last executing test programs: 2.916601924s ago: executing program 0 (id=798): sendmsg$auto_WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000000000)={0x28, 0x0, 0x21, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x80) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 2.745977043s ago: executing program 0 (id=802): close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dmmidi2\x00', 0x181842, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) write$auto(0xca, 0x0, 0x2d9) unshare$auto(0x40000080) 2.13236731s ago: executing program 0 (id=810): mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) r1 = socket(0xa, 0x801, 0x84) setsockopt$auto(r1, 0x10000000084, 0x0, 0x0, 0x10) 1.433034862s ago: executing program 2 (id=822): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)=0x4) r0 = socket(0xa, 0x801, 0x84) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) setsockopt$auto(r0, 0x10000000084, 0x9, 0x0, 0x9c) 1.432831136s ago: executing program 1 (id=823): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) vmsplice$auto(0x4, &(0x7f0000000040)={0x0, 0x80000000002}, 0x3, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) 1.342184418s ago: executing program 1 (id=824): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fd038004001298"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.320723556s ago: executing program 2 (id=825): setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0) setitimer$auto(0x2, &(0x7f0000000000)={{0x8000, 0x6}, {0xa4b, 0x6}}, 0x0) unshare$auto(0x40000080) r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x1c, r1, 0x10, 0x70bd2c, 0x25dfdbfa, {0xa, 0x0, 0xa00}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24050803}, 0x10004010) 1.22037394s ago: executing program 3 (id=826): open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) socket(0x200000000000011, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) sendfile$auto(0x6, 0x3, 0x0, 0xc01) 1.184590391s ago: executing program 0 (id=827): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80046f46, r1) 1.069075466s ago: executing program 1 (id=828): getitimer$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) getsockopt$auto(0x6, 0x1, 0x15, 0xfffffffffffffffe, 0x0) 970.704407ms ago: executing program 1 (id=829): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x40242, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x10}, 0x3) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x242, 0x0) 970.628632ms ago: executing program 3 (id=830): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) lsm_list_modules$auto(0x0, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0xff00) 970.12708ms ago: executing program 0 (id=837): close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f4) inotify_init1$auto(0x3000000000000) socket(0x11, 0x3, 0x2) landlock_create_ruleset$auto(&(0x7f0000000280)={0x200, 0xf8, 0x412}, 0x8, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 859.964713ms ago: executing program 0 (id=831): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) shmctl$auto_SHM_STAT_ANY(0x5, 0xf, 0x0) 859.895119ms ago: executing program 3 (id=832): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x801, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2711}, 0x51) shutdown$auto(0x200000003, 0x2) write$auto(0x3, 0x0, 0xfdf3) 798.94433ms ago: executing program 2 (id=833): ioperm$auto(0x7, 0x6, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x4, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, 0xf4) 781.467598ms ago: executing program 3 (id=834): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) sendto$auto(r0, 0x0, 0x6fffff9, 0xfffffff8, &(0x7f0000000440)=@can={0x1d, 0x0, 0x3f}, 0x36) 429.573733ms ago: executing program 1 (id=835): openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x16f802, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r0, &(0x7f0000000000)='-\x00', 0xfdef) 389.01498ms ago: executing program 2 (id=836): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x15, 0x5, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d64688be86d547a05c861"}, 0x55) getpeername$auto(0x3, 0x0, 0x0) 340.906358ms ago: executing program 3 (id=838): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) timer_create$auto(0x0, 0x0, 0x0) timer_create$auto(0x3, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x103200, 0x0) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x102, 0x0) write$auto(0x3, 0x0, 0x100082) 297.768733ms ago: executing program 1 (id=839): r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000008c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097f751b33e}, 0x80) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000004280)={&(0x7f00000001c0)={0x84, r0, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_MODULE_FW_FLASH_PASSWORD={0x8, 0x3, 0x804}, @ETHTOOL_A_MODULE_FW_FLASH_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_MODULE_FW_FLASH_FILE_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_MODULE_FW_FLASH_PASSWORD={0x8, 0x3, 0xffffffa8}, @ETHTOOL_A_MODULE_FW_FLASH_FILE_NAME={0xc, 0x2, 'gretap0\x00'}, @ETHTOOL_A_MODULE_FW_FLASH_FILE_NAME={0xd, 0x2, 'ovs_flow\x00'}, @ETHTOOL_A_MODULE_FW_FLASH_PASSWORD={0x8, 0x3, 0x5}, @ETHTOOL_A_MODULE_FW_FLASH_PASSWORD={0x8, 0x3, 0xb09}, @ETHTOOL_A_MODULE_FW_FLASH_FILE_NAME={0xb, 0x2, '@-#&**\x00'}]}, 0x84}, 0x1, 0x0, 0x0, 0x4c080}, 0x888) 215.087042ms ago: executing program 2 (id=840): mmap$auto(0x0, 0x202000b, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) getsockopt$auto(0x100000006, 0x0, 0x50, 0x0, 0x0) 116.383405ms ago: executing program 3 (id=841): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x109481, 0x0) mmap$auto(0x0, 0x400005, 0x800000000000df, 0x9b72, 0x2, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/conf/default/ioam6_id_wide\x00', 0x40100, 0x0) read$auto(r0, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) 0s ago: executing program 2 (id=842): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={0x0}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a00"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.8' (ED25519) to the list of known hosts. [ 81.796157][ T5820] cgroup: Unknown subsys name 'net' [ 81.892481][ T5820] cgroup: Unknown subsys name 'cpuset' [ 81.900978][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.386450][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.797654][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.806153][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.814014][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.821674][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.830977][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.835480][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.838692][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.852724][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.856597][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.860833][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.869001][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.877367][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.890200][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.894375][ T5152] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.908648][ T5152] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.917462][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.925307][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.933586][ T5152] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.937860][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.952477][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.452325][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 86.511072][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 86.603681][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 86.698061][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.705647][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.713107][ T5829] bridge_slave_0: entered allmulticast mode [ 86.722411][ T5829] bridge_slave_0: entered promiscuous mode [ 86.797322][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.804495][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.813472][ T5829] bridge_slave_1: entered allmulticast mode [ 86.822134][ T5829] bridge_slave_1: entered promiscuous mode [ 86.861350][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.868945][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.877182][ T5834] bridge_slave_0: entered allmulticast mode [ 86.888001][ T5834] bridge_slave_0: entered promiscuous mode [ 86.923201][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.933215][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.941483][ T5834] bridge_slave_1: entered allmulticast mode [ 86.952416][ T5834] bridge_slave_1: entered promiscuous mode [ 87.019876][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.031709][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.096242][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.109403][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.118791][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 87.130699][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.137910][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.145043][ T5830] bridge_slave_0: entered allmulticast mode [ 87.153220][ T5830] bridge_slave_0: entered promiscuous mode [ 87.189348][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.196652][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.203783][ T5830] bridge_slave_1: entered allmulticast mode [ 87.211913][ T5830] bridge_slave_1: entered promiscuous mode [ 87.290217][ T5829] team0: Port device team_slave_0 added [ 87.299106][ T5834] team0: Port device team_slave_0 added [ 87.313406][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.325008][ T5829] team0: Port device team_slave_1 added [ 87.333290][ T5834] team0: Port device team_slave_1 added [ 87.367656][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.460600][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.467649][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.494339][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.507707][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.514682][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.541244][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.553396][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.560691][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.586966][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.599797][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.606837][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.632816][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.657581][ T5830] team0: Port device team_slave_0 added [ 87.691982][ T5830] team0: Port device team_slave_1 added [ 87.715488][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.722651][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.730205][ T5835] bridge_slave_0: entered allmulticast mode [ 87.737684][ T5835] bridge_slave_0: entered promiscuous mode [ 87.793427][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.801236][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.809525][ T5835] bridge_slave_1: entered allmulticast mode [ 87.817340][ T5835] bridge_slave_1: entered promiscuous mode [ 87.850213][ T5829] hsr_slave_0: entered promiscuous mode [ 87.857121][ T5829] hsr_slave_1: entered promiscuous mode [ 87.874098][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.881291][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.907862][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.923949][ T5834] hsr_slave_0: entered promiscuous mode [ 87.930527][ T5834] hsr_slave_1: entered promiscuous mode [ 87.937473][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.945224][ T5834] Cannot create hsr debugfs directory [ 87.966229][ T5847] Bluetooth: hci1: command tx timeout [ 87.966235][ T5840] Bluetooth: hci0: command tx timeout [ 87.981789][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.989115][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.016309][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.046100][ T5847] Bluetooth: hci3: command tx timeout [ 88.049248][ T5840] Bluetooth: hci2: command tx timeout [ 88.053540][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.092821][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.175901][ T5835] team0: Port device team_slave_0 added [ 88.206605][ T5835] team0: Port device team_slave_1 added [ 88.223682][ T5830] hsr_slave_0: entered promiscuous mode [ 88.230504][ T5830] hsr_slave_1: entered promiscuous mode [ 88.238230][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.245849][ T5830] Cannot create hsr debugfs directory [ 88.305666][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.312639][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.339043][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.378467][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.387533][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.414057][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.581763][ T5835] hsr_slave_0: entered promiscuous mode [ 88.588530][ T5835] hsr_slave_1: entered promiscuous mode [ 88.594568][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.602685][ T5835] Cannot create hsr debugfs directory [ 88.734004][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.758875][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.788167][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.812086][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.886355][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.897699][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.927436][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.956605][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.012341][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.032769][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.076395][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.100620][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.145025][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.161126][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.171422][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.193001][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.300775][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.359131][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.388383][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.395667][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.411435][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.439033][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.446213][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.460985][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.505183][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.538084][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.561902][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.569075][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.600583][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.608054][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.621559][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.628694][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.656837][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.663977][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.708368][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.770014][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.797592][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.804779][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.839766][ T3545] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.846986][ T3545] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.028888][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.046656][ T5840] Bluetooth: hci1: command tx timeout [ 90.047366][ T5847] Bluetooth: hci0: command tx timeout [ 90.125985][ T5847] Bluetooth: hci2: command tx timeout [ 90.126412][ T5840] Bluetooth: hci3: command tx timeout [ 90.181991][ T5829] veth0_vlan: entered promiscuous mode [ 90.223520][ T5829] veth1_vlan: entered promiscuous mode [ 90.347857][ T5829] veth0_macvtap: entered promiscuous mode [ 90.390065][ T5829] veth1_macvtap: entered promiscuous mode [ 90.413883][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.484311][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.496694][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.523456][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.535088][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.545697][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.554437][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.563219][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.579517][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.618189][ T5834] veth0_vlan: entered promiscuous mode [ 90.661991][ T5834] veth1_vlan: entered promiscuous mode [ 90.742630][ T5830] veth0_vlan: entered promiscuous mode [ 90.770282][ T5835] veth0_vlan: entered promiscuous mode [ 90.781996][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.788009][ T5830] veth1_vlan: entered promiscuous mode [ 90.797446][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.817001][ T5835] veth1_vlan: entered promiscuous mode [ 90.860590][ T5834] veth0_macvtap: entered promiscuous mode [ 90.871062][ T5834] veth1_macvtap: entered promiscuous mode [ 90.907503][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.917361][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.961134][ T5835] veth0_macvtap: entered promiscuous mode [ 90.969928][ T5830] veth0_macvtap: entered promiscuous mode [ 90.979036][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.998411][ T5830] veth1_macvtap: entered promiscuous mode [ 91.009968][ T5835] veth1_macvtap: entered promiscuous mode [ 91.020003][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.040917][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.071249][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.080145][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.093095][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.102023][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.140129][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.154118][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.194180][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.214468][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.244151][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.265780][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.274523][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.284796][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.299786][ T5835] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.309775][ T5835] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.319068][ T5835] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.328918][ T5835] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.491571][ T3545] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.523215][ T3545] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.593885][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.612261][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.720885][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.739828][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.810681][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.822411][ T9] cfg80211: failed to load regulatory.db [ 91.857636][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.912109][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.931843][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.012631][ T3545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.058076][ T3545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.125793][ T5840] Bluetooth: hci0: command tx timeout [ 92.127595][ T5847] Bluetooth: hci1: command tx timeout [ 92.206137][ T5847] Bluetooth: hci3: command tx timeout [ 92.215968][ T5847] Bluetooth: hci2: command tx timeout [ 92.512571][ T5941] ptp ptp0: new virtual clock ptp1 [ 92.536836][ T5941] ptp ptp0: new virtual clock ptp2 [ 92.570080][ T5941] ptp ptp0: new virtual clock ptp3 [ 92.595528][ T5941] ptp ptp0: new virtual clock ptp4 [ 92.612357][ T5941] ptp ptp0: new virtual clock ptp5 [ 92.646942][ T5941] ptp ptp0: new virtual clock ptp6 [ 92.665278][ T5941] ptp ptp0: new virtual clock ptp7 [ 92.715027][ T5941] ptp ptp0: new virtual clock ptp8 [ 92.755812][ T5941] ptp ptp0: new virtual clock ptp9 [ 92.763122][ T5941] ptp ptp0: new virtual clock ptp10 [ 92.786667][ T5941] ptp ptp0: new virtual clock ptp11 [ 92.798266][ T5941] ptp ptp0: new virtual clock ptp12 [ 92.803648][ T5941] ptp ptp0: guarantee physical clock free running [ 93.626741][ T5976] netlink: 28 bytes leftover after parsing attributes in process `syz.1.17'. [ 93.629284][ T5977] netlink: 130 bytes