last executing test programs: 2.462813842s ago: executing program 2 (id=4066): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) pidfd_open$auto(0x1, 0x0) 2.340423673s ago: executing program 2 (id=4070): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x488, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x12, 0x2, 0x8000) setresuid$auto(0x2, 0x7, 0x8080) madvise$auto(0x0, 0x2, 0x15) 1.924321291s ago: executing program 2 (id=4075): close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80805, 0x0) eventfd$auto(0x7) select$auto(0x5, 0x0, 0x0, &(0x7f00000001c0)={[0x1aa57c94, 0x95, 0x5, 0x100000003, 0x8475, 0x6, 0x1, 0x9, 0xec, 0x2, 0x8, 0x8, 0x200, 0x7]}, 0x0) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x1) 1.583885222s ago: executing program 3 (id=4080): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) 1.34419635s ago: executing program 0 (id=4083): socket(0xa, 0x2, 0x3a) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r0 = io_uring_setup$auto(0x52, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) 1.209627779s ago: executing program 0 (id=4084): socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0xc, 0x2, 0x40eb2, 0x401, 0x300000000000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x5ac, &(0x7f0000000100)={&(0x7f0000000340), 0x21}, 0x5, 0x0, 0x5, 0xe}, 0x5}, 0x2, 0x100) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c06, 0x0, 0x1, 0x0, 0x4, 0x9}, 0x6}, 0x9, 0x0) 1.131748061s ago: executing program 1 (id=4085): mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x805, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x60840, 0x0) ioctl$auto(0x3, 0x40045532, 0x38) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D0c\x00', 0x88c00, 0x0) 1.083906628s ago: executing program 3 (id=4086): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@xdp={0x2c, 0x543, r1, 0x2f}, 0x22) 990.185798ms ago: executing program 0 (id=4087): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, &(0x7f0000000000), 0x55) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000000), 0x1) 982.985782ms ago: executing program 2 (id=4088): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x6c, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_AGE={0x8, 0x3, 0x200}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x8000}, @HSR_A_IFINDEX={0x8}, @HSR_A_NODE_ADDR_B={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_NODE_ADDR={0xa}, @HSR_A_IF2_AGE={0x8, 0x4, 0x10}, @HSR_A_IF1_AGE={0x8, 0x3, 0x5}, @HSR_A_NODE_ADDR={0xa}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 895.951099ms ago: executing program 1 (id=4089): mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) socket(0xa, 0x801, 0x84) r0 = socket(0x2, 0x801, 0x100) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1\x00', 0x0}) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x40054) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_ifindex=r1, r0, 0x9f, 0x0, 0x1, @relative_fd, 0x5}, 0x96) 854.673328ms ago: executing program 3 (id=4090): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x8040) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 819.082967ms ago: executing program 0 (id=4091): close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) r0 = socket(0x2, 0x801, 0x106) setsockopt$auto(r0, 0x6, 0x17, 0x0, 0x9e) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x1, 0x24, 0x0, 0x9) 751.645138ms ago: executing program 1 (id=4092): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x71, 0x0, 0x0) io_uring_register$auto(0x2, 0xf, 0x0, 0x20) 751.037724ms ago: executing program 2 (id=4093): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x600, 0x7fffffff, 0x0) 595.894318ms ago: executing program 0 (id=4094): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x5, 0x0) semctl$auto(0x7, 0x2, 0x13, 0x1) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x10, 0x0, 0x0) setsockopt$auto(r0, 0x0, 0x2e, 0x0, 0x108) 595.735828ms ago: executing program 3 (id=4095): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x75, 0x0, &(0x7f0000000000)=0x9000c) r1 = socket(0x11, 0x3, 0x300) setsockopt$auto(r1, 0x107, 0x1, 0x0, 0x8004) 582.323518ms ago: executing program 1 (id=4096): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x8048ae66, r0) 577.532239ms ago: executing program 2 (id=4097): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x82, 0x0) 455.202005ms ago: executing program 0 (id=4098): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0xfffffdef) 122.764508ms ago: executing program 3 (id=4099): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioperm$auto(0x7, 0x6, 0x2) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) r0 = gettid() sched_setaffinity$auto(0x0, 0x9899, &(0x7f00000000c0)=0xf19d) rt_sigqueueinfo$auto(r0, 0x1, 0x0) 60.724567ms ago: executing program 1 (id=4100): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') r1 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto(0x3, 0x40086203, r1) 60.572335ms ago: executing program 3 (id=4101): adjtimex$auto(&(0x7f00000004c0)={0xffff6888, 0x0, 0x0, 0xfffffffffffffffd, 0x4ea, 0x1, 0x6, 0x0, 0x1, 0x0, 0x962, {0x2000100000000, 0x10000}, 0x5, 0x6, 0xffffffffffeffffb, 0x6, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0x20000a747, 0xdeb1, 0x804}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000500)='/dev/video0\x00', 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) select$auto(0x6, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x200000000007, 0xd, 0x1, 0x948b, 0x3, 0x7f, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x6d3f, 0x9, 0x9, 0xfffffffffffffffd]}, 0x0) close_range$auto(0x2, 0xa, 0x0) 0s ago: executing program 1 (id=4102): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x4d0, 0x400, 0x9}]}) kernel console output (not intermixed with test programs): t: 0x0d [ 239.628425][T10755] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1996'. [ 240.459415][T10783] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2006'. [ 242.999590][T10851] netlink: 222 bytes leftover after parsing attributes in process `syz.1.2032'. [ 243.783778][ T51] Bluetooth: hci2: Malformed Event: 0x02 [ 246.915074][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 246.925384][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 246.934701][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 246.959093][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 246.969010][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 247.368828][ T30] audit: type=1800 audit(1751481918.266:10): pid=10964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2073" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 247.500154][T10951] chnl_net:caif_netlink_parms(): no params data found [ 247.749693][T10951] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.757517][T10951] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.768482][T10951] bridge_slave_0: entered allmulticast mode [ 247.776682][T10951] bridge_slave_0: entered promiscuous mode [ 247.786616][T10951] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.794074][T10951] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.801341][T10951] bridge_slave_1: entered allmulticast mode [ 247.810530][T10951] bridge_slave_1: entered promiscuous mode [ 247.937291][T10951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.962935][T10951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.076233][T10951] team0: Port device team_slave_0 added [ 248.085745][T10951] team0: Port device team_slave_1 added [ 248.227088][T10951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.253437][T10951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.301601][T10951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.315261][T10951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.322429][T10951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.374799][T10951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.599944][T10951] hsr_slave_0: entered promiscuous mode [ 248.627963][T10951] hsr_slave_1: entered promiscuous mode [ 248.656035][T10951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 248.670996][T10951] Cannot create hsr debugfs directory [ 248.788832][T11016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2096'. [ 248.840490][ T5839] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 248.840535][ T5839] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 248.855547][ T5839] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 248.855596][ T5839] Bluetooth: hci1: adv larger than maximum supported [ 248.862887][ T5839] Bluetooth: hci1: adv larger than maximum supported [ 248.871153][ T5839] Bluetooth: hci1: Malformed LE Event: 0x0d [ 249.023180][ T5839] Bluetooth: hci0: command tx timeout [ 249.206228][T10951] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.443986][T10951] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.577369][T10951] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.720828][T10951] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.042440][T10951] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 250.068401][T10951] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 250.091510][T10951] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 250.122829][T10951] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 250.412599][T10951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.481105][T10951] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.512557][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.519790][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.546374][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.553639][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.112140][T10951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 251.119017][ T5839] Bluetooth: hci0: command tx timeout [ 251.227354][T10951] veth0_vlan: entered promiscuous mode [ 251.253953][T10951] veth1_vlan: entered promiscuous mode [ 251.289367][T10951] veth0_macvtap: entered promiscuous mode [ 251.306628][T10951] veth1_macvtap: entered promiscuous mode [ 251.351392][T10951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 251.391182][T10951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 251.415377][T10951] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.425696][T10951] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.435239][T10951] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.444622][T10951] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.536631][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.545005][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.577128][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.591322][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.273943][ T3004] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.391236][ T3004] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.472205][ T3004] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.646451][ T3004] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.086408][ T3004] bridge_slave_1: left allmulticast mode [ 253.124050][ T3004] bridge_slave_1: left promiscuous mode [ 253.131267][ T3004] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.183271][ T5839] Bluetooth: hci0: command tx timeout [ 253.224362][ T3004] bridge_slave_0: left allmulticast mode [ 253.244386][ T3004] bridge_slave_0: left promiscuous mode [ 253.251030][ T3004] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.300933][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 253.317056][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 253.328556][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 253.339454][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 253.351676][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 253.574364][T11157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2147'. [ 254.277403][ T3004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.311530][ T3004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.329130][ T3004] bond0 (unregistering): Released all slaves [ 254.694656][T11185] random: crng reseeded on system resumption [ 255.187214][ T3004] hsr_slave_0: left promiscuous mode [ 255.203760][ T3004] hsr_slave_1: left promiscuous mode [ 255.210014][ T3004] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.233173][ T3004] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 255.266163][ T5839] Bluetooth: hci0: command tx timeout [ 255.275163][ T3004] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 255.307776][ T3004] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.421601][ T3004] veth1_macvtap: left promiscuous mode [ 255.424584][ T5839] Bluetooth: hci1: command tx timeout [ 255.455218][ T3004] veth0_macvtap: left promiscuous mode [ 255.480545][ T3004] veth1_vlan: left promiscuous mode [ 255.507271][ T3004] veth0_vlan: left promiscuous mode [ 255.673657][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.680031][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.736812][ T3004] team0 (unregistering): Port device team_slave_1 removed [ 256.827844][ T3004] team0 (unregistering): Port device team_slave_0 removed [ 257.506552][ T5839] Bluetooth: hci1: command tx timeout [ 257.824341][T11265] random: crng reseeded on system resumption [ 257.878279][T11147] chnl_net:caif_netlink_parms(): no params data found [ 258.255400][T11147] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.273235][T11147] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.283283][T11147] bridge_slave_0: entered allmulticast mode [ 258.301443][T11147] bridge_slave_0: entered promiscuous mode [ 258.311215][T11147] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.319684][T11147] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.327343][T11147] bridge_slave_1: entered allmulticast mode [ 258.335385][T11147] bridge_slave_1: entered promiscuous mode [ 258.342605][ T5839] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 258.342638][ T5839] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 258.358612][ T5839] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 258.358666][ T5839] Bluetooth: hci0: adv larger than maximum supported [ 258.393167][ T5839] Bluetooth: hci0: adv larger than maximum supported [ 258.399925][ T5839] Bluetooth: hci0: Malformed LE Event: 0x0d [ 258.544962][T11147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.612423][T11293] tipc: Started in network mode [ 258.626862][T11293] tipc: Node identity ee00, cluster identity 4711 [ 258.646072][T11293] tipc: Node number set to 60928 [ 258.661374][T11147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.835672][T11147] team0: Port device team_slave_0 added [ 258.859482][T11147] team0: Port device team_slave_1 added [ 259.272540][T11147] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.296613][T11147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.397582][T11147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.430894][T11147] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.458464][T11147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.521417][T11147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.583190][ T5839] Bluetooth: hci1: command tx timeout [ 259.692082][T11147] hsr_slave_0: entered promiscuous mode [ 259.704279][T11147] hsr_slave_1: entered promiscuous mode [ 259.710731][T11147] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 259.746439][T11147] Cannot create hsr debugfs directory [ 261.307507][T11147] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 261.356003][T11147] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 261.403950][T11147] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 261.442431][T11147] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 261.663284][ T5839] Bluetooth: hci1: command tx timeout [ 261.908112][T11147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 261.961214][T11147] 8021q: adding VLAN 0 to HW filter on device team0 [ 262.014735][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.021940][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.055316][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.062783][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.887682][T11147] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 263.069876][T11147] veth0_vlan: