last executing test programs: 4.95296004s ago: executing program 1 (id=2503): madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) 2.954615206s ago: executing program 3 (id=2512): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0), 0x55) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) io_uring_setup$auto(0x6, 0x0) write$auto(0x3, 0x0, 0xfdef) 2.671561827s ago: executing program 0 (id=2513): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/smaps\x00', 0xc0000, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) readahead$auto(r0, 0x4, 0x3) 2.236947518s ago: executing program 2 (id=2516): rseq$auto(&(0x7f00000002c0)={0xe, 0x400, 0x0, 0x20006, 0xffffffff, 0x2}, 0xfffffff4, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fcntl$auto(r0, 0x400, 0x1) truncate$auto(&(0x7f0000000080)='./file0\x00', 0x7f) close_range$auto(0x0, 0x5, 0x0) 2.236868272s ago: executing program 3 (id=2517): open(&(0x7f0000000000)='./file0\x00', 0xa09c2, 0xa4) socket(0x2, 0x801, 0x100) pipe$auto(&(0x7f0000000040)=0xffffffffffffffff) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfffffdef) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/4096, 0x1000) 1.91271713s ago: executing program 3 (id=2518): fanotify_init$auto(0x5, 0x0) mmap$auto(0x0, 0x400005, 0xffffffffffeffffe, 0x9b72, 0xc76, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="0100", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x3, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto(0x3, 0x0, 0x100082) 1.890261603s ago: executing program 2 (id=2519): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a0005000700000000000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.791793202s ago: executing program 0 (id=2520): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/irq/1/node\x00', 0x482, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0x10ffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7) 1.574755367s ago: executing program 1 (id=2521): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="e2000000", @ANYBLOB="01002d"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x8}, 0x3, 0x0) 1.557483743s ago: executing program 2 (id=2522): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x80, 0x0, 0x14) io_uring_setup$auto(0x3ff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 1.270818392s ago: executing program 2 (id=2523): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3ff, 0x8000) r0 = socket(0x10, 0x2, 0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x6000, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 1.243279104s ago: executing program 1 (id=2524): mkdir$auto(0x0, 0x8001) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) prctl$auto_PR_SCHED_CORE_CREATE(0x1, 0x1, 0x0, 0x0, 0x4) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000002c0), 0x44100, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x40146f2c, 0x0) 997.938118ms ago: executing program 2 (id=2525): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) pipe$auto(0x0) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) ioctl$auto_VHOST_SET_FEATURES2(r0, 0x4008af00, 0x0) 996.450515ms ago: executing program 0 (id=2526): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14abfd) prctl$auto(0x1000000001c, 0x5, 0x0, 0x400000000009, 0x3fffffffff) setreuid$auto(0x0, 0x5) fcntl$auto(r0, 0x400, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x163) close_range$auto(0x2, 0x8, 0x0) 908.066968ms ago: executing program 1 (id=2527): open(&(0x7f0000000000)='./file0\x00', 0xa09c2, 0xa4) socket(0x2, 0x801, 0x100) pipe$auto(&(0x7f0000000040)=0xffffffffffffffff) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfffffdef) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/4096, 0x1000) 705.870295ms ago: executing program 2 (id=2528): mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) socket(0x21, 0x2, 0x2) openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x40, 0x10, 0xc}, 0x18) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) dup2$auto(0x5, 0x4) 705.282539ms ago: executing program 3 (id=2529): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x2, 0x801, 0x106) r1 = epoll_create$auto(0x3e) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) sendmsg$auto_NLBL_MGMT_C_LISTDEF(r0, 0x0, 0x24008000) 632.556901ms ago: executing program 0 (id=2530): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x3, 0x0, 0x0) timer_create$auto(0x9, 0x0, 0x0) r0 = openat$auto_proc_timers_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0x1a3540, 0x0) read$auto_proc_timers_operations_base(r0, &(0x7f0000000080)=""/184, 0xb8) read$auto_proc_timers_operations_base(r0, &(0x7f0000000180)=""/159, 0x9f) 546.514269ms ago: executing program 1 (id=2531): socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) socket(0x18, 0xa, 0x1) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080), 0x6b) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) 438.190545ms ago: executing program 3 (id=2532): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) eventfd$auto(0xc) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x0) 343.776903ms ago: executing program 0 (id=2533): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) semctl$auto(0x8, 0x804, 0x3, 0x6) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) writev$auto(r0, &(0x7f0000000340)={0x0, 0xda7e}, 0x9) 292.462351ms ago: executing program 1 (id=2534): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0xfffffdef) 193.986922ms ago: executing program 3 (id=2535): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/irq/1/node\x00', 0x482, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0x10ffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7) 0s ago: executing program 0 (id=2536): mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x40000000029, 0x50, 0xfffffffffffffffe, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts. [ 93.148984][ T5818] cgroup: Unknown subsys name 'net' [ 93.299390][ T5818] cgroup: Unknown subsys name 'cpuset' [ 93.309165][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 95.150833][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.505804][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.515598][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.545167][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.553441][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.570989][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.578994][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.579698][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.595188][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.595808][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.610192][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.611867][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.639010][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.646445][ T5151] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.651593][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.654669][ T5151] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.661800][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.669482][ T5151] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.677364][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.718835][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.727093][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.198114][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 98.436471][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 98.526877][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 98.554451][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 98.567440][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.574766][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.582275][ T5829] bridge_slave_0: entered allmulticast mode [ 98.590574][ T5829] bridge_slave_0: entered promiscuous mode [ 98.600013][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.607305][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.614625][ T5829] bridge_slave_1: entered allmulticast mode [ 98.622338][ T5829] bridge_slave_1: entered promiscuous mode [ 98.736281][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.777274][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.874791][ T5829] team0: Port device team_slave_0 added [ 98.920009][ T5829] team0: Port device team_slave_1 added [ 98.952474][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.959853][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.967227][ T5831] bridge_slave_0: entered allmulticast mode [ 98.975437][ T5831] bridge_slave_0: entered promiscuous mode [ 98.982922][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.990517][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.997839][ T5830] bridge_slave_0: entered allmulticast mode [ 99.006020][ T5830] bridge_slave_0: entered promiscuous mode [ 99.026831][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.034237][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.041456][ T5828] bridge_slave_0: entered allmulticast mode [ 99.049051][ T5828] bridge_slave_0: entered promiscuous mode [ 99.056773][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.064162][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.071571][ T5831] bridge_slave_1: entered allmulticast mode [ 99.079167][ T5831] bridge_slave_1: entered promiscuous mode [ 99.086173][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.093333][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.101021][ T5830] bridge_slave_1: entered allmulticast mode [ 99.108626][ T5830] bridge_slave_1: entered promiscuous mode [ 99.132567][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.140308][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.166896][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.178824][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.186223][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.193438][ T5828] bridge_slave_1: entered allmulticast mode [ 99.202910][ T5828] bridge_slave_1: entered promiscuous mode [ 99.258265][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.265344][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.292297][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.356893][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.369718][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.382206][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.396224][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.408538][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.421671][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.498882][ T5828] team0: Port device team_slave_0 added [ 99.509360][ T5828] team0: Port device team_slave_1 added [ 99.575519][ T5831] team0: Port device team_slave_0 added [ 99.598536][ T5830] team0: Port device team_slave_0 added [ 99.608106][ T5830] team0: Port device team_slave_1 added [ 99.631233][ T5831] team0: Port device team_slave_1 added [ 99.643458][ T5829] hsr_slave_0: entered promiscuous mode [ 99.651191][ T5829] hsr_slave_1: entered promiscuous mode [ 99.673408][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.680584][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.707341][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.707445][ T5845] Bluetooth: hci1: command tx timeout [ 99.718726][ T5151] Bluetooth: hci0: command tx timeout [ 99.724267][ T5840] Bluetooth: hci3: command tx timeout [ 99.732890][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.742136][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.768227][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.784446][ T5840] Bluetooth: hci2: command tx timeout [ 99.829338][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.836629][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.862725][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.899790][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.907181][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.933596][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.945752][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.952755][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.979322][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.007191][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.014519][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.040726][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.117388][ T5828] hsr_slave_0: entered promiscuous mode [ 100.123915][ T5828] hsr_slave_1: entered promiscuous mode [ 100.130380][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.138691][ T5828] Cannot create hsr debugfs directory [ 100.210491][ T5831] hsr_slave_0: entered promiscuous mode [ 100.218403][ T5831] hsr_slave_1: entered promiscuous mode [ 100.225326][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.232931][ T5831] Cannot create hsr debugfs directory [ 100.281403][ T5830] hsr_slave_0: entered promiscuous mode [ 100.288596][ T5830] hsr_slave_1: entered promiscuous mode [ 100.296058][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.303662][ T5830] Cannot create hsr debugfs directory [ 100.792679][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.808325][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.832083][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.845936][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.940055][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.952734][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.968666][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.980478][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 101.076639][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.091351][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.123700][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.136868][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.241668][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.266019][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 101.277531][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.289311][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 101.309617][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.375287][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.410389][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.418004][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.461723][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.468955][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.526729][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.562427][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.618262][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.629345][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.636653][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.672534][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.679791][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.727619][ T5829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 101.760235][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.787376][ T5840] Bluetooth: hci0: command tx timeout [ 101.792874][ T5840] Bluetooth: hci3: command tx timeout [ 101.798744][ T5845] Bluetooth: hci1: command tx timeout [ 101.820082][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.827380][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.860657][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.877928][ T5840] Bluetooth: hci2: command tx timeout [ 101.889934][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.897195][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.018700][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.078841][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.086134][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.131362][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.138661][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.288948][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.362602][ T978] cfg80211: failed to load regulatory.db [ 102.477868][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.523529][ T5829] veth0_vlan: entered promiscuous mode [ 102.567892][ T5829] veth1_vlan: entered promiscuous mode [ 102.690266][ T5831] veth0_vlan: entered promiscuous mode [ 102.702142][ T5829] veth0_macvtap: entered promiscuous mode [ 102.727755][ T5829] veth1_macvtap: entered promiscuous mode [ 102.767722][ T5831] veth1_vlan: entered promiscuous mode [ 102.820158][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.871171][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.885555][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.921430][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.930897][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.941420][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.952858][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.995940][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.034450][ T5831] veth0_macvtap: entered promiscuous mode [ 103.100025][ T5831] veth1_macvtap: entered promiscuous mode [ 103.167670][ T5828] veth0_vlan: entered promiscuous mode [ 103.207252][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.233430][ T5828] veth1_vlan: entered promiscuous mode [ 103.255644][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.271377][ T5830] veth0_vlan: entered promiscuous mode [ 103.282648][ T5831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.285040][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.298623][ T5831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.309121][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.317622][ T5831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.326817][ T5831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.383846][ T5830] veth1_vlan: entered promiscuous mode [ 103.411761][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.420518][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.498555][ T5828] veth0_macvtap: entered promiscuous mode [ 103.556534][ T5828] veth1_macvtap: entered promiscuous mode [ 103.572657][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.580850][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 103.587592][ T5830] veth0_macvtap: entered promiscuous mode [ 103.604111][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.637220][ T5830] veth1_macvtap: entered promiscuous mode [ 103.694918][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.711885][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.715185][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.730222][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.759876][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.802473][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.817066][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.826782][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.839574][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.848300][ T5923] Zero length message leads to an empty skb [ 103.862812][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.871597][ T5840] Bluetooth: hci0: command tx timeout [ 103.877542][ T5845] Bluetooth: hci3: command tx timeout [ 103.877834][ T5151] Bluetooth: hci1: command tx timeout [ 103.900092][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.911242][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.920721][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.929628][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.944824][ T5151] Bluetooth: hci2: command tx timeout [ 104.194745][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.202717][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.390896][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.406136][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.415062][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.422981][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.573295][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.604306][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.902907][ T5937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9'. [ 105.945461][ T5151] Bluetooth: hci0: command tx timeout [ 105.950983][ T5151] Bluetooth: hci3: command tx timeout [ 105.954099][ T5840] Bluetooth: hci1: command tx timeout [ 106.024650][ T5845] Bluetooth: hci2: command tx timeout [ 107.762550][ T6020] netlink: 346 bytes leftover after parsing attributes in process `syz.3.45'. [ 107.801186][ T6022] process 'syz.0.46' launched '/dev/fd/4' with NULL argv: empty string added [ 108.295204][ T6038] netlink: 354 bytes leftover after parsing attributes in process `syz.3.51'. [ 109.026021][ T6058] tipc: Started in network mode [ 109.031161][ T6058] tipc: Node identity ee00, cluster identity 4711 [ 109.094229][ T6058] tipc: Node number set to 60928 [ 109.910532][ T6079] bridge0: port 3(gretap0) entered blocking state [ 109.931264][ T6079] bridge0: port 3(gretap0) entered disabled state [ 109.968335][ T6079] gretap0: entered allmulticast mode [ 109.980604][ T6079] gretap0: entered promiscuous mode [ 110.000935][ T6079] bridge0: port 3(gretap0) entered blocking state [ 110.004328][ T6083] netlink: 28 bytes leftover after parsing attributes in process `syz.1.70'. [ 110.007806][ T6079] bridge0: port 3(gretap0) entered forwarding state [ 110.235804][ T6087] sctp: [Deprecated]: syz.3.71 (pid 6087) Use of int in max_burst socket option deprecated. [ 110.235804][ T6087] Use struct sctp_assoc_value instead [ 112.911474][ T6166] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 114.506936][ T6206] mmap: syz.2.118 (6206) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 115.094077][ T30] audit: type=1804 audit(1751564363.200:2): pid=6226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.127" name="/newroot/32/file0" dev="tmpfs" ino=181 res=1 errno=0 [ 115.131363][ T30] audit: type=1800 audit(1751564363.200:3): pid=6226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.127" name="file0" dev="tmpfs" ino=181 res=0 errno=0 [ 115.156650][ T30] audit: type=1800 audit(1751564363.210:4): pid=6226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.127" name="file0" dev="tmpfs" ino=181 res=0 errno=0 [ 115.533227][ T6243] netlink: 342 bytes leftover after parsing attributes in process `syz.1.133'. [ 117.171267][ T6290] netlink: 8 bytes leftover after parsing attributes in process `syz.3.153'. [ 117.396574][ T6296] netlink: 330 bytes leftover after parsing attributes in process `syz.0.154'. [ 117.685418][ T5845] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 117.685468][ T5845] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 117.703933][ T5845] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 117.707126][ T5845] Bluetooth: hci0: adv larger than maximum supported [ 117.715919][ T5845] Bluetooth: hci0: adv larger than maximum supported [ 117.722671][ T5845] Bluetooth: hci0: Malformed LE Event: 0x0d [ 118.184991][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.194700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 118.894427][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 120.590580][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.744276][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.827912][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.956756][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.324978][ T36] gretap0: left allmulticast mode [ 121.330233][ T36] gretap0: left promiscuous mode [ 121.355989][ T36] bridge0: port 3(gretap0) entered disabled state [ 121.389805][ T36] bridge_slave_1: left allmulticast mode [ 121.404854][ T36] bridge_slave_1: left promiscuous mode [ 121.410821][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.446218][ T36] bridge_slave_0: left allmulticast mode [ 121.465037][ T36] bridge_slave_0: left promiscuous mode [ 121.470915][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.866443][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 121.884290][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 121.898966][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 121.909912][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 121.919291][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 