leftover after parsing attributes in process `syz.0.15'. [ 93.767556][ T5976] Zero length message leads to an empty skb [ 94.029147][ T5989] netlink: 342 bytes leftover after parsing attributes in process `syz.0.22'. [ 94.080145][ T5989] netlink: 342 bytes leftover after parsing attributes in process `syz.0.22'. [ 94.205970][ T5847] Bluetooth: hci1: command tx timeout [ 94.209610][ T5840] Bluetooth: hci0: command tx timeout [ 94.286512][ T5840] Bluetooth: hci2: command tx timeout [ 94.287215][ T5847] Bluetooth: hci3: command tx timeout [ 94.838902][ T6015] syz.2.32 uses obsolete (PF_INET,SOCK_PACKET) [ 95.025870][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.034553][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.043668][ T0] NOHZ tick-stop error: local softirq work is pending, handler #248!!! [ 95.080091][ T6018] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.098389][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.245790][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 95.286824][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.335646][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.406093][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.566092][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.574320][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.845839][ T6033] netlink: 342 bytes leftover after parsing attributes in process `syz.3.40'. [ 96.054072][ T6041] netlink: 342 bytes leftover after parsing attributes in process `syz.3.43'. [ 97.782197][ T6095] lo: entered allmulticast mode [ 97.854758][ T6099] lo: left allmulticast mode [ 97.944270][ T6091] netlink: 186 bytes leftover after parsing attributes in process `syz.1.57'. [ 97.967291][ T6091] netlink: 186 bytes leftover after parsing attributes in process `syz.1.57'. [ 98.958681][ T6132] netlink: 342 bytes leftover after parsing attributes in process `syz.1.69'. [ 99.892355][ T6166] netlink: 28 bytes leftover after parsing attributes in process `syz.3.82'. [ 99.905034][ T6166] hsr0: entered allmulticast mode [ 99.913980][ T6166] hsr_slave_0: entered allmulticast mode [ 99.922421][ T6166] hsr_slave_1: entered allmulticast mode [ 102.222394][ T6226] FAULT_INJECTION: forcing a failure. [ 102.222394][ T6226] name failslab, interval 1, probability 0, space 0, times 0 [ 102.222481][ T6226] CPU: 1 UID: 0 PID: 6226 Comm: syz.2.103 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 102.222515][ T6226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 102.222533][ T6226] Call Trace: [ 102.222541][ T6226] [ 102.222554][ T6226] dump_stack_lvl+0x16c/0x1f0 [ 102.222599][ T6226] should_fail_ex+0x512/0x640 [ 102.222632][ T6226] ? fs_reclaim_acquire+0xae/0x150 [ 102.222662][ T6226] ? ima_alloc_init_template+0x19d/0x720 [ 102.222697][ T6226] should_failslab+0xc2/0x120 [ 102.222720][ T6226] __kmalloc_noprof+0xd2/0x510 [ 102.222764][ T6226] ? __print_lock_name+0xb1/0xe0 [ 102.222796][ T6226] ima_alloc_init_template+0x19d/0x720 [ 102.222838][ T6226] ? take_dentry_name_snapshot+0x319/0x7d0 [ 102.222871][ T6226] ima_store_measurement+0x1eb/0x5c0 [ 102.222899][ T6226] ? __pfx_ima_store_measurement+0x10/0x10 [ 102.222927][ T6226] ? vfs_getxattr_alloc+0xec/0x340 [ 102.222969][ T6226] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 102.223018][ T6226] process_measurement+0x1ddb/0x23e0 [ 102.223068][ T6226] ? __pfx_process_measurement+0x10/0x10 [ 102.223111][ T6226] ? alloc_empty_file+0x73/0x1e0 [ 102.223136][ T6226] ? hugetlb_file_setup+0x4cd/0x620 [ 102.223161][ T6226] ? ksys_mmap_pgoff+0x189/0x5c0 [ 102.223185][ T6226] ? __x64_sys_mmap+0x125/0x190 [ 102.223265][ T6226] ima_file_mmap+0x1b1/0x1d0 [ 102.223300][ T6226] ? __pfx_ima_file_mmap+0x10/0x10 [ 102.223343][ T6226] security_mmap_file+0x88c/0x990 [ 102.223376][ T6226] vm_mmap_pgoff+0xec/0x450 [ 102.223406][ T6226] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 102.223428][ T6226] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 102.223457][ T6226] ? hugetlbfs_get_inode+0x31f/0x730 [ 102.223491][ T6226] ksys_mmap_pgoff+0x1c8/0x5c0 [ 102.223525][ T6226] __x64_sys_mmap+0x125/0x190 [ 102.223561][ T6226] do_syscall_64+0xcd/0x490 [ 102.223600][ T6226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.223627][ T6226] RIP: 0033:0x7f650a78e929 [ 102.223654][ T6226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.223684][ T6226] RSP: 002b:00007f650b64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 102.223709][ T6226] RAX: ffffffffffffffda RBX: 00007f650a9b5fa0 RCX: 00007f650a78e929 [ 102.223726][ T6226] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000 [ 102.223739][ T6226] RBP: 00007f650a810b39 R08: 0000000000000401 R09: 0000300000000000 [ 102.223753][ T6226] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000 [ 102.223766][ T6226] R13: 0000000000000000 R14: 00007f650a9b5fa0 R15: 00007fff6868ab58 [ 102.223798][ T6226] [ 102.235496][ T30] audit: type=1804 audit(1750626816.102:2): pid=6226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.103" name="anon_hugepage" dev="hugetlbfs" ino=8313 res=0 errno=0 [ 102.941856][ T6243] netlink: 338 bytes leftover after parsing attributes in process `syz.3.109'. [ 102.941893][ T6243] gre0: entered promiscuous mode [ 102.941914][ T6243] gre0: entered allmulticast mode [ 103.566197][ T6255] netlink: 346 bytes leftover after parsing attributes in process `syz.1.114'. [ 106.274122][ T6324] netlink: 28 bytes leftover after parsing attributes in process `syz.1.139'. [ 106.334981][ T6324] vcan0: entered promiscuous mode [ 107.470118][ T6353] netlink: 334 bytes leftover after parsing attributes in process `syz.3.146'. [ 107.481390][ T6354] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.760085][ T6365] FAULT_INJECTION: forcing a failure. [ 107.760085][ T6365] name failslab, interval 1, probability 0, space 0, times 0 [ 107.813514][ T6365] CPU: 0 UID: 0 PID: 6365 Comm: syz.3.151 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 107.813552][ T6365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 107.813567][ T6365] Call Trace: [ 107.813575][ T6365] [ 107.813585][ T6365] dump_stack_lvl+0x16c/0x1f0 [ 107.813627][ T6365] should_fail_ex+0x512/0x640 [ 107.813660][ T6365] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 107.813701][ T6365] should_failslab+0xc2/0x120 [ 107.813725][ T6365] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 107.813759][ T6365] ? __proc_create+0xc3/0x8c0 [ 107.813794][ T6365] ? __proc_create+0x2ce/0x8c0 [ 107.813834][ T6365] __proc_create+0x2ce/0x8c0 [ 107.813871][ T6365] ? __pfx___proc_create+0x10/0x10 [ 107.813906][ T6365] ? pcpu_chunk_relocate+0x126/0x190 [ 107.813950][ T6365] proc_create_reg+0x7d/0x180 [ 107.813975][ T6365] ? __pfx_xfrm_statistics_seq_show+0x10/0x10 [ 107.814003][ T6365] proc_create_net_single+0x86/0x170 [ 107.814027][ T6365] ? __pfx_proc_create_net_single+0x10/0x10 [ 107.814060][ T6365] ? __pfx_xfrm_net_init+0x10/0x10 [ 107.814094][ T6365] xfrm_proc_init+0x4d/0x70 [ 107.814117][ T6365] xfrm_net_init+0x1f0/0xcc0 [ 107.814159][ T6365] ? __pfx_xfrm_net_init+0x10/0x10 [ 107.814192][ T6365] ops_init+0x1e2/0x5f0 [ 107.814220][ T6365] setup_net+0x1ff/0x510 [ 107.814242][ T6365] ? lockdep_init_map_type+0x5c/0x280 [ 107.814274][ T6365] ? __pfx_setup_net+0x10/0x10 [ 107.814301][ T6365] ? debug_mutex_init+0x37/0x70 [ 107.814327][ T6365] copy_net_ns+0x2a6/0x5f0 [ 107.814352][ T6365] create_new_namespaces+0x3ea/0xa90 [ 107.814394][ T6365] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 107.814424][ T6365] ksys_unshare+0x45b/0xa40 [ 107.814456][ T6365] ? __pfx_ksys_unshare+0x10/0x10 [ 107.814489][ T6365] ? xfd_validate_state+0x61/0x180 [ 107.814529][ T6365] __x64_sys_unshare+0x31/0x40 [ 107.814559][ T6365] do_syscall_64+0xcd/0x490 [ 107.814598][ T6365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.814623][ T6365] RIP: 0033:0x7f86bcf8e929 [ 107.814644][ T6365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.814667][ T6365] RSP: 002b:00007f86bdd59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 107.814691][ T6365] RAX: ffffffffffffffda RBX: 00007f86bd1b5fa0 RCX: 00007f86bcf8e929 [ 107.814708][ T6365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 107.814724][ T6365] RBP: 00007f86bd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 107.814740][ T6365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.814755][ T6365] R13: 0000000000000000 R14: 00007f86bd1b5fa0 R15: 00007ffe7a641d38 [ 107.814789][ T6365] [ 108.462897][ T6367] FAULT_INJECTION: forcing a failure. [ 108.462897][ T6367] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 108.503399][ T6367] CPU: 1 UID: 0 PID: 6367 Comm: syz.2.150 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 108.503439][ T6367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.503453][ T6367] Call Trace: [ 108.503462][ T6367] [ 108.503472][ T6367] dump_stack_lvl+0x16c/0x1f0 [ 108.503515][ T6367] should_fail_ex+0x512/0x640 [ 108.503555][ T6367] should_fail_alloc_page+0xe7/0x130 [ 108.503594][ T6367] prepare_alloc_pages+0x3c2/0x610 [ 108.503624][ T6367] ? rcu_is_watching+0x12/0xc0 [ 108.503655][ T6367] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 108.503699][ T6367] ? __lock_acquire+0x622/0x1c90 [ 108.503734][ T6367] ? xas_create+0x1d7/0x1460 [ 108.503760][ T6367] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 108.503800][ T6367] ? lock_acquire+0x179/0x350 [ 108.503830][ T6367] ? rcu_is_watching+0x12/0xc0 [ 108.503866][ T6367] ? __lock_acquire+0x622/0x1c90 [ 108.503896][ T6367] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 108.503934][ T6367] ? policy_nodemask+0xea/0x4e0 [ 108.503962][ T6367] alloc_pages_mpol+0x1fb/0x550 [ 108.503989][ T6367] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 108.504017][ T6367] ? filemap_get_entry+0x1a7/0x3b0 [ 108.504047][ T6367] folio_alloc_noprof+0x20/0x2d0 [ 108.504076][ T6367] filemap_alloc_folio_noprof+0x3a1/0x470 [ 108.504111][ T6367] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 108.504154][ T6367] __filemap_get_folio+0x5e1/0xc30 [ 108.504187][ T6367] ioctx_alloc+0x761/0x2120 [ 108.504235][ T6367] ? __pfx_ioctx_alloc+0x10/0x10 [ 108.504263][ T6367] ? __might_fault+0x13b/0x190 [ 108.504307][ T6367] __x64_sys_io_setup+0xc9/0x210 [ 108.504340][ T6367] do_syscall_64+0xcd/0x490 [ 108.504378][ T6367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.504403][ T6367] RIP: 0033:0x7f650a78e929 [ 108.504424][ T6367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.504447][ T6367] RSP: 002b:00007f650b64f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 