entered promiscuous mode [ 263.122832][T11147] veth1_vlan: entered promiscuous mode [ 263.226047][T11147] veth0_macvtap: entered promiscuous mode [ 263.298614][T11147] veth1_macvtap: entered promiscuous mode [ 263.399306][T11147] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.471229][T11147] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.511694][T11147] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.543703][T11147] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.552594][T11147] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.598183][T11147] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.837786][ T3004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.883154][ T3004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.010834][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.079253][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.936679][T11503] FAULT_INJECTION: forcing a failure. [ 265.936679][T11503] name failslab, interval 1, probability 0, space 0, times 0 [ 266.025307][T11503] CPU: 1 UID: 0 PID: 11503 Comm: syz.2.2242 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 266.025348][T11503] Tainted: [U]=USER [ 266.025356][T11503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.025373][T11503] Call Trace: [ 266.025380][T11503] [ 266.025392][T11503] dump_stack_lvl+0x16c/0x1f0 [ 266.025434][T11503] should_fail_ex+0x512/0x640 [ 266.025467][T11503] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 266.025509][T11503] should_failslab+0xc2/0x120 [ 266.025530][T11503] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 266.025568][T11503] ? alloc_inode+0xc3/0x240 [ 266.025602][T11503] alloc_inode+0xc3/0x240 [ 266.025625][T11503] create_pipe_files+0x4c/0x930 [ 266.025667][T11503] do_pipe2+0xaf/0x1c0 [ 266.025700][T11503] ? __pfx_do_pipe2+0x10/0x10 [ 266.025731][T11503] ? __pfx___x64_sys_futex+0x10/0x10 [ 266.025772][T11503] __x64_sys_pipe+0x33/0x50 [ 266.025804][T11503] do_syscall_64+0xcd/0x490 [ 266.025843][T11503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.025868][T11503] RIP: 0033:0x7f3e21b8e929 [ 266.025922][T11503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.025947][T11503] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 266.025972][T11503] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 266.025989][T11503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 266.026004][T11503] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 266.026020][T11503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 266.026034][T11503] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 266.026068][T11503] [ 267.315321][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 267.463553][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! syzkaller syzkaller login: [ 269.444830][ T5900] smpboot: CPU 0 is now offline [ 269.771517][T11646] netlink: 'syz.1.2287': attribute type 1 has an invalid length. [ 270.965149][T11669] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2296'. [ 272.920964][T11725] netlink: 346 bytes leftover after parsing attributes in process `syz.0.2320'. [ 281.868773][T11976] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2424'. [ 283.593468][ T30] audit: type=1804 audit(1751481954.487:11): pid=12025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2444" name=2F6E6577726F6F742F3631392F22050820 dev="tmpfs" ino=3139 res=1 errno=0 [ 283.761072][ T30] audit: type=1800 audit(1751481954.517:12): pid=12025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2444" name=22050820 dev="tmpfs" ino=3139 res=0 errno=0 [ 283.788454][T12030] warning: `syz.0.2446' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 284.255795][T12048] netlink: 206 bytes leftover after parsing attributes in process `syz.0.2454'. [ 284.688991][T12053] FAULT_INJECTION: forcing a failure. [ 284.688991][T12053] name failslab, interval 1, probability 0, space 0, times 0 [ 284.767951][T12053] CPU: 1 UID: 0 PID: 12053 Comm: syz.0.2456 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 284.767978][T12053] Tainted: [U]=USER [ 284.767983][T12053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 284.767992][T12053] Call Trace: [ 284.767997][T12053] [ 284.768004][T12053] dump_stack_lvl+0x16c/0x1f0 [ 284.768031][T12053] should_fail_ex+0x512/0x640 [ 284.768051][T12053] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 284.768074][T12053] should_failslab+0xc2/0x120 [ 284.768088][T12053] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 284.768107][T12053] ? vma_merge_new_range+0x37f/0xa00 [ 284.768125][T12053] ? vm_area_alloc+0x1f/0x160 [ 284.768145][T12053] vm_area_alloc+0x1f/0x160 [ 284.768162][T12053] __mmap_region+0xf0a/0x25e0 [ 284.768185][T12053] ? __pfx___mmap_region+0x10/0x10 [ 284.768203][T12053] ? find_held_lock+0x2b/0x80 [ 284.768220][T12053] ? finish_task_switch.isra.0+0x221/0xc10 [ 284.768234][T12053] ? lockdep_hardirqs_on+0x7c/0x110 [ 284.768254][T12053] ? finish_task_switch.isra.0+0x221/0xc10 [ 284.768268][T12053] ? rcu_is_watching+0x12/0xc0 [ 284.768282][T12053] ? trace_sched_exit_tp+0xde/0x130 [ 284.768297][T12053] ? __schedule+0x1181/0x5de0 [ 284.768315][T12053] ? kvm_sched_clock_read+0x11/0x20 [ 284.768364][T12053] ? trace_cap_capable+0x18d/0x200 [ 284.768384][T12053] mmap_region+0x1ab/0x3f0 [ 284.768403][T12053] ? __get_unmapped_area+0x267/0x440 [ 284.768421][T12053] do_mmap+0xa3e/0x1210 [ 284.768439][T12053] ? __pfx_do_mmap+0x10/0x10 [ 284.768454][T12053] ? __pfx_down_write_killable+0x10/0x10 [ 284.768472][T12053] vm_mmap_pgoff+0x281/0x450 [ 284.768490][T12053] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 284.768520][T12053] ? __x64_sys_futex+0x1e0/0x4c0 [ 284.768536][T12053] ? __x64_sys_futex+0x1e9/0x4c0 [ 284.768555][T12053] ksys_mmap_pgoff+0x7d/0x5c0 [ 284.768570][T12053] ? xfd_validate_state+0x61/0x180 [ 284.768587][T12053] ? __pfx_ksys_write+0x10/0x10 [ 284.768609][T12053] __x64_sys_mmap+0x125/0x190 [ 284.768629][T12053] do_syscall_64+0xcd/0x490 [ 284.768651][T12053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.768666][T12053] RIP: 0033:0x7ff98378e929 [ 284.768679][T12053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.768691][T12053] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 284.768706][T12053] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 284.768716][T12053] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 284.768723][T12053] RBP: 00007ff983810b39 R08: fffffffffffffffa R09: 0000000000008000 [ 284.768732][T12053] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 284.768740][T12053] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 284.768758][T12053] [ 287.826229][T12128] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2489'. [ 289.226338][T12158] block2mtd: error: cannot open device in [ 290.004272][T12175] zswap: compressor 000 not available [ 290.144055][T12188] overlayfs: missing 'lowerdir' [ 290.759114][T12206] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2518'. [ 290.834950][T12206] ipvlan0: entered allmulticast mode [ 291.778013][T12234] netlink: 346 bytes leftover after parsing attributes in process `syz.2.2531'. [ 292.036338][T12241] binder: 12239:12241 ioctl c0306201 0 returned -14 [ 296.593914][T12371] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2588'. [ 297.071024][ T5834] Bluetooth: hci0: Malformed Event: 0x2f [ 297.259553][T12391] FAULT_INJECTION: forcing a failure. [ 297.259553][T12391] name fail_futex, interval 1, probability 0, space 0, times 1 [ 297.333682][T12391] CPU: 1 UID: 0 PID: 12391 Comm: syz.2.2598 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 297.333710][T12391] Tainted: [U]=USER [ 297.333714][T12391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.333723][T12391] Call Trace: [ 297.333728][T12391] [ 297.333734][T12391] dump_stack_lvl+0x16c/0x1f0 [ 297.333760][T12391] should_fail_ex+0x512/0x640 [ 297.333784][T12391] ? __kasan_slab_free+0x51/0x70 [ 297.333808][T12391] get_futex_key+0x1d0/0x1540 [ 297.333826][T12391] ? __pfx_get_futex_key+0x10/0x10 [ 297.333848][T12391] futex_wake+0xea/0x530 [ 297.333869][T12391] ? __pfx_futex_wake+0x10/0x10 [ 297.333890][T12391] ? rcu_is_watching+0x12/0xc0 [ 297.333903][T12391] ? kasan_quarantine_put+0x10a/0x240 [ 297.333922][T12391] ? lockdep_hardirqs_on+0x7c/0x110 [ 297.333944][T12391] do_futex+0x1e3/0x350 [ 297.333961][T12391] ? __pfx_do_futex+0x10/0x10 [ 297.333982][T12391] __x64_sys_futex+0x1e0/0x4c0 [ 297.334000][T12391] ? __pfx_raw_ioctl+0x10/0x10 [ 297.334015][T12391] ? __pfx___x64_sys_futex+0x10/0x10 [ 297.334034][T12391] ? fput+0x70/0xf0 [ 297.334050][T12391] do_syscall_64+0xcd/0x490 [ 297.334072][T12391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.334095][T12391] RIP: 0033:0x7f3e21b8e929 [ 297.334108][T12391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.334121][T12391] RSP: 002b:00007f3e229bf0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 297.334135][T12391] RAX: ffffffffffffffda RBX: 00007f3e21db5fa8 RCX: 00007f3e21b8e929 [ 297.334145][T12391] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3e21db5fac [ 297.334153][T12391] RBP: 00007f3e21db5fa0 R08: 00007f3e229c0000 R09: 0000000000000000 [ 297.334162][T12391] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f3e21db5fac [ 297.334171][T12391] R13: 0000000000000000 R14: 00007fff0b538ee0 R15: 00007fff0b538fc8 [ 297.334189][T12391] [ 297.894318][T12401] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2602'. [ 300.064816][T12475] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2633'. [ 301.368235][T12512] netlink: 19 bytes leftover after parsing attributes in process `syz.2.2648'. [ 301.424806][T12515] netlink: 130 bytes leftover after parsing attributes in process `syz.3.2649'. [ 301.611808][T12473] kexec: Could not allocate control_code_buffer [ 302.973547][T12560] FAULT_INJECTION: forcing a failure. [ 302.973547][T12560] name fail_futex, interval 1, probability 0, space 0, times 0 [ 303.044949][T12560] CPU: 1 UID: 0 PID: 12560 Comm: syz.2.2668 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 303.044977][T12560] Tainted: [U]=USER [ 303.044982][T12560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 303.044991][T12560] Call Trace: [ 303.044996][T12560] [ 303.045002][T12560] dump_stack_lvl+0x16c/0x1f0 [ 303.045030][T12560] should_fail_ex+0x512/0x640 [ 303.045053][T12560] get_futex_key+0x1d0/0x1540 [ 303.045072][T12560] ? __pfx_get_futex_key+0x10/0x10 [ 303.045094][T12560] futex_wait_setup+0x9d/0x550 [ 303.045125][T12560] __futex_wait+0x194/0x2f0 [ 303.045146][T12560] ? __pfx___futex_wait+0x10/0x10 [ 303.045165][T12560] ? mt_find+0x757/0xa30 [ 303.045181][T12560] ? __pfx_futex_wake_mark+0x10/0x10 [ 303.045212][T12560] futex_wait+0xe8/0x380 [ 303.045231][T12560] ? __pfx_futex_wait+0x10/0x10 [ 303.045249][T12560] ? fixup_exception+0x10c/0xaf0 [ 303.045273][T12560] ? __bad_area_nosemaphore+0x38b/0x690 [ 303.045295][T12560] do_futex+0x229/0x350 [ 303.045312][T12560] ? __pfx_do_futex+0x10/0x10 [ 303.045329][T12560] ? rcu_is_watching+0x12/0xc0 [ 303.045345][T12560] __x64_sys_futex+0x1e0/0x4c0 [ 303.045364][T12560] ? __pfx___x64_sys_futex+0x10/0x10 [ 303.045381][T12560] ? xfd_validate_state+0x61/0x180 [ 303.045397][T12560] ? __do_sys_rseq+0x51d/0x760 [ 303.045424][T12560] do_syscall_64+0xcd/0x490 [ 303.045446][T12560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.045460][T12560] RIP: 0033:0x7f3e21b8e929 [ 303.045473][T12560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.045485][T12560] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 303.045499][T12560] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 303.045508][T12560] RDX: 0000000000002948 RSI: 0000000000000000 RDI: 0000000000000000 [ 303.045515][T12560] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000005 [ 303.045523][T12560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 303.045531][T12560] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 303.045548][T12560] [ 306.035669][T12618] Loading of unsigned module is rejected [ 308.833936][T12712] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2729'. [ 308.860021][T12712] caif0: entered promiscuous mode [ 309.231795][T12727] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2736'. [ 309.555609][T12735] netlink: 280 bytes leftover after parsing attributes in process `syz.0.2739'. [ 309.584658][T12737] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2740'. [ 309.987796][T12741] zswap: compressor 000 not available [ 310.029111][T12755] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2747'. [ 310.583532][T12773] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 310.670110][T12776] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2755'. [ 310.774004][T12776] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 311.477021][T12799] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2762'. [ 312.097965][T12816] FAULT_INJECTION: forcing a failure. [ 312.097965][T12816] name failslab, interval 1, probability 0, space 0, times 0 [ 312.208768][T12816] CPU: 1 UID: 0 PID: 12816 Comm: syz.2.2767 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 312.208795][T12816] Tainted: [U]=USER [ 312.208799][T12816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 312.208808][T12816] Call Trace: [ 312.208813][T12816] [ 312.208819][T12816] dump_stack_lvl+0x16c/0x1f0 [ 312.208846][T12816] should_fail_ex+0x512/0x640 [ 312.208866][T12816] ? __kmalloc_noprof+0xbf/0x510 [ 312.208888][T12816] ? binder_open+0x168/0xde0 [ 312.208908][T12816] should_failslab+0xc2/0x120 [ 312.208922][T12816] __kmalloc_noprof+0xd2/0x510 [ 312.208946][T12816] binder_open+0x168/0xde0 [ 312.208966][T12816] ? __pfx_apparmor_file_open+0x10/0x10 [ 312.208984][T12816] ? __pfx_binder_open+0x10/0x10 [ 312.209006][T12816] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 312.209027][T12816] do_dentry_open+0x744/0x1c10 [ 312.209048][T12816] ? __pfx_binder_open+0x10/0x10 [ 312.209072][T12816] vfs_open+0x82/0x3f0 [ 312.209089][T12816] path_openat+0x1de4/0x2cb0 [ 312.209115][T12816] ? __pfx_path_openat+0x10/0x10 [ 312.209135][T12816] ? __lock_acquire+0xb8a/0x1c90 [ 312.209155][T12816] do_filp_open+0x20b/0x470 [ 312.209174][T12816] ? __pfx_do_filp_open+0x10/0x10 [ 312.209207][T12816] ? alloc_fd+0x471/0x7d0 [ 312.209230][T12816] do_sys_openat2+0x11b/0x1d0 [ 312.209244][T12816] ? __pfx_do_sys_openat2+0x10/0x10 [ 312.209266][T12816] __x64_sys_openat+0x174/0x210 [ 312.209282][T12816] ? __pfx___x64_sys_openat+0x10/0x10 [ 312.209304][T12816] do_syscall_64+0xcd/0x490 [ 312.209326][T12816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.209340][T12816] RIP: 0033:0x7f3e21b8e929 [ 312.209353][T12816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.209365][T12816] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 312.209378][T12816] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 312.209387][T12816] RDX: 0000000000002001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 312.209396][T12816] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 312.209404][T12816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 312.209412][T12816] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 312.209430][T12816] [ 312.527275][T12822] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2768'. [ 312.567228][T12824] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2769'. [ 313.979972][T12864] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2782'. [ 314.098337][T12867] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2783'. [ 315.284339][T12897] netlink: 'syz.0.2791': attribute type 3 has an invalid length. [ 315.793894][T12907] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2794'. [ 315.917229][T12908] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2794'. [ 316.014573][T12910] FAULT_INJECTION: forcing a failure. [ 316.014573][T12910] name failslab, interval 1, probability 0, space 0, times 0 [ 316.080589][T12910] CPU: 1 UID: 0 PID: 12910 Comm: syz.2.2796 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 316.080618][T12910] Tainted: [U]=USER [ 316.080623][T12910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 316.080632][T12910] Call Trace: [ 316.080638][T12910] [ 316.080645][T12910] dump_stack_lvl+0x16c/0x1f0 [ 316.080671][T12910] should_fail_ex+0x512/0x640 [ 