123.069626][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.102158][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.123701][ T36] bond0 (unregistering): Released all slaves [ 124.024673][ T5845] Bluetooth: hci0: command tx timeout [ 124.108204][ T36] hsr_slave_0: left promiscuous mode [ 124.145415][ T36] hsr_slave_1: left promiscuous mode [ 124.178062][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.226239][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.267687][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.303569][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.420118][ T36] veth1_macvtap: left promiscuous mode [ 124.432592][ T36] veth0_macvtap: left promiscuous mode [ 124.442615][ T36] veth1_vlan: left promiscuous mode [ 124.452762][ T36] veth0_vlan: left promiscuous mode [ 126.105237][ T5845] Bluetooth: hci0: command tx timeout [ 126.192133][ T36] team0 (unregistering): Port device team_slave_1 removed [ 126.307786][ T36] team0 (unregistering): Port device team_slave_0 removed [ 127.842817][ T6401] chnl_net:caif_netlink_parms(): no params data found [ 128.184696][ T5845] Bluetooth: hci0: command tx timeout [ 128.385990][ T6401] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.393547][ T6401] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.434495][ T6401] bridge_slave_0: entered allmulticast mode [ 128.442682][ T6401] bridge_slave_0: entered promiscuous mode [ 128.507447][ T6401] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.535703][ T6401] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.543056][ T6401] bridge_slave_1: entered allmulticast mode [ 128.606117][ T6401] bridge_slave_1: entered promiscuous mode [ 128.789904][ T6401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.828147][ T6401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.076696][ T6401] team0: Port device team_slave_0 added [ 129.125851][ T6401] team0: Port device team_slave_1 added [ 129.424874][ T6401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.431911][ T6401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.530036][ T6401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.565210][ T6401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.583745][ T6401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.610934][ T6401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.877286][ T6401] hsr_slave_0: entered promiscuous mode [ 129.915648][ T6401] hsr_slave_1: entered promiscuous mode [ 129.922134][ T6401] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 129.940265][ T6401] Cannot create hsr debugfs directory [ 130.264269][ T5845] Bluetooth: hci0: command tx timeout [ 131.838631][ T6401] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 131.892664][ T6401] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 131.968101][ T6401] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 132.002671][ T6401] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 132.369423][ T6401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.455130][ T6401] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.486201][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.493508][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.570816][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.578145][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.014716][ T6675] netlink: 28 bytes leftover after parsing attributes in process `syz.3.278'. [ 133.061778][ T6675] caif0: entered promiscuous mode [ 133.691943][ T6401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.880785][ T6401] veth0_vlan: entered promiscuous mode [ 133.930664][ T6401] veth1_vlan: entered promiscuous mode [ 134.042076][ T6401] veth0_macvtap: entered promiscuous mode [ 134.140612][ T6401] veth1_macvtap: entered promiscuous mode [ 134.203766][ T6401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.249690][ T6401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.297303][ T6401] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.324172][ T6401] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.364465][ T6401] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.394172][ T6401] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.395835][ T6705] capability: warning: `syz.3.287' uses 32-bit capabilities (legacy support in use) [ 134.606896][ T6703] syz.2.286 uses obsolete (PF_INET,SOCK_PACKET) [ 134.837434][ T2988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.864221][ T2988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.949370][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.974463][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.066412][ T6723] netlink: 338 bytes leftover after parsing attributes in process `syz.3.291'. [ 136.276832][ T6760] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.564587][ T6768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.306'. [ 138.463265][ T30] audit: type=1800 audit(1751564386.570:5): pid=6818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.322" name="dmabuf" dev="dmabuf" ino=1 res=0 errno=0 [ 143.319348][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.319488][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 144.328354][ T6976] bridge0: port 3(vlan1) entered blocking state [ 144.344234][ T6976] bridge0: port 3(vlan1) entered disabled state [ 144.350910][ T6976] vlan1: entered allmulticast mode [ 144.373291][ T6976] veth0_vlan: entered allmulticast mode [ 144.399535][ T6976] vlan1: entered promiscuous mode [ 144.429457][ T6976] bridge0: port 3(vlan1) entered blocking state [ 144.435979][ T6976] bridge0: port 3(vlan1) entered forwarding state [ 144.767158][ T6984] random: crng reseeded on system resumption [ 146.474858][ T7027] netlink: 4 bytes leftover after parsing attributes in process `syz.3.395'. [ 147.246337][ T7042] zswap: compressor not available [ 148.271717][ T7090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.421'. [ 148.289766][ T7086] vivid-009: ================= START STATUS ================= [ 148.338960][ T7086] vivid-009: Enable Output Cropping: true grabbed [ 148.374094][ T7086] vivid-009: Enable Output Composing: true grabbed [ 148.380755][ T7086] vivid-009: Enable Output Scaler: true grabbed [ 148.433292][ T7086] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 148.457117][ T7086] vivid-009: Transmit Mode: HDMI grabbed [ 148.462920][ T7086] vivid-009: Hotplug Present: 0x00000000 [ 148.502933][ T7086] vivid-009: RxSense Present: 0x00000000 [ 148.519911][ T7086] vivid-009: EDID Present: 0x00000000 [ 148.528088][ T7086] vivid-009: ================== END STATUS ================== [ 150.195995][ T7146] vivid-007: ================= START STATUS ================= [ 150.203766][ T7146] vivid-007: Generate PTS: true [ 150.239242][ T7146] vivid-007: Generate SCR: true [ 150.260475][ T7146] tpg source WxH: 320x240 (Y'CbCr) [ 150.294081][ T7146] tpg field: 1 [ 150.297713][ T7146] tpg crop: (0,0)/320x240 [ 150.302107][ T7146] tpg compose: (0,0)/320x240 [ 150.315561][ T7146] tpg colorspace: 8 [ 150.325705][ T7146] tpg transfer function: 0/0 [ 150.330413][ T7146] tpg Y'CbCr encoding: 0/0 [ 150.357200][ T7146] tpg quantization: 0/0 [ 150.361481][ T7146] tpg RGB range: 0/2 [ 150.389003][ T7152] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 150.402084][ T7146] vivid-007: ================== END STATUS ================== [ 154.731444][ T7223] kexec: Could not allocate control_code_buffer [ 154.791478][ T7256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.492'. [ 156.681906][ T7293] random: crng reseeded on system resumption [ 156.957917][ T7301] netlink: 8 bytes leftover after parsing attributes in process `syz.2.511'. [ 158.961959][ T7346] netlink: 334 bytes leftover after parsing attributes in process `syz.1.527'. [ 170.199890][ T7600] kexec: Could not allocate control_code_buffer [ 170.647065][ T7627] nbd: socks must be embedded in a SOCK_ITEM attr [ 170.692749][ T7627] block nbd0: shutting down sockets [ 172.802341][ T7680] sctp: [Deprecated]: syz.1.653 (pid 7680) Use of int in max_burst socket option deprecated. [ 172.802341][ T7680] Use struct sctp_assoc_value instead [ 173.366904][ T7693] sctp: [Deprecated]: syz.0.665 (pid 7693) Use of int in max_burst socket option deprecated. [ 173.366904][ T7693] Use struct sctp_assoc_value instead [ 174.669152][ T7718] netlink: 28 bytes leftover after parsing attributes in process `syz.3.666'. [ 175.529563][ T7731] Invalid ELF header magic: != ELF [ 176.302005][ T7751] sctp: [Deprecated]: syz.2.678 (pid 7751) Use of int in max_burst socket option deprecated. [ 176.302005][ T7751] Use struct sctp_assoc_value instead [ 176.534877][ T7758] netlink: 28 bytes leftover after parsing attributes in process `syz.2.681'. [ 177.373353][ T7781] sctp: [Deprecated]: syz.0.693 (pid 7781) Use of int in max_burst socket option deprecated. [ 177.373353][ T7781] Use struct sctp_assoc_value instead [ 178.087450][ T7799] sock: sock_set_timeout: `syz.1.701' (pid 7799) tries to set negative timeout [ 178.780606][ T7814] sctp: [Deprecated]: syz.1.707 (pid 7814) Use of int in max_burst socket option deprecated. [ 178.780606][ T7814] Use struct sctp_assoc_value instead [ 179.196054][ T7826] netlink: 130 bytes leftover after parsing attributes in process `syz.3.711'. [ 179.430488][ T30] audit: type=1804 audit(1751564427.540:6): pid=7832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.713" name="/newroot/177/file0" dev="tmpfs" ino=926 res=1 errno=0 [ 179.474638][ T30] audit: type=1800 audit(1751564427.540:7): pid=7832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.713" name="file0" dev="tmpfs" ino=926 res=0 errno=0 [ 179.506490][ T30] audit: type=1800 audit(1751564427.570:8): pid=7832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.713" name="file0" dev="tmpfs" ino=926 res=0 errno=0 [ 179.719799][ T7839] netlink: 8 bytes leftover after parsing attributes in process `syz.1.717'. [ 179.833139][ T7842] netlink: 28 bytes leftover after parsing attributes in process `syz.0.715'. [ 180.125352][ T7848] sctp: [Deprecated]: syz.1.720 (pid 7848) Use of int in max_burst socket option deprecated. [ 180.125352][ T7848] Use struct sctp_assoc_value instead [ 180.753590][ T7870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.729'. [ 181.048349][ T5845] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 181.048398][ T5845] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 181.063884][ T5845] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 181.064217][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 181.071839][ T5845] Bluetooth: hci2: adv larger than maximum supported [ 181.080299][ T5845] Bluetooth: hci2: Malformed LE Event: 0x0d [ 181.965582][ T7899] ecryptfs_parse_packet_length: Five-byte packet length not supported [ 182.013323][ T7899] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 183.303714][ T7938] netlink: 346 bytes leftover after parsing attributes in process `syz.1.758'. [ 183.864372][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 185.284968][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 185.293455][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 186.498775][ T8016] binder: 8015:8016 ioctl c0306201 0 returned -14 [ 187.974443][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 187.984324][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 187.993046][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 189.150805][ T8066] binder: 8064:8066 ioctl c0306201 0 returned -14 [ 189.294482][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 189.625222][ T8077] sock: sock_timestamping_bind_phc: sock not bind to device [ 190.236660][ T8094] binder: 8092:8094 ioctl c0306201 0 returned -14 [ 193.981941][ T8179] sock: sock_timestamping_bind_phc: sock not bind to device [ 198.465733][ T8235] kexec: Could not allocate control_code_buffer [ 199.413409][ T8296] netlink: 342 bytes leftover after parsing attributes in process `syz.2.901'. [ 204.169686][ T8374] kexec: Could not allocate control_code_buffer [ 204.749964][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.758019][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.145038][ T8446] ptrace attach of "./syz-executor exec"[6401] was