? inet6_create+0x7f/0x1300 [ 804.295318][T16631] __sock_create+0x335/0x8d0 [ 804.295358][T16631] __sys_socket+0x14d/0x260 [ 804.295394][T16631] ? __pfx___sys_socket+0x10/0x10 [ 804.295431][T16631] ? rcu_is_watching+0x12/0xc0 [ 804.295459][T16631] __x64_sys_socket+0x72/0xb0 [ 804.295497][T16631] ? lockdep_hardirqs_on+0x7c/0x110 [ 804.295529][T16631] do_syscall_64+0xcd/0x230 [ 804.295565][T16631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.295590][T16631] RIP: 0033:0x7f403498e969 [ 804.295609][T16631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 804.295633][T16631] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 804.295655][T16631] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 804.295670][T16631] RDX: 0000000000000100 RSI: 0000000000000001 RDI: 000000000000000a [ 804.295684][T16631] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 804.295698][T16631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 804.295712][T16631] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 804.295741][T16631] [ 808.046192][T16684] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4209'. [ 808.500184][T16694] mkiss: ax0: crc mode is auto. [ 808.658308][T16700] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4213'. [ 808.710096][T16701] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4213'. [ 808.845226][T16700] netlink: 290 bytes leftover after parsing attributes in process `syz.0.4213'. [ 809.476233][T16713] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4218'. [ 809.689431][T16713] veth0_vlan: left promiscuous mode [ 809.703474][T16713] veth0_vlan: entered promiscuous mode [ 809.790614][T16719] netlink: 206 bytes leftover after parsing attributes in process `syz.3.4220'. [ 812.240032][T16759] netlink: 'syz.0.4233': attribute type 4 has an invalid length. [ 812.293336][T16759] netlink: 314 bytes leftover after parsing attributes in process `syz.0.4233'. [ 812.356026][T16759] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 812.364055][T16759] IPv6: NLM_F_CREATE should be set when creating new route [ 812.402764][T16762] FAULT_INJECTION: forcing a failure. [ 812.402764][T16762] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 812.465792][T16762] CPU: 1 UID: 0 PID: 16762 Comm: syz.2.4234 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 812.465833][T16762] Tainted: [U]=USER [ 812.465840][T16762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 812.465856][T16762] Call Trace: [ 812.465864][T16762] [ 812.465873][T16762] dump_stack_lvl+0x16c/0x1f0 [ 812.465911][T16762] should_fail_ex+0x512/0x640 [ 812.465950][T16762] should_fail_alloc_page+0xe7/0x130 [ 812.465983][T16762] prepare_alloc_pages+0x3c2/0x610 [ 812.466044][T16762] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 812.466074][T16762] ? kasan_save_stack+0x33/0x60 [ 812.466105][T16762] ? __lock_acquire+0xaa4/0x1ba0 [ 812.466139][T16762] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 812.466177][T16762] ? __lock_acquire+0xaa4/0x1ba0 [ 812.466214][T16762] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 812.466249][T16762] ? policy_nodemask+0xea/0x4e0 [ 812.466280][T16762] alloc_pages_mpol+0x1fb/0x550 [ 812.466310][T16762] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 812.466342][T16762] ? __anon_vma_prepare+0x2db/0x5e0 [ 812.466372][T16762] folio_alloc_mpol_noprof+0x36/0x2f0 [ 812.466408][T16762] vma_alloc_folio_noprof+0xed/0x1e0 [ 812.466442][T16762] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 812.466475][T16762] ? __anon_vma_prepare+0x2e2/0x5e0 [ 812.466508][T16762] do_pte_missing+0x223d/0x3fb0 [ 812.466536][T16762] ? __pmd_alloc+0x3c2/0x870 [ 812.466575][T16762] __handle_mm_fault+0x103d/0x2a40 [ 812.466607][T16762] ? __pfx___handle_mm_fault+0x10/0x10 [ 812.466656][T16762] handle_mm_fault+0x3fe/0xad0 [ 812.466685][T16762] __get_user_pages+0x771/0x36f0 [ 812.466735][T16762] ? __pfx___get_user_pages+0x10/0x10 [ 812.466783][T16762] get_user_pages_remote+0x258/0xb20 [ 812.466829][T16762] ? __pfx_get_user_pages_remote+0x10/0x10 [ 812.466879][T16762] get_arg_page+0xf4/0x310 [ 812.466916][T16762] ? __pfx_get_arg_page+0x10/0x10 [ 812.466955][T16762] ? up_write+0x1b2/0x520 [ 812.466992][T16762] copy_string_kernel+0x155/0x4a0 [ 812.467043][T16762] do_execveat_common.isra.0+0x2ed/0x610 [ 812.467087][T16762] __x64_sys_execve+0x8e/0xb0 [ 812.467127][T16762] do_syscall_64+0xcd/0x230 [ 812.467164][T16762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.467189][T16762] RIP: 0033:0x7f403498e969 [ 812.467208][T16762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 812.467231][T16762] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 812.467253][T16762] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 812.467269][T16762] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 812.467283][T16762] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 812.467298][T16762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.467312][T16762] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 812.467342][T16762] [ 813.969547][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.978283][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.548120][T16810] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4253'. [ 815.962744][T16815] syz.1.4255 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 817.719803][T16831] netlink: 'syz.3.4261': attribute type 4 has an invalid length. [ 817.783758][T16831] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4261'. [ 818.548628][T16848] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4265'. [ 819.647179][T16863] could not allocate digest TFM handle [ 819.738908][T16867] FAULT_INJECTION: forcing a failure. [ 819.738908][T16867] name failslab, interval 1, probability 0, space 0, times 0 [ 819.798524][T16871] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4273'. [ 819.825911][T16867] CPU: 1 UID: 0 PID: 16867 Comm: syz.2.4272 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 819.825954][T16867] Tainted: [U]=USER [ 819.825962][T16867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 819.825976][T16867] Call Trace: [ 819.825984][T16867] [ 819.825994][T16867] dump_stack_lvl+0x16c/0x1f0 [ 819.826033][T16867] should_fail_ex+0x512/0x640 [ 819.826068][T16867] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 819.826112][T16867] should_failslab+0xc2/0x120 [ 819.826142][T16867] __kmalloc_cache_noprof+0x6a/0x3e0 [ 819.826199][T16867] ? ktime_get_coarse_real_ts64_mg+0x26c/0x320 [ 819.826231][T16867] ? ktime_get_coarse_real_ts64_mg+0x200/0x320 [ 819.826261][T16867] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 819.826290][T16867] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 819.826316][T16867] hugetlb_reserve_pages+0x149/0xd90 [ 819.826368][T16867] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 819.826406][T16867] ? atime_needs_update+0x8b/0x710 [ 819.826447][T16867] hugetlbfs_file_mmap+0x4a1/0x730 [ 819.826482][T16867] __mmap_region+0x1485/0x27c0 [ 819.826513][T16867] ? __pfx___mmap_region+0x10/0x10 [ 819.826539][T16867] ? kernel_text_address+0x8d/0x100 [ 819.826599][T16867] ? stack_depot_save_flags+0x28/0xa50 [ 819.826670][T16867] ? rcu_is_watching+0x12/0xc0 [ 819.826701][T16867] mmap_region+0x32b/0x3f0 [ 819.826735][T16867] do_mmap+0xd8e/0x11b0 [ 819.826776][T16867] ? __pfx_do_mmap+0x10/0x10 [ 819.826812][T16867] ? __pfx_down_write_killable+0x10/0x10 [ 819.826857][T16867] vm_mmap_pgoff+0x281/0x450 [ 819.826898][T16867] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 819.826930][T16867] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 819.826964][T16867] ? hugetlbfs_get_inode+0x31f/0x730 [ 819.827002][T16867] ksys_mmap_pgoff+0x1c8/0x5c0 [ 819.827037][T16867] ? rcu_is_watching+0x12/0xc0 [ 819.827062][T16867] __x64_sys_mmap+0x125/0x190 [ 819.827089][T16867] do_syscall_64+0xcd/0x230 [ 819.827126][T16867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.827151][T16867] RIP: 0033:0x7f403498e969 [ 819.827169][T16867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 819.827193][T16867] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 819.827216][T16867] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 819.827231][T16867] RDX: 0000000000000002 RSI: 0000000000a00006 RDI: 0000000000c00000 [ 819.827246][T16867] RBP: 00007f4034a10ab1 R08: 0000000000000602 R09: 0000300000000000 [ 819.827261][T16867] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 819.827275][T16867] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 819.827305][T16867] [ 820.840345][T16876] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 822.546180][T16890] FAULT_INJECTION: forcing a failure. [ 822.546180][T16890] name failslab, interval 1, probability 0, space 0, times 0 [ 822.660202][T16890] CPU: 1 UID: 0 PID: 16890 Comm: syz.1.4280 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 822.660245][T16890] Tainted: [U]=USER [ 822.660252][T16890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 822.660267][T16890] Call Trace: [ 822.660275][T16890] [ 822.660283][T16890] dump_stack_lvl+0x16c/0x1f0 [ 822.660323][T16890] should_fail_ex+0x512/0x640 [ 822.660357][T16890] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 822.660387][T16890] should_failslab+0xc2/0x120 [ 822.660417][T16890] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 822.660444][T16890] ? security_file_alloc+0x34/0x2b0 [ 822.660481][T16890] security_file_alloc+0x34/0x2b0 [ 822.660513][T16890] init_file+0x93/0x4c0 [ 822.660542][T16890] alloc_empty_file+0x73/0x1e0 [ 822.660574][T16890] path_openat+0xe0/0x2d40 [ 822.660595][T16890] ? __x64_sys_openat+0x174/0x210 [ 822.660626][T16890] ? do_syscall_64+0xcd/0x230 [ 822.660658][T16890] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 822.660694][T16890] ? __pfx_path_openat+0x10/0x10 [ 822.660724][T16890] do_filp_open+0x20b/0x470 [ 822.660747][T16890] ? __pfx_do_filp_open+0x10/0x10 [ 822.660790][T16890] ? alloc_fd+0x471/0x7d0 [ 822.660835][T16890] do_sys_openat2+0x11b/0x1d0 [ 822.660867][T16890] ? __pfx_do_sys_openat2+0x10/0x10 [ 822.660910][T16890] __x64_sys_openat+0x174/0x210 [ 822.660943][T16890] ? __pfx___x64_sys_openat+0x10/0x10 [ 822.660978][T16890] ? rcu_is_watching+0x12/0xc0 [ 822.661009][T16890] do_syscall_64+0xcd/0x230 [ 822.661045][T16890] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 822.661069][T16890] RIP: 0033:0x7fc04598d2d0 [ 822.661088][T16890] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 822.661112][T16890] RSP: 002b:00007fc04678ff10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 822.661134][T16890] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc04598d2d0 [ 822.661149][T16890] RDX: 0000000000000002 RSI: 00007fc04678ffa0 RDI: 00000000ffffff9c [ 822.661169][T16890] RBP: 00007fc04678ffa0 R08: 0000000000000000 R09: 0000000000000000 [ 822.661184][T16890] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 822.661198][T16890] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 822.661226][T16890] [ 822.913103][ C1] vkms_vblank_simulate: vblank timer overrun [ 824.862469][T16928] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4292'. [ 824.916462][T16928] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4292'. [ 825.028372][T16936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4295'. [ 828.018719][T16987] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 828.151867][T16987] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 828.230070][T16987] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 828.337203][T16987] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 828.586165][T16994] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 828.704753][T16994] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 828.786256][T16994] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 