last executing test programs:
4.773419322s ago: executing program 3 (id=6294):
mmap$auto(0x0, 0x4020009, 0x7, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
setsockopt$auto(0xffffffffffffffff, 0x6a, 0x3, 0x0, 0xc)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000)
sendmsg$auto_NL802154_CMD_SET_SHORT_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040040}, 0x80)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x4002, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0xa, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
io_uring_setup$auto(0x7, 0x0)
3.235402038s ago: executing program 3 (id=6306):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x0, 0x2000040080000004, 0xe)
listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0)
write$auto(r0, 0x0, 0x2b6)
2.973214986s ago: executing program 1 (id=6307):
mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x2, 0x1)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendto$auto(0x3, 0x0, 0xfdef, 0xe, &(0x7f0000000100)=@in={0x2, 0x0, @rand_addr=0xe0000700}, 0x19)
2.732872999s ago: executing program 1 (id=6310):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x1e, 0x805, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
sysfs$auto(0x2, 0x19, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
fsopen$auto(0x0, 0x1)
fsconfig$auto(r0, 0x3, &(0x7f0000000000)='4\x93f\x06\x04\x00\x00', &(0x7f0000000040), 0x7f)
2.584186777s ago: executing program 2 (id=6312):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bpq3/statistics/rx_packets\x00', 0xa0140, 0x0)
socketpair$auto(0x1e, 0x1, 0xffffffff, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0)
2.503555595s ago: executing program 1 (id=6313):
close_range$auto(0x2, 0xa, 0x0)
socket(0x11, 0x80003, 0x300)
openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_marker_raw\x00', 0x401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0)
unshare$auto(0x40000080)
write$auto(0x3, 0x0, 0x7)
2.490693309s ago: executing program 3 (id=6314):
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027617c36720add70ab0343990f7d0bbc96dc0b"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
read$auto(r0, &(0x7f0000000040)='\x00', 0x10001)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="01202cbd7000fbdbdf250a"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
2.278404703s ago: executing program 2 (id=6317):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
setsockopt$auto(0x3, 0x10000000084, 0x84, 0x0, 0x90)
1.961243472s ago: executing program 3 (id=6318):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
socket(0x29, 0x5, 0x0)
write$auto(0x3, 0x0, 0x100082)
write$auto(0x3, 0x0, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
semctl$auto(0x1ff, 0x2, 0x13, 0x1)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)
1.858137882s ago: executing program 1 (id=6320):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
mkdir$auto(0x0, 0x353)
1.736811956s ago: executing program 0 (id=6321):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000b80), r0)
sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}}, 0x40040)
syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000040), r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
read$auto(0x3, 0x0, 0xfffffdef)
r2 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x3b72, 0x0)
1.526585294s ago: executing program 0 (id=6322):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_setup$auto(0x100, 0x0)
mlockall$auto(0x7)
mbind$auto(0xf000, 0x8000000000000001, 0x100000000, 0x0, 0x6, 0x2)
socket(0x18, 0x5, 0x0)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000001}, 0x4880)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
1.525870185s ago: executing program 2 (id=6323):
socket(0xa, 0x1, 0x100)
mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x568)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000)
move_pages$auto(0x0, 0xd0, &(0x7f0000001100)=0x0, 0x0, 0x0, 0x2)
setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b)
1.07256577s ago: executing program 0 (id=6324):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
madvise$auto(0x0, 0x2000040080000004, 0xe)
listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0)
write$auto(r0, 0x0, 0x2b6)
1.072446472s ago: executing program 1 (id=6325):
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r1)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48302, 0x0)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x40000104, 0x400, 0x6}]})