attempted by ""[8446] [ 207.757040][ T8477] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[8477] [ 208.542769][ T8487] FAULT_INJECTION: forcing a failure. [ 208.542769][ T8487] name failslab, interval 1, probability 0, space 0, times 1 [ 208.615709][ T8487] CPU: 0 UID: 0 PID: 8487 Comm: syz.2.973 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 208.615761][ T8487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.615787][ T8487] Call Trace: [ 208.615798][ T8487] [ 208.615815][ T8487] dump_stack_lvl+0x16c/0x1f0 [ 208.615879][ T8487] should_fail_ex+0x512/0x640 [ 208.615927][ T8487] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 208.615979][ T8487] should_failslab+0xc2/0x120 [ 208.616011][ T8487] __kmalloc_cache_noprof+0x6a/0x3e0 [ 208.616127][ T8487] ? do_epoll_create+0x62/0x470 [ 208.616176][ T8487] do_epoll_create+0x62/0x470 [ 208.616220][ T8487] __x64_sys_epoll_create+0x45/0x70 [ 208.616263][ T8487] do_syscall_64+0xcd/0x490 [ 208.616319][ T8487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.616354][ T8487] RIP: 0033:0x7f6cbd98e929 [ 208.616388][ T8487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.616420][ T8487] RSP: 002b:00007f6cbe849038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 208.616453][ T8487] RAX: ffffffffffffffda RBX: 00007f6cbdbb5fa0 RCX: 00007f6cbd98e929 [ 208.616475][ T8487] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 208.616493][ T8487] RBP: 00007f6cbda10b39 R08: 0000000000000000 R09: 0000000000000000 [ 208.616512][ T8487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.616531][ T8487] R13: 0000000000000000 R14: 00007f6cbdbb5fa0 R15: 00007ffeadb2d0f8 [ 208.616572][ T8487] [ 210.188034][ T8512] netlink: 342 bytes leftover after parsing attributes in process `syz.0.982'. [ 217.760416][ T8654] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1047'. [ 218.052140][ T8662] FAULT_INJECTION: forcing a failure. [ 218.052140][ T8662] name failslab, interval 1, probability 0, space 0, times 0 [ 218.084041][ T8662] CPU: 0 UID: 0 PID: 8662 Comm: syz.2.1044 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 218.084090][ T8662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 218.084106][ T8662] Call Trace: [ 218.084115][ T8662] [ 218.084125][ T8662] dump_stack_lvl+0x16c/0x1f0 [ 218.084174][ T8662] should_fail_ex+0x512/0x640 [ 218.084214][ T8662] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 218.084253][ T8662] should_failslab+0xc2/0x120 [ 218.084280][ T8662] __kmalloc_cache_noprof+0x6a/0x3e0 [ 218.084316][ T8662] ? raw_ioctl+0x819/0x2c30 [ 218.084351][ T8662] raw_ioctl+0x819/0x2c30 [ 218.084388][ T8662] ? __pfx_raw_ioctl+0x10/0x10 [ 218.084432][ T8662] ? __pfx_raw_ioctl+0x10/0x10 [ 218.084465][ T8662] __x64_sys_ioctl+0x18b/0x210 [ 218.084502][ T8662] do_syscall_64+0xcd/0x490 [ 218.084548][ T8662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.084576][ T8662] RIP: 0033:0x7f6cbd98e929 [ 218.084598][ T8662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.084625][ T8662] RSP: 002b:00007f6cbe849038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.084651][ T8662] RAX: ffffffffffffffda RBX: 00007f6cbdbb5fa0 RCX: 00007f6cbd98e929 [ 218.084669][ T8662] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000003 [ 218.084686][ T8662] RBP: 00007f6cbda10b39 R08: 0000000000000000 R09: 0000000000000000 [ 218.084703][ T8662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 218.084719][ T8662] R13: 0000000000000000 R14: 00007f6cbdbb5fa0 R15: 00007ffeadb2d0f8 [ 218.084755][ T8662] [ 219.348125][ T8688] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1053'. [ 220.437849][ T8717] FAULT_INJECTION: forcing a failure. [ 220.437849][ T8717] name failslab, interval 1, probability 0, space 0, times 0 [ 220.467022][ T8717] CPU: 1 UID: 0 PID: 8717 Comm: syz.0.1065 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 220.467072][ T8717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 220.467092][ T8717] Call Trace: [ 220.467103][ T8717] [ 220.467115][ T8717] dump_stack_lvl+0x16c/0x1f0 [ 220.467174][ T8717] should_fail_ex+0x512/0x640 [ 220.467220][ T8717] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 220.467269][ T8717] should_failslab+0xc2/0x120 [ 220.467300][ T8717] __kmalloc_cache_noprof+0x6a/0x3e0 [ 220.467345][ T8717] ? raw_ioctl+0x819/0x2c30 [ 220.467387][ T8717] raw_ioctl+0x819/0x2c30 [ 220.467433][ T8717] ? __pfx_raw_ioctl+0x10/0x10 [ 220.467476][ T8717] ? __pfx_raw_ioctl+0x10/0x10 [ 220.467515][ T8717] __x64_sys_ioctl+0x18b/0x210 [ 220.467557][ T8717] do_syscall_64+0xcd/0x490 [ 220.467613][ T8717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.467647][ T8717] RIP: 0033:0x7fb1cf58e929 [ 220.467673][ T8717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.467705][ T8717] RSP: 002b:00007fb1d04cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.467737][ T8717] RAX: ffffffffffffffda RBX: 00007fb1cf7b5fa0 RCX: 00007fb1cf58e929 [ 220.467759][ T8717] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000003 [ 220.467779][ T8717] RBP: 00007fb1cf610b39 R08: 0000000000000000 R09: 0000000000000000 [ 220.467799][ T8717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 220.467819][ T8717] R13: 0000000000000000 R14: 00007fb1cf7b5fa0 R15: 00007ffc8525dc58 [ 220.467861][ T8717] [ 222.187288][ T5832] Bluetooth: hci3: command 0x0406 tx timeout [ 222.193502][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 222.200670][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 223.540948][ T8800] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1100'. [ 225.695485][ T8854] nbd: socks must be embedded in a SOCK_ITEM attr [ 225.709950][ T8854] block nbd1: shutting down sockets [ 228.645551][ T8942] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1168'. [ 231.175619][ T9024] warning: `syz.0.1193' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 231.425011][ T9031] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1195'. [ 231.917258][ T9042] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1200'. [ 233.409449][ T9076] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1211'. [ 237.346999][ T9167] zswap: compressor 000 not available [ 240.200993][ T9230] FAULT_INJECTION: forcing a failure. [ 240.200993][ T9230] name failslab, interval 1, probability 0, space 0, times 0 [ 240.225418][ T9230] CPU: 0 UID: 0 PID: 9230 Comm: syz.1.1265 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 240.225468][ T9230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.225489][ T9230] Call Trace: [ 240.225499][ T9230] [ 240.225511][ T9230] dump_stack_lvl+0x16c/0x1f0 [ 240.225570][ T9230] should_fail_ex+0x512/0x640 [ 240.225617][ T9230] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 240.225671][ T9230] should_failslab+0xc2/0x120 [ 240.225704][ T9230] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 240.225755][ T9230] ? new_userfaultfd+0x79/0x3d0 [ 240.225795][ T9230] new_userfaultfd+0x79/0x3d0 [ 240.225829][ T9230] __x64_sys_userfaultfd+0x4b/0xb0 [ 240.225869][ T9230] do_syscall_64+0xcd/0x490 [ 240.225921][ T9230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.225955][ T9230] RIP: 0033:0x7f78f018e929 [ 240.225982][ T9230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.226015][ T9230] RSP: 002b:00007f78f0f3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 240.226047][ T9230] RAX: ffffffffffffffda RBX: 00007f78f03b5fa0 RCX: 00007f78f018e929 [ 240.226069][ T9230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 240.226089][ T9230] RBP: 00007f78f0210b39 R08: 0000000000000000 R09: 0000000000000000 [ 240.226109][ T9230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 240.226128][ T9230] R13: 0000000000000000 R14: 00007f78f03b5fa0 R15: 00007ffd73e936c8 [ 240.226178][ T9230] [ 240.888335][ T9246] netlink: 19 bytes leftover after parsing attributes in process `syz.0.1272'. [ 241.804868][ T9262] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1279'. [ 242.915348][ T9291] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input6 [ 245.428222][ T9353] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 246.559611][ T9378] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input8 [ 247.795096][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 248.426817][ T9415] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1340'. [ 252.489338][ T9493] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input9 syzkaller syzkaller login: syzkaller syzkaller login: [ 256.669877][ T9598] mtrr: base(0x100000000) is not aligned on a size(0x0000) boundary syzkaller syzkaller login: [ 257.765731][ T9637] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1434'. [ 261.085460][ T9742] mtrr: base(0x100000000) is not aligned on a size(0x0000) boundary [ 261.250145][ T5840] Bluetooth: hci2: Malformed Event: 0x02 [ 261.584472][ T9756] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1482'. [ 263.826076][ T5840] Bluetooth: hci1: Malformed Event: 0x02 [ 266.187899][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.195114][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 266.542916][ T9906] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1546'. [ 267.234424][ T5840] Bluetooth: hci0: Malformed Event: 0x02 [ 271.547471][T10029] page: refcount:22 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 271.575661][T10029] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 271.594024][T10029] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 271.610013][T10029] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 271.630301][T10029] raw: 0000000000000000 0000000000000000 00000016ffffffff 0000000000000000 [ 271.641164][T10029] head: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 271.673992][T10029] head: 0000000000000000 0000000000000000 00000016ffffffff 0000000000000000 [ 271.694251][T10029] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 271.704366][T10029] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 271.715535][T10029] page dumped because: unmovable page [ 271.723941][T10029] page_owner tracks the page as allocated [ 271.753906][T10029] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5496, tgid 5496 (dhcpcd), ts 70017962962, free_ts 36739596160 [ 271.790354][T10029] post_alloc_hook+0x1c0/0x230 [ 271.830442][T10029] get_page_from_freelist+0x1321/0x3890 [ 271.844577][T10029] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 271.884070][T10029] alloc_pages_mpol+0x1fb/0x550 [ 271.889614][T10029] alloc_pages_noprof+0x131/0x390 [ 271.895390][T10029] skb_page_frag_refill+0x186/0x5a0 [ 271.901314][T10029] try_fill_recv+0x7e4/0x28a0 [ 271.906697][T10029] virtnet_open+0x3a3/0xc10 [ 271.911841][T10029] __dev_open+0x2e4/0x7d0 [ 271.917518][T10029] __dev_change_flags+0x55d/0x720 [ 271.924413][T10029] netif_change_flags+0x8d/0x160 [ 271.930112][T10029] dev_change_flags+0xba/0x250 [ 271.936691][T10029] devinet_ioctl+0x11d5/0x1f50 [ 271.942121][T10029] inet_ioctl+0x3a7/0x3f0 [ 271.947403][T10029] sock_do_ioctl+0x118/0x280 [ 271.952873][T10029] sock_ioctl+0x227/0x6b0 [ 271.958469][T10029] page last free pid 1 tgid 1 stack trace: [ 271.973973][T10029] __free_frozen_pages+0x7fe/0x1180 [ 271.980616][T10029] free_contig_range+0x183/0x4b0 [ 271.986303][T10029] destroy_args+0x7f6/0xa60 [ 271.991862][T10029] debug_vm_pgtable+0x13b8/0x2d00 [ 272.004705][T10029] do_one_initcall+0x120/0x6e0 [ 272.014433][T10029] kernel_init_freeable+0x5c2/0x900 [ 272.034163][T10029] kernel_init+0x1c/0x2b0 [ 272.044228][T10029] ret_from_fork+0x5d4/0x6f0 [ 272.054209][T10029] ret_from_fork_asm+0x1a/0x30 [ 273.796691][ T30] audit: type=1800 audit(1751564521.900:9): pid=10069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1612" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0 [ 275.270283][T10094] ======================================================= [ 275.270283][T10094] WARNING: The mand mount option has been deprecated and [ 275.270283][T10094] and is ignored by this kernel. Remove the mand [ 275.270283][T10094] option from the mount to silence this warning. [ 275.270283][T10094] ======================================================= [ 276.906468][ T5840] Bluetooth: hci2: Malformed Event: 0x2f [ 278.229989][T10146] netlink: 222 bytes leftover