828.915113][T16994] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 829.166286][T17006] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 829.314556][T17006] EXT4-fs error (device sda1): htree_dirblock_to_tree:1053: inode #243: comm dhcpcd-run-hook: Directory block failed checksum [ 829.410395][T17006] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #243: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D. [ 829.516076][T17006] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #243: comm dhcpcd-run-hook: checksumming directory block 0 [ 829.795332][T17016] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4325'. [ 830.006950][T17022] netlink: 338 bytes leftover after parsing attributes in process `syz.3.4325'. [ 832.326302][T17059] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 832.356792][T17059] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 832.427848][T17059] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 832.497775][T17059] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 832.670010][T17059] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 832.739536][T17059] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 832.854074][T17059] CPU0 is offline. [ 833.675641][T17073] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4346'. [ 834.334713][T15183] Bluetooth: hci0: command 0x0406 tx timeout [ 834.414730][ T5829] Bluetooth: hci2: command 0x0406 tx timeout [ 834.421455][T15183] Bluetooth: hci1: command 0x0406 tx timeout [ 834.734772][T15183] Bluetooth: hci3: command 0x0c1a tx timeout [ 835.165719][ T30] audit: type=1806 audit(4294967306.809:15): xattr="0" res=-22 [ 836.494753][T15183] Bluetooth: hci1: command 0x0406 tx timeout [ 836.814735][T15183] Bluetooth: hci3: command 0x0c1a tx timeout [ 837.209751][T17113] FAULT_INJECTION: forcing a failure. [ 837.209751][T17113] name failslab, interval 1, probability 0, space 0, times 0 [ 837.375927][T17113] CPU: 1 UID: 0 PID: 17113 Comm: syz.1.4358 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 837.375969][T17113] Tainted: [U]=USER [ 837.375977][T17113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 837.375992][T17113] Call Trace: [ 837.376000][T17113] [ 837.376010][T17113] dump_stack_lvl+0x16c/0x1f0 [ 837.376049][T17113] should_fail_ex+0x512/0x640 [ 837.376091][T17113] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 837.376123][T17113] should_failslab+0xc2/0x120 [ 837.376153][T17113] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 837.376181][T17113] ? ptlock_alloc+0x1f/0x70 [ 837.376208][T17113] ptlock_alloc+0x1f/0x70 [ 837.376230][T17113] pte_alloc_one+0x6d/0x380 [ 837.376258][T17113] __pte_alloc+0x6d/0x3c0 [ 837.376291][T17113] ? __pfx___pte_alloc+0x10/0x10 [ 837.376322][T17113] ? __pfx___might_resched+0x10/0x10 [ 837.376348][T17113] ? copy_page_range+0x197d/0x5fe0 [ 837.376389][T17113] copy_page_range+0x3a29/0x5fe0 [ 837.376457][T17113] ? __pfx_copy_page_range+0x10/0x10 [ 837.376505][T17113] ? __pfx___might_resched+0x10/0x10 [ 837.376530][T17113] ? __pfx_mas_store+0x10/0x10 [ 837.376565][T17113] ? __vma_enter_locked+0x163/0x3f0 [ 837.376597][T17113] ? copy_process+0x85dd/0x91a0 [ 837.376627][T17113] ? down_write+0x14d/0x200 [ 837.376666][T17113] ? up_write+0x1b2/0x520 [ 837.376703][T17113] copy_process+0x862b/0x91a0 [ 837.376755][T17113] ? __pfx_copy_process+0x10/0x10 [ 837.376784][T17113] ? __pfx___futex_wait+0x10/0x10 [ 837.376841][T17113] kernel_clone+0xfc/0x960 [ 837.376874][T17113] ? __pfx_kernel_clone+0x10/0x10 [ 837.376925][T17113] __do_sys_clone+0xce/0x120 [ 837.376956][T17113] ? __pfx___do_sys_clone+0x10/0x10 [ 837.376986][T17113] ? ksys_unshare+0x687/0xa40 [ 837.377032][T17113] ? rcu_is_watching+0x12/0xc0 [ 837.377067][T17113] do_syscall_64+0xcd/0x230 [ 837.377104][T17113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 837.377130][T17113] RIP: 0033:0x7fc04598e969 [ 837.377149][T17113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 837.377173][T17113] RSP: 002b:00007fc04678ffe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 837.377205][T17113] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 837.377221][T17113] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 837.377235][T17113] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 837.377251][T17113] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 837.377265][T17113] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 837.377295][T17113] [ 840.891641][T17146] FAULT_INJECTION: forcing a failure. [ 840.891641][T17146] name failslab, interval 1, probability 0, space 0, times 0 [ 841.046853][T17146] CPU: 1 UID: 0 PID: 17146 Comm: syz.3.4371 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 841.046897][T17146] Tainted: [U]=USER [ 841.046904][T17146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 841.046918][T17146] Call Trace: [ 841.046926][T17146] [ 841.046935][T17146] dump_stack_lvl+0x16c/0x1f0 [ 841.046974][T17146] should_fail_ex+0x512/0x640 [ 841.047008][T17146] ? __kmalloc_noprof+0xbf/0x510 [ 841.047037][T17146] ? drm_atomic_state_init+0x17b/0x320 [ 841.047070][T17146] should_failslab+0xc2/0x120 [ 841.047100][T17146] __kmalloc_noprof+0xd2/0x510 [ 841.047134][T17146] drm_atomic_state_init+0x17b/0x320 [ 841.047166][T17146] ? __kasan_kmalloc+0xaa/0xb0 [ 841.047192][T17146] drm_atomic_state_alloc+0xd3/0x120 [ 841.047226][T17146] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 841.047258][T17146] ? __pfx___might_resched+0x10/0x10 [ 841.047287][T17146] ? rcu_is_watching+0x12/0xc0 [ 841.047309][T17146] ? trace_contention_end+0xdd/0x130 [ 841.047343][T17146] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 841.047406][T17146] drm_client_modeset_commit_locked+0x14d/0x580 [ 841.047442][T17146] drm_client_modeset_commit+0x4f/0x80 [ 841.047474][T17146] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 841.047503][T17146] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 841.047541][T17146] drm_fbdev_client_restore+0x2c/0x40 [ 841.047584][T17146] drm_client_dev_restore+0x1f3/0x2a0 [ 841.047619][T17146] drm_release+0x2c4/0x360 [ 841.047649][T17146] ? __pfx_drm_release+0x10/0x10 [ 841.047675][T17146] __fput+0x3ff/0xb70 [ 841.047712][T17146] task_work_run+0x14d/0x240 [ 841.047751][T17146] ? __pfx_task_work_run+0x10/0x10 [ 841.047789][T17146] ? __pfx___do_sys_close_range+0x10/0x10 [ 841.047812][T17146] ? rcu_is_watching+0x12/0xc0 [ 841.047840][T17146] syscall_exit_to_user_mode+0x27b/0x2a0 [ 841.047881][T17146] do_syscall_64+0xda/0x230 [ 841.047918][T17146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.047943][T17146] RIP: 0033:0x7f493cb8e969 [ 841.047962][T17146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 841.047986][T17146] RSP: 002b:00007f493da72038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 841.048008][T17146] RAX: 0000000000000000 RBX: 00007f493cdb5fa0 RCX: 00007f493cb8e969 [ 841.048024][T17146] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 841.048038][T17146] RBP: 00007f493cc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 841.048052][T17146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 841.048066][T17146] R13: 0000000000000000 R14: 00007f493cdb5fa0 R15: 00007ffc5d9a5538 [ 841.048097][T17146] [ 845.162764][T17195] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4390'. [ 845.223643][T17195] netlink: 306 bytes leftover after parsing attributes in process `syz.3.4390'. [ 847.986259][T17234] netlink: 'syz.0.4404': attribute type 19 has an invalid length. [ 848.036391][T17234] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4404'. [ 848.782276][T17246] netlink: 504 bytes leftover after parsing attributes in process `syz.3.4408'. [ 848.850674][T17246] netlink: 350 bytes leftover after parsing attributes in process `syz.3.4408'. [ 849.498804][T17258] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4415'. [ 849.703391][T17263] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4416'. [ 850.311621][T17276] mkiss: ax0: crc mode is auto. [ 851.183244][T17291] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4427'. [ 851.243505][T17291] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4427'. [ 851.797448][T17310] ERROR: Out of memory at tomoyo_memory_ok. [ 852.594395][T17325] netlink: 244 bytes leftover after parsing attributes in process `syz.3.4439'. [ 853.822645][T17342] sp0: Synchronizing with TNC [ 853.893321][T17349] sp0: Found TNC [ 853.910639][T17348] Loading of unsigned module is rejected [ 854.713128][T17355] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4450'. [ 855.423236][T17363] netlink: 306 bytes leftover after parsing attributes in process `syz.0.4453'. [ 855.524647][T17363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4453'. [ 855.618390][T17363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4453'. [ 855.728088][T15183] Bluetooth: hci3: Malformed LE Event: 0x1d [ 856.475207][T17377] sp0: Synchronizing with TNC [ 856.566992][T17380] sp0: Found TNC [ 856.924815][T17385] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4461'. [ 857.012131][T17384] netlink: 17 bytes leftover after parsing attributes in process `syz.2.4461'. [ 859.916932][T17417] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4472'. [ 860.522690][T17421] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4474'. [ 860.636376][T17421] ›: renamed from hsr0 (while UP) [ 861.847627][T17434] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4479'. [ 863.180128][T17448] mtrr: base(0x1010000000) is not aligned on a size(0x0000) boundary [ 863.586178][T17452] netlink: 186 bytes leftover after parsing attributes in process `syz.1.4487'. [ 863.903199][T17455] netlink: 266 bytes leftover after parsing attributes in process `syz.2.4486'. [ 864.001796][T17459] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4490'. [ 864.014713][T17455] IPv6: NLM_F_CREATE should be specified when creating new route [ 864.090125][T17459] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4490'. [ 864.156014][T17461] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 864.973202][ T5184] ERROR: Out of memory at tomoyo_memory_ok. [ 865.849478][T17462] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 867.588762][T17509] netlink: 326 bytes leftover after parsing attributes in process `syz.1.4507'. [ 867.746019][T17511] WARNING! power/level is deprecated; use power/control instead [ 867.821274][ C1] vcan0: j1939_tp_rxtimer: 0xffff888060b85c00: rx timeout, send abort [ 868.050636][T17515] openvswitch: netlink: IP tunnel dst address not specified [ 868.331478][ C1] vcan0: j1939_tp_rxtimer: 0xffff888060b85c00: abort rx timeout. Force session deactivation [ 868.808507][T17531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4517'. [ 870.296284][T17561] QAT: failed to copy from user. [ 871.267156][T17575] misc userio: The device must be registered before sending interrupts [ 872.038581][T17592] FAULT_INJECTION: forcing a failure. [ 872.038581][T17592] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 872.088102][T17592] CPU: 1 UID: 0 PID: 17592 Comm: syz.2.4540 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 872.088155][T17592] Tainted: [U]=USER [ 872.088163][T17592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 872.088178][T17592] Call Trace: [ 872.088185][T17592] [ 872.088194][T17592] dump_stack_lvl+0x16c/0x1f0 [ 872.088234][T17592] should_fail_ex+0x512/0x640 [ 872.088273][T17592] should_fail_alloc_page+0xe7/0x130 [ 872.088306][T17592] prepare_alloc_pages+0x3c2/0x610 [ 872.088348][T17592] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 872.088383][T17592] ? stack_trace_save+0x8e/0xc0 [ 872.088414][T17592] ? __lock_acquire+0xaa4/0x1ba0 [ 872.088445][T17592] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 872.088475][T17592] ? __lock_acquire+0xaa4/0x1ba0 [ 872.088519][T17592] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 