108.504471][ T6367] RAX: ffffffffffffffda RBX: 00007f650a9b5fa0 RCX: 00007f650a78e929 [ 108.504488][ T6367] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe [ 108.504504][ T6367] RBP: 00007f650a810b39 R08: 0000000000000000 R09: 0000000000000000 [ 108.504519][ T6367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.504534][ T6367] R13: 0000000000000000 R14: 00007f650a9b5fa0 R15: 00007fff6868ab58 [ 108.504574][ T6367] [ 108.842807][ T6385] netlink: 74 bytes leftover after parsing attributes in process `syz.1.152'. [ 109.800936][ T6405] netlink: 28 bytes leftover after parsing attributes in process `syz.0.165'. [ 110.100182][ T6405] team0: Port device team_slave_1 removed [ 110.914953][ T6427] netlink: 334 bytes leftover after parsing attributes in process `syz.0.173'. [ 112.769327][ T6484] FAULT_INJECTION: forcing a failure. [ 112.769327][ T6484] name failslab, interval 1, probability 0, space 0, times 0 [ 112.825442][ T6484] CPU: 0 UID: 0 PID: 6484 Comm: syz.3.190 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 112.825478][ T6484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.825491][ T6484] Call Trace: [ 112.825499][ T6484] [ 112.825509][ T6484] dump_stack_lvl+0x16c/0x1f0 [ 112.825550][ T6484] should_fail_ex+0x512/0x640 [ 112.825583][ T6484] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 112.825623][ T6484] should_failslab+0xc2/0x120 [ 112.825644][ T6484] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 112.825678][ T6484] ? __d_alloc+0x31/0xaa0 [ 112.825717][ T6484] __d_alloc+0x31/0xaa0 [ 112.825756][ T6484] d_alloc+0x4a/0x1e0 [ 112.825791][ T6484] d_alloc_parallel+0xe3/0x12e0 [ 112.825823][ T6484] ? find_held_lock+0x2b/0x80 [ 112.825863][ T6484] ? __pfx_d_alloc_parallel+0x10/0x10 [ 112.825897][ T6484] ? __d_lookup+0x266/0x4a0 [ 112.825927][ T6484] lookup_open.isra.0+0x665/0x1580 [ 112.825962][ T6484] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 112.826005][ T6484] ? mnt_get_write_access+0x20c/0x300 [ 112.826038][ T6484] path_openat+0x893/0x2cb0 [ 112.826081][ T6484] ? __pfx_path_openat+0x10/0x10 [ 112.826115][ T6484] ? __lock_acquire+0xb8a/0x1c90 [ 112.826149][ T6484] do_filp_open+0x20b/0x470 [ 112.826184][ T6484] ? __pfx_do_filp_open+0x10/0x10 [ 112.826245][ T6484] ? alloc_fd+0x471/0x7d0 [ 112.826283][ T6484] do_sys_openat2+0x11b/0x1d0 [ 112.826308][ T6484] ? __pfx_do_sys_openat2+0x10/0x10 [ 112.826344][ T6484] __x64_sys_openat+0x174/0x210 [ 112.826370][ T6484] ? __pfx___x64_sys_openat+0x10/0x10 [ 112.826411][ T6484] do_syscall_64+0xcd/0x490 [ 112.826450][ T6484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.826474][ T6484] RIP: 0033:0x7f86bcf8e929 [ 112.826492][ T6484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.826515][ T6484] RSP: 002b:00007f86bdd59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 112.826539][ T6484] RAX: ffffffffffffffda RBX: 00007f86bd1b5fa0 RCX: 00007f86bcf8e929 [ 112.826553][ T6484] RDX: 0000000000001182 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 112.826568][ T6484] RBP: 00007f86bd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 112.826582][ T6484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.826595][ T6484] R13: 0000000000000000 R14: 00007f86bd1b5fa0 R15: 00007ffe7a641d38 [ 112.826626][ T6484] [ 114.102713][ T6503] zswap: compressor not available [ 114.941870][ T6535] netlink: 28 bytes leftover after parsing attributes in process `syz.3.204'. [ 115.717706][ T6547] zswap: compressor not available [ 115.864389][ T6562] openvswitch: netlink: IP tunnel dst address not specified [ 115.874160][ T6562] openvswitch: netlink: IP tunnel dst address not specified [ 116.618303][ T6578] netlink: 28 bytes leftover after parsing attributes in process `syz.1.220'. [ 116.824826][ T6583] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 117.228517][ T6587] qrtr: Invalid version 0 [ 117.601538][ T6604] FAULT_INJECTION: forcing a failure. [ 117.601538][ T6604] name failslab, interval 1, probability 0, space 0, times 0 [ 117.634775][ T6604] CPU: 1 UID: 0 PID: 6604 Comm: syz.0.231 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 117.634814][ T6604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.634829][ T6604] Call Trace: [ 117.634838][ T6604] [ 117.634848][ T6604] dump_stack_lvl+0x16c/0x1f0 [ 117.634895][ T6604] should_fail_ex+0x512/0x640 [ 117.634927][ T6604] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 117.634969][ T6604] should_failslab+0xc2/0x120 [ 117.634993][ T6604] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 117.635029][ T6604] ? proc_alloc_inode+0x25/0x200 [ 117.635068][ T6604] ? __pfx_proc_alloc_inode+0x10/0x10 [ 117.635099][ T6604] proc_alloc_inode+0x25/0x200 [ 117.635130][ T6604] alloc_inode+0x61/0x240 [ 117.635156][ T6604] new_inode+0x22/0x1c0 [ 117.635199][ T6604] ? proc_lookup_de+0x217/0x320 [ 117.635241][ T6604] proc_get_inode+0x1d/0x780 [ 117.635278][ T6604] proc_lookup_de+0x253/0x320 [ 117.635330][ T6604] proc_tgid_net_lookup+0x75/0x120 [ 117.635355][ T6604] __lookup_slow+0x24e/0x460 [ 117.635381][ T6604] ? __pfx___lookup_slow+0x10/0x10 [ 117.635432][ T6604] ? lookup_fast+0x156/0x610 [ 117.635466][ T6604] walk_component+0x353/0x5b0 [ 117.635500][ T6604] link_path_walk+0x627/0xe20 [ 117.635544][ T6604] path_openat+0x1b0/0x2cb0 [ 117.635573][ T6604] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.635612][ T6604] ? __pfx_path_openat+0x10/0x10 [ 117.635648][ T6604] ? __lock_acquire+0xb8a/0x1c90 [ 117.635683][ T6604] do_filp_open+0x20b/0x470 [ 117.635717][ T6604] ? __pfx_do_filp_open+0x10/0x10 [ 117.635761][ T6604] ? __pfx_kfree_link+0x10/0x10 [ 117.635798][ T6604] ? alloc_fd+0x471/0x7d0 [ 117.635839][ T6604] do_sys_openat2+0x11b/0x1d0 [ 117.635866][ T6604] ? __pfx_do_sys_openat2+0x10/0x10 [ 117.635908][ T6604] __x64_sys_openat+0x174/0x210 [ 117.635936][ T6604] ? __pfx___x64_sys_openat+0x10/0x10 [ 117.635978][ T6604] do_syscall_64+0xcd/0x490 [ 117.636016][ T6604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.636042][ T6604] RIP: 0033:0x7f1ba0f8e929 [ 117.636063][ T6604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.636086][ T6604] RSP: 002b:00007f1ba1d33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 117.636110][ T6604] RAX: ffffffffffffffda RBX: 00007f1ba11b5fa0 RCX: 00007f1ba0f8e929 [ 117.636127][ T6604] RDX: 0000000000101002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 117.636143][ T6604] RBP: 00007f1ba1010b39 R08: 0000000000000000 R09: 0000000000000000 [ 117.636158][ T6604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.636173][ T6604] R13: 0000000000000000 R14: 00007f1ba11b5fa0 R15: 00007ffc47c780e8 [ 117.636207][ T6604] [ 118.857030][ T6631] netlink: 28 bytes leftover after parsing attributes in process `syz.2.241'. [ 118.931661][ T6636] netlink: 342 bytes leftover after parsing attributes in process `syz.0.243'. [ 118.953912][ T6634] netlink: 342 bytes leftover after parsing attributes in process `syz.3.242'. [ 119.549670][ T6649] zswap: compressor 000 not available [ 119.903894][ T6665] netlink: 28 bytes leftover after parsing attributes in process `syz.1.253'. [ 119.921322][ T6665] veth0_vlan: entered allmulticast mode [ 120.702187][ T6692] netlink: 342 bytes leftover after parsing attributes in process `syz.2.264'. [ 120.856457][ T6696] netlink: 28 bytes leftover after parsing attributes in process `syz.0.266'. [ 120.876732][ T6699] mmap: syz.3.265 (6699) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 120.894383][ T6696] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.903527][ T6696] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.918998][ T6696] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.919031][ T6696] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.250967][ T6708] netlink: 338 bytes leftover after parsing attributes in process `syz.1.270'. [ 122.140140][ T6734] netlink: 342 bytes leftover after parsing attributes in process `syz.2.282'. [ 122.398908][ T6740] netlink: 28 bytes leftover after parsing attributes in process `syz.0.285'. [ 122.796671][ T6747] zswap: compressor 000 not available [ 122.819949][ T6756] netlink: 338 bytes leftover after parsing attributes in process `syz.1.289'. [ 123.189693][ T6766] capability: warning: `syz.2.293' uses deprecated v2 capabilities in a way that may be insecure [ 123.828790][ T6788] netlink: 330 bytes leftover after parsing attributes in process `syz.0.303'. [ 124.621018][ T6819] netlink: 28 bytes leftover after parsing attributes in process `syz.1.317'. [ 124.630119][ T6819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.644693][ T6819] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.665590][ T6819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.688461][ T6819] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 125.033756][ T6833] netlink: 186 bytes leftover after parsing attributes in process `syz.1.321'. [ 125.302773][ T6840] netlink: 330 bytes leftover after parsing attributes in process `syz.3.324'. [ 125.973995][ T6853] sctp: [Deprecated]: syz.3.329 (pid 6853) Use of struct sctp_assoc_value in delayed_ack socket option. [ 125.973995][ T6853] Use struct sctp_sack_info instead [ 126.002306][ T5847] Bluetooth: hci0: unexpected event 0x03 length: 725 > 11 [ 126.998169][ T6889] netlink: 28 bytes leftover after parsing attributes in process `syz.3.343'. [ 127.024528][ T6889] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.034263][ T6889] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.046467][ T6889] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.053904][ T6889] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.968659][ T6918] netlink: 28 bytes leftover after parsing attributes in process `syz.2.355'. [ 128.007238][ T6918] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.036543][ T6918] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 128.058390][ T6918] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.075802][ T6918] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 128.183859][ T6927] netlink: 334 bytes leftover after parsing attributes in process `syz.1.359'. [ 128.484913][ T6936] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 129.823994][ T6977] netlink: 342 bytes leftover after parsing attributes in process `syz.1.376'. [ 130.448388][ T6996] zswap: compressor 000 not available [ 131.009336][ T30] audit: type=1800 audit(1750626844.892:3): pid=7022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.393" name="file0" dev="tmpfs" ino=485 res=0 errno=0 [ 131.100756][ T7027] binder: 7026:7027 ioctl 600004 3 returned -22 [ 132.576513][ T7087] netlink: 28 bytes leftover after parsing attributes in process `syz.0.428'. [ 132.771619][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.779251][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.197812][ T7104] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 133.510073][ T7108] zswap: compressor 000 not available [ 134.039419][ T5847] Bluetooth: hci1: Malformed LE Event: 0x1b [ 136.353046][ T7199] netlink: 342 bytes leftover after parsing attributes in process `syz.0.465'. [ 136.535897][ T7205] FAULT_INJECTION: forcing a failure. [ 136.535897][ T7205] name failslab, interval 1, probability 0, space 0, times 0 [ 136.565802][ T7205] CPU: 0 UID: 0 PID: 7205 Comm: syz.1.469 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 136.565840][ T7205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.565854][ T7205] Call Trace: [ 136.565862][ T7205] [ 136.565872][ T7205] dump_stack_lvl+0x16c/0x1f0 [ 136.565916][ T7205] should_fail_ex+0x512/0x640 [ 136.565949][ T7205] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 136.565985][ T7205] should_failslab+0xc2/0x120 [ 136.566009][ T7205] __kmalloc_cache_noprof+0x6a/0x3e0 [ 136.566042][ T7205] ? nfc_allocate_device+0x15b/0x5e0 [ 136.566073][ T7205] nfc_allocate_device+0x15b/0x5e0 [ 136.566095][ T7205] ? __init_swait_queue_head+0xca/0x150 [ 136.566135][ T7205] nci_allocate_device+0x23b/0x430 [ 136.566169][ T7205] virtual_ncidev_open+0x6f/0x220 [ 136.566199][ T7205] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 136.566228][ T7205] misc_open+0x35d/0x420 [ 136.566267][ T7205] ? __pfx_misc_open+0x10/0x10 [ 136.566298][ T7205] chrdev_open+0x234/0x6a0 [ 136.566335][ T7205] ? __pfx_apparmor_file_open+0x10/0x10 [ 136.566365][ T7205] ? __pfx_chrdev_open+0x10/0x10 [ 136.566403][ T7205] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 136.566441][ T7205] do_dentry_open+0x741/0x1c10 [ 136.566477][ T7205] ? __pfx_chrdev_open+0x10/0x10 [ 136.566518][ T7205] vfs_open+0x82/0x3f0 [ 136.566549][ T7205] path_openat+0x1de4/0x2cb0 [ 136.566595][ T7205] ? __pfx_path_openat+0x10/0x10 [ 136.566629][ T7205] ? __lock_acquire+0xb8a/0x1c90 [ 136.566664][ T7205] do_filp_open+0x20b/0x470 [ 136.566698][ T7205] ? __pfx_do_filp_open+0x10/0x10 [ 136.566759][ T7205] ? alloc_fd+0x471/0x7d0 [ 136.566801][ T7205] do_sys_openat2+0x11b/0x1d0 [ 136.566827][ T7205] ? __pfx_do_sys_openat2+0x10/0x10 [ 136.566869][ T7205] __x64_sys_openat+0x174/0x210 [ 136.566898][ T7205] ? __pfx___x64_sys_openat+0x10/0x10 [ 136.566941][ T7205] do_syscall_64+0xcd/0x490 [ 136.566979][ T7205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.567005][ T7205] RIP: 0033:0x7ff97ef8e929 [ 136.567034][ T7205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.567059][ T7205] RSP: 002b:00007ff97fe04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 136.567087][ T7205] RAX: ffffffffffffffda RBX: 00007ff97f1b5fa0 RCX: 00007ff97ef8e929 [ 136.567104][ T7205] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 136.567121][ T7205] RBP: 00007ff97f010b39 R08: 0000000000000000 R09: 0000000000000000 [ 136.567137][ T7205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.567152][ T7205] R13: 0000000000000000 R14: 00007ff97f1b5fa0 R15: 00007ffcde312db8 [ 136.567188][ T7205] [ 137.000353][ T7215] netlink: 350 bytes leftover after parsing attributes in process `syz.2.473'. [ 137.266910][ T7225] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^' [ 138.847298][ T7281] FAULT_INJECTION: forcing a failure. [ 138.847298][ T7281] name failslab, interval 1, probability 0, space 0, times 0 [ 138.888279][ T7281] CPU: 1 UID: 0 PID: 7281 Comm: syz.2.495 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 138.888316][ T7281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.888331][ T7281] Call Trace: [ 138.888339][ T7281] [ 138.888349][ T7281] dump_stack_lvl+0x16c/0x1f0 [ 138.888392][ T7281] should_fail_ex+0x512/0x640 [ 138.888425][ T7281] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 138.888461][ T7281] should_failslab+0xc2/0x120 [ 138.888485][ T7281] __kmalloc_cache_noprof+0x6a/0x3e0 [ 138.888518][ T7281] ? _raw_spin_unlock+0x28/0x50 [ 138.888548][ T7281] ? snd_ctl_open+0x174/0x5e0 [ 138.888586][ T7281] snd_ctl_open+0x174/0x5e0 [ 138.888621][ T7281] ? __pfx_snd_ctl_open+0x10/0x10 [ 138.888655][ T7281] snd_open+0x1fe/0x450 [ 138.888679][ T7281] ? __pfx_snd_open+0x10/0x10 [ 138.888702][ T7281] chrdev_open+0x234/0x6a0 [ 138.888739][ T7281] ? __pfx_chrdev_open+0x10/0x10 [ 138.888778][ T7281] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 138.888816][ T7281] do_dentry_open+0x741/0x1c10 [ 138.888850][ T7281] ? __pfx_chrdev_open+0x10/0x10 [ 138.888892][ T7281] vfs_open+0x82/0x3f0 [ 138.888922][ T7281] path_openat+0x1de4/0x2cb0 [ 138.888968][ T7281] ? __pfx_path_openat+0x10/0x10 [ 138.889013][ T7281] ? __lock_acquire+0xb8a/0x1c90 [ 138.889049][ T7281] do_filp_open+0x20b/0x470 [ 138.889084][ T7281] ? __pfx_do_filp_open+0x10/0x10 [ 138.889143][ T7281] ? alloc_fd+0x471/0x7d0 [ 138.889183][ T7281] do_sys_openat2+0x11b/0x1d0 [ 138.889209][ T7281] ? __pfx_do_sys_openat2+0x10/0x10 [ 138.889248][ T7281] __x64_sys_openat+0x174/0x210 [ 138.889275][ T7281] ? __pfx___x64_sys_openat+0x10/0x10 [ 138.889317][ T7281] do_syscall_64+0xcd/0x490 [ 138.889355][ T7281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.889380][ T7281] RIP: 0033:0x7f650a78e929 [ 138.889401][ T7281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.889423][ T7281] RSP: 002b:00007f650b64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 138.889448][ T7281] RAX: ffffffffffffffda RBX: 00007f650a9b5fa0 RCX: 00007f650a78e929 [ 138.889465][ T7281] RDX: 0000000000000080 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 138.889480][ T7281] RBP: 00007f650a810b39 R08: 0000000000000000 R09: 0000000000000000 [ 138.889495][ T7281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.889509][ T7281] R13: 0000000000000000 R14: 00007f650a9b5fa0 R15: 00007fff6868ab58 [ 138.889542][ T7281] [ 138.901311][ T7285] netlink: 4 bytes leftover after parsing attributes in process `syz.0.498'. [ 139.038706][ T7288] netlink: 354 bytes leftover after parsing attributes in process `syz.0.498'. [ 139.364532][ T7297] netlink: 28 bytes leftover after parsing attributes in process `syz.2.500'. [ 139.448540][ T7299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.502'. [ 140.209236][ T7330] sctp: [Deprecated]: syz.1.511 (pid 7330) Use of int in max_burst socket option deprecated. [ 140.209236][ T7330] Use struct sctp_assoc_value instead [ 140.959215][ T7361] netlink: 342 bytes leftover after parsing attributes in process `syz.3.524'. [ 140.969983][ T7361] netlink: 342 bytes leftover after parsing attributes in process `syz.3.524'. [ 141.214005][ T7371] netlink: 'syz.3.529': attribute type 13 has an invalid length. [ 142.231974][ T7406] netlink: 28 bytes leftover after parsing attributes in process `syz.1.542'. [ 143.050117][ T7436] sctp: [Deprecated]: syz.3.556 (pid 7436) Use of int in max_burst socket option deprecated. [ 143.050117][ T7436] Use struct sctp_assoc_value instead [ 143.921831][ T7472] netlink: 342 bytes leftover after parsing attributes in process `syz.1.571'. [ 144.060083][ T7479] netlink: 'syz.3.574': attribute type 8 has an invalid length. [ 145.804233][ T7518] Invalid ELF header magic: != ELF [ 146.436953][ T7536] FAULT_INJECTION: forcing a failure. [ 146.436953][ T7536] name failslab, interval 1, probability 0, space 0, times 0 [ 146.437003][ T7536] CPU: 1 UID: 0 PID: 7536 Comm: syz.1.595 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 146.437036][ T7536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 146.437050][ T7536] Call Trace: [ 146.437059][ T7536] [ 146.437069][ T7536] dump_stack_lvl+0x16c/0x1f0 [ 146.437111][ T7536] should_fail_ex+0x512/0x640 [ 146.437144][ T7536] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 146.437192][ T7536] should_failslab+0xc2/0x120 [ 146.437218][ T7536] __kmalloc_cache_noprof+0x6a/0x3e0 [ 146.437250][ T7536] ? vc_allocate+0x16c/0x880 [ 146.437292][ T7536] vc_allocate+0x16c/0x880 [ 146.437326][ T7536] ? __pfx_vc_allocate+0x10/0x10 [ 146.437376][ T7536] con_install+0xa1/0x600 [ 146.437413][ T7536] ? __pfx_con_install+0x10/0x10 [ 146.437457][ T7536] ? __pfx_con_install+0x10/0x10 [ 146.437495][ T7536] tty_init_dev.part.0+0x99/0x500 [ 146.437524][ T7536] tty_open+0xa50/0xf90 [ 146.437555][ T7536] ? __pfx_tty_open+0x10/0x10 [ 146.437579][ T7536] ? chrdev_open+0x58c/0x6a0 [ 146.437619][ T7536] ? __pfx_tty_open+0x10/0x10 [ 146.437642][ T7536] chrdev_open+0x234/0x6a0 [ 146.437680][ T7536] ? __pfx_chrdev_open+0x10/0x10 [ 146.437719][ T7536] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 146.437758][ T7536] do_dentry_open+0x741/0x1c10 [ 146.437794][ T7536] ? __pfx_chrdev_open+0x10/0x10 [ 146.437837][ T7536] vfs_open+0x82/0x3f0 [ 146.437868][ T7536] path_openat+0x1de4/0x2cb0 [ 146.437915][ T7536] ? __pfx_path_openat+0x10/0x10 [ 146.437951][ T7536] ? __lock_acquire+0xb8a/0x1c90 [ 146.437987][ T7536] do_filp_open+0x20b/0x470 [ 146.438022][ T7536] ? __pfx_do_filp_open+0x10/0x10 [ 146.438084][ T7536] ? alloc_fd+0x471/0x7d0 [ 146.438127][ T7536] do_sys_openat2+0x11b/0x1d0 [ 146.438154][ T7536] ? __pfx_do_sys_openat2+0x10/0x10 [ 146.438207][ T7536] __x64_sys_openat+0x174/0x210 [ 146.438237][ T7536] ? __pfx___x64_sys_openat+0x10/0x10 [ 146.438282][ T7536] do_syscall_64+0xcd/0x490 [ 146.438322][ T7536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.438348][ T7536] RIP: 0033:0x7ff97ef8e929 [ 146.438369][ T7536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.438392][ T7536] RSP: 002b:00007ff97fe04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 146.438415][ T7536] RAX: ffffffffffffffda RBX: 00007ff97f1b5fa0 RCX: 00007ff97ef8e929 [ 146.438431][ T7536] RDX: 0000000000040002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 146.438447][ T7536] RBP: 00007ff97f010b39 R08: 0000000000000000 R09: 0000000000000000 [ 146.438462][ T7536] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 146.438477][ T7536] R13: 0000000000000000 R14: 00007ff97f1b5fa0 R15: 00007ffcde312db8 [ 146.438512][ T7536] [ 146.921954][ T7546] netlink: 28 bytes leftover after parsing attributes in process `syz.2.598'. [ 146.997332][ T7549] FAULT_INJECTION: forcing a failure. [ 146.997332][ T7549] name failslab, interval 1, probability 0, space 0, times 0 [ 146.997373][ T7549] CPU: 1 UID: 0 PID: 7549 Comm: syz.3.600 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 146.997407][ T7549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 