1.070392377s ago: executing program 3 (id=6326):
r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, 0x0, 0x800)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
getsockopt$auto(0xffffffffffffffff, 0x84, 0xff, 0x0, 0x0)
openat$auto_urandom_fops_random(0xffffffffffffff9c, 0x0, 0x40, 0x0)
bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa)
1.023811837s ago: executing program 2 (id=6327):
r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8402, 0x0)
ioctl$auto_SG_GET_SG_TABLESIZE(r0, 0x227f, 0x0)
sendmmsg$auto(r0, 0x0, 0xb4c, 0x1)
r1 = socket(0x11, 0x80003, 0x300)
sendfile$auto(0x1, r1, 0x0, 0x8fb5)
dup2$auto(0x0, 0x3)
ioctl$auto(0x3, 0x5760, 0xfffffffffffff4e0)
902.595118ms ago: executing program 1 (id=6328):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlock$auto(0x1000, 0x6)
mlockall$auto(0x800000000000005)
madvise$auto(0x0, 0x200007, 0x19)
569.395634ms ago: executing program 32 (id=6328):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlock$auto(0x1000, 0x6)
mlockall$auto(0x800000000000005)
madvise$auto(0x0, 0x200007, 0x19)
551.193157ms ago: executing program 0 (id=6330):
r0 = socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
ustat$auto(0x801, 0x0)
sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0xb, 0x0, 0x1, 0x8}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
247.63812ms ago: executing program 0 (id=6331):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
syz_genetlink_get_family_id$auto_nl80211(0x0, r0)
247.180981ms ago: executing program 3 (id=6332):
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3)
mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000)
unshare$auto(0x40000080)
fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d)
245.304569ms ago: executing program 2 (id=6338):
readlink$auto(&(0x7f0000000040)='./file2/file0\x00', 0x0, 0x6)
timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x9}}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80805, 0x0)
socket(0x18, 0x3, 0x2)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@hci={0x1f, 0x2}, 0x55)
713.275µs ago: executing program 2 (id=6333):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
socket(0x29, 0x5, 0x0)
write$auto(0x3, 0x0, 0x100082)
write$auto(0x3, 0x0, 0x8)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
semctl$auto(0x1ff, 0x2, 0x13, 0x1)
setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9)
0s ago: executing program 0 (id=6341):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
mkdir$auto(0x0, 0x353)
kernel console output (not intermixed with test programs):
syzkaller
syzkaller login:
syzkaller
syzkaller login: [ 461.743441][T14961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3619'.
[ 461.839331][T14965] FAULT_INJECTION: forcing a failure.
[ 461.839331][T14965] name failslab, interval 1, probability 0, space 0, times 0
[ 461.853846][T14965] CPU: 0 UID: 0 PID: 14965 Comm: syz.3.3621 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 461.853903][T14965] Tainted: [U]=USER
[ 461.853914][T14965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 461.853934][T14965] Call Trace:
[ 461.853944][T14965]
[ 461.853957][T14965] dump_stack_lvl+0x16c/0x1f0
[ 461.854017][T14965] should_fail_ex+0x512/0x640
[ 461.854065][T14965] ? __kmalloc_noprof+0xbf/0x510
[ 461.854116][T14965] ? lsm_blob_alloc+0x68/0x90
[ 461.854175][T14965] should_failslab+0xc2/0x120
[ 461.854206][T14965] __kmalloc_noprof+0xd2/0x510
[ 461.854267][T14965] lsm_blob_alloc+0x68/0x90
[ 461.854317][T14965] security_prepare_creds+0x30/0x270
[ 461.854368][T14965] prepare_creds+0x56f/0x7d0
[ 461.854417][T14965] __sys_setfsuid+0xda/0x350
[ 461.854452][T14965] ? rcu_is_watching+0x12/0xc0
[ 461.854488][T14965] do_syscall_64+0xcd/0x490
[ 461.854522][T14965] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 461.854556][T14965] RIP: 0033:0x7f3e1438e929
[ 461.854583][T14965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 461.854616][T14965] RSP: 002b:00007f3e1529f038 EFLAGS: 00000246 ORIG_RAX: 000000000000007a
[ 461.854648][T14965] RAX: ffffffffffffffda RBX: 00007f3e145b5fa0 RCX: 00007f3e1438e929
[ 461.854669][T14965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00
[ 461.854687][T14965] RBP: 00007f3e14410b39 R08: 0000000000000000 R09: 0000000000000000
[ 461.854706][T14965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 461.854725][T14965] R13: 0000000000000000 R14: 00007f3e145b5fa0 R15: 00007ffc7b4bfd08
[ 461.854767][T14965]
[ 462.208801][T14972] FAULT_INJECTION: forcing a failure.