872.088555][T17592] ? policy_nodemask+0xea/0x4e0 [ 872.088587][T17592] alloc_pages_mpol+0x1fb/0x550 [ 872.088617][T17592] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 872.088654][T17592] alloc_pages_noprof+0x131/0x390 [ 872.088684][T17592] pgd_alloc+0x49/0x4f0 [ 872.088715][T17592] mm_init+0x6f4/0x1370 [ 872.088740][T17592] ? mm_alloc+0x1c/0xc0 [ 872.088770][T17592] mm_alloc+0x9f/0xc0 [ 872.088796][T17592] alloc_bprm+0x2ab/0xdd0 [ 872.088831][T17592] ? strncpy_from_user+0x203/0x2e0 [ 872.088865][T17592] do_execveat_common.isra.0+0x1ce/0x610 [ 872.088909][T17592] __x64_sys_execve+0x8e/0xb0 [ 872.088955][T17592] do_syscall_64+0xcd/0x230 [ 872.088992][T17592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.089017][T17592] RIP: 0033:0x7f403498e969 [ 872.089037][T17592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 872.089060][T17592] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 872.089082][T17592] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 872.089098][T17592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0 [ 872.089113][T17592] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 872.089127][T17592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 872.089142][T17592] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 872.089171][T17592] [ 873.685433][T17612] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4547'. [ 873.752342][T17612] hsr0: left allmulticast mode [ 873.771169][T17612] hsr_slave_0: left allmulticast mode [ 874.113183][T17621] ERROR: Out of memory at tomoyo_memory_ok. [ 874.421705][T17628] netlink: 18 bytes leftover after parsing attributes in process `syz.2.4554'. [ 875.382960][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.390045][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 876.052745][T17659] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4565'. [ 877.940798][T17690] random: crng reseeded on system resumption [ 878.552981][T17700] FAULT_INJECTION: forcing a failure. [ 878.552981][T17700] name failslab, interval 1, probability 0, space 0, times 0 [ 878.658626][T17700] CPU: 1 UID: 0 PID: 17700 Comm: syz.1.4579 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 878.658668][T17700] Tainted: [U]=USER [ 878.658676][T17700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 878.658690][T17700] Call Trace: [ 878.658698][T17700] [ 878.658707][T17700] dump_stack_lvl+0x16c/0x1f0 [ 878.658745][T17700] should_fail_ex+0x512/0x640 [ 878.658780][T17700] ? __kmalloc_noprof+0xbf/0x510 [ 878.658808][T17700] ? __register_sysctl_table+0xb3/0x1900 [ 878.658835][T17700] should_failslab+0xc2/0x120 [ 878.658864][T17700] __kmalloc_noprof+0xd2/0x510 [ 878.658896][T17700] __register_sysctl_table+0xb3/0x1900 [ 878.658924][T17700] ? is_module_address+0x5f/0xf0 [ 878.658961][T17700] ? __pfx___register_sysctl_table+0x10/0x10 [ 878.658988][T17700] ? is_module_address+0x69/0xf0 [ 878.659018][T17700] ? register_net_sysctl_sz+0x228/0x3e0 [ 878.659057][T17700] ? __asan_memcpy+0x3c/0x60 [ 878.659085][T17700] xfrm_sysctl_init+0x1f5/0x2d0 [ 878.659135][T17700] xfrm_net_init+0x842/0xcc0 [ 878.659177][T17700] ? __pfx_xfrm_net_init+0x10/0x10 [ 878.659214][T17700] ops_init+0x1df/0x5f0 [ 878.659246][T17700] setup_net+0x21e/0x850 [ 878.659277][T17700] ? __pfx_setup_net+0x10/0x10 [ 878.659304][T17700] ? lockdep_init_map_type+0x5c/0x280 [ 878.659337][T17700] ? __pfx_down_read_killable+0x10/0x10 [ 878.659379][T17700] ? debug_mutex_init+0x37/0x70 [ 878.659404][T17700] copy_net_ns+0x2a6/0x5f0 [ 878.659438][T17700] create_new_namespaces+0x3ea/0xad0 [ 878.659472][T17700] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 878.659502][T17700] ksys_unshare+0x45b/0xa40 [ 878.659535][T17700] ? __pfx_ksys_unshare+0x10/0x10 [ 878.659567][T17700] ? xfd_validate_state+0x5d/0x180 [ 878.659608][T17700] ? rcu_is_watching+0x12/0xc0 [ 878.659636][T17700] __x64_sys_unshare+0x31/0x40 [ 878.659669][T17700] do_syscall_64+0xcd/0x230 [ 878.659705][T17700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 878.659730][T17700] RIP: 0033:0x7fc04598e969 [ 878.659749][T17700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 878.659772][T17700] RSP: 002b:00007fc046790038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 878.659794][T17700] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 878.659810][T17700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 878.659825][T17700] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 878.659839][T17700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 878.659853][T17700] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 878.659883][T17700] [ 879.757129][T17709] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4582'. [ 879.839356][T17709] : renamed from bond_slave_1 (while UP) [ 880.254100][T17712] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4583'. [ 881.797911][T17740] netlink: 'syz.3.4596': attribute type 64 has an invalid length. [ 881.893063][T17740] netlink: 74 bytes leftover after parsing attributes in process `syz.3.4596'. [ 882.129806][T17746] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4598'. [ 882.194035][T17747] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4598'. [ 882.360112][T17746] netlink: 286 bytes leftover after parsing attributes in process `syz.1.4598'. [ 884.635642][T15183] Bluetooth: hci3: unexpected event 0x09 length: 11 > 3 [ 885.108480][T17781] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4610'. [ 885.354618][T17784] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4611'. [ 885.450180][T17784] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 885.458249][T17784] IPv6: NLM_F_CREATE should be set when creating new route [ 885.466265][T17784] IPv6: NLM_F_CREATE should be set when creating new route [ 885.637214][T17786] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 885.727563][T17787] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4611'. [ 886.470721][T17795] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4614'. [ 886.942369][T17805] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 887.220869][ T5184] ERROR: Out of memory at tomoyo_memory_ok. [ 888.184686][T17806] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 891.509182][T17844] page: refcount:5 mapcount:4 mapping:0000000000000000 index:0x7f733d188 pfn:0x78400 [ 891.590409][T17844] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 891.719961][T17844] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 891.788343][T17846] could not allocate digest TFM handle [ 891.948639][T17844] raw: 00000007f733d188 0000000000000000 0000000500000003 0000000000000000 [ 892.122735][T17844] page dumped because: unmovable page [ 892.234693][T17844] page_owner tracks the page as allocated [ 892.346760][T17844] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5902, tgid 5902 (syz-executor), ts 105545455201, free_ts 105233066101 [ 892.482321][T17844] post_alloc_hook+0x181/0x1b0 [ 892.515506][T17844] get_page_from_freelist+0x135c/0x3920 [ 892.556623][T17844] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 892.595128][T17844] alloc_pages_mpol+0x1fb/0x550 [ 892.600532][T17844] alloc_pages_noprof+0x131/0x390 [ 892.663144][T17844] __vmalloc_node_range_noprof+0x732/0x1540 [ 892.694941][T17844] vmalloc_user_noprof+0x6b/0x90 [ 892.700452][T17844] kcov_ioctl+0x4c/0x730 [ 892.747250][T17844] __x64_sys_ioctl+0x190/0x200 [ 892.776425][T17844] do_syscall_64+0xcd/0x230 [ 892.791683][T17844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 892.824598][T17844] page last free pid 5823 tgid 5823 stack trace: [ 892.855669][T17844] __free_frozen_pages+0x69d/0xff0 [ 892.861457][T17844] vfree+0x176/0x960 [ 892.924611][T17844] kcov_close+0x34/0x60 [ 892.938026][T17844] __fput+0x3ff/0xb70 [ 892.964733][T17844] task_work_run+0x14d/0x240 [ 892.981228][T17844] do_exit+0xafb/0x2c30 [ 893.014612][T17844] do_group_exit+0xd3/0x2a0 [ 893.019639][T17844] __x64_sys_exit_group+0x3e/0x50 [ 893.056557][T17844] x64_sys_call+0x1530/0x1730 [ 893.061783][T17844] do_syscall_64+0xcd/0x230 [ 893.116539][T17844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 896.139781][T17901] page: refcount:6 mapcount:5 mapping:0000000000000000 index:0x7f733d188 pfn:0x78400 [ 896.185117][T17898] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #248: comm syz.2.4645: No space for directory leaf checksum. Please run e2fsck -D. [ 896.268754][T17898] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #248: comm syz.2.4645: checksumming directory block 0 [ 896.340174][T17898] platform regulatory.0: loading /lib/firmware/updates/6.15.0-rc5-syzkaller-00022-g01f95500a162/regulatory.db failed with error -74 [ 896.412898][T17898] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #248: comm syz.2.4645: No space for directory leaf checksum. Please run e2fsck -D. [ 896.441559][T17901] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 896.506921][T17898] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #248: comm syz.2.4645: checksumming directory block 0 [ 896.585381][T17898] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 896.664112][T17907] could not allocate digest TFM handle [ 896.690931][T17898] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #248: comm syz.2.4645: No space for directory leaf checksum. Please run e2fsck -D. [ 896.739420][T17901] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 896.761753][T17898] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #248: comm syz.2.4645: checksumming directory block 0 [ 896.808839][T17898] platform regulatory.0: loading /lib/firmware/6.15.0-rc5-syzkaller-00022-g01f95500a162/regulatory.db failed with error -74 [ 896.864906][T17898] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:376: inode #248: comm syz.2.4645: No space for directory leaf checksum. Please run e2fsck -D. [ 896.912810][T17901] raw: 00000007f733d188 0000000000000000 0000000600000004 0000000000000000 [ 896.948999][T17898] EXT4-fs error (device sda1): __ext4_find_entry:1626: inode #248: comm syz.2.4645: checksumming directory block 0 [ 897.018180][T17898] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74 [ 897.072792][T17898] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74 [ 897.126657][T17901] page dumped because: unmovable page [ 897.132623][T17901] page_owner tracks the page as allocated [ 897.154628][T17898] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 897.324723][T17901] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5902, tgid 5902 (syz-executor), ts 105545455201, free_ts 105233066101 [ 897.607432][T17901] post_alloc_hook+0x181/0x1b0 [ 897.612739][T17901] get_page_from_freelist+0x135c/0x3920 [ 897.764590][T17901] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 897.846014][T17930] netlink: 'syz.1.4655': attribute type 32 has an invalid length. [ 897.924707][T17901] alloc_pages_mpol+0x1fb/0x550 [ 897.930161][T17901] alloc_pages_noprof+0x131/0x390 [ 898.030957][T17901] __vmalloc_node_range_noprof+0x732/0x1540 [ 898.163307][T17901] vmalloc_user_noprof+0x6b/0x90 [ 898.210580][T17901] kcov_ioctl+0x4c/0x730 [ 898.265898][T17901] __x64_sys_ioctl+0x190/0x200 [ 898.302459][T17901] do_syscall_64+0xcd/0x230 [ 898.309251][T17938] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4659'. [ 898.329431][T17901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.383045][T17901] page last free pid 5823 tgid 5823 stack trace: [ 898.442984][T17901] __free_frozen_pages+0x69d/0xff0 [ 898.496613][T17901] vfree+0x176/0x960 [ 898.500980][T17901] kcov_close+0x34/0x60 [ 898.548372][T17901] __fput+0x3ff/0xb70 [ 898.552814][T17901] task_work_run+0x14d/0x240 [ 898.625412][T17901] do_exit+0xafb/0x2c30 [ 898.654580][T17901] do_group_exit+0xd3/0x2a0 [ 898.700725][T17901] __x64_sys_exit_group+0x3e/0x50 [ 898.744644][T17901] x64_sys_call+0x1530/0x1730 [ 