after parsing attributes in process `syz.2.1643'. [ 278.743018][T10159] overlayfs: missing 'lowerdir' [ 282.475086][T10245] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1687'. [ 282.540276][T10249] random: crng reseeded on system resumption [ 282.606393][ T30] audit: type=1800 audit(1751564530.710:10): pid=10251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1690" name="dynamic_events" dev="tracefs" ino=14 res=0 errno=0 [ 283.026807][T10263] CIFS: VFS: Unsupported security flags: 0x10 [ 283.548198][T10278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1701'. [ 283.566559][T10278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1701'. [ 284.277818][T10296] netlink: 'syz.2.1708': attribute type 1 has an invalid length. [ 284.650580][T10307] sctp: [Deprecated]: syz.1.1713 (pid 10307) Use of int in maxseg socket option. [ 284.650580][T10307] Use struct sctp_assoc_value instead [ 284.835703][ T30] audit: type=1800 audit(1751564532.950:11): pid=10311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1714" name="dynamic_events" dev="tracefs" ino=14 res=0 errno=0 [ 285.684848][T10340] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1725'. [ 285.724067][T10340] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1725'. [ 285.862531][T10344] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1727'. [ 285.877923][T10344] vlan1: entered allmulticast mode [ 285.887917][T10344] veth0_vlan: entered allmulticast mode [ 286.354992][T10359] netlink: 206 bytes leftover after parsing attributes in process `syz.3.1735'. [ 286.378335][T10360] netlink: 'syz.1.1734': attribute type 1 has an invalid length. [ 289.175781][T10438] netlink: 206 bytes leftover after parsing attributes in process `syz.0.1770'. [ 290.630249][T10466] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1782'. [ 291.033531][T10440] kexec: Could not allocate control_code_buffer [ 293.668492][T10504] kexec: Could not allocate control_code_buffer [ 294.915044][T10577] nbd: socks must be embedded in a SOCK_ITEM attr [ 294.923347][T10577] block nbd2: shutting down sockets [ 295.753989][T10596] FAULT_INJECTION: forcing a failure. [ 295.753989][T10596] name failslab, interval 1, probability 0, space 0, times 0 [ 295.777943][T10596] CPU: 1 UID: 0 PID: 10596 Comm: syz.2.1841 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 295.777992][T10596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.778016][T10596] Call Trace: [ 295.778027][T10596] [ 295.778042][T10596] dump_stack_lvl+0x16c/0x1f0 [ 295.778098][T10596] should_fail_ex+0x512/0x640 [ 295.778154][T10596] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 295.778208][T10596] should_failslab+0xc2/0x120 [ 295.778238][T10596] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 295.778287][T10596] ? alloc_inode+0xc3/0x240 [ 295.778326][T10596] alloc_inode+0xc3/0x240 [ 295.778360][T10596] create_pipe_files+0x4c/0x930 [ 295.778416][T10596] do_pipe2+0xaf/0x1c0 [ 295.778464][T10596] ? __pfx_do_pipe2+0x10/0x10 [ 295.778516][T10596] ? xfd_validate_state+0x61/0x180 [ 295.778570][T10596] __x64_sys_pipe+0x33/0x50 [ 295.778620][T10596] do_syscall_64+0xcd/0x490 [ 295.778675][T10596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.778709][T10596] RIP: 0033:0x7f6cbd98e929 [ 295.778735][T10596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.778766][T10596] RSP: 002b:00007f6cbe849038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 295.778798][T10596] RAX: ffffffffffffffda RBX: 00007f6cbdbb5fa0 RCX: 00007f6cbd98e929 [ 295.778820][T10596] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 295.778838][T10596] RBP: 00007f6cbda10b39 R08: 0000000000000000 R09: 0000000000000000 [ 295.778857][T10596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.778876][T10596] R13: 0000000000000000 R14: 00007f6cbdbb5fa0 R15: 00007ffeadb2d0f8 [ 295.778918][T10596] [ 297.373420][T10630] FAULT_INJECTION: forcing a failure. [ 297.373420][T10630] name failslab, interval 1, probability 0, space 0, times 0 [ 297.414544][T10630] CPU: 0 UID: 0 PID: 10630 Comm: syz.0.1847 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 297.414590][T10630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.414609][T10630] Call Trace: [ 297.414619][T10630] [ 297.414631][T10630] dump_stack_lvl+0x16c/0x1f0 [ 297.414688][T10630] should_fail_ex+0x512/0x640 [ 297.414735][T10630] ? fs_reclaim_acquire+0xae/0x150 [ 297.414778][T10630] should_failslab+0xc2/0x120 [ 297.414809][T10630] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 297.414861][T10630] ? security_inode_alloc+0x3b/0x2b0 [ 297.414903][T10630] security_inode_alloc+0x3b/0x2b0 [ 297.414940][T10630] inode_init_always_gfp+0xce4/0x1030 [ 297.414995][T10630] alloc_inode+0x86/0x240 [ 297.415029][T10630] create_pipe_files+0x4c/0x930 [ 297.415086][T10630] do_pipe2+0xaf/0x1c0 [ 297.415136][T10630] ? __pfx_do_pipe2+0x10/0x10 [ 297.415188][T10630] ? xfd_validate_state+0x61/0x180 [ 297.415251][T10630] __x64_sys_pipe+0x33/0x50 [ 297.415303][T10630] do_syscall_64+0xcd/0x490 [ 297.415359][T10630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.415393][T10630] RIP: 0033:0x7fb1cf58e929 [ 297.415418][T10630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.415450][T10630] RSP: 002b:00007fb1d04cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 297.415481][T10630] RAX: ffffffffffffffda RBX: 00007fb1cf7b5fa0 RCX: 00007fb1cf58e929 [ 297.415502][T10630] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 297.415520][T10630] RBP: 00007fb1cf610b39 R08: 0000000000000000 R09: 0000000000000000 [ 297.415539][T10630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.415558][T10630] R13: 0000000000000000 R14: 00007fb1cf7b5fa0 R15: 00007ffc8525dc58 [ 297.415599][T10630] [ 297.844434][T10635] nbd: socks must be embedded in a SOCK_ITEM attr [ 297.866609][T10635] block nbd2: shutting down sockets [ 298.558703][T10659] FAULT_INJECTION: forcing a failure. [ 298.558703][T10659] name failslab, interval 1, probability 0, space 0, times 0 [ 298.590362][T10659] CPU: 0 UID: 0 PID: 10659 Comm: syz.3.1859 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 298.590411][T10659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 298.590430][T10659] Call Trace: [ 298.590440][T10659] [ 298.590452][T10659] dump_stack_lvl+0x16c/0x1f0 [ 298.590509][T10659] should_fail_ex+0x512/0x640 [ 298.590555][T10659] ? fs_reclaim_acquire+0xae/0x150 [ 298.590598][T10659] should_failslab+0xc2/0x120 [ 298.590628][T10659] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 298.590677][T10659] ? security_inode_alloc+0x3b/0x2b0 [ 298.590717][T10659] security_inode_alloc+0x3b/0x2b0 [ 298.590754][T10659] inode_init_always_gfp+0xce4/0x1030 [ 298.590808][T10659] alloc_inode+0x86/0x240 [ 298.590842][T10659] create_pipe_files+0x4c/0x930 [ 298.590899][T10659] do_pipe2+0xaf/0x1c0 [ 298.590966][T10659] ? __pfx_do_pipe2+0x10/0x10 [ 298.591018][T10659] ? xfd_validate_state+0x61/0x180 [ 298.591071][T10659] __x64_sys_pipe+0x33/0x50 [ 298.591118][T10659] do_syscall_64+0xcd/0x490 [ 298.591172][T10659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.591205][T10659] RIP: 0033:0x7f620dd8e929 [ 298.591230][T10659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.591261][T10659] RSP: 002b:00007f620eb1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 298.591290][T10659] RAX: ffffffffffffffda RBX: 00007f620dfb5fa0 RCX: 00007f620dd8e929 [ 298.591312][T10659] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 298.591331][T10659] RBP: 00007f620de10b39 R08: 0000000000000000 R09: 0000000000000000 [ 298.591350][T10659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 298.591369][T10659] R13: 0000000000000000 R14: 00007f620dfb5fa0 R15: 00007ffed6f0d748 [ 298.591412][T10659] [ 299.398776][T10672] nbd: socks must be embedded in a SOCK_ITEM attr [ 299.409870][T10672] block nbd2: shutting down sockets [ 299.812333][T10683] netlink: 350 bytes leftover after parsing attributes in process `syz.1.1868'. [ 301.160749][T10722] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1885'. [ 301.922652][T10748] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1899'. [ 305.198101][ T978] smpboot: CPU 0 is now offline [ 315.612849][T11018] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 316.217330][T11031] netlink: 'syz.1.2019': attribute type 9 has an invalid length. [ 316.314060][T11031] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2019'. [ 317.558551][T11061] netlink: 'syz.3.2032': attribute type 9 has an invalid length. [ 317.604017][T11061] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2032'. [ 318.976587][ T30] audit: type=1804 audit(1751564567.080:12): pid=11094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2048" name=2F6E6577726F6F742F3533322F22050820 dev="tmpfs" ino=2704 res=1 errno=0 [ 319.176400][ T30] audit: type=1800 audit(1751564567.130:13): pid=11094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2048" name=22050820 dev="tmpfs" ino=2704 res=0 errno=0 [ 319.346585][T11102] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 326.282258][ T5840] Bluetooth: hci1: unexpected event 0x1d length: 10 > 5 [ 326.348272][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 326.373580][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.468916][T11275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2123'. [ 327.542731][T11275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2123'. [ 328.077691][T11289] FAULT_INJECTION: forcing a failure. [ 328.077691][T11289] name failslab, interval 1, probability 0, space 0, times 0 [ 328.166931][T11289] CPU: 1 UID: 0 PID: 11289 Comm: syz.2.2130 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 328.166966][T11289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.166980][T11289] Call Trace: [ 328.166988][T11289] [ 328.166997][T11289] dump_stack_lvl+0x16c/0x1f0 [ 328.167038][T11289] should_fail_ex+0x512/0x640 [ 328.167073][T11289] ? fs_reclaim_acquire+0xae/0x150 [ 328.167103][T11289] should_failslab+0xc2/0x120 [ 328.167125][T11289] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 328.167161][T11289] ? ext4_init_io_end+0x24/0x170 [ 328.167189][T11289] ext4_init_io_end+0x24/0x170 [ 328.167213][T11289] ext4_do_writepages+0x985/0x3490 [ 328.167252][T11289] ? lock_acquire+0x179/0x350 [ 328.167283][T11289] ? find_held_lock+0x2b/0x80 [ 328.167318][T11289] ? __pfx_ext4_do_writepages+0x10/0x10 [ 328.167367][T11289] ? ext4_writepages+0x37a/0x7d0 [ 328.167399][T11289] ext4_writepages+0x37a/0x7d0 [ 328.167444][T11289] ? __pfx_ext4_writepages+0x10/0x10 [ 328.167494][T11289] ? __pfx_ext4_writepages+0x10/0x10 [ 328.167530][T11289] do_writepages+0x27a/0x600 [ 328.167563][T11289] ? __pfx_do_writepages+0x10/0x10 [ 328.167590][T11289] ? do_raw_spin_unlock+0x172/0x230 [ 328.167627][T11289] ? _raw_spin_unlock+0x28/0x50 [ 328.167661][T11289] filemap_fdatawrite_wbc+0x104/0x160 [ 328.167694][T11289] __filemap_fdatawrite_range+0xb2/0xf0 [ 328.167732][T11289] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 328.167769][T11289] ? __lock_acquire+0x622/0x1c90 [ 328.167843][T11289] file_write_and_wait_range+0xca/0x140 [ 328.167884][T11289] ext4_sync_file+0x310/0xf10 [ 328.167915][T11289] ? __pfx___up_read+0x10/0x10 [ 328.167951][T11289] ? __pfx_ext4_sync_file+0x10/0x10 [ 328.167979][T11289] vfs_fsync_range+0x136/0x220 [ 328.168017][T11289] __do_sys_msync+0x3cb/0x5c0 [ 328.168059][T11289] do_syscall_64+0xcd/0x490 [ 328.168099][T11289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.168122][T11289] RIP: 0033:0x7f6cbd98e929 [ 328.168140][T11289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.168163][T11289] RSP: 002b:00007f6cbe849038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 328.168184][T11289] RAX: ffffffffffffffda RBX: 00007f6cbdbb5fa0 RCX: 00007f6cbd98e929 [ 328.168200][T11289] RDX: 0000000400000004 RSI: 0180000000000000 RDI: 000000001ffff000 [ 328.168214][T11289] RBP: 00007f6cbda10b39 R08: 0000000000000000 R09: 0000000000000000 [ 328.168228][T11289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.168242][T11289] R13: 0000000000000000 R14: 00007f6cbdbb5fa0 R15: 00007ffeadb2d0f8 [ 328.168271][T11289] [ 331.596905][T11348] netlink: 504 bytes leftover after parsing attributes