316.080692][T12910] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 316.080713][T12910] should_failslab+0xc2/0x120 [ 316.080727][T12910] __kmalloc_cache_noprof+0x6a/0x3e0 [ 316.080745][T12910] ? _raw_spin_unlock+0x28/0x50 [ 316.080762][T12910] ? snd_rawmidi_open+0x3c3/0xbf0 [ 316.080783][T12910] snd_rawmidi_open+0x3c3/0xbf0 [ 316.080804][T12910] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 316.080826][T12910] ? kobject_get_unless_zero+0x156/0x1e0 [ 316.080842][T12910] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 316.080859][T12910] snd_open+0x1fe/0x450 [ 316.080872][T12910] ? __pfx_snd_open+0x10/0x10 [ 316.080884][T12910] chrdev_open+0x231/0x6a0 [ 316.080905][T12910] ? __pfx_apparmor_file_open+0x10/0x10 [ 316.080923][T12910] ? __pfx_chrdev_open+0x10/0x10 [ 316.080945][T12910] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 316.080966][T12910] do_dentry_open+0x744/0x1c10 [ 316.080987][T12910] ? __pfx_chrdev_open+0x10/0x10 [ 316.081011][T12910] vfs_open+0x82/0x3f0 [ 316.081028][T12910] path_openat+0x1de4/0x2cb0 [ 316.081054][T12910] ? __pfx_path_openat+0x10/0x10 [ 316.081074][T12910] ? __lock_acquire+0xb8a/0x1c90 [ 316.081094][T12910] do_filp_open+0x20b/0x470 [ 316.081114][T12910] ? __pfx_do_filp_open+0x10/0x10 [ 316.081147][T12910] ? alloc_fd+0x471/0x7d0 [ 316.081171][T12910] do_sys_openat2+0x11b/0x1d0 [ 316.081185][T12910] ? __pfx_do_sys_openat2+0x10/0x10 [ 316.081208][T12910] __x64_sys_openat+0x174/0x210 [ 316.081223][T12910] ? __pfx___x64_sys_openat+0x10/0x10 [ 316.081246][T12910] do_syscall_64+0xcd/0x490 [ 316.081268][T12910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.081284][T12910] RIP: 0033:0x7f3e21b8e929 [ 316.081296][T12910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.081309][T12910] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 316.081322][T12910] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 316.081331][T12910] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 316.081340][T12910] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 316.081348][T12910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 316.081356][T12910] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 316.081383][T12910] [ 316.821034][T12914] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2799'. [ 316.854764][T12916] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2798'. [ 317.121787][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.129915][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.412597][ T30] audit: type=1326 audit(4294967332.660:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12947 comm="syz.0.2812" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff98378e929 code=0x0 [ 319.320852][T12968] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2819'. [ 319.709330][T12976] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2823'. [ 320.121417][T12985] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2826'. [ 320.554903][T12987] zswap: compressor not available [ 321.158242][T13005] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2833'. [ 322.264046][T13018] zswap: compressor 000 not available [ 322.304994][T13027] FAULT_INJECTION: forcing a failure. [ 322.304994][T13027] name failslab, interval 1, probability 0, space 0, times 0 [ 322.386069][T13027] CPU: 1 UID: 0 PID: 13027 Comm: syz.2.2840 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 322.386096][T13027] Tainted: [U]=USER [ 322.386102][T13027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 322.386110][T13027] Call Trace: [ 322.386117][T13027] [ 322.386123][T13027] dump_stack_lvl+0x16c/0x1f0 [ 322.386150][T13027] should_fail_ex+0x512/0x640 [ 322.386171][T13027] ? __kvmalloc_node_noprof+0x124/0x620 [ 322.386194][T13027] should_failslab+0xc2/0x120 [ 322.386208][T13027] __kvmalloc_node_noprof+0x137/0x620 [ 322.386227][T13027] ? lockdep_init_map_type+0x5c/0x280 [ 322.386246][T13027] ? open_substream+0x30c/0x9b0 [ 322.386265][T13027] ? open_substream+0x30c/0x9b0 [ 322.386279][T13027] ? open_substream+0x19a/0x9b0 [ 322.386293][T13027] open_substream+0x30c/0x9b0 [ 322.386311][T13027] rawmidi_open_priv+0x543/0x6e0 [ 322.386332][T13027] snd_rawmidi_open+0x4cc/0xbf0 [ 322.386352][T13027] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 322.386371][T13027] ? __pfx_default_wake_function+0x10/0x10 [ 322.386388][T13027] ? kobject_get_unless_zero+0x156/0x1e0 [ 322.386403][T13027] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 322.386420][T13027] snd_open+0x1fe/0x450 [ 322.386434][T13027] ? __pfx_snd_open+0x10/0x10 [ 322.386446][T13027] chrdev_open+0x231/0x6a0 [ 322.386466][T13027] ? __pfx_apparmor_file_open+0x10/0x10 [ 322.386483][T13027] ? __pfx_chrdev_open+0x10/0x10 [ 322.386505][T13027] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 322.386526][T13027] do_dentry_open+0x744/0x1c10 [ 322.386546][T13027] ? __pfx_chrdev_open+0x10/0x10 [ 322.386571][T13027] vfs_open+0x82/0x3f0 [ 322.386587][T13027] path_openat+0x1de4/0x2cb0 [ 322.386614][T13027] ? __pfx_path_openat+0x10/0x10 [ 322.386634][T13027] ? __lock_acquire+0xb8a/0x1c90 [ 322.386653][T13027] do_filp_open+0x20b/0x470 [ 322.386672][T13027] ? __pfx_do_filp_open+0x10/0x10 [ 322.386705][T13027] ? alloc_fd+0x471/0x7d0 [ 322.386729][T13027] do_sys_openat2+0x11b/0x1d0 [ 322.386744][T13027] ? __pfx_do_sys_openat2+0x10/0x10 [ 322.386766][T13027] __x64_sys_openat+0x174/0x210 [ 322.386781][T13027] ? __pfx___x64_sys_openat+0x10/0x10 [ 322.386804][T13027] do_syscall_64+0xcd/0x490 [ 322.386827][T13027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.386841][T13027] RIP: 0033:0x7f3e21b8e929 [ 322.386853][T13027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.386871][T13027] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 322.386885][T13027] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 322.386894][T13027] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 322.386903][T13027] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 322.386912][T13027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.386920][T13027] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 322.386945][T13027] [ 322.964841][T13033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2842'. [ 322.975512][T13033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2842'. [ 323.803909][T13064] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2856'. [ 324.110585][T13076] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2861'. [ 324.451548][T13089] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2867'. [ 325.327468][T13105] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2874'. [ 325.368690][T13105] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2874'. [ 325.755595][T13116] netlink: 350 bytes leftover after parsing attributes in process `syz.3.2879'. [ 326.151194][T13129] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2884'. [ 326.277644][T13132] FAULT_INJECTION: forcing a failure. [ 326.277644][T13132] name failslab, interval 1, probability 0, space 0, times 0 [ 326.343377][T13132] CPU: 1 UID: 0 PID: 13132 Comm: syz.1.2886 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 326.343405][T13132] Tainted: [U]=USER [ 326.343410][T13132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 326.343418][T13132] Call Trace: [ 326.343423][T13132] [ 326.343429][T13132] dump_stack_lvl+0x16c/0x1f0 [ 326.343456][T13132] should_fail_ex+0x512/0x640 [ 326.343480][T13132] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 326.343501][T13132] should_failslab+0xc2/0x120 [ 326.343516][T13132] __kmalloc_cache_noprof+0x6a/0x3e0 [ 326.343533][T13132] ? rcu_is_watching+0x12/0xc0 [ 326.343546][T13132] ? snd_pcm_oss_open+0x5eb/0x1400 [ 326.343564][T13132] snd_pcm_oss_open+0x5eb/0x1400 [ 326.343584][T13132] ? tomoyo_check_open_permission+0x1d8/0x3c0 [ 326.343601][T13132] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 326.343624][T13132] ? __lock_acquire+0xb8a/0x1c90 [ 326.343643][T13132] ? __pfx_default_wake_function+0x10/0x10 [ 326.343659][T13132] ? __lock_acquire+0xb8a/0x1c90 [ 326.343682][T13132] ? do_raw_spin_lock+0x12c/0x2b0 [ 326.343704][T13132] ? soundcore_open+0x35a/0x580 [ 326.343726][T13132] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 326.343742][T13132] soundcore_open+0x40c/0x580 [ 326.343764][T13132] ? __pfx_soundcore_open+0x10/0x10 [ 326.343802][T13132] chrdev_open+0x231/0x6a0 [ 326.343824][T13132] ? __pfx_apparmor_file_open+0x10/0x10 [ 326.343842][T13132] ? __pfx_chrdev_open+0x10/0x10 [ 326.343865][T13132] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 326.343888][T13132] do_dentry_open+0x744/0x1c10 [ 326.343908][T13132] ? __pfx_chrdev_open+0x10/0x10 [ 326.343932][T13132] vfs_open+0x82/0x3f0 [ 326.343949][T13132] path_openat+0x1de4/0x2cb0 [ 326.343975][T13132] ? __pfx_path_openat+0x10/0x10 [ 326.343995][T13132] ? __lock_acquire+0xb8a/0x1c90 [ 326.344015][T13132] do_filp_open+0x20b/0x470 [ 326.344034][T13132] ? __pfx_do_filp_open+0x10/0x10 [ 326.344066][T13132] ? alloc_fd+0x471/0x7d0 [ 326.344090][T13132] do_sys_openat2+0x11b/0x1d0 [ 326.344104][T13132] ? __pfx_do_sys_openat2+0x10/0x10 [ 326.344126][T13132] __x64_sys_openat+0x174/0x210 [ 326.344142][T13132] ? __pfx___x64_sys_openat+0x10/0x10 [ 326.344165][T13132] do_syscall_64+0xcd/0x490 [ 326.344187][T13132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.344201][T13132] RIP: 0033:0x7fb3dff8e929 [ 326.344214][T13132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.344227][T13132] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 326.344240][T13132] RAX: ffffffffffffffda RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 326.344250][T13132] RDX: 0000000000000800 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 326.344259][T13132] RBP: 00007fb3e0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 326.344267][T13132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 326.344275][T13132] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 326.344295][T13132] [ 327.094204][T13146] netlink: 'syz.3.2893': attribute type 3 has an invalid length. [ 327.675243][T13157] netlink: 'syz.2.2898': attribute type 15 has an invalid length. [ 327.701472][T13157] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2898'. [ 329.824962][T13208] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2918'. [ 330.910694][T13244] nbd: must specify at least one socket [ 332.164233][T13275] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2937'. [ 333.108138][T13301] netlink: 'syz.0.2946': attribute type 64 has an invalid length. [ 333.188982][T13301] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2946'. [ 333.516909][T13311] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2951'. [ 333.546208][ T5834] Bluetooth: hci1: unexpected event 0x03 length: 725 > 11 [ 334.689245][T13352] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2968'. [ 335.092146][T13358] netlink: 74 bytes leftover after parsing attributes in process `syz.3.2971'. [ 335.313424][T13371] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2976'. [ 336.210150][T13394] FAULT_INJECTION: forcing a failure. [ 336.210150][T13394] name failslab, interval 1, probability 0, space 0, times 0 [ 336.302742][T13394] CPU: 1 UID: 0 PID: 13394 Comm: syz.2.2985 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 336.302770][T13394] Tainted: [U]=USER [ 336.302775][T13394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.302783][T13394] Call Trace: [ 336.302789][T13394] [ 336.302795][T13394] dump_stack_lvl+0x16c/0x1f0 [ 336.302821][T13394] should_fail_ex+0x512/0x640 [ 336.302841][T13394] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 336.302862][T13394] should_failslab+0xc2/0x120 [ 336.302876][T13394] __kmalloc_cache_noprof+0x6a/0x3e0 [ 336.302893][T13394] ? rcu_is_watching+0x12/0xc0 [ 336.302906][T13394] ? snd_pcm_oss_open+0x5eb/0x1400 [ 336.302924][T13394] snd_pcm_oss_open+0x5eb/0x1400 [ 336.302944][T13394] ? tomoyo_check_open_permission+0x1d8/0x3c0 [ 336.302962][T13394] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 336.302977][T13394] ? __lock_acquire+0xb8a/0x1c90 [ 336.302995][T13394] ? __pfx_default_wake_function+0x10/0x10 [ 336.303014][T13394] ? __lock_acquire+0xb8a/0x1c90 [ 336.303035][T13394] ? do_raw_spin_lock+0x12c/0x2b0 [ 336.303056][T13394] ? soundcore_open+0x35a/0x580 [ 336.303078][T13394] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 336.303094][T13394] soundcore_open+0x40c/0x580 [ 336.303117][T13394] ? __pfx_soundcore_open+0x10/0x10 [ 336.303137][T13394] chrdev_open+0x231/0x6a0 [ 336.303157][T13394] ? __pfx_apparmor_file_open+0x10/0x10 [ 336.303174][T13394] ? __pfx_chrdev_open+0x10/0x10 [ 336.303196][T13394] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 336.303218][T13394] do_dentry_open+0x744/0x1c10 [ 336.303238][T13394] ? __pfx_chrdev_open+0x10/0x10 [ 336.303262][T13394] vfs_open+0x82/0x3f0 [ 336.303279][T13394] path_openat+0x1de4/0x2cb0 [ 336.303305][T13394] ? __pfx_path_openat+0x10/0x10 [ 336.303325][T13394] ? __lock_acquire+0xb8a/0x1c90 [ 336.303345][T13394] do_filp_open+0x20b/0x470 [ 336.303365][T13394] ? __pfx_do_filp_open+0x10/0x10 [ 336.303397][T13394] ? alloc_fd+0x471/0x7d0 [ 336.303421][T13394] do_sys_openat2+0x11b/0x1d0 [ 336.303435][T13394] ? __pfx_do_sys_openat2+0x10/0x10 [ 336.303457][T13394] __x64_sys_openat+0x174/0x210 [ 336.303473][T13394] ? __pfx___x64_sys_openat+0x10/0x10 [ 336.303496][T13394] do_syscall_64+0xcd/0x490 [ 336.303518][T13394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.303533][T13394] RIP: 0033:0x7f3e21b8e929 [ 336.303546][T13394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.303558][T13394] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 336.303572][T13394] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 336.303581][T13394] RDX: 0000000000000800 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 336.303590][T13394] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 336.303598][T13394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 336.303614][T13394] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 336.303633][T13394] [ 337.040173][T13407] netlink: 'syz.3.2991': attribute type 27 has an invalid length. [ 337.048957][T13407] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2991'. [ 340.250878][T13490] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3023'. [ 340.293630][T13490] vcan0: entered promiscuous mode [ 340.370299][T13492] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.749233][T13534] FAULT_INJECTION: forcing a failure. [ 341.749233][T13534] name failslab, interval 1, probability 0, space 0, times 0 [ 341.811219][T13534] CPU: 1 UID: 0 PID: 13534 Comm: syz.2.3042 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 341.811247][T13534] Tainted: [U]=USER [ 341.811252][T13534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 341.811261][T13534] Call Trace: [ 341.811266][T13534] [ 341.811272][T13534] dump_stack_lvl+0x16c/0x1f0 [ 341.811298][T13534] should_fail_ex+0x512/0x640 [ 341.811319][T13534] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 341.811344][T13534] should_failslab+0xc2/0x120 [ 341.811358][T13534] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 341.811377][T13534] ? __proc_create+0xc3/0x8c0 [ 341.811398][T13534] ? __proc_create+0x2ce/0x8c0 [ 341.811421][T13534] __proc_create+0x2ce/0x8c0 [ 341.811442][T13534] ? __pfx___proc_create+0x10/0x10 [ 341.811462][T13534] ? pcpu_chunk_relocate+0x126/0x190 [ 341.811487][T13534] proc_create_reg+0x7d/0x180 [ 341.811511][T13534] ? __pfx_xfrm_statistics_seq_show+0x10/0x10 [ 341.811527][T13534] proc_create_net_single+0x86/0x170 [ 341.811551][T13534] ? __pfx_proc_create_net_single+0x10/0x10 [ 341.811579][T13534] ? __pfx_xfrm_net_init+0x10/0x10 [ 341.811599][T13534] xfrm_proc_init+0x4d/0x70 [ 341.811612][T13534] xfrm_net_init+0x1f0/0xcc0 [ 341.811635][T13534] ? __pfx_xfrm_net_init+0x10/0x10 [ 341.811654][T13534] ops_init+0x1df/0x5f0 [ 341.811669][T13534] setup_net+0x1ff/0x510 [ 341.811681][T13534] ? lockdep_init_map_type+0x5c/0x280 [ 341.811700][T13534] ? __pfx_setup_net+0x10/0x10 [ 341.811714][T13534] ? debug_mutex_init+0x37/0x70 [ 341.811729][T13534] copy_net_ns+0x2a6/0x5f0 [ 341.811745][T13534] create_new_namespaces+0x3ea/0xa90 [ 341.811766][T13534] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 341.811783][T13534] ksys_unshare+0x45b/0xa40 [ 