146.997432][ T7549] Call Trace: [ 146.997441][ T7549] [ 146.997451][ T7549] dump_stack_lvl+0x16c/0x1f0 [ 146.997494][ T7549] should_fail_ex+0x512/0x640 [ 146.997528][ T7549] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 146.997569][ T7549] should_failslab+0xc2/0x120 [ 146.997594][ T7549] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 146.997632][ T7549] ? __alloc_skb+0x2b2/0x380 [ 146.997671][ T7549] __alloc_skb+0x2b2/0x380 [ 146.997705][ T7549] ? __pfx___alloc_skb+0x10/0x10 [ 146.997738][ T7549] ? rcu_is_watching+0x12/0xc0 [ 146.997764][ T7549] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 146.997799][ T7549] ? audit_log_start+0x2c5/0x7f0 [ 146.997834][ T7549] audit_log_start+0x2ea/0x7f0 [ 146.997865][ T7549] ? __pfx_audit_log_start+0x10/0x10 [ 146.997895][ T7549] ? rcu_is_watching+0x12/0xc0 [ 146.997917][ T7549] ? __local_bh_enable_ip+0xa4/0x120 [ 146.997947][ T7549] ? arch_do_signal_or_restart+0x211/0x790 [ 146.997979][ T7549] audit_seccomp+0x60/0x1f0 [ 146.998009][ T7549] __secure_computing+0x2bf/0x320 [ 146.998038][ T7549] syscall_trace_enter+0x89/0x260 [ 146.998074][ T7549] do_syscall_64+0x347/0x490 [ 146.998114][ T7549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.998140][ T7549] RIP: 0033:0x7f86bcf8e929 [ 146.998161][ T7549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.998186][ T7549] RSP: 002b:00007f86bdd589f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 146.998209][ T7549] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f86bcf8e929 [ 146.998225][ T7549] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 000000000000000b [ 146.998237][ T7549] RBP: 00007f86bdd59040 R08: 00007f86bdd5a000 R09: 000000000000000b [ 146.998253][ T7549] R10: 0000000000006a52 R11: 0000000000000246 R12: 0000000000000000 [ 146.998267][ T7549] R13: 0000000000000000 R14: 00007f86bd1b5fa0 R15: 00007ffe7a641d38 [ 146.998305][ T7549] [ 146.998402][ T7549] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 146.998430][ T7549] audit: out of memory in audit_log_start [ 148.098646][ T7567] input: = as /devices/virtual/input/input5 [ 148.117587][ T5847] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 148.117624][ T5847] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 148.134926][ T5847] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 148.134987][ T5847] Bluetooth: hci0: adv larger than maximum supported [ 148.142852][ T5847] Bluetooth: hci0: Malformed LE Event: 0x0d [ 148.193344][ T5187] ERROR: Out of memory at tomoyo_memory_ok. [ 149.255718][ T7593] netlink: 28 bytes leftover after parsing attributes in process `syz.2.620'. [ 149.279242][ T7593] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 149.587196][ T7600] netlink: 28 bytes leftover after parsing attributes in process `syz.2.623'. [ 151.096134][ T7626] netlink: 342 bytes leftover after parsing attributes in process `syz.0.633'. [ 152.647708][ T7677] netlink: 28 bytes leftover after parsing attributes in process `syz.2.654'. [ 152.661200][ T7679] netlink: 342 bytes leftover after parsing attributes in process `syz.1.655'. [ 152.930443][ T7686] netlink: 334 bytes leftover after parsing attributes in process `syz.1.657'. [ 153.583367][ T7708] netlink: 334 bytes leftover after parsing attributes in process `syz.3.666'. [ 153.657456][ T7711] netlink: 342 bytes leftover after parsing attributes in process `syz.1.667'. [ 153.990591][ T7724] netlink: 28 bytes leftover after parsing attributes in process `syz.1.674'. [ 154.150262][ T7729] netlink: 28 bytes leftover after parsing attributes in process `syz.1.676'. [ 154.890944][ T7745] netlink: 'syz.0.682': attribute type 15 has an invalid length. [ 154.919239][ T7745] netlink: 186 bytes leftover after parsing attributes in process `syz.0.682'. [ 155.239620][ T7749] zswap: compressor not available [ 155.496376][ T5847] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 155.674052][ T7772] netlink: 'syz.2.692': attribute type 3 has an invalid length. [ 155.934284][ T7778] netlink: 342 bytes leftover after parsing attributes in process `syz.2.694'. [ 156.174844][ T7784] netlink: 26 bytes leftover after parsing attributes in process `syz.2.697'. [ 156.204679][ T7784] openvswitch: netlink: IP tunnel dst address not specified [ 156.947954][ T7808] netlink: 28 bytes leftover after parsing attributes in process `syz.1.706'. [ 156.983720][ T7810] netlink: 12 bytes leftover after parsing attributes in process `syz.3.704'. [ 157.718916][ T7827] FAULT_INJECTION: forcing a failure. [ 157.718916][ T7827] name failslab, interval 1, probability 0, space 0, times 0 [ 157.816526][ T7827] CPU: 1 UID: 0 PID: 7827 Comm: syz.0.711 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 157.816566][ T7827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.816581][ T7827] Call Trace: [ 157.816591][ T7827] [ 157.816602][ T7827] dump_stack_lvl+0x16c/0x1f0 [ 157.816645][ T7827] should_fail_ex+0x512/0x640 [ 157.816679][ T7827] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 157.816715][ T7827] ? __pfx_sco_debugfs_open+0x10/0x10 [ 157.816746][ T7827] should_failslab+0xc2/0x120 [ 157.816770][ T7827] __kmalloc_cache_noprof+0x6a/0x3e0 [ 157.816800][ T7827] ? __pfx___debugfs_file_get+0x10/0x10 [ 157.816823][ T7827] ? single_open+0x4d/0x1f0 [ 157.816848][ T7827] ? __pfx_apparmor_file_open+0x10/0x10 [ 157.816881][ T7827] ? __pfx_sco_debugfs_open+0x10/0x10 [ 157.816912][ T7827] ? __pfx_sco_debugfs_show+0x10/0x10 [ 157.816942][ T7827] single_open+0x4d/0x1f0 [ 157.816969][ T7827] full_proxy_open_regular+0x1b9/0x360 [ 157.816997][ T7827] do_dentry_open+0x741/0x1c10 [ 157.817032][ T7827] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 157.817066][ T7827] vfs_open+0x82/0x3f0 [ 157.817097][ T7827] path_openat+0x1de4/0x2cb0 [ 157.817144][ T7827] ? __pfx_path_openat+0x10/0x10 [ 157.817179][ T7827] ? __lock_acquire+0xb8a/0x1c90 [ 157.817215][ T7827] do_filp_open+0x20b/0x470 [ 157.817261][ T7827] ? __pfx_do_filp_open+0x10/0x10 [ 157.817325][ T7827] ? alloc_fd+0x471/0x7d0 [ 157.817368][ T7827] do_sys_openat2+0x11b/0x1d0 [ 157.817394][ T7827] ? __pfx_do_sys_openat2+0x10/0x10 [ 157.817435][ T7827] __x64_sys_openat+0x174/0x210 [ 157.817463][ T7827] ? __pfx___x64_sys_openat+0x10/0x10 [ 157.817507][ T7827] do_syscall_64+0xcd/0x490 [ 157.817550][ T7827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.817575][ T7827] RIP: 0033:0x7f1ba0f8e929 [ 157.817597][ T7827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.817620][ T7827] RSP: 002b:00007f1ba1d33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 157.817645][ T7827] RAX: ffffffffffffffda RBX: 00007f1ba11b5fa0 RCX: 00007f1ba0f8e929 [ 157.817663][ T7827] RDX: 0000000000000242 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 157.817680][ T7827] RBP: 00007f1ba1010b39 R08: 0000000000000000 R09: 0000000000000000 [ 157.817695][ T7827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.817710][ T7827] R13: 0000000000000000 R14: 00007f1ba11b5fa0 R15: 00007ffc47c780e8 [ 157.817745][ T7827] [ 158.499045][ T7845] netlink: 28 bytes leftover after parsing attributes in process `syz.0.720'. [ 158.545854][ T7839] netlink: 'syz.1.715': attribute type 19 has an invalid length. [ 158.553644][ T7839] netlink: 334 bytes leftover after parsing attributes in process `syz.1.715'. [ 158.716282][ T7849] netlink: 350 bytes leftover after parsing attributes in process `syz.1.723'. [ 159.789204][ T7887] netlink: 28 bytes leftover after parsing attributes in process `syz.3.737'. [ 159.797298][ T7883] syz.2.738 (7883): /proc/7882/oom_adj is deprecated, please use /proc/7882/oom_score_adj instead. [ 159.854174][ T7889] netlink: 326 bytes leftover after parsing attributes in process `syz.1.739'. [ 160.000074][ T7893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.741'. [ 160.011585][ T7893] netlink: 8 bytes leftover after parsing attributes in process `syz.1.741'. [ 160.506534][ T7900] process 'syz.1.744' launched './file0' with NULL argv: empty string added [ 160.542922][ T7900] ERROR: Out of memory at tomoyo_memory_ok. [ 160.550241][ T7900] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/178/file0' not defined. [ 162.825878][ T7980] FAULT_INJECTION: forcing a failure. [ 162.825878][ T7980] name failslab, interval 1, probability 0, space 0, times 0 [ 162.857955][ T7980] CPU: 0 UID: 0 PID: 7980 Comm: syz.1.778 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 162.857993][ T7980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.858007][ T7980] Call Trace: [ 162.858015][ T7980] [ 162.858026][ T7980] dump_stack_lvl+0x16c/0x1f0 [ 162.858089][ T7980] should_fail_ex+0x512/0x640 [ 162.858132][ T7980] ? __kmalloc_noprof+0xbf/0x510 [ 162.858175][ T7980] ? constrain_params_by_rules+0x175/0xca0 [ 162.858210][ T7980] should_failslab+0xc2/0x120 [ 162.858236][ T7980] __kmalloc_noprof+0xd2/0x510 [ 162.858275][ T7980] ? do_raw_spin_lock+0x12c/0x2b0 [ 162.858314][ T7980] constrain_params_by_rules+0x175/0xca0 [ 162.858345][ T7980] ? mark_held_locks+0x49/0x80 [ 162.858376][ T7980] ? lockdep_hardirqs_on+0x7c/0x110 [ 162.858413][ T7980] ? stack_depot_save_flags+0x3e0/0xa40 [ 162.858447][ T7980] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 162.858485][ T7980] ? __kasan_kmalloc+0xaa/0xb0 [ 162.858516][ T7980] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 162.858543][ T7980] ? snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 162.858570][ T7980] ? snd_pcm_oss_get_formats+0x7e/0x340 [ 162.858615][ T7980] ? rcu_is_watching+0x12/0xc0 [ 162.858641][ T7980] ? snd_interval_refine+0x2fa/0x580 [ 162.858680][ T7980] snd_pcm_hw_refine+0x7de/0xad0 [ 162.858723][ T7980] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 162.858767][ T7980] ? __asan_memset+0x23/0x50 [ 162.858797][ T7980] ? _snd_pcm_hw_param_min+0x259/0x630 [ 162.858828][ T7980] snd_pcm_oss_change_params_locked+0x65e/0x3a30 [ 162.858858][ T7980] ? rcu_is_watching+0x12/0xc0 [ 162.858886][ T7980] ? lockdep_hardirqs_on+0x7c/0x110 [ 162.858926][ T7980] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 162.858958][ T7980] ? __pfx___mutex_lock+0x10/0x10 [ 162.858992][ T7980] ? tomoyo_path_number_perm+0x295/0x580 [ 162.859039][ T7980] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 162.859074][ T7980] snd_pcm_oss_get_formats+0x7e/0x340 [ 162.859098][ T7980] ? find_held_lock+0x2b/0x80 [ 162.859122][ T7980] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 162.859147][ T7980] ? __might_fault+0x13b/0x190 [ 162.859190][ T7980] snd_pcm_oss_ioctl+0x2efb/0x37a0 [ 162.859217][ T7980] ? find_held_lock+0x2b/0x80 [ 162.859240][ T7980] ? hook_file_ioctl_common+0x145/0x410 [ 162.859267][ T7980] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 162.859299][ T7980] ? __fget_files+0x20e/0x3c0 [ 162.859336][ T7980] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 162.859374][ T7980] __x64_sys_ioctl+0x18e/0x210 [ 162.859406][ T7980] do_syscall_64+0xcd/0x490 [ 162.859458][ T7980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.859485][ T7980] RIP: 0033:0x7ff97ef8e929 [ 162.859507][ T7980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.859536][ T7980] RSP: 002b:00007ff97fe04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 162.859565][ T7980] RAX: ffffffffffffffda RBX: 00007ff97f1b5fa0 RCX: 00007ff97ef8e929 [ 162.859582][ T7980] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000004 [ 162.859597][ T7980] RBP: 00007ff97f010b39 R08: 0000000000000000 R09: 0000000000000000 [ 162.859612][ T7980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.859627][ T7980] R13: 0000000000000000 R14: 00007ff97f1b5fa0 R15: 00007ffcde312db8 [ 162.859661][ T7980] [ 162.877066][ T7982] FAULT_INJECTION: forcing a failure. [ 162.877066][ T7982] name failslab, interval 1, probability 0, space 0, times 0 [ 163.235959][ T7982] CPU: 1 UID: 0 PID: 7982 Comm: syz.3.779 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 163.235996][ T7982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.236010][ T7982] Call Trace: [ 163.236019][ T7982] [ 163.236028][ T7982] dump_stack_lvl+0x16c/0x1f0 [ 163.236067][ T7982] should_fail_ex+0x512/0x640 [ 163.236099][ T7982] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 163.236137][ T7982] ? __pfx_sco_debugfs_open+0x10/0x10 [ 163.236167][ T7982] should_failslab+0xc2/0x120 [ 163.236190][ T7982] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 163.236224][ T7982] ? seq_open+0x55/0x170 [ 163.236251][ T7982] ? __pfx_sco_debugfs_open+0x10/0x10 [ 163.236281][ T7982] ? __pfx_sco_debugfs_show+0x10/0x10 [ 163.236310][ T7982] seq_open+0x55/0x170 [ 163.236333][ T7982] ? __pfx_sco_debugfs_show+0x10/0x10 [ 163.236364][ T7982] single_open+0xfc/0x1f0 [ 163.236390][ T7982] full_proxy_open_regular+0x1b9/0x360 [ 163.236421][ T7982] do_dentry_open+0x741/0x1c10 [ 163.236456][ T7982] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 163.236490][ T7982] vfs_open+0x82/0x3f0 [ 163.236520][ T7982] path_openat+0x1de4/0x2cb0 [ 163.236566][ T7982] ? __pfx_path_openat+0x10/0x10 [ 163.236601][ T7982] ? __lock_acquire+0xb8a/0x1c90 [ 163.236644][ T7982] do_filp_open+0x20b/0x470 [ 163.236677][ T7982] ? __pfx_do_filp_open+0x10/0x10 [ 163.236734][ T7982] ? alloc_fd+0x471/0x7d0 [ 163.236774][ T7982] do_sys_openat2+0x11b/0x1d0 [ 163.236800][ T7982] ? __pfx_do_sys_openat2+0x10/0x10 [ 163.236841][ T7982] __x64_sys_openat+0x174/0x210 [ 163.236868][ T7982] ? __pfx___x64_sys_openat+0x10/0x10 [ 163.236910][ T7982] do_syscall_64+0xcd/0x490 [ 163.236947][ T7982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.236972][ T7982] RIP: 0033:0x7f86bcf8e929 [ 163.236993][ T7982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.237015][ T7982] RSP: 002b:00007f86bdd59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 163.237039][ T7982] RAX: ffffffffffffffda RBX: 00007f86bd1b5fa0 RCX: 00007f86bcf8e929 [ 163.237055][ T7982] RDX: 0000000000000242 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 163.237071][ T7982] RBP: 00007f86bd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 163.237086][ T7982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.237100][ T7982] R13: 0000000000000000 R14: 00007f86bd1b5fa0 R15: 00007ffe7a641d38 [ 163.237133][ T7982] [ 163.991843][ T5847] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 164.325946][ T8013] netlink: 342 bytes leftover after parsing attributes in process `syz.1.790'. [ 164.480207][ T8016] netlink: 206 bytes leftover after parsing attributes in process `syz.3.793'. [ 164.498383][ T8017] FAULT_INJECTION: forcing a failure. [ 164.498383][ T8017] name failslab, interval 1, probability 0, space 0, times 0 [ 164.511298][ T8017] CPU: 0 UID: 0 PID: 8017 Comm: syz.2.792 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 164.511333][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.511348][ T8017] Call Trace: [ 164.511357][ T8017] [ 164.511367][ T8017] dump_stack_lvl+0x16c/0x1f0 [ 164.511410][ T8017] should_fail_ex+0x512/0x640 [ 164.511444][ T8017] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 164.511484][ T8017] ? __pfx_sco_debugfs_open+0x10/0x10 [ 164.511528][ T8017] should_failslab+0xc2/0x120 [ 164.511553][ T8017] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 164.511590][ T8017] ? seq_open+0x55/0x170 [ 164.511619][ T8017] ? __pfx_sco_debugfs_open+0x10/0x10 [ 164.511649][ T8017] ? __pfx_sco_debugfs_show+0x10/0x10 [ 164.511679][ T8017] seq_open+0x55/0x170 [ 164.511702][ T8017] ? __pfx_sco_debugfs_show+0x10/0x10 [ 164.511734][ T8017] single_open+0xfc/0x1f0 [ 164.511761][ T8017] full_proxy_open_regular+0x1b9/0x360 [ 164.511792][ T8017] do_dentry_open+0x741/0x1c10 [ 164.511828][ T8017] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 164.511863][ T8017] vfs_open+0x82/0x3f0 [ 164.511893][ T8017] path_openat+0x1de4/0x2cb0 [ 164.511939][ T8017] ? __pfx_path_openat+0x10/0x10 [ 164.511974][ T8017] ? __lock_acquire+0xb8a/0x1c90 [ 164.512010][ T8017] do_filp_open+0x20b/0x470 [ 164.512045][ T8017] ? __pfx_do_filp_open+0x10/0x10 [ 164.512105][ T8017] ? alloc_fd+0x471/0x7d0 [ 164.512147][ T8017] do_sys_openat2+0x11b/0x1d0 [ 164.512174][ T8017] ? __pfx_do_sys_openat2+0x10/0x10 [ 164.512216][ T8017] __x64_sys_openat+0x174/0x210 [ 164.512244][ T8017] ? __pfx___x64_sys_openat+0x10/0x10 [ 164.512282][ T8017] do_syscall_64+0xcd/0x490 [ 164.512320][ T8017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.512345][ T8017] RIP: 0033:0x7f650a78e929 [ 164.512365][ T8017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.512388][ T8017] RSP: 002b:00007f650b64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 164.512412][ T8017] RAX: ffffffffffffffda RBX: 00007f650a9b5fa0 RCX: 00007f650a78e929 [ 164.512429][ T8017] RDX: 0000000000000242 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 164.512444][ T8017] RBP: 00007f650a810b39 R08: 0000000000000000 R09: 0000000000000000 [ 164.512459][ T8017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.512473][ T8017] R13: 0000000000000000 R14: 00007f650a9b5fa0 R15: 00007fff6868ab58 [ 164.512514][ T8017] [ 164.964200][ T8027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.798'. [ 164.982889][ T8027] netlink: 5 bytes leftover after parsing attributes in process `syz.0.798'. [ 164.994685][ T8027] netlink: 16 bytes leftover after parsing attributes in process `syz.0.798'. [ 165.269616][ T5847] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 165.558223][ T8049] netlink: 'syz.1.807': attribute type 16 has an invalid length. [ 165.577475][ T8049] netlink: 306 bytes leftover after parsing attributes in process `syz.1.807'. [ 166.150577][ T8070] netlink: 334 bytes leftover after parsing attributes in process `syz.2.816'. [ 166.642188][ T8090] netlink: 'syz.2.825': attribute type 1 has an invalid length. [ 166.652378][ T8089] netlink: 342 bytes leftover after parsing attributes in process `syz.1.824'. [ 166.993014][ T8104] FAULT_INJECTION: forcing a failure. [ 166.993014][ T8104] name failslab, interval 1, probability 0, space 0, times 0 [ 167.063671][ T8104] CPU: 0 UID: 0 PID: 8104 Comm: syz.1.829 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 167.063710][ T8104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.063726][ T8104] Call Trace: [ 167.063735][ T8104] [ 167.063745][ T8104] dump_stack_lvl+0x16c/0x1f0 [ 167.063788][ T8104] should_fail_ex+0x512/0x640 [ 167.063821][ T8104] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 167.063860][ T8104] ? __pfx_sco_debugfs_open+0x10/0x10 [ 167.063892][ T8104] should_failslab+0xc2/0x120 [ 167.063918][ T8104] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 167.063953][ T8104] ? seq_open+0x55/0x170 [ 167.063982][ T8104] ? __pfx_sco_debugfs_open+0x10/0x10 [ 167.064012][ T8104] ? __pfx_sco_debugfs_show+0x10/0x10 [ 167.064043][ T8104] seq_open+0x55/0x170 [ 167.064067][ T8104] ? __pfx_sco_debugfs_show+0x10/0x10 [ 167.064099][ T8104] single_open+0xfc/0x1f0 [ 167.064126][ T8104] full_proxy_open_regular+0x1b9/0x360 [ 167.064158][ T8104] do_dentry_open+0x741/0x1c10 [ 167.064203][ T8104] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 167.064239][ T8104] vfs_open+0x82/0x3f0 [ 167.064272][ T8104] path_openat+0x1de4/0x2cb0 [ 167.064319][ T8104] ? __pfx_path_openat+0x10/0x10 [ 167.064352][ T8104] ? __lock_acquire+0xb8a/0x1c90 [ 167.064388][ T8104] do_filp_open+0x20b/0x470 [ 167.064417][ T8104] ? __pfx_do_filp_open+0x10/0x10 [ 167.064472][ T8104] ? alloc_fd+0x471/0x7d0 [ 167.064513][ T8104] do_sys_openat2+0x11b/0x1d0 [ 167.064539][ T8104] ? __pfx_do_sys_openat2+0x10/0x10 [ 167.064580][ T8104] __x64_sys_openat+0x174/0x210 [ 167.064606][ T8104] ? __pfx___x64_sys_openat+0x10/0x10 [ 167.064648][ T8104] do_syscall_64+0xcd/0x490 [ 167.064686][ T8104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.064711][ T8104] RIP: 0033:0x7ff97ef8e929 [ 167.064730][ T8104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.064754][ T8104] RSP: 002b:00007ff97fe04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 167.064777][ T8104] RAX: ffffffffffffffda RBX: 00007ff97f1b5fa0 RCX: 00007ff97ef8e929 [ 167.064792][ T8104] RDX: 0000000000000242 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 167.064804][ T8104] RBP: 00007ff97f010b39 R08: 0000000000000000 R09: 0000000000000000 [ 167.064815][ T8104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.064828][ T8104] R13: 0000000000000000 R14: 00007ff97f1b5fa0 R15: 00007ffcde312db8 [ 167.064862][ T8104] [ 167.496359][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.1.835'. [ 167.508805][ T8116] netlink: 25 bytes leftover after parsing attributes in process `syz.1.835'. [ 167.667548][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.1.839'. [ 167.854522][ T8126] Console: switching to colour VGA+ 80x25 [ 167.903122][ T8129] netlink: 342 bytes leftover after parsing attributes in process `syz.2.842'. [ 167.914729][ T8126] ================================================================== [ 167.914748][ T8126] BUG: KASAN: slab-use-after-free in fbcon_prepare_logo+0xa03/0xc70 [ 167.914794][ T8126] Read of size 256 at addr ffff88807a888860 by task syz.3.841/8126 [ 167.914816][ T8126] [ 167.914829][ T8126] CPU: 1 UID: 0 PID: 8126 Comm: syz.3.841 