in process `syz.0.2161'. [ 332.822441][T11378] netlink: 294 bytes leftover after parsing attributes in process `syz.1.2166'. [ 337.725593][T11481] vhci_hcd: not connected 4 [ 340.106597][T11509] FAULT_INJECTION: forcing a failure. [ 340.106597][T11509] name failslab, interval 1, probability 0, space 0, times 0 [ 340.217183][T11509] CPU: 1 UID: 0 PID: 11509 Comm: syz.2.2216 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 340.217218][T11509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 340.217232][T11509] Call Trace: [ 340.217239][T11509] [ 340.217248][T11509] dump_stack_lvl+0x16c/0x1f0 [ 340.217290][T11509] should_fail_ex+0x512/0x640 [ 340.217324][T11509] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 340.217359][T11509] should_failslab+0xc2/0x120 [ 340.217381][T11509] __kmalloc_cache_noprof+0x6a/0x3e0 [ 340.217412][T11509] ? snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 340.217441][T11509] ? kasan_save_track+0x14/0x30 [ 340.217479][T11509] snd_pcm_oss_change_params_locked+0x247/0x3a30 [ 340.217510][T11509] ? rcu_is_watching+0x12/0xc0 [ 340.217536][T11509] ? __mutex_lock+0x1ca/0xb90 [ 340.217571][T11509] ? lockdep_hardirqs_on+0x7c/0x110 [ 340.217608][T11509] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 340.217638][T11509] ? __pfx___mutex_lock+0x10/0x10 [ 340.217673][T11509] ? tomoyo_path_number_perm+0x295/0x580 [ 340.217709][T11509] ? __lock_acquire+0xb8a/0x1c90 [ 340.217748][T11509] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 340.217781][T11509] snd_pcm_oss_get_formats+0x7e/0x340 [ 340.217805][T11509] ? find_held_lock+0x2b/0x80 [ 340.217827][T11509] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 340.217853][T11509] ? __might_fault+0x13b/0x190 [ 340.217895][T11509] snd_pcm_oss_ioctl+0x2efb/0x37a0 [ 340.217922][T11509] ? find_held_lock+0x2b/0x80 [ 340.217944][T11509] ? hook_file_ioctl_common+0x145/0x410 [ 340.217970][T11509] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 340.218000][T11509] ? __fget_files+0x20e/0x3c0 [ 340.218036][T11509] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 340.218065][T11509] __x64_sys_ioctl+0x18b/0x210 [ 340.218103][T11509] do_syscall_64+0xcd/0x490 [ 340.218143][T11509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.218167][T11509] RIP: 0033:0x7f6cbd98e929 [ 340.218186][T11509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.218212][T11509] RSP: 002b:00007f6cbe849038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.218234][T11509] RAX: ffffffffffffffda RBX: 00007f6cbdbb5fa0 RCX: 00007f6cbd98e929 [ 340.218249][T11509] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000004 [ 340.218263][T11509] RBP: 00007f6cbda10b39 R08: 0000000000000000 R09: 0000000000000000 [ 340.218277][T11509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.218291][T11509] R13: 0000000000000000 R14: 00007f6cbdbb5fa0 R15: 00007ffeadb2d0f8 [ 340.218320][T11509] [ 343.086689][T11521] kexec: Could not allocate control_code_buffer [ 345.464942][T11602] netlink: 26 bytes leftover after parsing attributes in process `syz.3.2248'. [ 345.513955][T11602] openvswitch: netlink: IP tunnel dst address not specified [ 348.528063][T11657] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2269'. [ 348.822604][T11663] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2272'. [ 353.929311][T11753] FAULT_INJECTION: forcing a failure. [ 353.929311][T11753] name failslab, interval 1, probability 0, space 0, times 0 [ 353.956113][T11755] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2309'. [ 354.027528][T11753] CPU: 1 UID: 0 PID: 11753 Comm: syz.2.2308 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 354.027561][T11753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 354.027575][T11753] Call Trace: [ 354.027583][T11753] [ 354.027592][T11753] dump_stack_lvl+0x16c/0x1f0 [ 354.027635][T11753] should_fail_ex+0x512/0x640 [ 354.027669][T11753] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 354.027710][T11753] should_failslab+0xc2/0x120 [ 354.027732][T11753] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 354.027769][T11753] ? shmem_alloc_inode+0x25/0x50 [ 354.027797][T11753] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 354.027820][T11753] shmem_alloc_inode+0x25/0x50 [ 354.027842][T11753] alloc_inode+0x64/0x240 [ 354.027875][T11753] new_inode+0x22/0x1c0 [ 354.027901][T11753] shmem_get_inode+0x19a/0xfb0 [ 354.027934][T11753] shmem_mknod+0x1a8/0x450 [ 354.027964][T11753] ? __pfx_shmem_create+0x10/0x10 [ 354.027989][T11753] lookup_open.isra.0+0x11d0/0x1580 [ 354.028026][T11753] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 354.028071][T11753] ? __pfx_down_write+0x10/0x10 [ 354.028092][T11753] ? mnt_get_write_access+0x20c/0x300 [ 354.028122][T11753] path_openat+0x893/0x2cb0 [ 354.028165][T11753] ? __pfx_path_openat+0x10/0x10 [ 354.028200][T11753] ? __lock_acquire+0xb8a/0x1c90 [ 354.028235][T11753] do_filp_open+0x20b/0x470 [ 354.028269][T11753] ? __pfx_do_filp_open+0x10/0x10 [ 354.028329][T11753] ? alloc_fd+0x471/0x7d0 [ 354.028369][T11753] do_sys_openat2+0x11b/0x1d0 [ 354.028394][T11753] ? __pfx_do_sys_openat2+0x10/0x10 [ 354.028432][T11753] __x64_sys_openat+0x174/0x210 [ 354.028458][T11753] ? __pfx___x64_sys_openat+0x10/0x10 [ 354.028497][T11753] do_syscall_64+0xcd/0x490 [ 354.028537][T11753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.028560][T11753] RIP: 0033:0x7f6cbd98e929 [ 354.028579][T11753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.028601][T11753] RSP: 002b:00007f6cbe849038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 354.028622][T11753] RAX: ffffffffffffffda RBX: 00007f6cbdbb5fa0 RCX: 00007f6cbd98e929 [ 354.028637][T11753] RDX: 0000000000040a40 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 354.028652][T11753] RBP: 00007f6cbda10b39 R08: 0000000000000000 R09: 0000000000000000 [ 354.028665][T11753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.028679][T11753] R13: 0000000000000000 R14: 00007f6cbdbb5fa0 R15: 00007ffeadb2d0f8 [ 354.028708][T11753] [ 355.324468][T11770] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2316'. [ 355.856161][T11778] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2320'. [ 357.055813][T11800] FAULT_INJECTION: forcing a failure. [ 357.055813][T11800] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 357.149827][T11800] CPU: 1 UID: 0 PID: 11800 Comm: syz.0.2331 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 357.149862][T11800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.149876][T11800] Call Trace: [ 357.149883][T11800] [ 357.149891][T11800] dump_stack_lvl+0x16c/0x1f0 [ 357.149933][T11800] should_fail_ex+0x512/0x640 [ 357.149973][T11800] should_fail_alloc_page+0xe7/0x130 [ 357.149998][T11800] prepare_alloc_pages+0x3c2/0x610 [ 357.150026][T11800] ? rcu_is_watching+0x12/0xc0 [ 357.150053][T11800] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 357.150091][T11800] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 357.150119][T11800] ? is_bpf_text_address+0x94/0x1a0 [ 357.150152][T11800] ? kernel_text_address+0x8d/0x100 [ 357.150189][T11800] ? __kernel_text_address+0xd/0x40 [ 357.150226][T11800] ? unwind_get_return_address+0x59/0xa0 [ 357.150263][T11800] ? arch_stack_walk+0xa6/0x100 [ 357.150303][T11800] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 357.150350][T11800] ? stack_depot_save_flags+0x28/0xa40 [ 357.150386][T11800] ? stack_trace_save+0x8e/0xc0 [ 357.150415][T11800] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 357.150453][T11800] ? policy_nodemask+0xea/0x4e0 [ 357.150494][T11800] alloc_pages_mpol+0x1fb/0x550 [ 357.150518][T11800] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 357.150568][T11800] alloc_pages_noprof+0x131/0x390 [ 357.150599][T11800] kimage_alloc_pages+0x75/0x350 [ 357.150639][T11800] kimage_alloc_control_pages+0x153/0xa00 [ 357.150685][T11800] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 357.150732][T11800] do_kexec_load+0x480/0x8d0 [ 357.150756][T11800] ? __pfx_do_kexec_load+0x10/0x10 [ 357.150781][T11800] ? _copy_from_user+0x59/0xd0 [ 357.150820][T11800] __x64_sys_kexec_load+0x1bf/0x230 [ 357.150845][T11800] do_syscall_64+0xcd/0x490 [ 357.150885][T11800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.150908][T11800] RIP: 0033:0x7fb1cf58e929 [ 357.150927][T11800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.150949][T11800] RSP: 002b:00007fb1d04cf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 357.150970][T11800] RAX: ffffffffffffffda RBX: 00007fb1cf7b5fa0 RCX: 00007fb1cf58e929 [ 357.150986][T11800] RDX: 0000200000000040 RSI: 0000000000000002 RDI: 0000000000000005 [ 357.151000][T11800] RBP: 00007fb1cf610b39 R08: 0000000000000000 R09: 0000000000000000 [ 357.151013][T11800] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 357.151027][T11800] R13: 0000000000000000 R14: 00007fb1cf7b5fa0 R15: 00007ffc8525dc58 [ 357.151055][T11800] [ 357.151914][T11800] kexec: Could not allocate control_code_buffer [ 360.914292][T11859] netlink: 'syz.2.2353': attribute type 11 has an invalid length. [ 361.247888][T11866] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2356'. [ 361.755849][T11877] FAULT_INJECTION: forcing a failure. [ 361.755849][T11877] name failslab, interval 1, probability 0, space 0, times 0 [ 361.823296][T11877] CPU: 1 UID: 0 PID: 11877 Comm: syz.0.2361 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 361.823331][T11877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 361.823345][T11877] Call Trace: [ 361.823352][T11877] [ 361.823361][T11877] dump_stack_lvl+0x16c/0x1f0 [ 361.823402][T11877] should_fail_ex+0x512/0x640 [ 361.823436][T11877] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 361.823471][T11877] should_failslab+0xc2/0x120 [ 361.823493][T11877] __kmalloc_cache_noprof+0x6a/0x3e0 [ 361.823524][T11877] ? rcu_is_watching+0x12/0xc0 [ 361.823547][T11877] ? snd_pcm_oss_open+0x5eb/0x1400 [ 361.823578][T11877] snd_pcm_oss_open+0x5eb/0x1400 [ 361.823612][T11877] ? tomoyo_check_open_permission+0x1d8/0x3c0 [ 361.823642][T11877] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 361.823672][T11877] ? __lock_acquire+0xb8a/0x1c90 [ 361.823704][T11877] ? __pfx_default_wake_function+0x10/0x10 [ 361.823730][T11877] ? __lock_acquire+0xb8a/0x1c90 [ 361.823766][T11877] ? do_raw_spin_lock+0x12c/0x2b0 [ 361.823805][T11877] ? soundcore_open+0x35a/0x580 [ 361.823843][T11877] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 361.823870][T11877] soundcore_open+0x409/0x580 [ 361.823909][T11877] ? __pfx_soundcore_open+0x10/0x10 [ 361.823945][T11877] chrdev_open+0x231/0x6a0 [ 361.823981][T11877] ? __pfx_apparmor_file_open+0x10/0x10 [ 361.824011][T11877] ? __pfx_chrdev_open+0x10/0x10 [ 361.824050][T11877] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 361.824087][T11877] do_dentry_open+0x744/0x1c10 [ 361.824123][T11877] ? __pfx_chrdev_open+0x10/0x10 [ 361.824172][T11877] vfs_open+0x82/0x3f0 [ 361.824201][T11877] path_openat+0x1de4/0x2cb0 [ 361.824245][T11877] ? __pfx_path_openat+0x10/0x10 [ 361.824281][T11877] ? __lock_acquire+0xb8a/0x1c90 [ 361.824315][T11877] do_filp_open+0x20b/0x470 [ 361.824350][T11877] ? __pfx_do_filp_open+0x10/0x10 [ 361.824405][T11877] ? alloc_fd+0x471/0x7d0 [ 361.824445][T11877] do_sys_openat2+0x11b/0x1d0 [ 361.824470][T11877] ? __pfx_do_sys_openat2+0x10/0x10 [ 361.824507][T11877] __x64_sys_openat+0x174/0x210 [ 361.824534][T11877] ? __pfx___x64_sys_openat+0x10/0x10 [ 361.824573][T11877] do_syscall_64+0xcd/0x490 [ 361.824612][T11877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.824636][T11877] RIP: 0033:0x7fb1cf58e929 [ 361.824655][T11877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.824678][T11877] RSP: 002b:00007fb1d04cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 361.824699][T11877] RAX: ffffffffffffffda RBX: 00007fb1cf7b5fa0 RCX: 00007fb1cf58e929 [ 361.824715][T11877] RDX: 0000000000000800 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 361.824729][T11877] RBP: 00007fb1cf610b39 R08: 0000000000000000 R09: 0000000000000000 [ 361.824743][T11877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.824757][T11877] R13: 0000000000000000 R14: 00007fb1cf7b5fa0 R15: 00007ffc8525dc58 [ 361.824786][T11877] [ 