341.811801][T13534] ? __pfx_ksys_unshare+0x10/0x10 [ 341.811819][T13534] ? xfd_validate_state+0x61/0x180 [ 341.811842][T13534] __x64_sys_unshare+0x31/0x40 [ 341.811859][T13534] do_syscall_64+0xcd/0x490 [ 341.811881][T13534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.811895][T13534] RIP: 0033:0x7f3e21b8e929 [ 341.811908][T13534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.811921][T13534] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 341.811934][T13534] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 341.811943][T13534] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 341.811951][T13534] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 341.811960][T13534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.811968][T13534] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 341.811987][T13534] [ 344.037558][T13579] FAULT_INJECTION: forcing a failure. [ 344.037558][T13579] name failslab, interval 1, probability 0, space 0, times 0 [ 344.117909][T13579] CPU: 1 UID: 0 PID: 13579 Comm: syz.1.3058 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 344.117936][T13579] Tainted: [U]=USER [ 344.117941][T13579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 344.117949][T13579] Call Trace: [ 344.117955][T13579] [ 344.117961][T13579] dump_stack_lvl+0x16c/0x1f0 [ 344.117988][T13579] should_fail_ex+0x512/0x640 [ 344.118008][T13579] ? fs_reclaim_acquire+0xae/0x150 [ 344.118027][T13579] should_failslab+0xc2/0x120 [ 344.118041][T13579] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 344.118063][T13579] ? ima_inode_get+0x120/0x580 [ 344.118086][T13579] ima_inode_get+0x120/0x580 [ 344.118107][T13579] process_measurement+0x585/0x23e0 [ 344.118133][T13579] ? __pfx_process_measurement+0x10/0x10 [ 344.118155][T13579] ? alloc_empty_file+0x73/0x1e0 [ 344.118169][T13579] ? hugetlb_file_setup+0x4cd/0x620 [ 344.118183][T13579] ? ksys_mmap_pgoff+0x189/0x5c0 [ 344.118196][T13579] ? __x64_sys_mmap+0x125/0x190 [ 344.118242][T13579] ima_file_mmap+0x1b1/0x1d0 [ 344.118261][T13579] ? __pfx_ima_file_mmap+0x10/0x10 [ 344.118285][T13579] security_mmap_file+0x88c/0x990 [ 344.118304][T13579] vm_mmap_pgoff+0xec/0x450 [ 344.118321][T13579] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 344.118340][T13579] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 344.118357][T13579] ? hugetlbfs_get_inode+0x31f/0x730 [ 344.118377][T13579] ksys_mmap_pgoff+0x1c8/0x5c0 [ 344.118396][T13579] __x64_sys_mmap+0x125/0x190 [ 344.118417][T13579] do_syscall_64+0xcd/0x490 [ 344.118439][T13579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.118454][T13579] RIP: 0033:0x7fb3dff8e929 [ 344.118466][T13579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.118479][T13579] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 344.118493][T13579] RAX: ffffffffffffffda RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 344.118502][T13579] RDX: 00000000000001fd RSI: 0000000000000005 RDI: 0000000000000000 [ 344.118510][T13579] RBP: 00007fb3e0010b39 R08: 0000000000000401 R09: 0000300000000000 [ 344.118518][T13579] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 344.118526][T13579] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 344.118544][T13579] [ 345.280440][T13614] ptp ptp0: max value is 20 [ 345.790318][T13622] FAULT_INJECTION: forcing a failure. [ 345.790318][T13622] name failslab, interval 1, probability 0, space 0, times 0 [ 345.859597][T13622] CPU: 1 UID: 0 PID: 13622 Comm: syz.1.3075 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 345.859624][T13622] Tainted: [U]=USER [ 345.859629][T13622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 345.859637][T13622] Call Trace: [ 345.859642][T13622] [ 345.859648][T13622] dump_stack_lvl+0x16c/0x1f0 [ 345.859674][T13622] should_fail_ex+0x512/0x640 [ 345.859695][T13622] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 345.859716][T13622] should_failslab+0xc2/0x120 [ 345.859730][T13622] __kmalloc_cache_noprof+0x6a/0x3e0 [ 345.859749][T13622] ? snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 345.859765][T13622] ? kasan_save_track+0x14/0x30 [ 345.859787][T13622] snd_pcm_oss_change_params_locked+0x211/0x3a30 [ 345.859804][T13622] ? rcu_is_watching+0x12/0xc0 [ 345.859820][T13622] ? __mutex_lock+0x1ca/0xb90 [ 345.859843][T13622] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 345.859860][T13622] ? __pfx___mutex_lock+0x10/0x10 [ 345.859901][T13622] ? __fsnotify_parent+0x24b/0xc40 [ 345.859925][T13622] snd_pcm_oss_make_ready+0xe6/0x1b0 [ 345.859942][T13622] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 345.859957][T13622] snd_pcm_oss_sync+0x1de/0x840 [ 345.859978][T13622] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 345.860002][T13622] snd_pcm_oss_release+0x28b/0x310 [ 345.860019][T13622] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 345.860035][T13622] __fput+0x402/0xb70 [ 345.860054][T13622] task_work_run+0x14d/0x240 [ 345.860076][T13622] ? __pfx_task_work_run+0x10/0x10 [ 345.860096][T13622] ? __pfx___do_sys_close_range+0x10/0x10 [ 345.860120][T13622] exit_to_user_mode_loop+0xeb/0x110 [ 345.860142][T13622] do_syscall_64+0x3f6/0x490 [ 345.860164][T13622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.860178][T13622] RIP: 0033:0x7fb3dff8e929 [ 345.860191][T13622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.860204][T13622] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 345.860218][T13622] RAX: 0000000000000000 RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 345.860227][T13622] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 345.860235][T13622] RBP: 00007fb3e0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 345.860243][T13622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 345.860250][T13622] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 345.860268][T13622] [ 346.243081][T13600] kexec: Could not allocate control_code_buffer [ 346.342118][T13631] lo: entered allmulticast mode [ 346.431133][T13635] lo: left allmulticast mode [ 347.731504][T13677] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.938598][T13696] FAULT_INJECTION: forcing a failure. [ 348.938598][T13696] name failslab, interval 1, probability 0, space 0, times 0 [ 349.016314][T13696] CPU: 1 UID: 0 PID: 13696 Comm: syz.2.3105 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 349.016342][T13696] Tainted: [U]=USER [ 349.016347][T13696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 349.016356][T13696] Call Trace: [ 349.016361][T13696] [ 349.016367][T13696] dump_stack_lvl+0x16c/0x1f0 [ 349.016395][T13696] should_fail_ex+0x512/0x640 [ 349.016415][T13696] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 349.016437][T13696] should_failslab+0xc2/0x120 [ 349.016451][T13696] __kmalloc_cache_noprof+0x6a/0x3e0 [ 349.016469][T13696] ? mark_held_locks+0x49/0x80 [ 349.016485][T13696] ? rfkill_fop_open+0x1b6/0x750 [ 349.016506][T13696] rfkill_fop_open+0x1b6/0x750 [ 349.016525][T13696] ? __pfx_rfkill_fop_open+0x10/0x10 [ 349.016543][T13696] misc_open+0x35a/0x420 [ 349.016560][T13696] ? __pfx_misc_open+0x10/0x10 [ 349.016576][T13696] chrdev_open+0x231/0x6a0 [ 349.016596][T13696] ? __pfx_apparmor_file_open+0x10/0x10 [ 349.016614][T13696] ? __pfx_chrdev_open+0x10/0x10 [ 349.016636][T13696] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 349.016663][T13696] do_dentry_open+0x744/0x1c10 [ 349.016684][T13696] ? __pfx_chrdev_open+0x10/0x10 [ 349.016709][T13696] vfs_open+0x82/0x3f0 [ 349.016727][T13696] path_openat+0x1de4/0x2cb0 [ 349.016754][T13696] ? __pfx_path_openat+0x10/0x10 [ 349.016774][T13696] ? __lock_acquire+0xb8a/0x1c90 [ 349.016794][T13696] do_filp_open+0x20b/0x470 [ 349.016813][T13696] ? __pfx_do_filp_open+0x10/0x10 [ 349.016846][T13696] ? alloc_fd+0x471/0x7d0 [ 349.016870][T13696] do_sys_openat2+0x11b/0x1d0 [ 349.016885][T13696] ? __pfx_do_sys_openat2+0x10/0x10 [ 349.016907][T13696] __x64_sys_openat+0x174/0x210 [ 349.016923][T13696] ? __pfx___x64_sys_openat+0x10/0x10 [ 349.016946][T13696] do_syscall_64+0xcd/0x490 [ 349.016969][T13696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.016983][T13696] RIP: 0033:0x7f3e21b8e929 [ 349.016996][T13696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.017009][T13696] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 349.017022][T13696] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 349.017031][T13696] RDX: 0000000000080480 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 349.017040][T13696] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 349.017049][T13696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 349.017058][T13696] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 349.017076][T13696] [ 350.719695][T13725] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3116'. [ 351.415337][T13739] FAULT_INJECTION: forcing a failure. [ 351.415337][T13739] name failslab, interval 1, probability 0, space 0, times 0 [ 351.490811][T13739] CPU: 1 UID: 0 PID: 13739 Comm: syz.2.3123 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 351.490838][T13739] Tainted: [U]=USER [ 351.490843][T13739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 351.490851][T13739] Call Trace: [ 351.490856][T13739] [ 351.490863][T13739] dump_stack_lvl+0x16c/0x1f0 [ 351.490890][T13739] should_fail_ex+0x512/0x640 [ 351.490911][T13739] ? __kmalloc_noprof+0xbf/0x510 [ 351.490932][T13739] ? lsm_blob_alloc+0x68/0x90 [ 351.490952][T13739] should_failslab+0xc2/0x120 [ 351.490965][T13739] __kmalloc_noprof+0xd2/0x510 [ 351.490988][T13739] lsm_blob_alloc+0x68/0x90 [ 351.491009][T13739] security_sk_alloc+0x30/0x270 [ 351.491025][T13739] sk_prot_alloc+0xfb/0x2a0 [ 351.491042][T13739] sk_alloc+0x36/0xc20 [ 351.491061][T13739] unix_create1+0xa6/0x700 [ 351.491081][T13739] unix_create+0x10e/0x1d0 [ 351.491100][T13739] __sock_create+0x338/0x8d0 [ 351.491119][T13739] __sys_socketpair+0x25c/0x5a0 [ 351.491137][T13739] ? __pfx___sys_socketpair+0x10/0x10 [ 351.491153][T13739] ? fput+0x70/0xf0 [ 351.491167][T13739] ? xfd_validate_state+0x61/0x180 [ 351.491184][T13739] ? __pfx_do_writev+0x10/0x10 [ 351.491204][T13739] __x64_sys_socketpair+0x96/0x100 [ 351.491220][T13739] ? lockdep_hardirqs_on+0x7c/0x110 [ 351.491240][T13739] do_syscall_64+0xcd/0x490 [ 351.491262][T13739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.491276][T13739] RIP: 0033:0x7f3e21b8e929 [ 351.491288][T13739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.491300][T13739] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 351.491314][T13739] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 351.491323][T13739] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 351.491331][T13739] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 351.491339][T13739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 351.491347][T13739] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 351.491364][T13739] [ 352.765867][T13754] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3128'. [ 354.252159][T13771] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3134'. [ 354.475866][T13777] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3137'. [ 354.960958][T13790] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3143'. [ 355.632401][T13801] netlink: 'syz.1.3147': attribute type 19 has an invalid length. [ 355.694699][T13801] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3147'. [ 356.890806][T13835] FAULT_INJECTION: forcing a failure. [ 356.890806][T13835] name failslab, interval 1, probability 0, space 0, times 0 [ 356.966239][T13835] CPU: 1 UID: 0 PID: 13835 Comm: syz.0.3160 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 356.966267][T13835] Tainted: [U]=USER [ 356.966272][T13835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 356.966280][T13835] Call Trace: [ 356.966286][T13835] [ 356.966292][T13835] dump_stack_lvl+0x16c/0x1f0 [ 356.966319][T13835] should_fail_ex+0x512/0x640 [ 356.966339][T13835] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 356.966360][T13835] should_failslab+0xc2/0x120 [ 356.966374][T13835] __kmalloc_cache_noprof+0x6a/0x3e0 [ 356.966391][T13835] ? mark_held_locks+0x49/0x80 [ 356.966408][T13835] ? rfkill_fop_open+0x1b6/0x750 [ 356.966428][T13835] rfkill_fop_open+0x1b6/0x750 [ 356.966447][T13835] ? __pfx_rfkill_fop_open+0x10/0x10 [ 356.966465][T13835] misc_open+0x35a/0x420 [ 356.966482][T13835] ? __pfx_misc_open+0x10/0x10 [ 356.966498][T13835] chrdev_open+0x231/0x6a0 [ 356.966518][T13835] ? __pfx_apparmor_file_open+0x10/0x10 [ 356.966536][T13835] ? __pfx_chrdev_open+0x10/0x10 [ 356.966557][T13835] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 356.966579][T13835] do_dentry_open+0x744/0x1c10 [ 356.966600][T13835] ? __pfx_chrdev_open+0x10/0x10 [ 356.966624][T13835] vfs_open+0x82/0x3f0 [ 356.966641][T13835] path_openat+0x1de4/0x2cb0 [ 356.966667][T13835] ? __pfx_path_openat+0x10/0x10 [ 356.966688][T13835] ? __lock_acquire+0xb8a/0x1c90 [ 356.966707][T13835] do_filp_open+0x20b/0x470 [ 356.966726][T13835] ? __pfx_do_filp_open+0x10/0x10 [ 356.966760][T13835] ? alloc_fd+0x471/0x7d0 [ 356.966784][T13835] do_sys_openat2+0x11b/0x1d0 [ 356.966799][T13835] ? __pfx_do_sys_openat2+0x10/0x10 [ 356.966822][T13835] __x64_sys_openat+0x174/0x210 [ 356.966837][T13835] ? __pfx___x64_sys_openat+0x10/0x10 [ 356.966861][T13835] do_syscall_64+0xcd/0x490 [ 356.966884][T13835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.966898][T13835] RIP: 0033:0x7ff98378e929 [ 356.966911][T13835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.966924][T13835] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 356.966938][T13835] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 356.966948][T13835] RDX: 0000000000080480 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 356.966957][T13835] RBP: 00007ff983810b39 R08: 0000000000000000 R09: 0000000000000000 [ 356.966965][T13835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.966974][T13835] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 356.966992][T13835] [ 357.814756][T13837] netlink: 'syz.0.3161': attribute type 11 has an invalid length. [ 360.622198][T13897] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3185'. [ 361.113906][T13909] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3189'. [ 361.505640][T13918] FAULT_INJECTION: forcing a failure. [ 361.505640][T13918] name failslab, interval 1, probability 0, space 0, times 0 [ 361.556913][T13918] CPU: 1 UID: 0 PID: 13918 Comm: syz.2.3193 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 361.556941][T13918] Tainted: [U]=USER [ 361.556946][T13918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 361.556955][T13918] Call Trace: [ 361.556960][T13918] [ 361.556966][T13918] dump_stack_lvl+0x16c/0x1f0 [ 361.556994][T13918] should_fail_ex+0x512/0x640 [ 361.557014][T13918] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 361.557035][T13918] should_failslab+0xc2/0x120 [ 361.557050][T13918] __kmalloc_cache_noprof+0x6a/0x3e0 [ 361.557068][T13918] ? nci_allocate_device+0x105/0x430 [ 361.557089][T13918] nci_allocate_device+0x105/0x430 [ 361.557109][T13918] virtual_ncidev_open+0x6f/0x220 [ 361.557127][T13918] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 361.557145][T13918] misc_open+0x35a/0x420 [ 361.557163][T13918] ? __pfx_misc_open+0x10/0x10 [ 361.557180][T13918] chrdev_open+0x231/0x6a0 [ 361.557200][T13918] ? __pfx_apparmor_file_open+0x10/0x10 [ 361.557219][T13918] ? __pfx_chrdev_open+0x10/0x10 [ 361.557241][T13918] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 361.557263][T13918] do_dentry_open+0x744/0x1c10 [ 361.557283][T13918] ? __pfx_chrdev_open+0x10/0x10 [ 361.557307][T13918] vfs_open+0x82/0x3f0 [ 361.557324][T13918] path_openat+0x1de4/0x2cb0 [ 361.557349][T13918] ? __pfx_path_openat+0x10/0x10 [ 361.557370][T13918] ? __lock_acquire+0xb8a/0x1c90 [ 361.557390][T13918] do_filp_open+0x20b/0x470 [ 361.557410][T13918] ? __pfx_do_filp_open+0x10/0x10 [ 361.557443][T13918] ? alloc_fd+0x471/0x7d0 [ 361.557466][T13918] do_sys_openat2+0x11b/0x1d0 [ 361.557481][T13918] ? __pfx_do_sys_openat2+0x10/0x10 [ 361.557503][T13918] __x64_sys_openat+0x174/0x210 [ 361.557519][T13918] ? __pfx___x64_sys_openat+0x10/0x10 [ 361.557542][T13918] do_syscall_64+0xcd/0x490 [ 361.557564][T13918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.557578][T13918] RIP: 0033:0x7f3e21b8e929 [ 