898.776120][T17901] do_syscall_64+0xcd/0x230 [ 898.814720][T17901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 901.066464][T15183] Bluetooth: hci1: unexpected subevent 0x19 length: 252 > 28 [ 901.074838][T15183] Bluetooth: hci1: Unable to find connection with handle 0xc3d2 [ 902.874782][T17984] netlink: 'syz.0.4682': attribute type 4 has an invalid length. [ 902.914743][T17984] netlink: 314 bytes leftover after parsing attributes in process `syz.0.4682'. [ 905.068552][T18024] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4687'. [ 905.276389][T18024] geneve1: entered allmulticast mode [ 907.079600][T18050] FAULT_INJECTION: forcing a failure. [ 907.079600][T18050] name failslab, interval 1, probability 0, space 0, times 0 [ 907.155543][T18050] CPU: 1 UID: 0 PID: 18050 Comm: syz.2.4698 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 907.155585][T18050] Tainted: [U]=USER [ 907.155593][T18050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 907.155608][T18050] Call Trace: [ 907.155615][T18050] [ 907.155624][T18050] dump_stack_lvl+0x16c/0x1f0 [ 907.155663][T18050] should_fail_ex+0x512/0x640 [ 907.155697][T18050] ? __kmalloc_noprof+0xbf/0x510 [ 907.155726][T18050] ? vkms_crtc_atomic_check+0x3c5/0x880 [ 907.155749][T18050] should_failslab+0xc2/0x120 [ 907.155779][T18050] __kmalloc_noprof+0xd2/0x510 [ 907.155805][T18050] ? drm_atomic_add_affected_planes+0x32b/0x3f0 [ 907.155846][T18050] vkms_crtc_atomic_check+0x3c5/0x880 [ 907.155877][T18050] ? __pfx_vkms_crtc_atomic_check+0x10/0x10 [ 907.155900][T18050] drm_atomic_helper_check_planes+0x4da/0x900 [ 907.155950][T18050] drm_atomic_helper_check+0xae/0x190 [ 907.155976][T18050] vkms_atomic_check+0x1d9/0x250 [ 907.156012][T18050] ? __pfx_vkms_atomic_check+0x10/0x10 [ 907.156049][T18050] drm_atomic_check_only+0x19c7/0x3130 [ 907.156098][T18050] drm_atomic_commit+0x136/0x300 [ 907.156131][T18050] ? __pfx_drm_atomic_commit+0x10/0x10 [ 907.156163][T18050] ? __pfx___drm_printfn_info+0x10/0x10 [ 907.156203][T18050] ? drm_client_rotation+0x4d9/0x6a0 [ 907.156237][T18050] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 907.156278][T18050] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 907.156342][T18050] drm_client_modeset_commit_locked+0x14d/0x580 [ 907.156378][T18050] drm_client_modeset_commit+0x4f/0x80 [ 907.156409][T18050] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 907.156438][T18050] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 907.156475][T18050] drm_fbdev_client_restore+0x2c/0x40 [ 907.156511][T18050] drm_client_dev_restore+0x1f3/0x2a0 [ 907.156556][T18050] drm_release+0x2c4/0x360 [ 907.156587][T18050] ? __pfx_drm_release+0x10/0x10 [ 907.156612][T18050] __fput+0x3ff/0xb70 [ 907.156650][T18050] task_work_run+0x14d/0x240 [ 907.156689][T18050] ? __pfx_task_work_run+0x10/0x10 [ 907.156727][T18050] ? __pfx___do_sys_close_range+0x10/0x10 [ 907.156750][T18050] ? rcu_is_watching+0x12/0xc0 [ 907.156778][T18050] syscall_exit_to_user_mode+0x27b/0x2a0 [ 907.156815][T18050] do_syscall_64+0xda/0x230 [ 907.156851][T18050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.156876][T18050] RIP: 0033:0x7f403498e969 [ 907.156895][T18050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 907.156918][T18050] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 907.156941][T18050] RAX: 0000000000000000 RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 907.156956][T18050] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 907.156971][T18050] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 907.156986][T18050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 907.157000][T18050] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 907.157032][T18050] [ 908.375520][T18064] netlink: 158 bytes leftover after parsing attributes in process `syz.0.4702'. [ 908.528095][T18068] bond0: option all_slaves_active: invalid value () [ 908.730274][T18067] sp0: Synchronizing with TNC [ 909.279357][T18079] FAULT_INJECTION: forcing a failure. [ 909.279357][T18079] name failslab, interval 1, probability 0, space 0, times 0 [ 909.349641][T18079] CPU: 1 UID: 0 PID: 18079 Comm: syz.2.4708 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 909.349694][T18079] Tainted: [U]=USER [ 909.349702][T18079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 909.349717][T18079] Call Trace: [ 909.349726][T18079] [ 909.349735][T18079] dump_stack_lvl+0x16c/0x1f0 [ 909.349777][T18079] should_fail_ex+0x512/0x640 [ 909.349814][T18079] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 909.349861][T18079] should_failslab+0xc2/0x120 [ 909.349893][T18079] __kmalloc_cache_noprof+0x6a/0x3e0 [ 909.349937][T18079] ? do_signalfd4+0x172/0x420 [ 909.349982][T18079] do_signalfd4+0x172/0x420 [ 909.350025][T18079] __x64_sys_signalfd+0x120/0x1a0 [ 909.350068][T18079] ? __pfx___x64_sys_signalfd+0x10/0x10 [ 909.350109][T18079] ? rcu_is_watching+0x12/0xc0 [ 909.350142][T18079] do_syscall_64+0xcd/0x230 [ 909.350181][T18079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 909.350208][T18079] RIP: 0033:0x7f403498e969 [ 909.350228][T18079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 909.350254][T18079] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 000000000000011a [ 909.350279][T18079] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 909.350315][T18079] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00000000ffffffff [ 909.350333][T18079] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 909.350350][T18079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 909.350366][T18079] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 909.350398][T18079] [ 910.653219][T18089] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4711'. [ 910.696402][T18089] netlink: 242 bytes leftover after parsing attributes in process `syz.0.4711'. [ 911.629657][T18100] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4715'. [ 912.998102][T18127] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4724'. [ 915.444998][T18161] netlink: 'syz.2.4737': attribute type 16 has an invalid length. [ 915.490116][T18161] netlink: 50 bytes leftover after parsing attributes in process `syz.2.4737'. [ 915.878443][T18166] FAULT_INJECTION: forcing a failure. [ 915.878443][T18166] name failslab, interval 1, probability 0, space 0, times 0 [ 915.955732][T18166] CPU: 1 UID: 0 PID: 18166 Comm: syz.2.4738 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 915.955774][T18166] Tainted: [U]=USER [ 915.955781][T18166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 915.955795][T18166] Call Trace: [ 915.955802][T18166] [ 915.955811][T18166] dump_stack_lvl+0x16c/0x1f0 [ 915.955859][T18166] should_fail_ex+0x512/0x640 [ 915.955893][T18166] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 915.955924][T18166] should_failslab+0xc2/0x120 [ 915.955954][T18166] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 915.955981][T18166] ? __kernfs_new_node+0xd2/0x8a0 [ 915.956025][T18166] __kernfs_new_node+0xd2/0x8a0 [ 915.956068][T18166] ? __pfx___kernfs_new_node+0x10/0x10 [ 915.956115][T18166] ? find_held_lock+0x2b/0x80 [ 915.956139][T18166] ? kernfs_root+0xee/0x2a0 [ 915.956166][T18166] kernfs_new_node+0x13c/0x1e0 [ 915.956198][T18166] __kernfs_create_file+0x53/0x350 [ 915.956234][T18166] sysfs_add_file_mode_ns+0x207/0x3c0 [ 915.956279][T18166] internal_create_group+0x578/0xf30 [ 915.956311][T18166] ? __pfx_internal_create_group+0x10/0x10 [ 915.956339][T18166] ? kernfs_create_link+0x1bd/0x240 [ 915.956377][T18166] internal_create_groups+0x9d/0x150 [ 915.956403][T18166] device_add+0xf30/0x1a70 [ 915.956439][T18166] ? __pfx_device_add+0x10/0x10 [ 915.956471][T18166] ? lockdep_init_map_type+0x5c/0x280 [ 915.956504][T18166] ? __init_waitqueue_head+0xca/0x150 [ 915.956550][T18166] netdev_register_kobject+0x182/0x3a0 [ 915.956587][T18166] register_netdevice+0x13dc/0x2270 [ 915.956624][T18166] ? __pfx_register_netdevice+0x10/0x10 [ 915.956664][T18166] internal_dev_create+0x2d3/0x520 [ 915.956705][T18166] ovs_vport_add+0x144/0x4d0 [ 915.956763][T18166] new_vport+0x16/0x1d0 [ 915.956792][T18166] ovs_dp_cmd_new+0x6ba/0xe60 [ 915.956831][T18166] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 915.956882][T18166] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 915.956920][T18166] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 915.956963][T18166] genl_family_rcv_msg_doit+0x206/0x2f0 [ 915.957000][T18166] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 915.957035][T18166] ? trace_cap_capable+0x18d/0x200 [ 915.957067][T18166] ? bpf_lsm_capable+0x9/0x10 [ 915.957092][T18166] ? security_capable+0x7e/0x260 [ 915.957115][T18166] ? ns_capable+0xd7/0x110 [ 915.957143][T18166] genl_rcv_msg+0x55c/0x800 [ 915.957180][T18166] ? __pfx_genl_rcv_msg+0x10/0x10 [ 915.957213][T18166] ? __pfx___dev_queue_xmit+0x10/0x10 [ 915.957251][T18166] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 915.957285][T18166] ? __lock_acquire+0xaa4/0x1ba0 [ 915.957321][T18166] netlink_rcv_skb+0x16a/0x440 [ 915.957351][T18166] ? __pfx_genl_rcv_msg+0x10/0x10 [ 915.957387][T18166] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 915.957432][T18166] ? __pfx_down_read+0x10/0x10 [ 915.957470][T18166] ? netlink_deliver_tap+0x1ae/0xd30 [ 915.957502][T18166] genl_rcv+0x28/0x40 [ 915.957531][T18166] netlink_unicast+0x53a/0x7f0 [ 915.957565][T18166] ? __pfx_netlink_unicast+0x10/0x10 [ 915.957593][T18166] ? __lock_acquire+0xaa4/0x1ba0 [ 915.957631][T18166] netlink_sendmsg+0x8d1/0xdd0 [ 915.957666][T18166] ? __pfx_netlink_sendmsg+0x10/0x10 [ 915.957708][T18166] ____sys_sendmsg+0xa95/0xc70 [ 915.957743][T18166] ? copy_msghdr_from_user+0x10a/0x160 [ 915.957770][T18166] ? __pfx_____sys_sendmsg+0x10/0x10 [ 915.957819][T18166] ___sys_sendmsg+0x134/0x1d0 [ 915.957852][T18166] ? __pfx____sys_sendmsg+0x10/0x10 [ 915.957917][T18166] __sys_sendmsg+0x16d/0x220 [ 915.957945][T18166] ? __pfx___sys_sendmsg+0x10/0x10 [ 915.957971][T18166] ? __x64_sys_futex+0x1e0/0x4c0 [ 915.958006][T18166] ? rcu_is_watching+0x12/0xc0 [ 915.958037][T18166] do_syscall_64+0xcd/0x230 [ 915.958075][T18166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 915.958100][T18166] RIP: 0033:0x7f403498e969 [ 915.958119][T18166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 915.958142][T18166] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 915.958165][T18166] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 915.958181][T18166] RDX: 0000000002000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 915.958196][T18166] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 915.958211][T18166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 915.958225][T18166] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 915.958261][T18166] [ 919.581979][T18183] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4746'. [ 919.749066][T18188] FAULT_INJECTION: forcing a failure. [ 919.749066][T18188] name failslab, interval 1, probability 0, space 0, times 0 [ 919.844652][T18188] CPU: 1 UID: 0 PID: 18188 Comm: syz.1.4748 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 919.844694][T18188] Tainted: [U]=USER [ 919.844702][T18188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 919.844721][T18188] Call Trace: [ 919.844729][T18188] [ 919.844738][T18188] dump_stack_lvl+0x16c/0x1f0 [ 919.844777][T18188] should_fail_ex+0x512/0x640 [ 919.844811][T18188] ? fs_reclaim_acquire+0xae/0x150 [ 919.844851][T18188] should_failslab+0xc2/0x120 [ 919.844881][T18188] __kmalloc_cache_noprof+0x6a/0x3e0 [ 919.844922][T18188] ? tomoyo_write_log2+0x33d/0xc10 [ 919.844959][T18188] tomoyo_write_log2+0x33d/0xc10 [ 919.844997][T18188] tomoyo_supervisor+0x15e/0x13b0 [ 919.845040][T18188] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 919.845092][T18188] ? lockdep_hardirqs_on+0x7c/0x110 [ 919.845128][T18188] ? tomoyo_check_path_acl+0xad/0x210 [ 