362.143680][ C1] vkms_vblank_simulate: vblank timer overrun [ 364.109785][T11903] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2370'. [ 364.138437][T11907] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2372'. [ 366.210266][T11941] netlink: 'syz.1.2387': attribute type 1 has an invalid length. [ 366.266336][T11941] netlink: 322 bytes leftover after parsing attributes in process `syz.1.2387'. [ 366.331852][T11944] netlink: 'syz.1.2387': attribute type 1 has an invalid length. [ 366.374497][T11944] netlink: 322 bytes leftover after parsing attributes in process `syz.1.2387'. [ 366.728717][T11951] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2391'. [ 367.014425][T11956] FAULT_INJECTION: forcing a failure. [ 367.014425][T11956] name failslab, interval 1, probability 0, space 0, times 0 [ 367.079205][T11956] CPU: 1 UID: 0 PID: 11956 Comm: syz.3.2394 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 367.079240][T11956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 367.079254][T11956] Call Trace: [ 367.079261][T11956] [ 367.079270][T11956] dump_stack_lvl+0x16c/0x1f0 [ 367.079311][T11956] should_fail_ex+0x512/0x640 [ 367.079346][T11956] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 367.079381][T11956] should_failslab+0xc2/0x120 [ 367.079404][T11956] __kmalloc_cache_noprof+0x6a/0x3e0 [ 367.079435][T11956] ? _raw_spin_unlock+0x28/0x50 [ 367.079466][T11956] ? snd_ctl_open+0x174/0x5e0 [ 367.079504][T11956] snd_ctl_open+0x174/0x5e0 [ 367.079539][T11956] ? __pfx_snd_ctl_open+0x10/0x10 [ 367.079572][T11956] snd_open+0x1fe/0x450 [ 367.079594][T11956] ? __pfx_snd_open+0x10/0x10 [ 367.079615][T11956] chrdev_open+0x231/0x6a0 [ 367.079652][T11956] ? __pfx_apparmor_file_open+0x10/0x10 [ 367.079682][T11956] ? __pfx_chrdev_open+0x10/0x10 [ 367.079730][T11956] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 367.079768][T11956] do_dentry_open+0x744/0x1c10 [ 367.079804][T11956] ? __pfx_chrdev_open+0x10/0x10 [ 367.079847][T11956] vfs_open+0x82/0x3f0 [ 367.079875][T11956] path_openat+0x1de4/0x2cb0 [ 367.079930][T11956] ? __pfx_path_openat+0x10/0x10 [ 367.079964][T11956] ? __lock_acquire+0xb8a/0x1c90 [ 367.079997][T11956] do_filp_open+0x20b/0x470 [ 367.080030][T11956] ? __pfx_do_filp_open+0x10/0x10 [ 367.080083][T11956] ? alloc_fd+0x471/0x7d0 [ 367.080121][T11956] do_sys_openat2+0x11b/0x1d0 [ 367.080145][T11956] ? __pfx_do_sys_openat2+0x10/0x10 [ 367.080181][T11956] __x64_sys_openat+0x174/0x210 [ 367.080206][T11956] ? __pfx___x64_sys_openat+0x10/0x10 [ 367.080243][T11956] do_syscall_64+0xcd/0x490 [ 367.080281][T11956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.080304][T11956] RIP: 0033:0x7f620dd8e929 [ 367.080322][T11956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.080343][T11956] RSP: 002b:00007f620eb1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 367.080364][T11956] RAX: ffffffffffffffda RBX: 00007f620dfb5fa0 RCX: 00007f620dd8e929 [ 367.080379][T11956] RDX: 0000000000000080 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 367.080393][T11956] RBP: 00007f620de10b39 R08: 0000000000000000 R09: 0000000000000000 [ 367.080406][T11956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 367.080419][T11956] R13: 0000000000000000 R14: 00007f620dfb5fa0 R15: 00007ffed6f0d748 [ 367.080447][T11956] [ 367.359356][ C1] vkms_vblank_simulate: vblank timer overrun [ 368.268874][T11975] netlink: 'syz.1.2402': attribute type 15 has an invalid length. [ 371.309197][T12023] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2415'. [ 371.639549][T12029] netlink: 'syz.2.2416': attribute type 15 has an invalid length. [ 372.219407][ T5840] Bluetooth: hci1: unexpected event 0x04 length: 46 > 10 [ 374.267074][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 374.507326][T12089] FAULT_INJECTION: forcing a failure. [ 374.507326][T12089] name failslab, interval 1, probability 0, space 0, times 0 [ 374.597223][T12089] CPU: 1 UID: 0 PID: 12089 Comm: syz.3.2438 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 374.597259][T12089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 374.597273][T12089] Call Trace: [ 374.597280][T12089] [ 374.597289][T12089] dump_stack_lvl+0x16c/0x1f0 [ 374.597330][T12089] should_fail_ex+0x512/0x640 [ 374.597364][T12089] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 374.597404][T12089] should_failslab+0xc2/0x120 [ 374.597426][T12089] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 374.597463][T12089] ? alloc_uid+0x13d/0x4c0 [ 374.597492][T12089] ? _raw_spin_unlock_irq+0x23/0x50 [ 374.597528][T12089] alloc_uid+0x13d/0x4c0 [ 374.597557][T12089] ? __pfx_alloc_uid+0x10/0x10 [ 374.597585][T12089] ? security_prepare_creds+0xa7/0x270 [ 374.597626][T12089] __sys_setresuid+0x507/0x1160 [ 374.597656][T12089] do_syscall_64+0xcd/0x490 [ 374.597696][T12089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.597720][T12089] RIP: 0033:0x7f620dd8e929 [ 374.597738][T12089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.597760][T12089] RSP: 002b:00007f620eb1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 374.597782][T12089] RAX: ffffffffffffffda RBX: 00007f620dfb5fa0 RCX: 00007f620dd8e929 [ 374.597797][T12089] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000002 [ 374.597810][T12089] RBP: 00007f620de10b39 R08: 0000000000000000 R09: 0000000000000000 [ 374.597824][T12089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 374.597838][T12089] R13: 0000000000000000 R14: 00007f620dfb5fa0 R15: 00007ffed6f0d748 [ 374.597866][T12089] [ 376.098175][T12122] FAULT_INJECTION: forcing a failure. [ 376.098175][T12122] name failslab, interval 1, probability 0, space 0, times 0 [ 376.151197][T12122] CPU: 1 UID: 0 PID: 12122 Comm: syz.1.2450 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 376.151231][T12122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 376.151245][T12122] Call Trace: [ 376.151252][T12122] [ 376.151261][T12122] dump_stack_lvl+0x16c/0x1f0 [ 376.151301][T12122] should_fail_ex+0x512/0x640 [ 376.151336][T12122] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 376.151371][T12122] should_failslab+0xc2/0x120 [ 376.151393][T12122] __kmalloc_cache_noprof+0x6a/0x3e0 [ 376.151426][T12122] ? alloc_ucounts+0x13d/0x440 [ 376.151458][T12122] alloc_ucounts+0x13d/0x440 [ 376.151486][T12122] ? __pfx_alloc_ucounts+0x10/0x10 [ 376.151522][T12122] set_cred_ucounts+0xcd/0x200 [ 376.151559][T12122] __sys_setresuid+0x67c/0x1160 [ 376.151589][T12122] do_syscall_64+0xcd/0x490 [ 376.151628][T12122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.151652][T12122] RIP: 0033:0x7f78f018e929 [ 376.151671][T12122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.151693][T12122] RSP: 002b:00007f78f0f3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075 [ 376.151714][T12122] RAX: ffffffffffffffda RBX: 00007f78f03b5fa0 RCX: 00007f78f018e929 [ 376.151729][T12122] RDX: 0000000000008080 RSI: 0000000000000007 RDI: 0000000000000002 [ 376.151743][T12122] RBP: 00007f78f0210b39 R08: 0000000000000000 R09: 0000000000000000 [ 376.151756][T12122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 376.151770][T12122] R13: 0000000000000000 R14: 00007f78f03b5fa0 R15: 00007ffd73e936c8 [ 376.151798][T12122] [ 376.805061][T12134] netlink: 'syz.3.2456': attribute type 3 has an invalid length. [ 377.913159][T12160] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2466'. [ 377.932216][T12161] netlink: 'syz.2.2467': attribute type 3 has an invalid length. [ 379.099555][T12190] ptp ptp0: new virtual clock ptp1 [ 379.182234][T12190] ptp ptp0: new virtual clock ptp2 [ 379.200913][T12181] zswap: compressor not available [ 379.253609][T12190] ptp ptp0: new virtual clock ptp3 [ 379.284562][T12190] ptp ptp0: guarantee physical clock free running [ 379.791168][T12202] FAULT_INJECTION: forcing a failure. [ 379.791168][T12202] name failslab, interval 1, probability 0, space 0, times 0 [ 379.893802][T12202] CPU: 1 UID: 0 PID: 12202 Comm: syz.2.2483 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 379.893837][T12202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 379.893851][T12202] Call Trace: [ 379.893860][T12202] [ 379.893869][T12202] dump_stack_lvl+0x16c/0x1f0 [ 379.893911][T12202] should_fail_ex+0x512/0x640 [ 379.893945][T12202] ? fs_reclaim_acquire+0xae/0x150 [ 379.893975][T12202] ? tomoyo_open_control+0x51f/0xa30 [ 379.894011][T12202] should_failslab+0xc2/0x120 [ 379.894034][T12202] __kmalloc_noprof+0xd2/0x510 [ 379.894075][T12202] tomoyo_open_control+0x51f/0xa30 [ 379.894117][T12202] do_dentry_open+0x744/0x1c10 [ 379.894153][T12202] ? __pfx_tomoyo_open+0x10/0x10 [ 379.894191][T12202] vfs_open+0x82/0x3f0 [ 379.894219][T12202] path_openat+0x1de4/0x2cb0 [ 379.894263][T12202] ? __pfx_path_openat+0x10/0x10 [ 379.894298][T12202] ? __lock_acquire+0xb8a/0x1c90 [ 379.894333][T12202] do_filp_open+0x20b/0x470 [ 379.894367][T12202] ? __pfx_do_filp_open+0x10/0x10 [ 379.894422][T12202] ? alloc_fd+0x471/0x7d0 [ 379.894472][T12202] do_sys_openat2+0x11b/0x1d0 [ 379.894496][T12202] ? __pfx_do_sys_openat2+0x10/0x10 [ 379.894557][T12202] __x64_sys_openat+0x174/0x210 [ 379.894585][T12202] ? __pfx___x64_sys_openat+0x10/0x10 [ 379.894637][T12202] do_syscall_64+0xcd/0x490 [ 379.894693][T12202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.894718][T12202] RIP: 0033:0x7f6cbd98e929 [ 379.894737][T12202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.894759][T12202] RSP: 002b:00007f6cbe849038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 379.894781][T12202] RAX: ffffffffffffffda RBX: 00007f6cbdbb5fa0 RCX: 00007f6cbd98e929 [ 379.894797][T12202] RDX: 00000000000c0802 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 379.894812][T12202] RBP: 00007f6cbda10b39 R08: 0000000000000000 R09: 0000000000000000 [ 379.894826][T12202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 379.894840][T12202] R13: 0000000000000000 R14: 00007f6cbdbb5fa0 R15: 00007ffeadb2d0f8 [ 379.894869][T12202] [ 380.268853][T12209] input: = as /devices/virtual/input/input10 [ 380.298476][T12211] FAULT_INJECTION: forcing a failure. [ 380.298476][T12211] name failslab, interval 1, probability 0, space 0, times 0 [ 380.312772][T12211] CPU: 1 UID: 0 PID: 12211 Comm: syz.1.2487 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 380.312805][T12211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 380.312819][T12211] Call Trace: [ 380.312828][T12211] [ 380.312836][T12211] dump_stack_lvl+0x16c/0x1f0 [ 380.312878][T12211] should_fail_ex+0x512/0x640 [ 380.312912][T12211] ? __kmalloc_noprof+0xbf/0x510 [ 380.312954][T12211] ? __alloc_workqueue+0xd5c/0x1810 [ 380.312986][T12211] should_failslab+0xc2/0x120 [ 380.313008][T12211] __kmalloc_noprof+0xd2/0x510 [ 380.313042][T12211] ? vsnprintf+0x318/0x1160 [ 380.313080][T12211] __alloc_workqueue+0xd5c/0x1810 [ 380.313109][T12211] ? __pfx_vsnprintf+0x10/0x10 [ 380.313143][T12211] ? lockdep_hardirqs_on+0x7c/0x110 [ 380.313178][T12211] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 380.313215][T12211] alloc_workqueue+0xd2/0x200 [ 380.313243][T12211] ? __pfx_alloc_workqueue+0x10/0x10 [ 380.313280][T12211] ? __pfx___debug_object_init+0x10/0x10 [ 380.313312][T12211] nci_register_device+0x21e/0xb80 [ 380.313356][T12211] ? __pfx_nci_register_device+0x10/0x10 [ 380.313393][T12211] ? lockdep_init_map_type+0x5c/0x280 [ 380.313432][T12211] virtual_ncidev_open+0x141/0x220 [ 380.313470][T12211] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 380.313498][T12211] misc_open+0x35a/0x420 [ 380.313528][T12211] ? __pfx_misc_open+0x10/0x10 [ 380.313556][T12211] chrdev_open+0x231/0x6a0 [ 380.313592][T12211] ? __pfx_apparmor_file_open+0x10/0x10 [ 380.313628][T12211] ? __pfx_chrdev_open+0x10/0x10 [ 380.313668][T12211] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 380.313705][T12211] do_dentry_open+0x744/0x1c10 [ 380.313741][T12211] ? __pfx_chrdev_open+0x10/0x10 [ 380.313784][T12211] vfs_open+0x82/0x3f0 [ 380.313812][T12211] path_openat+0x1de4/0x2cb0 [ 380.313855][T12211] ? __pfx_path_openat+0x10/0x10 [ 380.313891][T12211] ? __lock_acquire+0xb8a/0x1c90 [ 380.313932][T12211] do_filp_open+0x20b/0x470 [ 380.313967][T12211] ? __pfx_do_filp_open+0x10/0x10 [ 380.314022][T12211] ? alloc_fd+0x471/0x7d0 [ 