361.557591][T13918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.557604][T13918] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 361.557618][T13918] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 361.557627][T13918] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 361.557635][T13918] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 361.557644][T13918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.557652][T13918] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 361.557671][T13918] [ 362.520181][T13940] netlink: 'syz.0.3203': attribute type 35 has an invalid length. [ 362.540660][T13938] Loading of unsigned module is rejected [ 362.686251][T13945] FAULT_INJECTION: forcing a failure. [ 362.686251][T13945] name failslab, interval 1, probability 0, space 0, times 0 [ 362.752805][T13945] CPU: 1 UID: 0 PID: 13945 Comm: syz.0.3205 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 362.752832][T13945] Tainted: [U]=USER [ 362.752837][T13945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 362.752846][T13945] Call Trace: [ 362.752852][T13945] [ 362.752857][T13945] dump_stack_lvl+0x16c/0x1f0 [ 362.752884][T13945] should_fail_ex+0x512/0x640 [ 362.752904][T13945] ? fs_reclaim_acquire+0xae/0x150 [ 362.752923][T13945] should_failslab+0xc2/0x120 [ 362.752936][T13945] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 362.752957][T13945] ? security_inode_alloc+0x3b/0x2b0 [ 362.752975][T13945] security_inode_alloc+0x3b/0x2b0 [ 362.752990][T13945] inode_init_always_gfp+0xce4/0x1030 [ 362.753017][T13945] alloc_inode+0x86/0x240 [ 362.753031][T13945] path_from_stashed+0x2be/0xb00 [ 362.753056][T13945] ? __pfx_path_from_stashed+0x10/0x10 [ 362.753076][T13945] ? userns_get+0x16b/0x420 [ 362.753102][T13945] ns_get_path+0x5f/0x80 [ 362.753119][T13945] proc_ns_get_link+0x121/0x260 [ 362.753138][T13945] ? __pfx_proc_ns_get_link+0x10/0x10 [ 362.753157][T13945] ? atime_needs_update+0x8b/0x710 [ 362.753173][T13945] ? __pfx_proc_ns_get_link+0x10/0x10 [ 362.753191][T13945] step_into+0x1a2c/0x2270 [ 362.753211][T13945] ? __pfx_step_into+0x10/0x10 [ 362.753228][T13945] ? find_held_lock+0x2b/0x80 [ 362.753247][T13945] path_openat+0x6db/0x2cb0 [ 362.753273][T13945] ? __pfx_path_openat+0x10/0x10 [ 362.753292][T13945] ? __lock_acquire+0xb8a/0x1c90 [ 362.753312][T13945] do_filp_open+0x20b/0x470 [ 362.753331][T13945] ? __pfx_do_filp_open+0x10/0x10 [ 362.753363][T13945] ? alloc_fd+0x471/0x7d0 [ 362.753386][T13945] do_sys_openat2+0x11b/0x1d0 [ 362.753401][T13945] ? __pfx_do_sys_openat2+0x10/0x10 [ 362.753423][T13945] __x64_sys_openat+0x174/0x210 [ 362.753438][T13945] ? __pfx___x64_sys_openat+0x10/0x10 [ 362.753461][T13945] do_syscall_64+0xcd/0x490 [ 362.753483][T13945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.753498][T13945] RIP: 0033:0x7ff98378d290 [ 362.753510][T13945] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 362.753523][T13945] RSP: 002b:00007ff984596f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 362.753537][T13945] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff98378d290 [ 362.753547][T13945] RDX: 0000000000000002 RSI: 00007ff984596fa0 RDI: 00000000ffffff9c [ 362.753556][T13945] RBP: 00007ff984596fa0 R08: 0000000000000000 R09: 0000000000000000 [ 362.753565][T13945] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 362.753573][T13945] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 362.753591][T13945] [ 365.354508][T13982] FAULT_INJECTION: forcing a failure. [ 365.354508][T13982] name failslab, interval 1, probability 0, space 0, times 0 [ 365.395179][T13982] CPU: 1 UID: 0 PID: 13982 Comm: syz.1.3222 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 365.395207][T13982] Tainted: [U]=USER [ 365.395212][T13982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 365.395220][T13982] Call Trace: [ 365.395226][T13982] [ 365.395232][T13982] dump_stack_lvl+0x16c/0x1f0 [ 365.395258][T13982] should_fail_ex+0x512/0x640 [ 365.395278][T13982] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 365.395302][T13982] should_failslab+0xc2/0x120 [ 365.395316][T13982] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 365.395336][T13982] ? d_instantiate+0x77/0x90 [ 365.395356][T13982] ? alloc_empty_file+0x55/0x1e0 [ 365.395373][T13982] alloc_empty_file+0x55/0x1e0 [ 365.395388][T13982] alloc_file_pseudo+0x13a/0x230 [ 365.395404][T13982] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 365.395427][T13982] ? tipc_sk_finish_conn+0x580/0x790 [ 365.395446][T13982] sock_alloc_file+0x50/0x210 [ 365.395461][T13982] __sys_socketpair+0x34e/0x5a0 [ 365.395478][T13982] ? __pfx___sys_socketpair+0x10/0x10 [ 365.395495][T13982] ? fput+0x70/0xf0 [ 365.395509][T13982] ? xfd_validate_state+0x61/0x180 [ 365.395526][T13982] ? __pfx_do_writev+0x10/0x10 [ 365.395547][T13982] __x64_sys_socketpair+0x96/0x100 [ 365.395564][T13982] ? lockdep_hardirqs_on+0x7c/0x110 [ 365.395583][T13982] do_syscall_64+0xcd/0x490 [ 365.395605][T13982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.395620][T13982] RIP: 0033:0x7fb3dff8e929 [ 365.395633][T13982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.395646][T13982] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 365.395661][T13982] RAX: ffffffffffffffda RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 365.395671][T13982] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 365.395679][T13982] RBP: 00007fb3e0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 365.395687][T13982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 365.395695][T13982] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 365.395712][T13982] [ 367.287421][T14025] netlink: 'syz.1.3234': attribute type 1 has an invalid length. [ 368.591559][T14058] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 368.668710][T14058] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 368.955640][T14066] netlink: 'syz.1.3245': attribute type 2 has an invalid length. [ 369.028695][T14066] netlink: 'syz.1.3245': attribute type 2 has an invalid length. [ 369.658299][T14089] HfR: entered promiscuous mode [ 369.735321][T14089] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3252'. [ 369.805467][T14089] HfR: left promiscuous mode [ 370.384788][ T5150] Bluetooth: hci0: command 0x0406 tx timeout [ 370.959119][T14121] openvswitch: netlink: IP tunnel dst address not specified [ 371.024283][T14124] openvswitch: netlink: IP tunnel dst address not specified [ 371.190972][T14129] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3267'. [ 371.849363][T14144] FAULT_INJECTION: forcing a failure. [ 371.849363][T14144] name fail_futex, interval 1, probability 0, space 0, times 0 [ 371.930945][T14147] Loading of unsigned module is rejected [ 371.995613][T14144] CPU: 1 UID: 0 PID: 14144 Comm: syz.2.3271 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 371.995641][T14144] Tainted: [U]=USER [ 371.995646][T14144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 371.995655][T14144] Call Trace: [ 371.995660][T14144] [ 371.995667][T14144] dump_stack_lvl+0x16c/0x1f0 [ 371.995694][T14144] should_fail_ex+0x512/0x640 [ 371.995718][T14144] get_futex_key+0x1d0/0x1540 [ 371.995737][T14144] ? __pfx_get_futex_key+0x10/0x10 [ 371.995759][T14144] futex_wake+0xea/0x530 [ 371.995778][T14144] ? rcu_is_watching+0x12/0xc0 [ 371.995793][T14144] ? __pfx_futex_wake+0x10/0x10 [ 371.995814][T14144] ? kmem_cache_free+0x2d1/0x4d0 [ 371.995833][T14144] ? fd_install+0x225/0x750 [ 371.995850][T14144] ? putname+0x154/0x1a0 [ 371.995866][T14144] do_futex+0x1e3/0x350 [ 371.995883][T14144] ? __pfx_do_futex+0x10/0x10 [ 371.995904][T14144] __x64_sys_futex+0x1e0/0x4c0 [ 371.995929][T14144] ? __x64_sys_openat+0x174/0x210 [ 371.995945][T14144] ? __pfx___x64_sys_futex+0x10/0x10 [ 371.995970][T14144] do_syscall_64+0xcd/0x490 [ 371.995993][T14144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.996008][T14144] RIP: 0033:0x7f3e21b8e929 [ 371.996021][T14144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.996035][T14144] RSP: 002b:00007f3e229bf0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 371.996048][T14144] RAX: ffffffffffffffda RBX: 00007f3e21db5fa8 RCX: 00007f3e21b8e929 [ 371.996058][T14144] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3e21db5fac [ 371.996067][T14144] RBP: 00007f3e21db5fa0 R08: 00007f3e229c0000 R09: 0000000000000000 [ 371.996075][T14144] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f3e21db5fac [ 371.996083][T14144] R13: 0000000000000000 R14: 00007fff0b538ee0 R15: 00007fff0b538fc8 [ 371.996101][T14144] [ 372.211361][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.251316][T14188] Loading of unsigned module is rejected [ 374.320028][T14194] netlink: 74 bytes leftover after parsing attributes in process `syz.0.3290'. [ 374.728424][ T5150] Bluetooth: hci1: ISO packet too small [ 375.503837][ T5150] Bluetooth: hci1: command 0x0406 tx timeout [ 376.366864][T14237] netlink: 'syz.2.3306': attribute type 1 has an invalid length. [ 376.443889][T14236] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3307'. [ 376.756483][T14240] Loading of unsigned module is rejected [ 377.020791][T14246] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 378.550516][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.557633][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.611429][T14278] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3325'. [ 379.010540][T14286] program syz.2.3327 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 379.121696][T14290] FAULT_INJECTION: forcing a failure. [ 379.121696][T14290] name failslab, interval 1, probability 0, space 0, times 0 [ 379.263105][T14290] CPU: 1 UID: 0 PID: 14290 Comm: syz.1.3329 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 379.263132][T14290] Tainted: [U]=USER [ 379.263138][T14290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 379.263146][T14290] Call Trace: [ 379.263151][T14290] [ 379.263157][T14290] dump_stack_lvl+0x16c/0x1f0 [ 379.263184][T14290] should_fail_ex+0x512/0x640 [ 379.263205][T14290] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 379.263228][T14290] should_failslab+0xc2/0x120 [ 379.263242][T14290] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 379.263263][T14290] ? alloc_uid+0x13d/0x4c0 [ 379.263280][T14290] ? _raw_spin_unlock_irq+0x23/0x50 [ 379.263301][T14290] alloc_uid+0x13d/0x4c0 [ 379.263317][T14290] ? __pfx_alloc_uid+0x10/0x10 [ 379.263333][T14290] ? security_prepare_creds+0xa7/0x270 [ 379.263364][T14290] __sys_setresuid+0x507/0x1160 [ 379.263383][T14290] do_syscall_64+0xcd/0x490 [ 379.263406][T14290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.263421][T14290] RIP: 0033:0x7fb3dff8e929 [ 379.263433][T14290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.263446][T14290] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 379.263460][T14290] RAX: ffffffffffffffda RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 379.263469][T14290] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000002 [ 379.263478][T14290] RBP: 00007fb3e0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 379.263486][T14290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 379.263494][T14290] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 379.263511][T14290] [ 379.463296][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.205288][T14307] FAULT_INJECTION: forcing a failure. [ 380.205288][T14307] name failslab, interval 1, probability 0, space 0, times 0 [ 380.263370][T14307] CPU: 1 UID: 0 PID: 14307 Comm: syz.0.3337 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 380.263398][T14307] Tainted: [U]=USER [ 380.263403][T14307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 380.263411][T14307] Call Trace: [ 380.263417][T14307] [ 380.263423][T14307] dump_stack_lvl+0x16c/0x1f0 [ 380.263449][T14307] should_fail_ex+0x512/0x640 [ 380.263468][T14307] ? __kvmalloc_node_noprof+0x124/0x620 [ 380.263491][T14307] should_failslab+0xc2/0x120 [ 380.263505][T14307] __kvmalloc_node_noprof+0x137/0x620 [ 380.263530][T14307] ? do_semtimedop+0x235/0x2e0 [ 380.263549][T14307] ? do_semtimedop+0x235/0x2e0 [ 380.263563][T14307] do_semtimedop+0x235/0x2e0 [ 380.263581][T14307] ? __pfx_do_semtimedop+0x10/0x10 [ 380.263617][T14307] ? rcu_is_watching+0x12/0xc0 [ 380.263633][T14307] ? __x64_sys_futex+0x1e0/0x4c0 [ 380.263650][T14307] ? __x64_sys_futex+0x1e9/0x4c0 [ 380.263668][T14307] __x64_sys_semtimedop+0x1b4/0x1f0 [ 380.263685][T14307] ? __pfx___x64_sys_semtimedop+0x10/0x10 [ 380.263706][T14307] do_syscall_64+0xcd/0x490 [ 380.263729][T14307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.263743][T14307] RIP: 0033:0x7ff98378e929 [ 380.263755][T14307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.263768][T14307] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dc [ 380.263782][T14307] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 380.263791][T14307] RDX: 00000000000001f4 RSI: 0000000000000000 RDI: 0000000000000040 [ 380.263800][T14307] RBP: 00007ff983810b39 R08: 0000000000000000 R09: 0000000000000000 [ 380.263808][T14307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.263816][T14307] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 380.263833][T14307] [ 384.082845][T14378] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3366'. [ 384.128134][T14378] netlink: 186 bytes leftover after parsing attributes in process `syz.1.3366'. [ 385.209165][T14415] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3380'. [ 385.260384][T14415] hsr0: entered allmulticast mode [ 385.282355][T14415] hsr_slave_0: entered allmulticast mode [ 385.310929][T14415] hsr_slave_1: entered allmulticast mode [ 385.437669][T14412] zswap: compressor not available [ 385.525585][T14427] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3384'. [ 385.635094][T14430] FAULT_INJECTION: forcing a failure. [ 385.635094][T14430] name failslab, interval 1, probability 0, space 0, times 0 [ 385.671926][T14430] CPU: 1 UID: 0 PID: 14430 Comm: syz.1.3385 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 385.671955][T14430] Tainted: [U]=USER [ 385.671960][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 385.671969][T14430] Call Trace: [ 385.671974][T14430] [ 385.671981][T14430] dump_stack_lvl+0x16c/0x1f0 [ 385.672009][T14430] should_fail_ex+0x512/0x640 [ 385.672029][T14430] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 385.672052][T14430] should_failslab+0xc2/0x120 [ 385.672065][T14430] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 385.672086][T14430] ? shmem_alloc_inode+0x25/0x50 [ 385.672102][T14430] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 385.672115][T14430] shmem_alloc_inode+0x25/0x50 [ 385.672128][T14430] alloc_inode+0x64/0x240 [ 385.672142][T14430] new_inode+0x22/0x1c0 [ 385.672154][T14430] ? alloc_fd+0x471/0x7d0 [ 385.672173][T14430] shmem_get_inode+0x19a/0xfb0 [ 385.672192][T14430] __shmem_file_setup+0x107/0x330 [ 385.672211][T14430] __do_sys_memfd_create+0x267/0x8a0 [ 385.672229][T14430] do_syscall_64+0xcd/0x490 [ 385.672251][T14430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.672266][T14430] RIP: 0033:0x7fb3dff8e929 [ 385.672278][T14430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.672291][T14430] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 385.672305][T14430] RAX: ffffffffffffffda RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 385.672314][T14430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 385.672324][T14430] RBP: 00007fb3e0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 385.672332][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.672340][T14430] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 385.672358][T14430] [ 386.906477][ T30] audit: type=1806 audit(4294967401.150:14): xattr="0x00060000" res=-22 [ 387.809046][T14483] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 387.999246][T14488] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3407'. [ 388.147431][T14491] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3408'. [ 388.679934][T14502] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3413'. [ 389.094594][T14515] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3419'. [ 389.147322][T14517] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3420'. [ 389.740813][T14495] kexec: Could not allocate control_code_buffer [ 