919.845156][T18188] ? tomoyo_check_acl+0x1f7/0x410 [ 919.845184][T18188] tomoyo_path_permission+0x270/0x3b0 [ 919.845215][T18188] tomoyo_check_open_permission+0x37b/0x3c0 [ 919.845245][T18188] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 919.845305][T18188] ? do_raw_spin_lock+0x12c/0x2b0 [ 919.845350][T18188] tomoyo_file_open+0x6b/0x90 [ 919.845390][T18188] security_file_open+0x84/0x1e0 [ 919.845422][T18188] do_dentry_open+0x596/0x1c10 [ 919.845456][T18188] vfs_open+0x82/0x3f0 [ 919.845490][T18188] path_openat+0x1e5e/0x2d40 [ 919.845525][T18188] ? __pfx_path_openat+0x10/0x10 [ 919.845555][T18188] do_filp_open+0x20b/0x470 [ 919.845578][T18188] ? __pfx_do_filp_open+0x10/0x10 [ 919.845623][T18188] ? alloc_fd+0x471/0x7d0 [ 919.845668][T18188] do_sys_openat2+0x11b/0x1d0 [ 919.845700][T18188] ? __pfx_do_sys_openat2+0x10/0x10 [ 919.845753][T18188] __x64_sys_openat+0x174/0x210 [ 919.845785][T18188] ? __pfx___x64_sys_openat+0x10/0x10 [ 919.845821][T18188] ? rcu_is_watching+0x12/0xc0 [ 919.845852][T18188] do_syscall_64+0xcd/0x230 [ 919.845889][T18188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 919.845914][T18188] RIP: 0033:0x7fc04598e969 [ 919.845933][T18188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 919.845957][T18188] RSP: 002b:00007fc046790038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 919.845980][T18188] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 919.845996][T18188] RDX: 0000000000000002 RSI: 0000200000000300 RDI: ffffffffffffff9c [ 919.846011][T18188] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 919.846025][T18188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 919.846040][T18188] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 919.846070][T18188] [ 922.448337][T18221] netlink: 'syz.2.4761': attribute type 15 has an invalid length. [ 922.489586][T18221] netlink: 'syz.2.4761': attribute type 16 has an invalid length. [ 922.539800][T18221] netlink: 'syz.2.4761': attribute type 17 has an invalid length. [ 922.578086][T18221] netlink: 'syz.2.4761': attribute type 19 has an invalid length. [ 922.627261][T18221] netlink: 238 bytes leftover after parsing attributes in process `syz.2.4761'. [ 923.562799][T18244] FAULT_INJECTION: forcing a failure. [ 923.562799][T18244] name failslab, interval 1, probability 0, space 0, times 0 [ 923.651945][T18244] CPU: 1 UID: 0 PID: 18244 Comm: syz.1.4770 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 923.651988][T18244] Tainted: [U]=USER [ 923.651996][T18244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 923.652010][T18244] Call Trace: [ 923.652018][T18244] [ 923.652026][T18244] dump_stack_lvl+0x16c/0x1f0 [ 923.652072][T18244] should_fail_ex+0x512/0x640 [ 923.652107][T18244] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 923.652137][T18244] should_failslab+0xc2/0x120 [ 923.652167][T18244] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 923.652194][T18244] ? __kernfs_new_node+0xd2/0x8a0 [ 923.652239][T18244] __kernfs_new_node+0xd2/0x8a0 [ 923.652281][T18244] ? __pfx___kernfs_new_node+0x10/0x10 [ 923.652328][T18244] ? find_held_lock+0x2b/0x80 [ 923.652352][T18244] ? kernfs_root+0xee/0x2a0 [ 923.652379][T18244] kernfs_new_node+0x13c/0x1e0 [ 923.652411][T18244] __kernfs_create_file+0x53/0x350 [ 923.652446][T18244] sysfs_add_file_mode_ns+0x207/0x3c0 [ 923.652492][T18244] internal_create_group+0x578/0xf30 [ 923.652522][T18244] ? __pfx_internal_create_group+0x10/0x10 [ 923.652550][T18244] ? kernfs_create_link+0x1bd/0x240 [ 923.652587][T18244] internal_create_groups+0x9d/0x150 [ 923.652613][T18244] device_add+0x6d1/0x1a70 [ 923.652650][T18244] ? __pfx_device_add+0x10/0x10 [ 923.652682][T18244] ? lockdep_init_map_type+0x5c/0x280 [ 923.652715][T18244] ? __init_waitqueue_head+0xca/0x150 [ 923.652760][T18244] netdev_register_kobject+0x182/0x3a0 [ 923.652797][T18244] register_netdevice+0x13dc/0x2270 [ 923.652833][T18244] ? __pfx_register_netdevice+0x10/0x10 [ 923.652862][T18244] ? rcu_is_watching+0x12/0xc0 [ 923.652884][T18244] ? trace_kmalloc+0x2b/0xd0 [ 923.652915][T18244] ? __kmalloc_noprof+0x242/0x510 [ 923.652946][T18244] register_netdev+0x34/0x50 [ 923.652980][T18244] mkiss_open+0x4cd/0x9a0 [ 923.653018][T18244] ? __pfx_mkiss_open+0x10/0x10 [ 923.653061][T18244] tty_ldisc_open+0x9c/0x120 [ 923.653085][T18244] tty_set_ldisc+0x32b/0x780 [ 923.653114][T18244] tty_ioctl+0xc42/0x1610 [ 923.653144][T18244] ? __pfx_tty_ioctl+0x10/0x10 [ 923.653299][T18244] ? find_held_lock+0x2b/0x80 [ 923.653337][T18244] ? hook_file_ioctl_common+0x145/0x410 [ 923.653372][T18244] ? __fget_files+0x20e/0x3c0 [ 923.653416][T18244] ? __pfx_tty_ioctl+0x10/0x10 [ 923.653446][T18244] __x64_sys_ioctl+0x190/0x200 [ 923.653484][T18244] do_syscall_64+0xcd/0x230 [ 923.653523][T18244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.653550][T18244] RIP: 0033:0x7fc04598e969 [ 923.653571][T18244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 923.653596][T18244] RSP: 002b:00007fc046790038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 923.653619][T18244] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 923.653636][T18244] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000005 [ 923.653651][T18244] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 923.653666][T18244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 923.653680][T18244] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 923.653713][T18244] [ 926.092151][T18288] netlink: 244 bytes leftover after parsing attributes in process `syz.1.4782'. [ 926.493096][T18292] netlink: 218 bytes leftover after parsing attributes in process `syz.0.4785'. [ 926.533149][T18292] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 926.815796][ T30] audit: type=1800 audit(4294968421.456:16): pid=18296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4781" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 926.920210][T18298] netlink: 'syz.0.4796': attribute type 27 has an invalid length. [ 926.956582][T18298] netlink: 146 bytes leftover after parsing attributes in process `syz.0.4796'. [ 927.135331][T18304] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4789'. [ 930.647724][T18344] netlink: 'syz.1.4803': attribute type 32 has an invalid length. [ 930.970316][T18354] FAULT_INJECTION: forcing a failure. [ 930.970316][T18354] name failslab, interval 1, probability 0, space 0, times 0 [ 931.053889][T18354] CPU: 1 UID: 5 PID: 18354 Comm: syz.1.4808 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 931.053931][T18354] Tainted: [U]=USER [ 931.053939][T18354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 931.053953][T18354] Call Trace: [ 931.053960][T18354] [ 931.053969][T18354] dump_stack_lvl+0x16c/0x1f0 [ 931.054007][T18354] should_fail_ex+0x512/0x640 [ 931.054042][T18354] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 931.054085][T18354] should_failslab+0xc2/0x120 [ 931.054115][T18354] __kmalloc_cache_noprof+0x6a/0x3e0 [ 931.054155][T18354] ? alloc_ucounts+0x13d/0x440 [ 931.054189][T18354] alloc_ucounts+0x13d/0x440 [ 931.054217][T18354] ? __pfx_alloc_ucounts+0x10/0x10 [ 931.054254][T18354] inc_ucount+0x29/0x2f0 [ 931.054283][T18354] ? debug_mutex_init+0x37/0x70 [ 931.054309][T18354] __do_sys_fanotify_init+0x30e/0xb80 [ 931.054339][T18354] ? rcu_is_watching+0x12/0xc0 [ 931.054364][T18354] do_syscall_64+0xcd/0x230 [ 931.054400][T18354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.054424][T18354] RIP: 0033:0x7fc04598e969 [ 931.054450][T18354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 931.054474][T18354] RSP: 002b:00007fc046790038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 931.054498][T18354] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 931.054514][T18354] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000200 [ 931.054528][T18354] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 931.054543][T18354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 931.054557][T18354] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 931.054587][T18354] [ 932.936757][T18392] sp0: Synchronizing with TNC [ 933.159801][T18400] bridge0: port 4(hsr0) entered blocking state [ 933.185903][T18400] bridge0: port 4(hsr0) entered disabled state [ 933.211740][T18400] hsr0: entered allmulticast mode [ 933.231557][T18400] hsr_slave_0: entered allmulticast mode [ 933.256111][T18400] hsr_slave_1: entered allmulticast mode [ 933.292977][T18400] hsr0: entered promiscuous mode [ 933.532722][T18402] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4824'. [ 933.660780][T18402] netlink: 274 bytes leftover after parsing attributes in process `syz.2.4824'. [ 935.289831][T18430] bridge0: port 3(hsr0) entered blocking state [ 935.316119][T18430] bridge0: port 3(hsr0) entered disabled state [ 935.353621][T18430] hsr0: entered allmulticast mode [ 935.383875][T18430] hsr_slave_0: entered allmulticast mode [ 935.414210][T18430] hsr0: entered promiscuous mode [ 935.456496][T18430] bridge0: mtu less than device minimum [ 936.227580][T18445] nbd3: detected capacity change from 0 to 8388607 [ 936.345215][T17731] block nbd3: Send control failed (result -22) [ 936.374679][T17731] block nbd3: Request send failed, requeueing [ 936.423861][T15183] block nbd3: Receive control failed (result -32) [ 936.432935][T14930] block nbd3: Dead connection, failed to find a fallback [ 936.440690][T14930] block nbd3: shutting down sockets [ 936.446787][T14930] blk_print_req_error: 24 callbacks suppressed [ 936.446802][T14930] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 936.463905][T14930] buffer_io_error: 23 callbacks suppressed [ 936.463927][T14930] Buffer I/O error on dev nbd3, logical block 0, async page read [ 936.482528][T17731] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 936.544857][T17731] Buffer I/O error on dev nbd3, logical block 1, async page read [ 936.614038][T17731] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 936.680500][T17731] Buffer I/O error on dev nbd3, logical block 2, async page read [ 936.741590][T17731] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 936.798649][T17731] Buffer I/O error on dev nbd3, logical block 3, async page read [ 936.839559][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.847456][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.859812][T18447] netlink: 314 bytes leftover after parsing attributes in process `syz.1.4841'. [ 936.884770][T17731] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 936.959899][T17731] Buffer I/O error on dev nbd3, logical block 0, async page read [ 937.002134][T17731] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 937.080225][T17731] Buffer I/O error on dev nbd3, logical block 1, async page read [ 937.138820][T17731] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 937.202073][T17731] Buffer I/O error on dev nbd3, logical block 2, async page read [ 937.250245][T17731] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 937.299561][T17731] Buffer I/O error on dev nbd3, logical block 3, async page read [ 937.335019][T17731] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 937.372385][T17731] Buffer I/O error on dev nbd3, logical block 0, async page read [ 937.383287][T18464] netlink: 246 bytes leftover after parsing attributes in process `syz.1.4847'. [ 937.420340][T17731] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 937.457640][T17731] Buffer I/O error on dev nbd3, logical block 1, async page read [ 937.498296][T17731] ldm_validate_partition_table(): Disk read failed. [ 937.551291][T17731] Dev nbd3: unable to read RDB block 0 [ 937.599044][T17731] nbd3: unable to read partition table [ 937.694840][T17731] ldm_validate_partition_table(): Disk read failed. [ 937.748448][T17731] Dev nbd3: unable to read RDB block 0 [ 937.786613][T17731] nbd3: unable to read partition table [ 938.020808][T18473] bridge0: port 3(›) entered blocking state [ 938.049460][T18473] bridge0: port 3(›) entered disabled state [ 938.075325][T18473] ›: entered allmulticast mode [ 938.096168][T18473] hsr_slave_0: entered allmulticast mode [ 938.133917][T18473] ›: entered promiscuous mode [ 939.389741][T18500] binder: 18499:18500 ioctl c0306201 200000002380 returned -14 [ 940.629367][T18522] netlink: 194 bytes leftover after parsing attributes in process `syz.0.4874'. [ 941.286125][T18530] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4867'. [ 941.373498][T18530] netlink: 274 bytes leftover after parsing attributes in process `syz.0.4867'. [ 941.514674][T18537] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4868'. [ 941.782910][T18539] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4869'. [ 941.877090][T18545] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4869'. [ 942.313662][T18555] netlink: 54 bytes leftover after parsing attributes in process `syz.3.4885'. [ 943.707989][T18561] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 945.235183][T18592] netlink: 314 bytes leftover after parsing attributes in process `syz.3.4886'. [ 945.411576][T18604] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4892'. [ 945.587203][T18604] netlink: 252 bytes leftover after parsing attributes in process `syz.1.4892'. [ 945.715006][T15183] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 946.294343][T18616] netlink: 54 bytes leftover after parsing attributes in process `syz.1.4896'. [ 949.183817][T18649] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4907'. [ 949.490210][T18654] netlink: 62 bytes leftover after parsing attributes in process `syz.1.4909'. [ 950.510268][T18674] sg_write: data in/out 32732/16086 bytes for SCSI command 0x0-- guessing data in; [ 950.510268][T18674] program syz.1.4914 not setting count and/or reply_len properly [ 953.986991][T18717] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4932'. [ 954.049462][T18717] ovs_ÿþ: entered promiscuous mode [ 957.439335][T18760] netlink: 282 bytes leftover after parsing attributes in process `syz.0.4948'. [ 957.479438][T18760] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 959.116804][T18792] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4960'. [ 959.169321][T18792] netlink: 'syz.0.4960': attribute type 1 has an invalid length. [ 959.203299][T18792] netlink: 274 bytes leftover after parsing attributes in process `syz.0.4960'. [ 960.015589][T18807] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4967'. [ 960.958179][T18825] mkiss: ax0: crc mode is auto. [ 961.859608][T18843] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4977'. [ 962.390340][T18843] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 7 out of range (51000000..2150000000) [ 962.999860][T18848] netlink: 306 bytes leftover after parsing attributes in process `syz.1.4978'. [ 963.559687][T18868] FAULT_INJECTION: forcing a failure. [ 963.559687][T18868] name failslab, interval 1, probability 0, space 0, times 0 [ 963.690809][T18868] CPU: 1 UID: 0 PID: 18868 Comm: syz.1.4983 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 963.690852][T18868] Tainted: [U]=USER [ 963.690860][T18868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 963.690875][T18868] Call Trace: [ 963.690882][T18868] [ 963.690891][T18868] dump_stack_lvl+0x16c/0x1f0 [ 963.690931][T18868] should_fail_ex+0x512/0x640 [ 963.690966][T18868] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 963.690996][T18868] should_failslab+0xc2/0x120 [ 963.691025][T18868] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 963.691053][T18868] ? __pmd_alloc+0xc3/0x870 [ 963.691092][T18868] __pmd_alloc+0xc3/0x870 [ 963.691126][T18868] ? find_held_lock+0x2b/0x80 [ 963.691151][T18868] __handle_mm_fault+0x948/0x2a40 [ 963.691183][T18868] ? __pfx___handle_mm_fault+0x10/0x10 [ 963.691224][T18868] ? find_vma+0xbf/0x140 [ 963.691256][T18868] ? __pfx_find_vma+0x10/0x10 [ 963.691293][T18868] handle_mm_fault+0x3fe/0xad0 [ 963.691322][T18868] do_user_addr_fault+0x7a6/0x1370 [ 963.691349][T18868] ? rcu_is_watching+0x12/0xc0 [ 963.691375][T18868] exc_page_fault+0x5c/0xc0 [ 963.691406][T18868] asm_exc_page_fault+0x26/0x30 [ 963.691430][T18868] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 963.691456][T18868] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 963.691479][T18868] RSP: 0018:ffffc9000437fdd0 EFLAGS: 00050212 [ 963.691505][T18868] RAX: 000000010000048a RBX: 0000000000000010 RCX: 0000000000000010 [ 963.691520][T18868] RDX: fffff5200086ffc8 RSI: ffffc9000437fe30 RDI: 0000000000000000 [ 963.691536][T18868] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff5200086ffc7 [ 963.691550][T18868] R10: ffffc9000437fe3f R11: 0000000000000000 R12: ffffc9000437fe30 [ 963.691565][T18868] R13: 0000000000000010 R14: 00007ffffffff000 R15: 0000000000000000 [ 963.691595][T18868] _copy_to_user+0xbb/0xd0 [ 963.691635][T18868] put_timespec64+0xb5/0x120 [ 963.691663][T18868] ? __pfx_put_timespec64+0x10/0x10 [ 963.691697][T18868] __x64_sys_clock_gettime+0x1d3/0x270 [ 963.691737][T18868] ? __pfx___x64_sys_clock_gettime+0x10/0x10 [ 963.691777][T18868] ? rcu_is_watching+0x12/0xc0 [ 963.691801][T18868] do_syscall_64+0xcd/0x230 [ 963.691840][T18868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 963.691864][T18868] RIP: 0033:0x7fc04598e969 [ 963.691882][T18868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 963.691905][T18868] RSP: 002b:00007fc046790038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 963.691926][T18868] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 963.691941][T18868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 963.691955][T18868] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 963.691969][T18868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 963.691983][T18868] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 963.692012][T18868] [ 964.606036][T18873] sctp: [Deprecated]: syz.1.4984 (pid 18873) Use of int in maxseg socket option. [ 964.606036][T18873] Use struct sctp_assoc_value instead [ 967.158179][T18902] FAULT_INJECTION: forcing a failure. [ 967.158179][T18902] name failslab, interval 1, probability 0, space 0, times 0 [ 967.256800][T18902] CPU: 1 UID: 0 PID: 18902 Comm: syz.2.4997 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 967.256843][T18902] Tainted: [U]=USER [ 967.256850][T18902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 967.256865][T18902] Call Trace: [ 967.256872][T18902] [ 967.256881][T18902] dump_stack_lvl+0x16c/0x1f0 [ 967.256919][T18902] should_fail_ex+0x512/0x640 [ 967.256953][T18902] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 967.256997][T18902] should_failslab+0xc2/0x120 [ 967.257026][T18902] __kmalloc_cache_noprof+0x6a/0x3e0 [ 967.257067][T18902] ? nci_allocate_device+0x105/0x430 [ 967.257099][T18902] nci_allocate_device+0x105/0x430 [ 967.257128][T18902] virtual_ncidev_open+0x6f/0x220 [ 967.257172][T18902] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 967.257207][T18902] misc_open+0x35a/0x420 [ 967.257245][T18902] ? __pfx_misc_open+0x10/0x10 [ 967.257281][T18902] chrdev_open+0x231/0x6a0 [ 967.257306][T18902] ? __pfx_apparmor_file_open+0x10/0x10 [ 967.257338][T18902] ? __pfx_chrdev_open+0x10/0x10 [ 967.257366][T18902] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 967.257408][T18902] do_dentry_open+0x741/0x1c10 [ 967.257433][T18902] ? __pfx_chrdev_open+0x10/0x10 [ 967.257465][T18902] vfs_open+0x82/0x3f0 [ 967.257500][T18902] path_openat+0x1e5e/0x2d40 [ 967.257533][T18902] ? __pfx_path_openat+0x10/0x10 [ 967.257564][T18902] do_filp_open+0x20b/0x470 [ 967.257587][T18902] ? __pfx_do_filp_open+0x10/0x10 [ 967.257632][T18902] ? alloc_fd+0x471/0x7d0 [ 967.257678][T18902] do_sys_openat2+0x11b/0x1d0 [ 967.257709][T18902] ? __pfx_do_sys_openat2+0x10/0x10 [ 967.257753][T18902] __x64_sys_openat+0x174/0x210 [ 967.257786][T18902] ? __pfx___x64_sys_openat+0x10/0x10 [ 967.257820][T18902] ? rcu_is_watching+0x12/0xc0 [ 967.257851][T18902] do_syscall_64+0xcd/0x230 [ 967.257888][T18902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.257913][T18902] RIP: 0033:0x7f403498e969 [ 967.257932][T18902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 967.257955][T18902] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 967.257978][T18902] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 967.257993][T18902] RDX: 0000000000000100 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 967.258009][T18902] RBP: 00007f4034a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 967.258023][T18902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 967.258038][T18902] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 967.258067][T18902] [ 969.399678][T15183] Bluetooth: hci2: unexpected event 0x04 length: 442 > 10 [ 969.399721][T15183] Bluetooth: unknown link type 178 [ 969.413975][T15183] Bluetooth: hci2: connection err: -111 [ 969.537879][T18940] sp0: Synchronizing with TNC [ 971.758470][T18985] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5024'. [ 971.891706][T18988] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 972.491372][T18996] netlink: 98 bytes leftover after parsing attributes in process `syz.3.5030'. [ 972.592527][T18999] netlink: 50 bytes leftover after parsing attributes in process `syz.3.5030'. [ 975.197675][T19055] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5049'. [ 975.286362][T19054] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 976.445267][T19077] FAULT_INJECTION: forcing a failure. [ 976.445267][T19077] name failslab, interval 1, probability 0, space 0, times 0 [ 976.526885][T19077] CPU: 1 UID: 0 PID: 19077 Comm: syz.2.5059 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 976.526927][T19077] Tainted: [U]=USER [ 976.526935][T19077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 976.526950][T19077] Call Trace: [ 976.526958][T19077] [ 976.526967][T19077] dump_stack_lvl+0x16c/0x1f0 [ 976.527006][T19077] should_fail_ex+0x512/0x640 [ 976.527041][T19077] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 976.527085][T19077] should_failslab+0xc2/0x120 [ 976.527115][T19077] __kmalloc_cache_noprof+0x6a/0x3e0 [ 976.527154][T19077] ? __mark_inode_dirty+0x64d/0xe50 [ 976.527184][T19077] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 976.527214][T19077] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 976.527239][T19077] hugetlb_reserve_pages+0x149/0xd90 [ 976.527277][T19077] ? do_raw_spin_unlock+0x172/0x230 [ 976.527323][T19077] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 976.527372][T19077] hugetlbfs_file_mmap+0x4a1/0x730 [ 976.527406][T19077] __mmap_region+0x1485/0x27c0 [ 976.527438][T19077] ? __pfx___mmap_region+0x10/0x10 [ 976.527465][T19077] ? kernel_text_address+0x8d/0x100 [ 976.527525][T19077] ? stack_depot_save_flags+0x28/0xa50 [ 976.527594][T19077] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 976.527642][T19077] mmap_region+0x32b/0x3f0 [ 976.527675][T19077] do_mmap+0xd8e/0x11b0 [ 976.527716][T19077] ? __pfx_do_mmap+0x10/0x10 [ 976.527753][T19077] ? __pfx_down_write_killable+0x10/0x10 [ 976.527797][T19077] vm_mmap_pgoff+0x281/0x450 [ 976.527838][T19077] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 976.527871][T19077] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 976.527904][T19077] ? hugetlbfs_get_inode+0x31f/0x730 [ 976.527943][T19077] ksys_mmap_pgoff+0x1c8/0x5c0 [ 976.527978][T19077] ? rcu_is_watching+0x12/0xc0 [ 976.528002][T19077] __x64_sys_mmap+0x125/0x190 [ 976.528030][T19077] do_syscall_64+0xcd/0x230 [ 976.528067][T19077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 976.528091][T19077] RIP: 0033:0x7f403498e969 [ 976.528111][T19077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 976.528135][T19077] RSP: 002b:00007f4035728038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 