380.314062][T12211] do_sys_openat2+0x11b/0x1d0 [ 380.314087][T12211] ? __pfx_do_sys_openat2+0x10/0x10 [ 380.314125][T12211] __x64_sys_openat+0x174/0x210 [ 380.314151][T12211] ? __pfx___x64_sys_openat+0x10/0x10 [ 380.314190][T12211] do_syscall_64+0xcd/0x490 [ 380.314230][T12211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.314254][T12211] RIP: 0033:0x7f78f018e929 [ 380.314273][T12211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.314295][T12211] RSP: 002b:00007f78f0f3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 380.314317][T12211] RAX: ffffffffffffffda RBX: 00007f78f03b5fa0 RCX: 00007f78f018e929 [ 380.314333][T12211] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 380.314348][T12211] RBP: 00007f78f0210b39 R08: 0000000000000000 R09: 0000000000000000 [ 380.314362][T12211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.314376][T12211] R13: 0000000000000000 R14: 00007f78f03b5fa0 R15: 00007ffd73e936c8 [ 380.314405][T12211] [ 381.387684][T12220] zswap: compressor 000 not available [ 382.673871][T12254] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2501'. [ 383.666264][T12272] input: = as /devices/virtual/input/input11 [ 383.687088][ T5840] Bluetooth: hci2: unexpected event 0x04 length: 46 > 10 [ 383.762271][T12251] kexec: Could not allocate control_code_buffer [ 384.881597][T12282] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 385.705941][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 386.069407][T12299] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2519'. [ 386.398953][T12307] netlink: 350 bytes leftover after parsing attributes in process `syz.1.2521'. [ 386.669930][T12310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2523'. [ 387.559074][T12333] input: = as /devices/virtual/input/input12 [ 387.694593][T12336] Console: switching to colour VGA+ 80x25 [ 387.801814][T12336] ================================================================== [ 387.801842][T12336] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 387.801886][T12336] Read of size 256 at addr ffff888025aa5860 by task syz.1.2534/12336 [ 387.801905][T12336] [ 387.801916][T12336] CPU: 1 UID: 0 PID: 12336 Comm: syz.1.2534 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 387.801946][T12336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 387.801960][T12336] Call Trace: [ 387.801967][T12336] [ 387.801975][T12336] dump_stack_lvl+0x116/0x1f0 [ 387.802013][T12336] print_report+0xcd/0x680 [ 387.802050][T12336] ? __virt_addr_valid+0x81/0x610 [ 387.802074][T12336] ? __phys_addr+0xe8/0x180 [ 387.802098][T12336] ? fbcon_prepare_logo+0xa03/0xc70 [ 387.802132][T12336] kasan_report+0xe0/0x110 [ 387.802153][T12336] ? fbcon_prepare_logo+0xa03/0xc70 [ 387.802192][T12336] kasan_check_range+0x100/0x1b0 [ 387.802218][T12336] __asan_memcpy+0x23/0x60 [ 387.802248][T12336] fbcon_prepare_logo+0xa03/0xc70 [ 387.802289][T12336] fbcon_init+0xd77/0x1900 [ 387.802325][T12336] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 387.802365][T12336] visual_init+0x320/0x620 [ 387.802395][T12336] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 387.802434][T12336] store_bind+0x61d/0x760 [ 387.802469][T12336] ? sysfs_file_kobj+0xe4/0x290 [ 387.802497][T12336] ? __pfx_store_bind+0x10/0x10 [ 387.802530][T12336] dev_attr_store+0x58/0x80 [ 387.802550][T12336] ? __pfx_dev_attr_store+0x10/0x10 [ 387.802570][T12336] sysfs_kf_write+0xf2/0x150 [ 387.802598][T12336] kernfs_fop_write_iter+0x351/0x510 [ 387.802625][T12336] ? __pfx_sysfs_kf_write+0x10/0x10 [ 387.802654][T12336] vfs_write+0x6c4/0x1150 [ 387.802687][T12336] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 387.802713][T12336] ? __pfx___mutex_lock+0x10/0x10 [ 387.802750][T12336] ? __pfx_vfs_write+0x10/0x10 [ 387.802793][T12336] ksys_write+0x12a/0x250 [ 387.802831][T12336] ? __pfx_ksys_write+0x10/0x10 [ 387.802869][T12336] do_syscall_64+0xcd/0x490 [ 387.802907][T12336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.802931][T12336] RIP: 0033:0x7f78f018e929 [ 387.802948][T12336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.802971][T12336] RSP: 002b:00007f78f0f3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 387.802993][T12336] RAX: ffffffffffffffda RBX: 00007f78f03b5fa0 RCX: 00007f78f018e929 [ 387.803008][T12336] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 387.803022][T12336] RBP: 00007f78f0210b39 R08: 0000000000000000 R09: 0000000000000000 [ 387.803037][T12336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.803051][T12336] R13: 0000000000000000 R14: 00007f78f03b5fa0 R15: 00007ffd73e936c8 [ 387.803073][T12336] [ 387.803081][T12336] [ 387.803086][T12336] Allocated by task 12098: [ 387.803097][T12336] kasan_save_stack+0x33/0x60 [ 387.803129][T12336] kasan_save_track+0x14/0x30 [ 387.803161][T12336] __kasan_kmalloc+0xaa/0xb0 [ 387.803192][T12336] __kmalloc_noprof+0x223/0x510 [ 387.803225][T12336] __vb2_queue_alloc+0x23e/0x1280 [ 387.803246][T12336] vb2_core_reqbufs+0xa90/0xfe0 [ 387.803267][T12336] __vb2_init_fileio+0x3f1/0x1100 [ 387.803290][T12336] __vb2_perform_fileio+0x9c2/0x1660 [ 387.803327][T12336] vb2_fop_read+0x215/0x3e0 [ 387.803345][T12336] v4l2_read+0x229/0x360 [ 387.803373][T12336] vfs_read+0x1e4/0xc60 [ 387.803402][T12336] ksys_read+0x12a/0x250 [ 387.803431][T12336] do_syscall_64+0xcd/0x490 [ 387.803466][T12336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.803488][T12336] [ 387.803493][T12336] Freed by task 12098: [ 387.803503][T12336] kasan_save_stack+0x33/0x60 [ 387.803535][T12336] kasan_save_track+0x14/0x30 [ 387.803567][T12336] kasan_save_free_info+0x3b/0x60 [ 387.803593][T12336] __kasan_slab_free+0x51/0x70 [ 387.803626][T12336] kfree+0x2b4/0x4d0 [ 387.803651][T12336] __vb2_queue_free+0x6f4/0xa30 [ 387.803672][T12336] vb2_core_reqbufs+0x276/0xfe0 [ 387.803693][T12336] __vb2_cleanup_fileio+0xed/0x190 [ 387.803715][T12336] vb2_core_queue_release+0x1f/0x190 [ 387.803737][T12336] _vb2_fop_release+0xe8/0x280 [ 387.803772][T12336] vivid_fop_release+0x155/0xc40 [ 387.803807][T12336] v4l2_release+0x232/0x460 [ 387.803840][T12336] __fput+0x402/0xb70 [ 387.803859][T12336] task_work_run+0x14d/0x240 [ 387.803892][T12336] exit_to_user_mode_loop+0xeb/0x110 [ 387.803927][T12336] do_syscall_64+0x3f6/0x490 [ 387.803962][T12336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.803984][T12336] [ 387.803989][T12336] The buggy address belongs to the object at ffff888025aa5000 [ 387.803989][T12336] which belongs to the cache kmalloc-2k of size 2048 [ 387.804007][T12336] The buggy address is located 96 bytes to the right of [ 387.804007][T12336] allocated 2048-byte region [ffff888025aa5000, ffff888025aa5800) [ 387.804031][T12336] [ 387.804036][T12336] The buggy address belongs to the physical page: [ 387.804052][T12336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25aa0 [ 387.804073][T12336] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 387.804091][T12336] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 387.804113][T12336] page_type: f5(slab) [ 387.804133][T12336] raw: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001 [ 387.804154][T12336] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 387.804176][T12336] head: 00fff00000000040 ffff88801b842000 0000000000000000 dead000000000001 [ 387.804197][T12336] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 387.804218][T12336] head: 00fff00000000003 ffffea000096a801 00000000ffffffff 00000000ffffffff [ 387.804239][T12336] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 387.804252][T12336] page dumped because: kasan: bad access detected [ 387.804263][T12336] page_owner tracks the page as allocated [ 387.804270][T12336] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 14613808361, free_ts 0 [ 387.804309][T12336] post_alloc_hook+0x1c0/0x230 [ 387.804339][T12336] get_page_from_freelist+0x1321/0x3890 [ 387.804371][T12336] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 387.804405][T12336] alloc_pages_mpol+0x1fb/0x550 [ 387.804424][T12336] new_slab+0x23b/0x330 [ 387.804449][T12336] ___slab_alloc+0xd9c/0x1940 [ 387.804476][T12336] __slab_alloc.constprop.0+0x56/0xb0 [ 387.804505][T12336] __kmalloc_cache_noprof+0xfb/0x3e0 [ 387.804533][T12336] serial_base_ctrl_add+0x4c/0x3b0 [ 387.804556][T12336] serial_core_register_port+0x3a1/0x2570 [ 387.804578][T12336] serial8250_register_8250_port+0x159b/0x23c0 [ 387.804608][T12336] serial_pnp_probe+0x431/0x910 [ 387.804636][T12336] pnp_device_probe+0x2a5/0x4d0 [ 387.804658][T12336] really_probe+0x241/0xa90 [ 387.804690][T12336] __driver_probe_device+0x1de/0x440 [ 387.804723][T12336] driver_probe_device+0x4c/0x1b0 [ 387.804756][T12336] page_owner free stack trace missing [ 387.804763][T12336] [ 387.804768][T12336] Memory state around the buggy address: [ 387.804779][T12336] ffff888025aa5700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 387.804795][T12336] ffff888025aa5780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 387.804811][T12336] >ffff888025aa5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 387.804830][T12336] ^ [ 387.804843][T12336] ffff888025aa5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 387.804859][T12336] ffff888025aa5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 387.804872][T12336] ================================================================== [ 387.827513][T12336] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 387.827533][T12336] CPU: 1 UID: 0 PID: 12336 Comm: syz.1.2534 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 387.827569][T12336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 387.827584][T12336] Call Trace: [ 387.827591][T12336] [ 387.827600][T12336] dump_stack_lvl+0x3d/0x1f0 [ 387.827640][T12336] panic+0x71c/0x800 [ 387.827672][T12336] ? __pfx_panic+0x10/0x10 [ 387.827704][T12336] ? irqentry_exit+0x3b/0x90 [ 387.827739][T12336] ? lockdep_hardirqs_on+0x7c/0x110 [ 387.827794][T12336] ? preempt_schedule_thunk+0x16/0x30 [ 387.827831][T12336] ? fbcon_prepare_logo+0xa03/0xc70 [ 387.827868][T12336] ? preempt_schedule_common+0x44/0xc0 [ 387.827906][T12336] ? fbcon_prepare_logo+0xa03/0xc70 [ 387.827941][T12336] check_panic_on_warn+0xab/0xb0 [ 387.827976][T12336] end_report+0x107/0x170 [ 387.828013][T12336] kasan_report+0xee/0x110 [ 387.828034][T12336] ? fbcon_prepare_logo+0xa03/0xc70 [ 387.828074][T12336] kasan_check_range+0x100/0x1b0 [ 387.828100][T12336] __asan_memcpy+0x23/0x60 [ 387.828130][T12336] fbcon_prepare_logo+0xa03/0xc70 [ 387.828172][T12336] fbcon_init+0xd77/0x1900 [ 387.828208][T12336] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 387.828249][T12336] visual_init+0x320/0x620 [ 387.828279][T12336] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 387.828319][T12336] store_bind+0x61d/0x760 [ 387.828357][T12336] ? sysfs_file_kobj+0xe4/0x290 [ 387.828386][T12336] ? __pfx_store_bind+0x10/0x10 [ 387.828418][T12336] dev_attr_store+0x58/0x80 [ 387.828439][T12336] ? __pfx_dev_attr_store+0x10/0x10 [ 387.828460][T12336] sysfs_kf_write+0xf2/0x150 [ 387.828493][T12336] kernfs_fop_write_iter+0x351/0x510 [ 387.828517][T12336] ? __pfx_sysfs_kf_write+0x10/0x10 [ 387.828546][T12336] vfs_write+0x6c4/0x1150 [ 387.828579][T12336] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 387.828605][T12336] ? __pfx___mutex_lock+0x10/0x10 [ 387.828642][T12336] ? __pfx_vfs_write+0x10/0x10 [ 387.828684][T12336] ksys_write+0x12a/0x250 [ 387.828717][T12336] ? __pfx_ksys_write+0x10/0x10 [ 387.828755][T12336] do_syscall_64+0xcd/0x490 [ 387.828793][T12336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.828823][T12336] RIP: 0033:0x7f78f018e929 [ 387.828841][T12336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.828865][T12336] RSP: 002b:00007f78f0f3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 387.828887][T12336] RAX: ffffffffffffffda RBX: 00007f78f03b5fa0 RCX: 00007f78f018e929 [ 387.828903][T12336] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 387.828918][T12336] RBP: 00007f78f0210b39 R08: 0000000000000000 R09: 0000000000000000 [ 387.828933][T12336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.828947][T12336] R13: 0000000000000000 R14: 00007f78f03b5fa0 R15: 00007ffd73e936c8 [ 387.828970][T12336] [ 387.829045][T12336] Kernel Offset: disabled