390.266646][T14540] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3426'. [ 390.799853][T14554] netlink: 206 bytes leftover after parsing attributes in process `syz.1.3432'. [ 391.335689][T14567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3435'. [ 392.638365][T14592] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3439'. [ 392.739181][T14592] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3439'. [ 394.295668][T14626] netlink: 'syz.0.3453': attribute type 1 has an invalid length. [ 395.585847][T14649] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3464'. [ 395.810827][T14647] zswap: compressor not available [ 396.073728][T14649] team0: Port device team_slave_1 removed [ 398.283506][T14707] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3486'. [ 400.751263][ T5834] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 400.860146][T14771] FAULT_INJECTION: forcing a failure. [ 400.860146][T14771] name failslab, interval 1, probability 0, space 0, times 0 [ 400.913592][T14771] CPU: 1 UID: 0 PID: 14771 Comm: syz.0.3511 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 400.913620][T14771] Tainted: [U]=USER [ 400.913625][T14771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 400.913634][T14771] Call Trace: [ 400.913639][T14771] [ 400.913645][T14771] dump_stack_lvl+0x16c/0x1f0 [ 400.913672][T14771] should_fail_ex+0x512/0x640 [ 400.913695][T14771] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 400.913717][T14771] should_failslab+0xc2/0x120 [ 400.913738][T14771] __kmalloc_cache_noprof+0x6a/0x3e0 [ 400.913758][T14771] ? vhost_net_open+0xb4/0x8a0 [ 400.913778][T14771] ? kasan_save_track+0x14/0x30 [ 400.913800][T14771] vhost_net_open+0xb4/0x8a0 [ 400.913818][T14771] ? __pfx_vhost_net_open+0x10/0x10 [ 400.913838][T14771] misc_open+0x35a/0x420 [ 400.913856][T14771] ? __pfx_misc_open+0x10/0x10 [ 400.913872][T14771] chrdev_open+0x231/0x6a0 [ 400.913892][T14771] ? __pfx_apparmor_file_open+0x10/0x10 [ 400.913910][T14771] ? __pfx_chrdev_open+0x10/0x10 [ 400.913932][T14771] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 400.913953][T14771] do_dentry_open+0x744/0x1c10 [ 400.913974][T14771] ? __pfx_chrdev_open+0x10/0x10 [ 400.913998][T14771] vfs_open+0x82/0x3f0 [ 400.914015][T14771] path_openat+0x1de4/0x2cb0 [ 400.914041][T14771] ? __pfx_path_openat+0x10/0x10 [ 400.914061][T14771] ? __lock_acquire+0xb8a/0x1c90 [ 400.914081][T14771] do_filp_open+0x20b/0x470 [ 400.914101][T14771] ? __pfx_do_filp_open+0x10/0x10 [ 400.914134][T14771] ? alloc_fd+0x471/0x7d0 [ 400.914157][T14771] do_sys_openat2+0x11b/0x1d0 [ 400.914172][T14771] ? __pfx_do_sys_openat2+0x10/0x10 [ 400.914194][T14771] __x64_sys_openat+0x174/0x210 [ 400.914210][T14771] ? __pfx___x64_sys_openat+0x10/0x10 [ 400.914233][T14771] do_syscall_64+0xcd/0x490 [ 400.914256][T14771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.914270][T14771] RIP: 0033:0x7ff98378e929 [ 400.914283][T14771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.914296][T14771] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 400.914310][T14771] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 400.914319][T14771] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 400.914328][T14771] RBP: 00007ff983810b39 R08: 0000000000000000 R09: 0000000000000000 [ 400.914337][T14771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 400.914346][T14771] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 400.914365][T14771] [ 401.335064][T14754] kexec: Could not allocate control_code_buffer [ 402.481843][T14806] FAULT_INJECTION: forcing a failure. [ 402.481843][T14806] name failslab, interval 1, probability 0, space 0, times 0 [ 402.549082][T14808] sg_write: process 2071 (syz.3.3526) changed security contexts after opening file descriptor, this is not allowed. [ 402.563612][T14806] CPU: 1 UID: 0 PID: 14806 Comm: syz.1.3525 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 402.563638][T14806] Tainted: [U]=USER [ 402.563643][T14806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 402.563653][T14806] Call Trace: [ 402.563659][T14806] [ 402.563665][T14806] dump_stack_lvl+0x16c/0x1f0 [ 402.563703][T14806] should_fail_ex+0x512/0x640 [ 402.563725][T14806] ? __kmalloc_noprof+0xbf/0x510 [ 402.563748][T14806] ? fib_default_rule_add+0x4f/0x420 [ 402.563769][T14806] should_failslab+0xc2/0x120 [ 402.563783][T14806] __kmalloc_noprof+0xd2/0x510 [ 402.563803][T14806] ? lockdep_init_map_type+0x5c/0x280 [ 402.563827][T14806] fib_default_rule_add+0x4f/0x420 [ 402.563849][T14806] ? __pfx_ipmr_net_init+0x10/0x10 [ 402.563864][T14806] ipmr_net_init+0x1ee/0x4e0 [ 402.563879][T14806] ? __pfx_ipmr_net_init+0x10/0x10 [ 402.563894][T14806] ops_init+0x1df/0x5f0 [ 402.563909][T14806] setup_net+0x1ff/0x510 [ 402.563921][T14806] ? lockdep_init_map_type+0x5c/0x280 [ 402.563939][T14806] ? __pfx_setup_net+0x10/0x10 [ 402.563954][T14806] ? debug_mutex_init+0x37/0x70 [ 402.563969][T14806] copy_net_ns+0x2a6/0x5f0 [ 402.563986][T14806] create_new_namespaces+0x3ea/0xa90 [ 402.564006][T14806] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 402.564022][T14806] ksys_unshare+0x45b/0xa40 [ 402.564041][T14806] ? __pfx_ksys_unshare+0x10/0x10 [ 402.564059][T14806] ? xfd_validate_state+0x61/0x180 [ 402.564083][T14806] __x64_sys_unshare+0x31/0x40 [ 402.564100][T14806] do_syscall_64+0xcd/0x490 [ 402.564123][T14806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.564138][T14806] RIP: 0033:0x7fb3dff8e929 [ 402.564150][T14806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 402.564164][T14806] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 402.564178][T14806] RAX: ffffffffffffffda RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 402.564187][T14806] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 402.564195][T14806] RBP: 00007fb3e0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 402.564203][T14806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 402.564212][T14806] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 402.564231][T14806] [ 403.059725][T14816] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3533'. [ 403.150829][T14820] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3540'. [ 403.191790][T14820] : renamed from bond0 (while UP) [ 403.334572][T14826] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3535'. [ 403.368087][T14826] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3535'. [ 403.920844][T14839] FAULT_INJECTION: forcing a failure. [ 403.920844][T14839] name failslab, interval 1, probability 0, space 0, times 0 [ 403.996717][T14839] CPU: 1 UID: 0 PID: 14839 Comm: syz.2.3539 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 403.996745][T14839] Tainted: [U]=USER [ 403.996750][T14839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 403.996759][T14839] Call Trace: [ 403.996764][T14839] [ 403.996770][T14839] dump_stack_lvl+0x16c/0x1f0 [ 403.996797][T14839] should_fail_ex+0x512/0x640 [ 403.996817][T14839] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 403.996845][T14839] should_failslab+0xc2/0x120 [ 403.996859][T14839] __kmalloc_cache_noprof+0x6a/0x3e0 [ 403.996878][T14839] ? seq_create_client1+0x4d/0x5e0 [ 403.996902][T14839] ? __pfx_snd_seq_open+0x10/0x10 [ 403.996915][T14839] seq_create_client1+0x4d/0x5e0 [ 403.996939][T14839] ? __pfx_snd_seq_open+0x10/0x10 [ 403.996951][T14839] snd_seq_open+0x59/0x550 [ 403.996964][T14839] ? __pfx_snd_seq_open+0x10/0x10 [ 403.996975][T14839] snd_open+0x1fe/0x450 [ 403.996990][T14839] ? __pfx_snd_open+0x10/0x10 [ 403.997001][T14839] chrdev_open+0x231/0x6a0 [ 403.997022][T14839] ? __pfx_apparmor_file_open+0x10/0x10 [ 403.997040][T14839] ? __pfx_chrdev_open+0x10/0x10 [ 403.997062][T14839] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 403.997083][T14839] do_dentry_open+0x744/0x1c10 [ 403.997103][T14839] ? __pfx_chrdev_open+0x10/0x10 [ 403.997128][T14839] vfs_open+0x82/0x3f0 [ 403.997146][T14839] path_openat+0x1de4/0x2cb0 [ 403.997174][T14839] ? __pfx_path_openat+0x10/0x10 [ 403.997194][T14839] ? __lock_acquire+0xb8a/0x1c90 [ 403.997215][T14839] do_filp_open+0x20b/0x470 [ 403.997234][T14839] ? __pfx_do_filp_open+0x10/0x10 [ 403.997267][T14839] ? alloc_fd+0x471/0x7d0 [ 403.997291][T14839] do_sys_openat2+0x11b/0x1d0 [ 403.997306][T14839] ? __pfx_do_sys_openat2+0x10/0x10 [ 403.997328][T14839] __x64_sys_openat+0x174/0x210 [ 403.997344][T14839] ? __pfx___x64_sys_openat+0x10/0x10 [ 403.997367][T14839] do_syscall_64+0xcd/0x490 [ 403.997390][T14839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.997404][T14839] RIP: 0033:0x7f3e21b8e929 [ 403.997416][T14839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.997431][T14839] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 403.997444][T14839] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 403.997453][T14839] RDX: 0000000000040a40 RSI: 0000200000001d40 RDI: ffffffffffffff9c [ 403.997462][T14839] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 403.997470][T14839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.997478][T14839] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 403.997498][T14839] [ 405.848542][T14866] vhci_hcd: not connected 4 [ 406.678335][T14885] netlink: 26 bytes leftover after parsing attributes in process `syz.0.3558'. [ 406.748813][T14885] openvswitch: netlink: IP tunnel dst address not specified [ 407.376600][T14898] sctp: [Deprecated]: syz.0.3563 (pid 14898) Use of struct sctp_assoc_value in delayed_ack socket option. [ 407.376600][T14898] Use struct sctp_sack_info instead [ 407.408558][T14907] netlink: 130 bytes leftover after parsing attributes in process `syz.1.3566'. [ 407.743818][T14912] netlink: 'syz.1.3569': attribute type 13 has an invalid length. [ 408.036174][T14918] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3572'. [ 408.244934][T14925] netlink: 'syz.2.3576': attribute type 15 has an invalid length. [ 409.433590][T14949] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3585'. [ 411.276401][T15000] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3598'. [ 411.496703][T15005] program syz.2.3601 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 411.862059][T15012] [U]  [ 411.865316][T15012] [U] [ 411.868258][T15012] [U] [ 411.871203][T15012] [U] [ 412.007265][T15018] [U] [ 412.419089][ T30] audit: type=1800 audit(4294967426.660:15): pid=15028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3608" name="file0" dev="tmpfs" ino=2005 res=0 errno=0 [ 412.842703][T15043] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3612'. [ 413.061203][T15048] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3613'. [ 413.209558][T15051] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3613'. [ 414.421481][T15082] netlink: 'syz.0.3625': attribute type 21 has an invalid length. [ 414.480761][T15082] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3625'. [ 414.849236][T15091] netlink: 346 bytes leftover after parsing attributes in process `syz.0.3629'. [ 415.486107][T15108] sctp: [Deprecated]: syz.1.3633 (pid 15108) Use of int in max_burst socket option deprecated. [ 415.486107][T15108] Use struct sctp_assoc_value instead [ 417.667052][T15140] syz.2.3648 (15140): /proc/15138/oom_adj is deprecated, please use /proc/15138/oom_score_adj instead. [ 418.353939][T15161] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3655'. [ 418.400367][T15159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3654'. [ 419.034211][T15168] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3658'. [ 419.343761][T15172] FAULT_INJECTION: forcing a failure. [ 419.343761][T15172] name failslab, interval 1, probability 0, space 0, times 0 [ 419.459460][T15174] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3661'. [ 419.501431][T15172] CPU: 1 UID: 0 PID: 15172 Comm: syz.1.3660 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 419.501460][T15172] Tainted: [U]=USER [ 419.501465][T15172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 419.501474][T15172] Call Trace: [ 419.501479][T15172] [ 419.501486][T15172] dump_stack_lvl+0x16c/0x1f0 [ 419.501514][T15172] should_fail_ex+0x512/0x640 [ 419.501534][T15172] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 419.501559][T15172] should_failslab+0xc2/0x120 [ 419.501574][T15172] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 419.501595][T15172] ? __pfx_proc_create_net_data+0x10/0x10 [ 419.501617][T15172] ? nf_log_net_init+0x9f/0x450 [ 419.501632][T15172] ? __pfx_nf_log_net_init+0x10/0x10 [ 419.501645][T15172] kmemdup_noprof+0x29/0x60 [ 419.501666][T15172] nf_log_net_init+0x9f/0x450 [ 419.501681][T15172] ? __pfx_nf_log_net_init+0x10/0x10 [ 419.501695][T15172] ops_init+0x1df/0x5f0 [ 419.501711][T15172] setup_net+0x1ff/0x510 [ 419.501722][T15172] ? lockdep_init_map_type+0x5c/0x280 [ 419.501742][T15172] ? __pfx_setup_net+0x10/0x10 [ 419.501756][T15172] ? debug_mutex_init+0x37/0x70 [ 419.501772][T15172] copy_net_ns+0x2a6/0x5f0 [ 419.501788][T15172] create_new_namespaces+0x3ea/0xa90 [ 419.501808][T15172] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 419.501824][T15172] ksys_unshare+0x45b/0xa40 [ 419.501843][T15172] ? __pfx_ksys_unshare+0x10/0x10 [ 419.501861][T15172] ? xfd_validate_state+0x61/0x180 [ 419.501884][T15172] __x64_sys_unshare+0x31/0x40 [ 419.501902][T15172] do_syscall_64+0xcd/0x490 [ 419.501924][T15172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.501939][T15172] RIP: 0033:0x7fb3dff8e929 [ 419.501951][T15172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.501965][T15172] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 419.501978][T15172] RAX: ffffffffffffffda RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 419.501987][T15172] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 419.501996][T15172] RBP: 00007fb3e0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 419.502005][T15172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.502013][T15172] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 419.502032][T15172] [ 420.478217][T15153] kexec: Could not allocate control_code_buffer [ 420.983898][T15185] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3665'. [ 421.061308][T15187] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3666'. [ 423.754985][T15245] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3693'. [ 426.183614][T15296] FAULT_INJECTION: forcing a failure. [ 426.183614][T15296] name failslab, interval 1, probability 0, space 0, times 0 [ 426.304586][T15301] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3709'. [ 426.403325][T15296] CPU: 1 UID: 0 PID: 15296 Comm: syz.0.3707 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 426.403358][T15296] Tainted: [U]=USER [ 426.403363][T15296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 426.403372][T15296] Call Trace: [ 426.403377][T15296] [ 426.403382][T15296] dump_stack_lvl+0x16c/0x1f0 [ 426.403409][T15296] should_fail_ex+0x512/0x640 [ 426.403430][T15296] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 426.403457][T15296] should_failslab+0xc2/0x120 [ 426.403471][T15296] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 426.403493][T15296] ? __pfx_proc_create_net_data+0x10/0x10 [ 426.403516][T15296] ? nf_log_net_init+0x9f/0x450 [ 426.403531][T15296] ? __pfx_nf_log_net_init+0x10/0x10 [ 426.403544][T15296] kmemdup_noprof+0x29/0x60 [ 426.403565][T15296] nf_log_net_init+0x9f/0x450 [ 426.403580][T15296] ? __pfx_nf_log_net_init+0x10/0x10 [ 426.403593][T15296] ops_init+0x1df/0x5f0 [ 426.403609][T15296] setup_net+0x1ff/0x510 [ 426.403621][T15296] ? lockdep_init_map_type+0x5c/0x280 [ 426.403640][T15296] ? __pfx_setup_net+0x10/0x10 [ 426.403654][T15296] ? debug_mutex_init+0x37/0x70 [ 426.403669][T15296] copy_net_ns+0x2a6/0x5f0 [ 426.403687][T15296] create_new_namespaces+0x3ea/0xa90 [ 426.403708][T15296] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 426.403724][T15296] ksys_unshare+0x45b/0xa40 [ 426.403743][T15296] ? __pfx_ksys_unshare+0x10/0x10 [ 426.403761][T15296] ? xfd_validate_state+0x61/0x180 [ 426.403785][T15296] __x64_sys_unshare+0x31/0x40 [ 426.403810][T15296] do_syscall_64+0xcd/0x490 [ 426.403834][T15296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.403849][T15296] RIP: 0033:0x7ff98378e929 [ 426.403862][T15296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.403876][T15296] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 