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 167.914862][ T8126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.914877][ T8126] Call Trace: [ 167.914885][ T8126] [ 167.914896][ T8126] dump_stack_lvl+0x116/0x1f0 [ 167.914941][ T8126] print_report+0xcd/0x680 [ 167.914963][ T8126] ? __virt_addr_valid+0x81/0x610 [ 167.914989][ T8126] ? __phys_addr+0xe8/0x180 [ 167.915015][ T8126] ? fbcon_prepare_logo+0xa03/0xc70 [ 167.915049][ T8126] kasan_report+0xe0/0x110 [ 167.915073][ T8126] ? fbcon_prepare_logo+0xa03/0xc70 [ 167.915113][ T8126] kasan_check_range+0x100/0x1b0 [ 167.915140][ T8126] __asan_memcpy+0x23/0x60 [ 167.915170][ T8126] fbcon_prepare_logo+0xa03/0xc70 [ 167.915210][ T8126] fbcon_init+0xd77/0x1900 [ 167.915243][ T8126] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 167.915282][ T8126] visual_init+0x320/0x620 [ 167.915313][ T8126] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 167.915349][ T8126] store_bind+0x61d/0x760 [ 167.915380][ T8126] ? sysfs_file_kobj+0xe4/0x290 [ 167.915408][ T8126] ? __pfx_store_bind+0x10/0x10 [ 167.915437][ T8126] dev_attr_store+0x55/0x80 [ 167.915458][ T8126] ? __pfx_dev_attr_store+0x10/0x10 [ 167.915478][ T8126] sysfs_kf_write+0xf2/0x150 [ 167.915506][ T8126] kernfs_fop_write_iter+0x354/0x510 [ 167.915530][ T8126] ? __pfx_sysfs_kf_write+0x10/0x10 [ 167.915559][ T8126] vfs_write+0x6c7/0x1150 [ 167.915591][ T8126] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 167.915618][ T8126] ? __pfx___mutex_lock+0x10/0x10 [ 167.915653][ T8126] ? __pfx_vfs_write+0x10/0x10 [ 167.915689][ T8126] ksys_write+0x12a/0x250 [ 167.915718][ T8126] ? __pfx_ksys_write+0x10/0x10 [ 167.915753][ T8126] do_syscall_64+0xcd/0x490 [ 167.915786][ T8126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.915812][ T8126] RIP: 0033:0x7f86bcf8e929 [ 167.915833][ T8126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.915856][ T8126] RSP: 002b:00007f86bdd59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 167.915879][ T8126] RAX: ffffffffffffffda RBX: 00007f86bd1b5fa0 RCX: 00007f86bcf8e929 [ 167.915896][ T8126] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 167.915911][ T8126] RBP: 00007f86bd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 167.915938][ T8126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.915953][ T8126] R13: 0000000000000000 R14: 00007f86bd1b5fa0 R15: 00007ffe7a641d38 [ 167.915979][ T8126] [ 167.915987][ T8126] [ 167.915994][ T8126] Allocated by task 8081: [ 167.916005][ T8126] kasan_save_stack+0x33/0x60 [ 167.916037][ T8126] kasan_save_track+0x14/0x30 [ 167.916068][ T8126] __kasan_kmalloc+0xaa/0xb0 [ 167.916098][ T8126] __kmalloc_noprof+0x223/0x510 [ 167.916128][ T8126] tomoyo_realpath_from_path+0xc2/0x6e0 [ 167.916156][ T8126] tomoyo_path_perm+0x274/0x460 [ 167.916175][ T8126] tomoyo_path_symlink+0x97/0xe0 [ 167.916205][ T8126] security_path_symlink+0x152/0x2e0 [ 167.916226][ T8126] do_symlinkat+0x10d/0x310 [ 167.916252][ T8126] __x64_sys_symlinkat+0x93/0xc0 [ 167.916282][ T8126] do_syscall_64+0xcd/0x490 [ 167.916310][ T8126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.916330][ T8126] [ 167.916335][ T8126] Freed by task 8081: [ 167.916344][ T8126] kasan_save_stack+0x33/0x60 [ 167.916370][ T8126] kasan_save_track+0x14/0x30 [ 167.916397][ T8126] kasan_save_free_info+0x3b/0x60 [ 167.916420][ T8126] __kasan_slab_free+0x51/0x70 [ 167.916450][ T8126] kfree+0x2b4/0x4d0 [ 167.916474][ T8126] tomoyo_realpath_from_path+0x19f/0x6e0 [ 167.916501][ T8126] tomoyo_path_perm+0x274/0x460 [ 167.916523][ T8126] tomoyo_path_symlink+0x97/0xe0 [ 167.916551][ T8126] security_path_symlink+0x152/0x2e0 [ 167.916573][ T8126] do_symlinkat+0x10d/0x310 [ 167.916599][ T8126] __x64_sys_symlinkat+0x93/0xc0 [ 167.916631][ T8126] do_syscall_64+0xcd/0x490 [ 167.916660][ T8126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.916681][ T8126] [ 167.916686][ T8126] The buggy address belongs to the object at ffff88807a888000 [ 167.916686][ T8126] which belongs to the cache kmalloc-4k of size 4096 [ 167.916703][ T8126] The buggy address is located 2144 bytes inside of [ 167.916703][ T8126] freed 4096-byte region [ffff88807a888000, ffff88807a889000) [ 167.916726][ T8126] [ 167.916732][ T8126] The buggy address belongs to the physical page: [ 167.916751][ T8126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a888 [ 167.916772][ T8126] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 167.916790][ T8126] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 167.916811][ T8126] page_type: f5(slab) [ 167.916832][ T8126] raw: 00fff00000000040 ffff88801b842140 dead000000000100 dead000000000122 [ 167.916853][ T8126] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 167.916876][ T8126] head: 00fff00000000040 ffff88801b842140 dead000000000100 dead000000000122 [ 167.916896][ T8126] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 167.916916][ T8126] head: 00fff00000000003 ffffea0001ea2201 00000000ffffffff 00000000ffffffff [ 167.916945][ T8126] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 167.916958][ T8126] page dumped because: kasan: bad access detected [ 167.916975][ T8126] page_owner tracks the page as allocated [ 167.916984][ T8126] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5202, tgid 5202 (udevd), ts 133352796362, free_ts 133279603244 [ 167.917026][ T8126] post_alloc_hook+0x1c0/0x230 [ 167.917055][ T8126] get_page_from_freelist+0x1321/0x3890 [ 167.917086][ T8126] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 167.917118][ T8126] alloc_pages_mpol+0x1fb/0x550 [ 167.917138][ T8126] new_slab+0x23b/0x330 [ 167.917162][ T8126] ___slab_alloc+0xd9c/0x1940 [ 167.917188][ T8126] __slab_alloc.constprop.0+0x56/0xb0 [ 167.917216][ T8126] __kmalloc_cache_noprof+0xfb/0x3e0 [ 167.917247][ T8126] uevent_show+0x165/0x3a0 [ 167.917276][ T8126] dev_attr_show+0x56/0xe0 [ 167.917296][ T8126] sysfs_kf_seq_show+0x216/0x3e0 [ 167.917324][ T8126] seq_read_iter+0x506/0x12c0 [ 167.917350][ T8126] kernfs_fop_read_iter+0x40f/0x5a0 [ 167.917371][ T8126] vfs_read+0x8bf/0xc60 [ 167.917397][ T8126] ksys_read+0x12a/0x250 [ 167.917425][ T8126] do_syscall_64+0xcd/0x490 [ 167.917456][ T8126] page last free pid 7103 tgid 7102 stack trace: [ 167.917469][ T8126] __free_frozen_pages+0x7fe/0x1180 [ 167.917496][ T8126] __put_partials+0x16d/0x1c0 [ 167.917521][ T8126] qlist_free_all+0x4d/0x120 [ 167.917548][ T8126] kasan_quarantine_reduce+0x195/0x1e0 [ 167.917578][ T8126] __kasan_slab_alloc+0x69/0x90 [ 167.917610][ T8126] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 167.917637][ T8126] __kthread_create_on_node+0xce/0x3f0 [ 167.917665][ T8126] kthread_create_on_node+0xc7/0x100 [ 167.917691][ T8126] rxrpc_open_socket+0x3db/0x6b0 [ 167.917715][ T8126] rxrpc_lookup_local+0xa01/0x1220 [ 167.917740][ T8126] rxrpc_bind+0x369/0x5a0 [ 167.917768][ T8126] kernel_bind+0xff/0x180 [ 167.917789][ T8126] afs_open_socket+0x254/0x400 [ 167.917818][ T8126] afs_net_init+0x825/0xb00 [ 167.917838][ T8126] ops_init+0x1e2/0x5f0 [ 167.917857][ T8126] setup_net+0x1ff/0x510 [ 167.917877][ T8126] [ 167.917882][ T8126] Memory state around the buggy address: [ 167.917895][ T8126] ffff88807a888700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 167.917912][ T8126] ffff88807a888780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 167.917938][ T8126] >ffff88807a888800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 167.917951][ T8126] ^ [ 167.917966][ T8126] ffff88807a888880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 167.917983][ T8126] ffff88807a888900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 167.917998][ T8126] ================================================================== [ 167.918168][ T8126] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 167.918186][ T8126] CPU: 1 UID: 0 PID: 8126 Comm: syz.3.841 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) [ 167.918220][ T8126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.918235][ T8126] Call Trace: [ 167.918244][ T8126] [ 167.918253][ T8126] dump_stack_lvl+0x3d/0x1f0 [ 167.918290][ T8126] panic+0x71c/0x800 [ 167.918321][ T8126] ? __pfx_panic+0x10/0x10 [ 167.918350][ T8126] ? irqentry_exit+0x3b/0x90 [ 167.918383][ T8126] ? lockdep_hardirqs_on+0x7c/0x110 [ 167.918417][ T8126] ? preempt_schedule_thunk+0x16/0x30 [ 167.918443][ T8126] ? fbcon_prepare_logo+0xa03/0xc70 [ 167.918475][ T8126] ? preempt_schedule_common+0x44/0xc0 [ 167.918510][ T8126] ? fbcon_prepare_logo+0xa03/0xc70 [ 167.918540][ T8126] check_panic_on_warn+0xab/0xb0 [ 167.918571][ T8126] end_report+0x107/0x170 [ 167.918603][ T8126] kasan_report+0xee/0x110 [ 167.918623][ T8126] ? fbcon_prepare_logo+0xa03/0xc70 [ 167.918658][ T8126] kasan_check_range+0x100/0x1b0 [ 167.918681][ T8126] __asan_memcpy+0x23/0x60 [ 167.918708][ T8126] fbcon_prepare_logo+0xa03/0xc70 [ 167.918749][ T8126] fbcon_init+0xd77/0x1900 [ 167.918784][ T8126] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 167.918824][ T8126] visual_init+0x320/0x620 [ 167.918855][ T8126] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 167.918892][ T8126] store_bind+0x61d/0x760 [ 167.918934][ T8126] ? sysfs_file_kobj+0xe4/0x290 [ 167.918963][ T8126] ? __pfx_store_bind+0x10/0x10 [ 167.918996][ T8126] dev_attr_store+0x55/0x80 [ 167.919019][ T8126] ? __pfx_dev_attr_store+0x10/0x10 [ 167.919041][ T8126] sysfs_kf_write+0xf2/0x150 [ 167.919071][ T8126] kernfs_fop_write_iter+0x354/0x510 [ 167.919096][ T8126] ? __pfx_sysfs_kf_write+0x10/0x10 [ 167.919126][ T8126] vfs_write+0x6c7/0x1150 [ 167.919158][ T8126] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 167.919183][ T8126] ? __pfx___mutex_lock+0x10/0x10 [ 167.919218][ T8126] ? __pfx_vfs_write+0x10/0x10 [ 167.919261][ T8126] ksys_write+0x12a/0x250 [ 167.919293][ T8126] ? __pfx_ksys_write+0x10/0x10 [ 167.919330][ T8126] do_syscall_64+0xcd/0x490 [ 167.919363][ T8126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.919388][ T8126] RIP: 0033:0x7f86bcf8e929 [ 167.919406][ T8126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.919430][ T8126] RSP: 002b:00007f86bdd59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 167.919455][ T8126] RAX: ffffffffffffffda RBX: 00007f86bd1b5fa0 RCX: 00007f86bcf8e929 [ 167.919473][ T8126] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 167.919488][ T8126] RBP: 00007f86bd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 167.919509][ T8126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.919524][ T8126] R13: 0000000000000000 R14: 00007f86bd1b5fa0 R15: 00007ffe7a641d38 [ 167.919549][ T8126] [ 167.919808][ T8126] Kernel Offset: disabled