976.528157][T19077] RAX: ffffffffffffffda RBX: 00007f4034bb5fa0 RCX: 00007f403498e969 [ 976.528173][T19077] RDX: 0000000000000002 RSI: 0000000000a00006 RDI: 0000000000c00000 [ 976.528187][T19077] RBP: 00007f4034a10ab1 R08: 0000000000000602 R09: 0000300000000000 [ 976.528202][T19077] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 976.528216][T19077] R13: 0000000000000000 R14: 00007f4034bb5fa0 R15: 00007ffd027e1618 [ 976.528246][T19077] [ 977.462973][T19090] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5064'. [ 978.778801][T15183] Bluetooth: hci1: unexpected event 0x04 length: 442 > 10 [ 978.778834][T15183] Bluetooth: unknown link type 178 [ 978.793750][T15183] Bluetooth: hci1: connection err: -111 [ 979.465454][T19119] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5073'. [ 979.489704][T19115] can: request_module (can-proto-0) failed. [ 979.776746][T19126] FAULT_INJECTION: forcing a failure. [ 979.776746][T19126] name failslab, interval 1, probability 0, space 0, times 0 [ 979.808781][T19126] CPU: 1 UID: 0 PID: 19126 Comm: syz.1.5076 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 979.808823][T19126] Tainted: [U]=USER [ 979.808831][T19126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 979.808846][T19126] Call Trace: [ 979.808853][T19126] [ 979.808863][T19126] dump_stack_lvl+0x16c/0x1f0 [ 979.808902][T19126] should_fail_ex+0x512/0x640 [ 979.808936][T19126] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 979.808980][T19126] should_failslab+0xc2/0x120 [ 979.809010][T19126] __kmalloc_cache_noprof+0x6a/0x3e0 [ 979.809050][T19126] ? ktime_get_coarse_real_ts64_mg+0x26c/0x320 [ 979.809086][T19126] ? ktime_get_coarse_real_ts64_mg+0x200/0x320 [ 979.809116][T19126] ? hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 979.809146][T19126] hugetlb_vma_lock_alloc+0xbc/0x1f0 [ 979.809171][T19126] hugetlb_reserve_pages+0x149/0xd90 [ 979.809214][T19126] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 979.809252][T19126] ? atime_needs_update+0x8b/0x710 [ 979.809293][T19126] hugetlbfs_file_mmap+0x4a1/0x730 [ 979.809326][T19126] __mmap_region+0x1485/0x27c0 [ 979.809357][T19126] ? __pfx___mmap_region+0x10/0x10 [ 979.809384][T19126] ? kernel_text_address+0x8d/0x100 [ 979.809445][T19126] ? stack_depot_save_flags+0x28/0xa50 [ 979.809514][T19126] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 979.809562][T19126] mmap_region+0x32b/0x3f0 [ 979.809595][T19126] do_mmap+0xd8e/0x11b0 [ 979.809636][T19126] ? __pfx_do_mmap+0x10/0x10 [ 979.809672][T19126] ? __pfx_down_write_killable+0x10/0x10 [ 979.809717][T19126] vm_mmap_pgoff+0x281/0x450 [ 979.809763][T19126] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 979.809795][T19126] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 979.809829][T19126] ? hugetlbfs_get_inode+0x31f/0x730 [ 979.809867][T19126] ksys_mmap_pgoff+0x1c8/0x5c0 [ 979.809902][T19126] ? rcu_is_watching+0x12/0xc0 [ 979.809927][T19126] __x64_sys_mmap+0x125/0x190 [ 979.809954][T19126] do_syscall_64+0xcd/0x230 [ 979.809990][T19126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 979.810015][T19126] RIP: 0033:0x7fc04598e969 [ 979.810035][T19126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 979.810058][T19126] RSP: 002b:00007fc046790038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 979.810085][T19126] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 979.810101][T19126] RDX: 0000000000000002 RSI: 0000000000a00006 RDI: 0000000000c00000 [ 979.810115][T19126] RBP: 00007fc045a10ab1 R08: 0000000000000602 R09: 0000300000000000 [ 979.810130][T19126] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 979.810144][T19126] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 979.810174][T19126] [ 980.373394][T19134] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 980.383346][T19134] FAULT_INJECTION: forcing a failure. [ 980.383346][T19134] name failslab, interval 1, probability 0, space 0, times 0 [ 980.397299][T19134] CPU: 1 UID: 0 PID: 19134 Comm: syz.1.5079 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 980.397338][T19134] Tainted: [U]=USER [ 980.397345][T19134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 980.397360][T19134] Call Trace: [ 980.397368][T19134] [ 980.397376][T19134] dump_stack_lvl+0x16c/0x1f0 [ 980.397413][T19134] should_fail_ex+0x512/0x640 [ 980.397448][T19134] ? fs_reclaim_acquire+0xae/0x150 [ 980.397487][T19134] should_failslab+0xc2/0x120 [ 980.397516][T19134] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 980.397544][T19134] ? security_inode_alloc+0x3b/0x2b0 [ 980.397575][T19134] security_inode_alloc+0x3b/0x2b0 [ 980.397602][T19134] inode_init_always_gfp+0xce4/0x1030 [ 980.397646][T19134] alloc_inode+0x86/0x240 [ 980.397675][T19134] sock_alloc+0x40/0x280 [ 980.397706][T19134] sock_create_lite+0x82/0x120 [ 980.397739][T19134] __netlink_kernel_create+0xbd/0x750 [ 980.397771][T19134] ? __pfx___netlink_kernel_create+0x10/0x10 [ 980.397809][T19134] uevent_net_init+0xf8/0x350 [ 980.397831][T19134] ? __pfx_uevent_net_init+0x10/0x10 [ 980.397855][T19134] ? __pfx_uevent_net_rcv+0x10/0x10 [ 980.397885][T19134] ? __pfx_uevent_net_init+0x10/0x10 [ 980.397906][T19134] ops_init+0x1df/0x5f0 [ 980.397938][T19134] setup_net+0x21e/0x850 [ 980.397970][T19134] ? __pfx_setup_net+0x10/0x10 [ 980.397997][T19134] ? lockdep_init_map_type+0x5c/0x280 [ 980.398038][T19134] ? __pfx_down_read_killable+0x10/0x10 [ 980.398080][T19134] ? debug_mutex_init+0x37/0x70 [ 980.398105][T19134] copy_net_ns+0x2a6/0x5f0 [ 980.398140][T19134] create_new_namespaces+0x3ea/0xad0 [ 980.398174][T19134] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 980.398204][T19134] ksys_unshare+0x45b/0xa40 [ 980.398237][T19134] ? __pfx_ksys_unshare+0x10/0x10 [ 980.398269][T19134] ? xfd_validate_state+0x5d/0x180 [ 980.398310][T19134] ? rcu_is_watching+0x12/0xc0 [ 980.398340][T19134] __x64_sys_unshare+0x31/0x40 [ 980.398372][T19134] do_syscall_64+0xcd/0x230 [ 980.398409][T19134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 980.398433][T19134] RIP: 0033:0x7fc04598e969 [ 980.398452][T19134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 980.398476][T19134] RSP: 002b:00007fc046790038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 980.398498][T19134] RAX: ffffffffffffffda RBX: 00007fc045bb5fa0 RCX: 00007fc04598e969 [ 980.398514][T19134] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 980.398529][T19134] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 980.398543][T19134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 980.398558][T19134] R13: 0000000000000000 R14: 00007fc045bb5fa0 R15: 00007ffe02f21b88 [ 980.398588][T19134] [ 980.398622][T19134] kobject_uevent: unable to create netlink socket! [ 980.984245][T19141] vcan0: tx drop: invalid da for name 0x000000000000003f [ 981.811243][T19159] FAULT_INJECTION: forcing a failure. [ 981.811243][T19159] name failslab, interval 1, probability 0, space 0, times 0 [ 981.881574][T19159] CPU: 1 UID: 0 PID: 19159 Comm: syz.3.5088 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 981.881616][T19159] Tainted: [U]=USER [ 981.881624][T19159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 981.881638][T19159] Call Trace: [ 981.881646][T19159] [ 981.881655][T19159] dump_stack_lvl+0x16c/0x1f0 [ 981.881693][T19159] should_fail_ex+0x512/0x640 [ 981.881732][T19159] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 981.881762][T19159] should_failslab+0xc2/0x120 [ 981.881793][T19159] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 981.881820][T19159] ? __kernfs_new_node+0xd2/0x8a0 [ 981.881864][T19159] __kernfs_new_node+0xd2/0x8a0 [ 981.881906][T19159] ? __pfx___kernfs_new_node+0x10/0x10 [ 981.881959][T19159] ? find_held_lock+0x2b/0x80 [ 981.881983][T19159] ? kernfs_root+0xee/0x2a0 [ 981.882010][T19159] kernfs_new_node+0x13c/0x1e0 [ 981.882042][T19159] __kernfs_create_file+0x53/0x350 [ 981.882077][T19159] sysfs_add_file_mode_ns+0x207/0x3c0 [ 981.882122][T19159] internal_create_group+0x578/0xf30 [ 981.882152][T19159] ? __pfx_internal_create_group+0x10/0x10 [ 981.882180][T19159] ? kernfs_create_link+0x1bd/0x240 [ 981.882217][T19159] internal_create_groups+0x9d/0x150 [ 981.882243][T19159] device_add+0x731/0x1a70 [ 981.882279][T19159] ? __pfx_device_add+0x10/0x10 [ 981.882308][T19159] ? __pfx___mutex_lock+0x10/0x10 [ 981.882344][T19159] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 981.882384][T19159] input_register_device+0x7e8/0x1130 [ 981.882420][T19159] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 981.882462][T19159] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 981.882509][T19159] ? find_held_lock+0x2b/0x80 [ 981.882545][T19159] ? __pfx_uinput_ioctl+0x10/0x10 [ 981.882583][T19159] __x64_sys_ioctl+0x190/0x200 [ 981.882624][T19159] do_syscall_64+0xcd/0x230 [ 981.882660][T19159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 981.882685][T19159] RIP: 0033:0x7f493cb8e969 [ 981.882703][T19159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 981.882727][T19159] RSP: 002b:00007f493da72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 981.882749][T19159] RAX: ffffffffffffffda RBX: 00007f493cdb5fa0 RCX: 00007f493cb8e969 [ 981.882765][T19159] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000005 [ 981.882779][T19159] RBP: 00007f493cc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 981.882793][T19159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 981.882807][T19159] R13: 0000000000000000 R14: 00007f493cdb5fa0 R15: 00007ffc5d9a5538 [ 981.882837][T19159] [ 982.533238][T19161] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 982.891270][T19176] FAULT_INJECTION: forcing a failure. [ 982.891270][T19176] name failslab, interval 1, probability 0, space 0, times 0 [ 982.952343][T19176] CPU: 1 UID: 0 PID: 19176 Comm: syz.1.5092 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 982.952385][T19176] Tainted: [U]=USER [ 982.952393][T19176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 982.952408][T19176] Call Trace: [ 982.952415][T19176] [ 982.952424][T19176] dump_stack_lvl+0x16c/0x1f0 [ 982.952462][T19176] should_fail_ex+0x512/0x640 [ 982.952496][T19176] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 982.952541][T19176] should_failslab+0xc2/0x120 [ 982.952570][T19176] __kmalloc_cache_noprof+0x6a/0x3e0 [ 982.952611][T19176] ? ptp_open+0xe3/0x520 [ 982.952637][T19176] ptp_open+0xe3/0x520 [ 982.952665][T19176] ? __pfx_ptp_open+0x10/0x10 [ 982.952697][T19176] ? __pfx_ptp_open+0x10/0x10 [ 982.952719][T19176] posix_clock_open+0x178/0x290 [ 982.952746][T19176] ? __pfx_posix_clock_open+0x10/0x10 [ 982.952778][T19176] chrdev_open+0x231/0x6a0 [ 982.952803][T19176] ? __pfx_apparmor_file_open+0x10/0x10 [ 982.952835][T19176] ? __pfx_chrdev_open+0x10/0x10 [ 982.952863][T19176] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 982.952907][T19176] do_dentry_open+0x741/0x1c10 [ 982.952931][T19176] ? __pfx_chrdev_open+0x10/0x10 [ 982.952962][T19176] vfs_open+0x82/0x3f0 [ 982.952996][T19176] path_openat+0x1e5e/0x2d40 [ 982.953030][T19176] ? __pfx_path_openat+0x10/0x10 [ 982.953061][T19176] do_filp_open+0x20b/0x470 [ 982.953083][T19176] ? __pfx_do_filp_open+0x10/0x10 [ 982.953128][T19176] ? alloc_fd+0x471/0x7d0 [ 982.953173][T19176] do_sys_openat2+0x11b/0x1d0 [ 982.953205][T19176] ? __pfx_do_sys_openat2+0x10/0x10 [ 982.953249][T19176] __x64_sys_openat+0x174/0x210 [ 982.953282][T19176] ? __pfx___x64_sys_openat+0x10/0x10 [ 982.953317][T19176] ? rcu_is_watching+0x12/0xc0 [ 982.953347][T19176] do_syscall_64+0xcd/0x230 [ 982.953389][T19176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 982.953414][T19176] RIP: 0033:0x7fc04598e969 [ 982.953432][T19176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 982.953456][T19176] RSP: 002b:00007fc04676f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 982.953477][T19176] RAX: ffffffffffffffda RBX: 00007fc045bb6080 RCX: 00007fc04598e969 [ 982.953493][T19176] RDX: 0000000000000440 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 982.953508][T19176] RBP: 00007fc045a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 982.953523][T19176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 982.953537][T19176] R13: 0000000000000000 R14: 00007fc045bb6080 R15: 00007ffe02f21b88 [ 982.953567][T19176] [ 983.773311][T19179] netlink: 186 bytes leftover after parsing attributes in process `syz.0.5094'. [ 983.895135][T19181] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5095'. [ 983.932079][T19181] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5095'. [ 983.973480][T19181] netlink: 286 bytes leftover after parsing attributes in process `syz.1.5095'. [ 984.473339][T19187] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 984.563245][T19190] netlink: 194 bytes leftover after parsing attributes in process `syz.1.5099'. [ 990.583792][T19255] sp0: Synchronizing with TNC [ 991.571197][T19265] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5123'. [ 991.960944][T19265] ================================================================== [ 991.969860][T19265] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 991.978379][T19265] Read of size 8 at addr ffff8881446c9e18 by task syz.3.5123/19265 [ 991.987063][T19265] [ 991.989627][T19265] CPU: 1 UID: 0 PID: 19265 Comm: syz.3.5123 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 991.989665][T19265] Tainted: [U]=USER [ 991.989673][T19265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 991.989688][T19265] Call Trace: [ 991.989697][T19265] [ 991.989706][T19265] dump_stack_lvl+0x116/0x1f0 [ 991.989744][T19265] print_report+0xc3/0x670 [ 991.989773][T19265] ? __virt_addr_valid+0x5e/0x590 [ 991.989803][T19265] ? __phys_addr+0xc6/0x150 [ 991.989834][T19265] ? dvb_device_open+0x36a/0x3b0 [ 991.989866][T19265] kasan_report+0xe0/0x110 [ 991.989895][T19265] ? dvb_device_open+0x36a/0x3b0 [ 991.989937][T19265] ? __pfx_dvb_device_open+0x10/0x10 [ 991.989975][T19265] dvb_device_open+0x36a/0x3b0 [ 991.990008][T19265] ? __pfx_dvb_device_open+0x10/0x10 [ 991.990041][T19265] chrdev_open+0x231/0x6a0 [ 991.990066][T19265] ? __pfx_apparmor_file_open+0x10/0x10 [ 991.990097][T19265] ? __pfx_chrdev_open+0x10/0x10 [ 991.990123][T19265] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 991.990163][T19265] do_dentry_open+0x741/0x1c10 [ 991.990188][T19265] ? __pfx_chrdev_open+0x10/0x10 [ 991.990215][T19265] vfs_open+0x82/0x3f0 [ 991.990247][T19265] path_openat+0x1e5e/0x2d40 [ 991.990275][T19265] ? __pfx_path_openat+0x10/0x10 [ 991.990300][T19265] do_filp_open+0x20b/0x470 [ 991.990322][T19265] ? __pfx_do_filp_open+0x10/0x10 [ 991.990355][T19265] ? alloc_fd+0x471/0x7d0 [ 991.990395][T19265] do_sys_openat2+0x11b/0x1d0 [ 991.990426][T19265] ? __pfx_do_sys_openat2+0x10/0x10 [ 991.990457][T19265] ? __pfx_do_sys_openat2+0x10/0x10 [ 991.990489][T19265] ? __pfx___might_resched+0x10/0x10 [ 991.990520][T19265] __x64_sys_openat+0x174/0x210 [ 991.990552][T19265] ? __pfx___x64_sys_openat+0x10/0x10 [ 991.990586][T19265] ? rcu_is_watching+0x12/0xc0 [ 991.990612][T19265] do_syscall_64+0xcd/0x230 [ 991.990646][T19265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 991.990671][T19265] RIP: 0033:0x7f493cb8e969 [ 991.990690][T19265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 991.990715][T19265] RSP: 002b:00007f493da72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 991.990737][T19265] RAX: ffffffffffffffda RBX: 00007f493cdb5fa0 RCX: 00007f493cb8e969 [ 991.990754][T19265] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 991.990770][T19265] RBP: 00007f493cc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 991.990785][T19265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 991.990800][T19265] R13: 0000000000000000 R14: 00007f493cdb5fa0 R15: 00007ffc5d9a5538 [ 991.990823][T19265] [ 991.990831][T19265] [ 992.280615][T19265] Allocated by task 1: [ 992.285087][T19265] kasan_save_stack+0x33/0x60 [ 992.290334][T19265] kasan_save_track+0x14/0x30 [ 992.295483][T19265] __kasan_kmalloc+0xaa/0xb0 [ 992.300536][T19265] dvb_register_device+0x1e4/0x2370 [ 992.306273][T19265] dvb_register_frontend+0x5a6/0x880 [ 992.312118][T19265] vidtv_bridge_probe+0x459/0xa90 [ 992.317670][T19265] platform_probe+0xff/0x1f0 [ 992.322749][T19265] really_probe+0x23e/0xa90 [ 992.327735][T19265] __driver_probe_device+0x1de/0x440 [ 992.333589][T19265] driver_probe_device+0x4c/0x1b0 [ 992.339126][T19265] __driver_attach+0x283/0x580 [ 992.344390][T19265] bus_for_each_dev+0x13b/0x1d0 [ 992.349776][T19265] bus_add_driver+0x2e9/0x690 [ 992.354935][T19265] driver_register+0x15c/0x4b0 [ 992.360190][T19265] vidtv_bridge_init+0x45/0x80 [ 992.365449][T19265] do_one_initcall+0x120/0x6e0 [ 992.370704][T19265] kernel_init_freeable+0x5c2/0x900 [ 992.376432][T19265] kernel_init+0x1c/0x2b0 [ 992.381198][T19265] ret_from_fork+0x45/0x80 [ 992.386073][T19265] ret_from_fork_asm+0x1a/0x30 [ 992.391327][T19265] [ 992.393877][T19265] Freed by task 19161: [ 992.398348][T19265] kasan_save_stack+0x33/0x60 [ 992.403500][T19265] kasan_save_track+0x14/0x30 [ 992.408657][T19265] kasan_save_free_info+0x3b/0x60 [ 992.414200][T19265] __kasan_slab_free+0x51/0x70 [ 992.419452][T19265] kfree+0x2b6/0x4d0 [ 992.423736][T19265] dvb_device_put.part.0+0x60/0x90 [ 992.429369][T19265] dvb_device_open+0x2a4/0x3b0 [ 992.434634][T19265] chrdev_open+0x231/0x6a0 [ 992.439509][T19265] do_dentry_open+0x741/0x1c10 [ 992.444762][T19265] vfs_open+0x82/0x3f0 [ 992.449250][T19265] path_openat+0x1e5e/0x2d40 [ 992.454304][T19265] do_filp_open+0x20b/0x470 [ 992.459282][T19265] do_sys_openat2+0x11b/0x1d0 [ 992.464453][T19265] __x64_sys_openat+0x174/0x210 [ 992.469807][T19265] do_syscall_64+0xcd/0x230 [ 992.474779][T19265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.481272][T19265] [ 992.483834][T19265] The buggy address belongs to the object at ffff8881446c9e00 [ 992.483834][T19265] which belongs to the cache kmalloc-256 of size 256 [ 992.499323][T19265] The buggy address is located 24 bytes inside of [ 992.499323][T19265] freed 256-byte region [ffff8881446c9e00, ffff8881446c9f00) [ 992.514511][T19265] [ 992.517068][T19265] The buggy address belongs to the physical page: [ 992.524227][T19265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1446c8 [ 992.533969][T19265] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 992.543332][T19265] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 992.551728][T19265] page_type: f5(slab) [ 992.556113][T19265] raw: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 992.565568][T19265] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 992.575020][T19265] head: 057ff00000000040 ffff88801b441b40 dead000000000122 0000000000000000 [ 992.584564][T19265] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 992.594121][T19265] head: 057ff00000000001 ffffea000511b201 00000000ffffffff 00000000ffffffff [ 992.603677][T19265] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 992.613213][T19265] page dumped because: kasan: bad access detected [ 992.620266][T19265] page_owner tracks the page as allocated [ 992.626565][T19265] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 24952834996, free_ts 0 [ 992.648741][T19265] post_alloc_hook+0x181/0x1b0 [ 992.653989][T19265] get_page_from_freelist+0x135c/0x3920 [ 992.660106][T19265] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 992.666594][T19265] alloc_pages_mpol+0x1fb/0x550 [ 992.671935][T19265] new_slab+0x244/0x340 [ 992.676520][T19265] ___slab_alloc+0xd9c/0x1940 [ 992.681682][T19265] __slab_alloc.constprop.0+0x56/0xb0 [ 992.687630][T19265] __kmalloc_cache_noprof+0xfb/0x3e0 [ 992.693464][T19265] bus_add_driver+0x92/0x690 [ 992.698521][T19265] driver_register+0x15c/0x4b0 [ 992.703769][T19265] usb_register_driver+0x216/0x4d0 [ 992.709403][T19265] do_one_initcall+0x120/0x6e0 [ 992.714661][T19265] kernel_init_freeable+0x5c2/0x900 [ 992.720392][T19265] kernel_init+0x1c/0x2b0 [ 992.725158][T19265] ret_from_fork+0x45/0x80 [ 992.730043][T19265] ret_from_fork_asm+0x1a/0x30 [ 992.735300][T19265] page_owner free stack trace missing [ 992.741200][T19265] [ 992.743767][T19265] Memory state around the buggy address: [ 992.749971][T19265] ffff8881446c9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 992.758865][T19265] ffff8881446c9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 992.767747][T19265] >ffff8881446c9e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 992.776621][T19265] ^ [ 992.781964][T19265] ffff8881446c9e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 992.790939][T19265] ffff8881446c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 992.799800][T19265] ================================================================== [ 994.432316][T19265] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 994.440372][T19265] CPU: 1 UID: 0 PID: 19265 Comm: syz.3.5123 Tainted: G U 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) [ 994.455377][T19265] Tainted: [U]=USER [ 994.459569][T19265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 994.470653][T19265] Call Trace: [ 994.474262][T19265] [ 994.477486][T19265] dump_stack_lvl+0x3d/0x1f0 [ 994.482552][T19265] panic+0x71c/0x800 [ 994.486853][T19265] ? __pfx_panic+0x10/0x10 [ 994.491727][T19265] ? mark_held_locks+0x49/0x80 [ 994.496995][T19265] ? preempt_schedule_thunk+0x16/0x30 [ 994.502928][T19265] ? dvb_device_open+0x36a/0x3b0 [ 994.508407][T19265] ? preempt_schedule_common+0x44/0xc0 [ 994.514430][T19265] ? dvb_device_open+0x36a/0x3b0 [ 994.519878][T19265] check_panic_on_warn+0xab/0xb0 [ 994.525330][T19265] end_report+0x107/0x170 [ 994.530111][T19265] kasan_report+0xee/0x110 [ 994.534983][T19265] ? dvb_device_open+0x36a/0x3b0 [ 994.540449][T19265] ? __pfx_dvb_device_open+0x10/0x10 [ 994.546281][T19265] dvb_device_open+0x36a/0x3b0 [ 994.551549][T19265] ? __pfx_dvb_device_open+0x10/0x10 [ 994.557382][T19265] chrdev_open+0x231/0x6a0 [ 994.562254][T19265] ? __pfx_apparmor_file_open+0x10/0x10 [ 994.568368][T19265] ? __pfx_chrdev_open+0x10/0x10 [ 994.573804][T19265] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 994.581262][T19265] do_dentry_open+0x741/0x1c10 [ 994.586507][T19265] ? __pfx_chrdev_open+0x10/0x10 [ 994.592138][T19265] vfs_open+0x82/0x3f0 [ 994.596628][T19265] path_openat+0x1e5e/0x2d40 [ 994.601686][T19265] ? __pfx_path_openat+0x10/0x10 [ 994.607137][T19265] do_filp_open+0x20b/0x470 [ 994.612101][T19265] ? __pfx_do_filp_open+0x10/0x10 [ 994.617643][T19265] ? alloc_fd+0x471/0x7d0 [ 994.622435][T19265] do_sys_openat2+0x11b/0x1d0 [ 994.627596][T19265] ? __pfx_do_sys_openat2+0x10/0x10 [ 994.633328][T19265] ? __pfx_do_sys_openat2+0x10/0x10 [ 994.639065][T19265] ? __pfx___might_resched+0x10/0x10 [ 994.644896][T19265] __x64_sys_openat+0x174/0x210 [ 994.650249][T19265] ? __pfx___x64_sys_openat+0x10/0x10 [ 994.656173][T19265] ? rcu_is_watching+0x12/0xc0 [ 994.661424][T19265] do_syscall_64+0xcd/0x230 [ 994.666396][T19265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.672891][T19265] RIP: 0033:0x7f493cb8e969 [ 994.677752][T19265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 994.699327][T19265] RSP: 002b:00007f493da72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 994.708589][T19265] RAX: ffffffffffffffda RBX: 00007f493cdb5fa0 RCX: 00007f493cb8e969 [ 994.717363][T19265] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 994.726133][T19265] RBP: 00007f493cc10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 994.734905][T19265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 994.743676][T19265] R13: 0000000000000000 R14: 00007f493cdb5fa0 R15: 00007ffc5d9a5538 [ 994.752461][T19265] [ 994.755861][T19265] Kernel Offset: disabled [ 994.760617][T19265] Rebooting in 86400 seconds..