426.403889][T15296] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 426.403899][T15296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 426.403908][T15296] RBP: 00007ff983810b39 R08: 0000000000000000 R09: 0000000000000000 [ 426.403916][T15296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 426.403924][T15296] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 426.403943][T15296] [ 429.053935][T15357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3726'. [ 429.064909][T15355] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3725'. [ 429.137546][T15357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3726'. [ 431.637248][T15416] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3749'. [ 431.854295][T15422] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3751'. [ 432.246724][T15433] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3755'. [ 433.850673][T15429] kexec: Could not allocate control_code_buffer [ 434.009440][T15474] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3772'. [ 435.465166][T15514] random: crng reseeded on system resumption [ 435.616849][T15518] sd 0:0:1:0: device reset [ 436.038196][T15531] syz.0.3792 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 436.774544][T15548] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3800'. [ 437.226703][T15564] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3814'. [ 437.283436][T15566] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3806'. [ 437.875353][T15589] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3817'. [ 437.930477][T15589] gre0: entered promiscuous mode [ 437.982077][T15589] gre0: entered allmulticast mode [ 439.602770][T15644] FAULT_INJECTION: forcing a failure. [ 439.602770][T15644] name failslab, interval 1, probability 0, space 0, times 0 [ 439.708835][T15644] CPU: 1 UID: 0 PID: 15644 Comm: syz.1.3837 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 439.708864][T15644] Tainted: [U]=USER [ 439.708869][T15644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 439.708878][T15644] Call Trace: [ 439.708883][T15644] [ 439.708889][T15644] dump_stack_lvl+0x16c/0x1f0 [ 439.708916][T15644] should_fail_ex+0x512/0x640 [ 439.708937][T15644] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 439.708958][T15644] should_failslab+0xc2/0x120 [ 439.708971][T15644] __kmalloc_cache_noprof+0x6a/0x3e0 [ 439.708990][T15644] ? do_eventfd+0x67/0x2c0 [ 439.709013][T15644] do_eventfd+0x67/0x2c0 [ 439.709033][T15644] ? rcu_is_watching+0x12/0xc0 [ 439.709048][T15644] __x64_sys_eventfd+0x32/0x50 [ 439.709061][T15644] do_syscall_64+0xcd/0x490 [ 439.709083][T15644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.709097][T15644] RIP: 0033:0x7fb3dff8e929 [ 439.709110][T15644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.709124][T15644] RSP: 002b:00007fb3e0d36038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 439.709137][T15644] RAX: ffffffffffffffda RBX: 00007fb3e01b5fa0 RCX: 00007fb3dff8e929 [ 439.709147][T15644] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 439.709155][T15644] RBP: 00007fb3e0010b39 R08: 0000000000000000 R09: 0000000000000000 [ 439.709163][T15644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 439.709171][T15644] R13: 0000000000000000 R14: 00007fb3e01b5fa0 R15: 00007ffe6fcf6ff8 [ 439.709189][T15644] [ 439.955870][T15651] GUP no longer grows the stack in syz.2.3836 (15651): 14000-401000 (4000) [ 439.965722][T15651] CPU: 1 UID: 0 PID: 15651 Comm: syz.2.3836 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 439.965747][T15651] Tainted: [U]=USER [ 439.965753][T15651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 439.965761][T15651] Call Trace: [ 439.965767][T15651] [ 439.965773][T15651] dump_stack_lvl+0x16c/0x1f0 [ 439.965810][T15651] gup_vma_lookup+0x1d2/0x220 [ 439.965826][T15651] __get_user_pages+0x271/0x3b80 [ 439.965848][T15651] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0 [ 439.965870][T15651] ? kasan_save_stack+0x42/0x60 [ 439.965890][T15651] ? __pfx___get_user_pages+0x10/0x10 [ 439.965906][T15651] ? register_lock_class+0x41/0x4c0 [ 439.965923][T15651] ? __x64_sys_process_vm_readv+0xe2/0x1c0 [ 439.965944][T15651] ? do_syscall_64+0xcd/0x490 [ 439.965970][T15651] __gup_longterm_locked+0x20d/0x1840 [ 439.965987][T15651] ? __lock_acquire+0xb8a/0x1c90 [ 439.966007][T15651] ? __pfx___gup_longterm_locked+0x10/0x10 [ 439.966032][T15651] pin_user_pages_remote+0xed/0x140 [ 439.966049][T15651] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 439.966065][T15651] ? mm_access+0x22d/0x2e0 [ 439.966087][T15651] process_vm_rw_core.constprop.0+0x41b/0x9a0 [ 439.966118][T15651] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 439.966141][T15651] ? iovec_from_user+0xbb/0x140 [ 439.966172][T15651] ? iovec_from_user+0xbb/0x140 [ 439.966195][T15651] process_vm_rw+0x216/0x2c0 [ 439.966217][T15651] ? __pfx_process_vm_rw+0x10/0x10 [ 439.966264][T15651] ? xfd_validate_state+0x61/0x180 [ 439.966281][T15651] ? __task_pid_nr_ns+0x17c/0x500 [ 439.966301][T15651] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 439.966323][T15651] ? do_syscall_64+0x91/0x490 [ 439.966343][T15651] ? lockdep_hardirqs_on+0x7c/0x110 [ 439.966363][T15651] do_syscall_64+0xcd/0x490 [ 439.966384][T15651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.966399][T15651] RIP: 0033:0x7f3e21b8e929 [ 439.966412][T15651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.966426][T15651] RSP: 002b:00007f3e2299e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 439.966439][T15651] RAX: ffffffffffffffda RBX: 00007f3e21db6080 RCX: 00007f3e21b8e929 [ 439.966449][T15651] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 0000000000000433 [ 439.966457][T15651] RBP: 00007f3e21c10b39 R08: 0000000000000003 R09: 0000000000000000 [ 439.966465][T15651] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000 [ 439.966473][T15651] R13: 0000000000000000 R14: 00007f3e21db6080 R15: 00007fff0b538fc8 [ 439.966492][T15651] [ 440.179261][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.179330][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.601615][T15702] netlink: 130 bytes leftover after parsing attributes in process `syz.0.3851'. [ 442.779243][T15707] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3853'. [ 443.177979][T15714] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 443.875939][T15740] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3868'. [ 444.307689][T15753] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3871'. [ 444.421807][T15753] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 444.465268][T15753] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 444.515911][T15753] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 444.565858][T15753] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 444.828351][T15763] netlink: 'syz.3.3876': attribute type 4 has an invalid length. [ 444.916114][T15763] netlink: 314 bytes leftover after parsing attributes in process `syz.3.3876'. [ 445.281637][ T5834] Bluetooth: hci2: Malformed LE Event: 0x1b [ 445.615622][T15794] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3890'. [ 446.098976][T15811] netlink: 'syz.2.3897': attribute type 1 has an invalid length. [ 446.138176][T15811] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3897'. [ 446.194189][T15816] netlink: 'syz.2.3897': attribute type 1 has an invalid length. [ 446.240011][T15816] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3897'. [ 448.329175][T15865] netlink: 130 bytes leftover after parsing attributes in process `syz.1.3917'. [ 448.562327][T15872] sctp: Failed to create the SCTP UDP tunneling v4 sock [ 448.702206][T15876] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3923'. [ 451.583328][T15942] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 451.650703][T15942] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 451.722481][T15942] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 451.740807][T15942] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 451.805037][T15945] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3949'. [ 451.815724][T15942] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 451.885391][T15942] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 452.001139][T15942] CPU0 is offline. [ 452.589487][T15959] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3956'. [ 452.921237][T15963] FAULT_INJECTION: forcing a failure. [ 452.921237][T15963] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 453.035904][T15963] CPU: 1 UID: 0 PID: 15963 Comm: syz.0.3955 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 453.035931][T15963] Tainted: [U]=USER [ 453.035936][T15963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 453.035945][T15963] Call Trace: [ 453.035950][T15963] [ 453.035956][T15963] dump_stack_lvl+0x16c/0x1f0 [ 453.035984][T15963] should_fail_ex+0x512/0x640 [ 453.036008][T15963] should_fail_alloc_page+0xe7/0x130 [ 453.036024][T15963] prepare_alloc_pages+0x3c2/0x610 [ 453.036041][T15963] ? rcu_is_watching+0x12/0xc0 [ 453.036058][T15963] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 453.036089][T15963] ? __lock_acquire+0x622/0x1c90 [ 453.036110][T15963] ? xas_create+0x1d7/0x1460 [ 453.036126][T15963] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 453.036149][T15963] ? lock_acquire+0x179/0x350 [ 453.036166][T15963] ? rcu_is_watching+0x12/0xc0 [ 453.036186][T15963] ? __lock_acquire+0x622/0x1c90 [ 453.036203][T15963] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 453.036225][T15963] ? policy_nodemask+0xea/0x4e0 [ 453.036251][T15963] alloc_pages_mpol+0x1fb/0x550 [ 453.036264][T15963] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 453.036279][T15963] ? filemap_get_entry+0x1a7/0x3b0 [ 453.036295][T15963] folio_alloc_noprof+0x20/0x2d0 [ 453.036311][T15963] filemap_alloc_folio_noprof+0x3a1/0x470 [ 453.036331][T15963] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 453.036355][T15963] __filemap_get_folio+0x5e1/0xc30 [ 453.036372][T15963] ioctx_alloc+0x761/0x2120 [ 453.036399][T15963] ? __pfx_ioctx_alloc+0x10/0x10 [ 453.036414][T15963] ? __might_fault+0x13b/0x190 [ 453.036439][T15963] __x64_sys_io_setup+0xc9/0x210 [ 453.036458][T15963] do_syscall_64+0xcd/0x490 [ 453.036481][T15963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.036495][T15963] RIP: 0033:0x7ff98378e929 [ 453.036507][T15963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.036521][T15963] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 453.036535][T15963] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 453.036545][T15963] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe [ 453.036553][T15963] RBP: 00007ff983810b39 R08: 0000000000000000 R09: 0000000000000000 [ 453.036562][T15963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.036570][T15963] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 453.036588][T15963] [ 453.783119][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 453.789798][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 453.797687][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 453.893158][T15970] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3959'. [ 453.913120][ T5150] Bluetooth: hci1: command 0x0406 tx timeout [ 453.974779][T15972] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3960'. [ 455.545860][T15996] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3969'. [ 455.611987][T15996] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 455.662171][T15996] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 455.745007][T15996] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 455.785544][T15996] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.823802][ T5150] Bluetooth: hci0: command 0x0406 tx timeout [ 455.945333][T15965] kexec: Could not allocate control_code_buffer [ 455.990492][ T5150] Bluetooth: hci1: command 0x0406 tx timeout [ 456.597517][T16015] FAULT_INJECTION: forcing a failure. [ 456.597517][T16015] name failslab, interval 1, probability 0, space 0, times 0 [ 456.693562][T16015] CPU: 1 UID: 0 PID: 16015 Comm: syz.0.3975 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 456.693610][T16015] Tainted: [U]=USER [ 456.693615][T16015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 456.693624][T16015] Call Trace: [ 456.693629][T16015] [ 456.693636][T16015] dump_stack_lvl+0x16c/0x1f0 [ 456.693663][T16015] should_fail_ex+0x512/0x640 [ 456.693684][T16015] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 456.693705][T16015] should_failslab+0xc2/0x120 [ 456.693719][T16015] __kmalloc_cache_noprof+0x6a/0x3e0 [ 456.693738][T16015] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 456.693755][T16015] ? kasan_save_track+0x14/0x30 [ 456.693776][T16015] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 456.693794][T16015] ? rcu_is_watching+0x12/0xc0 [ 456.693811][T16015] ? __mutex_lock+0x1ca/0xb90 [ 456.693831][T16015] ? lockdep_hardirqs_on+0x7c/0x110 [ 456.693852][T16015] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 456.693870][T16015] ? __pfx___mutex_lock+0x10/0x10 [ 456.693890][T16015] ? tomoyo_path_number_perm+0x295/0x580 [ 456.693912][T16015] ? __lock_acquire+0xb8a/0x1c90 [ 456.693935][T16015] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 456.693955][T16015] snd_pcm_oss_get_formats+0x7e/0x340 [ 456.693969][T16015] ? find_held_lock+0x2b/0x80 [ 456.693982][T16015] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 456.693996][T16015] ? __might_fault+0x13b/0x190 [ 456.694021][T16015] snd_pcm_oss_ioctl+0x2efb/0x37a0 [ 456.694037][T16015] ? find_held_lock+0x2b/0x80 [ 456.694050][T16015] ? hook_file_ioctl_common+0x145/0x410 [ 456.694065][T16015] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 456.694083][T16015] ? __fget_files+0x20e/0x3c0 [ 456.694104][T16015] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 456.694121][T16015] __x64_sys_ioctl+0x18b/0x210 [ 456.694138][T16015] do_syscall_64+0xcd/0x490 [ 456.694161][T16015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.694175][T16015] RIP: 0033:0x7ff98378e929 [ 456.694187][T16015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.694200][T16015] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 456.694214][T16015] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 456.694223][T16015] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000004 [ 456.694231][T16015] RBP: 00007ff983810b39 R08: 0000000000000000 R09: 0000000000000000 [ 456.694239][T16015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 456.694248][T16015] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 456.694267][T16015] [ 457.177162][T16026] input: = as /devices/virtual/input/input11 [ 458.965105][T16084] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4007'. [ 459.013804][T16084] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 459.055426][T16084] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.090618][T16084] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 459.134958][T16084] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 459.479539][T16101] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4014'. [ 460.074297][T16123] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 460.126296][T16123] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 460.197485][T16123] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 460.260040][T16123] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 460.294545][T16123] CPU0 is offline. [ 460.594253][T16144] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4032'. [ 461.928075][T16186] FAULT_INJECTION: forcing a failure. [ 461.928075][T16186] name failslab, interval 1, probability 0, space 0, times 0 [ 462.014358][T16186] CPU: 1 UID: 0 PID: 16186 Comm: syz.2.4052 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 462.014387][T16186] Tainted: [U]=USER [ 462.014392][T16186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 462.014401][T16186] Call Trace: [ 462.014406][T16186] [ 462.014412][T16186] dump_stack_lvl+0x16c/0x1f0 [ 462.014439][T16186] should_fail_ex+0x512/0x640 [ 462.014459][T16186] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 462.014487][T16186] should_failslab+0xc2/0x120 [ 462.014502][T16186] __kmalloc_cache_noprof+0x6a/0x3e0 [ 462.014520][T16186] ? pty_common_install+0x10e/0xb30 [ 462.014542][T16186] pty_common_install+0x10e/0xb30 [ 462.014563][T16186] ? __pfx_pty_install+0x10/0x10 [ 462.014580][T16186] tty_init_dev.part.0+0x9c/0x500 [ 462.014596][T16186] tty_open+0xa50/0xf90 [ 462.014612][T16186] ? __pfx_tty_open+0x10/0x10 [ 462.014625][T16186] ? chrdev_open+0x58c/0x6a0 [ 462.014648][T16186] ? __pfx_tty_open+0x10/0x10 [ 462.014661][T16186] chrdev_open+0x231/0x6a0 [ 462.014682][T16186] ? __pfx_chrdev_open+0x10/0x10 [ 462.014704][T16186] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 462.014726][T16186] do_dentry_open+0x744/0x1c10 [ 462.014746][T16186] ? __pfx_chrdev_open+0x10/0x10 [ 462.014771][T16186] vfs_open+0x82/0x3f0 [ 462.014788][T16186] path_openat+0x1de4/0x2cb0 [ 462.014813][T16186] ? __pfx_path_openat+0x10/0x10 [ 462.014834][T16186] ? __lock_acquire+0xb8a/0x1c90 [ 462.014854][T16186] do_filp_open+0x20b/0x470 [ 462.014874][T16186] ? __pfx_do_filp_open+0x10/0x10 [ 462.014907][T16186] ? alloc_fd+0x471/0x7d0 [ 462.014931][T16186] do_sys_openat2+0x11b/0x1d0 [ 462.014945][T16186] ? __pfx_do_sys_openat2+0x10/0x10 [ 462.014968][T16186] __x64_sys_openat+0x174/0x210 [ 462.014984][T16186] ? __pfx___x64_sys_openat+0x10/0x10 [ 462.015007][T16186] do_syscall_64+0xcd/0x490 [ 462.015030][T16186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.015044][T16186] RIP: 0033:0x7f3e21b8e929 [ 462.015057][T16186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.015071][T16186] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 462.015084][T16186] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 462.015094][T16186] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c [ 462.015102][T16186] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 462.015111][T16186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 462.015119][T16186] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 462.015139][T16186] [ 462.447781][T16198] sctp: [Deprecated]: syz.2.4057 (pid 16198) Use of int in max_burst socket option deprecated. [ 462.447781][T16198] Use struct sctp_assoc_value instead [ 462.636922][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 462.643709][ T5150] Bluetooth: hci2: command 0x0c1a tx timeout [ 462.651259][ T5150] Bluetooth: hci0: command 0x0406 tx timeout [ 462.657982][ T5150] Bluetooth: hci1: command 0x0406 tx timeout [ 462.749004][T16192] ptp ptp0: new virtual clock ptp1 [ 462.880627][T16192] ptp ptp0: new virtual clock ptp2 [ 462.970966][T16192] ptp ptp0: new virtual clock ptp3 [ 463.005089][T16192] ptp ptp0: guarantee physical clock free running [ 464.075432][T16253] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 464.105873][T16253] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 464.180420][T16253] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 464.247041][T16253] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 464.271760][T16258] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4082'. [ 464.298604][T16253] CPU0 is offline. [ 464.309136][T16258] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4082'. [ 464.687282][T16269] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4088'. [ 464.774105][T16274] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4090'. [ 464.843881][T16274] veth0_vlan: entered allmulticast mode [ 465.087049][T16288] FAULT_INJECTION: forcing a failure. [ 465.087049][T16288] name failslab, interval 1, probability 0, space 0, times 0 [ 465.171391][T16288] CPU: 1 UID: 0 PID: 16288 Comm: syz.2.4097 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 465.171419][T16288] Tainted: [U]=USER [ 465.171424][T16288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.171433][T16288] Call Trace: [ 465.171438][T16288] [ 465.171443][T16288] dump_stack_lvl+0x16c/0x1f0 [ 465.171471][T16288] should_fail_ex+0x512/0x640 [ 465.171491][T16288] ? __kmalloc_noprof+0xbf/0x510 [ 465.171520][T16288] ? __seq_open_private+0x22/0xd0 [ 465.171537][T16288] should_failslab+0xc2/0x120 [ 465.171550][T16288] __kmalloc_noprof+0xd2/0x510 [ 465.171569][T16288] ? apparmor_file_open+0x1a1/0x9c0 [ 465.171587][T16288] ? find_held_lock+0x2b/0x80 [ 465.171602][T16288] __seq_open_private+0x22/0xd0 [ 465.171618][T16288] sysvipc_proc_open+0x29/0x2d0 [ 465.171635][T16288] ? __pfx_sysvipc_proc_open+0x10/0x10 [ 465.171653][T16288] proc_reg_open+0x119/0x610 [ 465.171674][T16288] do_dentry_open+0x744/0x1c10 [ 465.171694][T16288] ? __pfx_proc_reg_open+0x10/0x10 [ 465.171717][T16288] vfs_open+0x82/0x3f0 [ 465.171733][T16288] path_openat+0x1de4/0x2cb0 [ 465.171758][T16288] ? __pfx_path_openat+0x10/0x10 [ 465.171778][T16288] ? __lock_acquire+0xb8a/0x1c90 [ 465.171799][T16288] do_filp_open+0x20b/0x470 [ 465.171818][T16288] ? __pfx_do_filp_open+0x10/0x10 [ 465.171850][T16288] ? alloc_fd+0x471/0x7d0 [ 465.171874][T16288] do_sys_openat2+0x11b/0x1d0 [ 465.171888][T16288] ? __pfx_do_sys_openat2+0x10/0x10 [ 465.171910][T16288] __x64_sys_openat+0x174/0x210 [ 465.171926][T16288] ? __pfx___x64_sys_openat+0x10/0x10 [ 465.171948][T16288] do_syscall_64+0xcd/0x490 [ 465.171979][T16288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.171995][T16288] RIP: 0033:0x7f3e21b8e929 [ 465.172007][T16288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.172021][T16288] RSP: 002b:00007f3e229bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 465.172036][T16288] RAX: ffffffffffffffda RBX: 00007f3e21db5fa0 RCX: 00007f3e21b8e929 [ 465.172045][T16288] RDX: 0000000000000082 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 465.172054][T16288] RBP: 00007f3e21c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 465.172063][T16288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.172071][T16288] R13: 0000000000000000 R14: 00007f3e21db5fa0 R15: 00007fff0b538fc8 [ 465.172089][T16288] [ 465.452430][T16291] Console: switching to colour VGA+ 80x25 [ 465.600278][T16291] ================================================================== [ 465.600290][T16291] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 465.600318][T16291] Read of size 256 at addr ffff888031c8f860 by task syz.0.4098/16291 [ 465.600332][T16291] [ 465.600342][T16291] CPU: 1 UID: 0 PID: 16291 Comm: syz.0.4098 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 465.600364][T16291] Tainted: [U]=USER [ 465.600369][T16291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.600378][T16291] Call Trace: [ 465.600383][T16291] [ 465.600389][T16291] dump_stack_lvl+0x116/0x1f0 [ 465.600411][T16291] print_report+0xcd/0x680 [ 465.600434][T16291] ? __virt_addr_valid+0x81/0x610 [ 465.600448][T16291] ? __phys_addr+0xe8/0x180 [ 465.600462][T16291] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.600482][T16291] kasan_report+0xe0/0x110 [ 465.600495][T16291] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.600518][T16291] kasan_check_range+0x100/0x1b0 [ 465.600533][T16291] __asan_memcpy+0x23/0x60 [ 465.600551][T16291] fbcon_prepare_logo+0xa03/0xc70 [ 465.600574][T16291] fbcon_init+0xd77/0x1900 [ 465.600594][T16291] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 465.600617][T16291] visual_init+0x31d/0x620 [ 465.600634][T16291] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 465.600656][T16291] store_bind+0x61d/0x760 [ 465.600676][T16291] ? sysfs_file_kobj+0xe4/0x290 [ 465.600692][T16291] ? __pfx_store_bind+0x10/0x10 [ 465.600710][T16291] dev_attr_store+0x55/0x80 [ 465.600723][T16291] ? __pfx_dev_attr_store+0x10/0x10 [ 465.600736][T16291] sysfs_kf_write+0xf2/0x150 [ 465.600752][T16291] kernfs_fop_write_iter+0x351/0x510 [ 465.600765][T16291] ? __pfx_sysfs_kf_write+0x10/0x10 [ 465.600782][T16291] vfs_write+0x6c4/0x1150 [ 465.600804][T16291] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 465.600819][T16291] ? __pfx___mutex_lock+0x10/0x10 [ 465.600840][T16291] ? __pfx_vfs_write+0x10/0x10 [ 465.600863][T16291] ksys_write+0x12a/0x250 [ 465.600882][T16291] ? __pfx_ksys_write+0x10/0x10 [ 465.600910][T16291] do_syscall_64+0xcd/0x490 [ 465.600932][T16291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.600947][T16291] RIP: 0033:0x7ff98378e929 [ 465.600959][T16291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.600973][T16291] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 465.600987][T16291] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 465.600997][T16291] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 465.601006][T16291] RBP: 00007ff983810b39 R08: 0000000000000000 R09: 0000000000000000 [ 465.601015][T16291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.601024][T16291] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 465.601038][T16291] [ 465.601043][T16291] [ 465.601046][T16291] Allocated by task 15967: [ 465.601054][T16291] kasan_save_stack+0x33/0x60 [ 465.601072][T16291] kasan_save_track+0x14/0x30 [ 465.601090][T16291] __kasan_kmalloc+0xaa/0xb0 [ 465.601107][T16291] __kvmalloc_node_noprof+0x27b/0x620 [ 465.601124][T16291] do_coredump+0x1c9a/0x4f10 [ 465.601139][T16291] get_signal+0x22e3/0x26d0 [ 465.601153][T16291] arch_do_signal_or_restart+0x8f/0x790 [ 465.601167][T16291] irqentry_exit_to_user_mode+0x12a/0x270 [ 465.601186][T16291] asm_exc_page_fault+0x26/0x30 [ 465.601198][T16291] [ 465.601201][T16291] Freed by task 15967: [ 465.601208][T16291] kasan_save_stack+0x33/0x60 [ 465.601225][T16291] kasan_save_track+0x14/0x30 [ 465.601243][T16291] kasan_save_free_info+0x3b/0x60 [ 465.601257][T16291] __kasan_slab_free+0x51/0x70 [ 465.601276][T16291] kfree+0x2b4/0x4d0 [ 465.601290][T16291] do_coredump+0x3af0/0x4f10 [ 465.601303][T16291] get_signal+0x22e3/0x26d0 [ 465.601317][T16291] arch_do_signal_or_restart+0x8f/0x790 [ 465.601331][T16291] irqentry_exit_to_user_mode+0x12a/0x270 [ 465.601351][T16291] asm_exc_page_fault+0x26/0x30 [ 465.601363][T16291] [ 465.601366][T16291] The buggy address belongs to the object at ffff888031c8f000 [ 465.601366][T16291] which belongs to the cache kmalloc-2k of size 2048 [ 465.601377][T16291] The buggy address is located 96 bytes to the right of [ 465.601377][T16291] allocated 2048-byte region [ffff888031c8f000, ffff888031c8f800) [ 465.601391][T16291] [ 465.601394][T16291] The buggy address belongs to the physical page: [ 465.601406][T16291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31c88 [ 465.601419][T16291] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 465.601431][T16291] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 465.601445][T16291] page_type: f5(slab) [ 465.601458][T16291] raw: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001 [ 465.601471][T16291] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 465.601484][T16291] head: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001 [ 465.601497][T16291] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 465.601509][T16291] head: 00fff00000000003 ffffea0000c72201 00000000ffffffff 00000000ffffffff [ 465.601521][T16291] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 465.601529][T16291] page dumped because: kasan: bad access detected [ 465.601536][T16291] page_owner tracks the page as allocated [ 465.601540][T16291] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5827, tgid 5827 (syz-executor), ts 83529439921, free_ts 81742440257 [ 465.601565][T16291] post_alloc_hook+0x1c0/0x230 [ 465.601582][T16291] get_page_from_freelist+0x1321/0x3890 [ 465.601600][T16291] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 465.601619][T16291] alloc_pages_mpol+0x1fb/0x550 [ 465.601630][T16291] new_slab+0x23b/0x330 [ 465.601644][T16291] ___slab_alloc+0xd9c/0x1940 [ 465.601659][T16291] __slab_alloc.constprop.0+0x56/0xb0 [ 465.601675][T16291] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 465.601695][T16291] kmalloc_reserve+0xef/0x2c0 [ 465.601708][T16291] __alloc_skb+0x166/0x380 [ 465.601725][T16291] rtmsg_ifinfo_build_skb+0x81/0x280 [ 465.601739][T16291] rtnetlink_event+0xf3/0x1f0 [ 465.601752][T16291] notifier_call_chain+0xbc/0x410 [ 465.601766][T16291] call_netdevice_notifiers_info+0xbe/0x140 [ 465.601781][T16291] netif_set_mac_address+0x36f/0x4a0 [ 465.601801][T16291] do_setlink.constprop.0+0x75f/0x4380 [ 465.601820][T16291] page last free pid 5817 tgid 5817 stack trace: [ 465.601828][T16291] __free_frozen_pages+0x7fe/0x1180 [ 465.601844][T16291] __folio_put+0x329/0x450 [ 465.601862][T16291] skb_release_data+0x7fb/0x9c0 [ 465.601881][T16291] __kfree_skb+0x4f/0x70 [ 465.601891][T16291] tcp_ack+0x19b2/0x5c90 [ 465.601912][T16291] tcp_rcv_established+0xda1/0x22e0 [ 465.601929][T16291] tcp_v4_do_rcv+0x5ca/0xa90 [ 465.601947][T16291] __release_sock+0x31b/0x400 [ 465.601966][T16291] __sk_flush_backlog+0x27/0xc0 [ 465.601985][T16291] tcp_sendmsg_locked+0x399a/0x4300 [ 465.602003][T16291] tcp_sendmsg+0x2e/0x50 [ 465.602019][T16291] inet_sendmsg+0xb9/0x140 [ 465.602036][T16291] sock_write_iter+0x4aa/0x5b0 [ 465.602050][T16291] vfs_write+0x6c4/0x1150 [ 465.602067][T16291] ksys_write+0x1f8/0x250 [ 465.602084][T16291] do_syscall_64+0xcd/0x490 [ 465.602104][T16291] [ 465.602107][T16291] Memory state around the buggy address: [ 465.602113][T16291] ffff888031c8f700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 465.602123][T16291] ffff888031c8f780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 465.602133][T16291] >ffff888031c8f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 465.602140][T16291] ^ [ 465.602148][T16291] ffff888031c8f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 465.602157][T16291] ffff888031c8f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 465.602165][T16291] ================================================================== [ 465.602203][T16291] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 465.602216][T16291] CPU: 1 UID: 0 PID: 16291 Comm: syz.0.4098 Tainted: G U 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 465.602238][T16291] Tainted: [U]=USER [ 465.602243][T16291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.602252][T16291] Call Trace: [ 465.602258][T16291] [ 465.602264][T16291] dump_stack_lvl+0x3d/0x1f0 [ 465.602284][T16291] panic+0x71c/0x800 [ 465.602303][T16291] ? __pfx_panic+0x10/0x10 [ 465.602321][T16291] ? irqentry_exit+0x3b/0x90 [ 465.602340][T16291] ? lockdep_hardirqs_on+0x7c/0x110 [ 465.602360][T16291] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.602383][T16291] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.602402][T16291] check_panic_on_warn+0xab/0xb0 [ 465.602421][T16291] end_report+0x107/0x170 [ 465.602442][T16291] kasan_report+0xee/0x110 [ 465.602455][T16291] ? fbcon_prepare_logo+0xa03/0xc70 [ 465.602477][T16291] kasan_check_range+0x100/0x1b0 [ 465.602492][T16291] __asan_memcpy+0x23/0x60 [ 465.602510][T16291] fbcon_prepare_logo+0xa03/0xc70 [ 465.602533][T16291] fbcon_init+0xd77/0x1900 [ 465.602553][T16291] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 465.602576][T16291] visual_init+0x31d/0x620 [ 465.602593][T16291] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 465.602616][T16291] store_bind+0x61d/0x760 [ 465.602635][T16291] ? sysfs_file_kobj+0xe4/0x290 [ 465.602652][T16291] ? __pfx_store_bind+0x10/0x10 [ 465.602670][T16291] dev_attr_store+0x55/0x80 [ 465.602683][T16291] ? __pfx_dev_attr_store+0x10/0x10 [ 465.602695][T16291] sysfs_kf_write+0xf2/0x150 [ 465.602711][T16291] kernfs_fop_write_iter+0x351/0x510 [ 465.602725][T16291] ? __pfx_sysfs_kf_write+0x10/0x10 [ 465.602742][T16291] vfs_write+0x6c4/0x1150 [ 465.602761][T16291] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 465.602775][T16291] ? __pfx___mutex_lock+0x10/0x10 [ 465.602796][T16291] ? __pfx_vfs_write+0x10/0x10 [ 465.602820][T16291] ksys_write+0x12a/0x250 [ 465.602838][T16291] ? __pfx_ksys_write+0x10/0x10 [ 465.602860][T16291] do_syscall_64+0xcd/0x490 [ 465.602880][T16291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.602895][T16291] RIP: 0033:0x7ff98378e929 [ 465.602916][T16291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.602931][T16291] RSP: 002b:00007ff984597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 465.602946][T16291] RAX: ffffffffffffffda RBX: 00007ff9839b5fa0 RCX: 00007ff98378e929 [ 465.602956][T16291] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 465.602965][T16291] RBP: 00007ff983810b39 R08: 0000000000000000 R09: 0000000000000000 [ 465.602974][T16291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.602983][T16291] R13: 0000000000000000 R14: 00007ff9839b5fa0 R15: 00007fffae079d28 [ 465.602997][T16291] [ 465.603057][T16291] Kernel Offset: disabled