[ 462.208801][T14972] name failslab, interval 1, probability 0, space 0, times 0
[ 462.243967][T14972] CPU: 1 UID: 0 PID: 14972 Comm: syz.1.3624 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 462.244023][T14972] Tainted: [U]=USER
[ 462.244034][T14972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 462.244053][T14972] Call Trace:
[ 462.244064][T14972]
[ 462.244077][T14972] dump_stack_lvl+0x16c/0x1f0
[ 462.244136][T14972] should_fail_ex+0x512/0x640
[ 462.244184][T14972] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 462.244233][T14972] should_failslab+0xc2/0x120
[ 462.244266][T14972] __kmalloc_cache_noprof+0x6a/0x3e0
[ 462.244312][T14972] ? snd_pcm_oss_change_params_locked+0x211/0x3a30
[ 462.244355][T14972] ? kasan_save_track+0x14/0x30
[ 462.244420][T14972] snd_pcm_oss_change_params_locked+0x211/0x3a30
[ 462.244467][T14972] ? rcu_is_watching+0x12/0xc0
[ 462.244505][T14972] ? __mutex_lock+0x1ca/0xb90
[ 462.244540][T14972] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 462.244585][T14972] ? __pfx___mutex_lock+0x10/0x10
[ 462.244613][T14972] ? kick_process+0xf6/0x1b0
[ 462.244671][T14972] ? __fsnotify_parent+0x24b/0xc40
[ 462.244728][T14972] snd_pcm_oss_make_ready+0xe6/0x1b0
[ 462.244769][T14972] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 462.244807][T14972] snd_pcm_oss_sync+0x1de/0x840
[ 462.244852][T14972] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 462.244891][T14972] snd_pcm_oss_release+0x28b/0x310
[ 462.244933][T14972] ? __pfx_snd_pcm_oss_release+0x10/0x10
[ 462.244971][T14972] __fput+0x3ff/0xb70
[ 462.245014][T14972] task_work_run+0x14d/0x240
[ 462.245065][T14972] ? __pfx_task_work_run+0x10/0x10
[ 462.245116][T14972] ? __pfx___do_sys_close_range+0x10/0x10
[ 462.245175][T14972] exit_to_user_mode_loop+0xeb/0x110
[ 462.245228][T14972] do_syscall_64+0x3f6/0x490
[ 462.245262][T14972] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 462.245296][T14972] RIP: 0033:0x7f43ca38e929
[ 462.245322][T14972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 462.245356][T14972] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 462.245397][T14972] RAX: 0000000000000000 RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 462.245418][T14972] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000
[ 462.245437][T14972] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[ 462.245457][T14972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 462.245475][T14972] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 462.245516][T14972]
[ 462.950901][T15001] FAULT_INJECTION: forcing a failure.
[ 462.950901][T15001] name failslab, interval 1, probability 0, space 0, times 0
[ 462.988068][T15001] CPU: 1 UID: 0 PID: 15001 Comm: syz.1.3634 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 462.988136][T15001] Tainted: [U]=USER
[ 462.988147][T15001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 462.988166][T15001] Call Trace:
[ 462.988177][T15001]
[ 462.988190][T15001] dump_stack_lvl+0x16c/0x1f0
[ 462.988246][T15001] should_fail_ex+0x512/0x640
[ 462.988294][T15001] ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 462.988355][T15001] should_failslab+0xc2/0x120
[ 462.988386][T15001] kmem_cache_alloc_noprof+0x6d/0x3b0
[ 462.988435][T15001] ? __pfx_map_id_range_down+0x10/0x10
[ 462.988483][T15001] ? prepare_creds+0x2c/0x7d0
[ 462.988536][T15001] prepare_creds+0x2c/0x7d0
[ 462.988586][T15001] __sys_setfsuid+0xda/0x350
[ 462.988620][T15001] ? rcu_is_watching+0x12/0xc0
[ 462.988656][T15001] do_syscall_64+0xcd/0x490
[ 462.988689][T15001] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 462.988723][T15001] RIP: 0033:0x7f43ca38e929
[ 462.988749][T15001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 462.988783][T15001] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 000000000000007a
[ 462.988814][T15001] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 462.988835][T15001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00
[ 462.988854][T15001] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[ 462.988873][T15001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 462.988891][T15001] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 462.988932][T15001]
[ 463.703415][T15017] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 464.982379][T15064] capability: warning: `syz.1.3658' uses deprecated v2 capabilities in a way that may be insecure
[ 467.263132][T13666] Bluetooth: hci3: unexpected event 0x01 length: 440 > 1
[ 467.626017][ T30] audit: type=1804 audit(4294967322.440:18): pid=15156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3696" name=2F6E6577726F6F742F37302F22050820 dev="tmpfs" ino=371 res=1 errno=0
[ 467.656107][ T30] audit: type=1800 audit(4294967322.440:19): pid=15156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3696" name=22050820 dev="tmpfs" ino=371 res=0 errno=0
[ 469.334769][T15210] netlink: 346 bytes leftover after parsing attributes in process `syz.1.3719'.
[ 471.102149][T15273] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19
[ 472.198568][T15298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3752'.
[ 473.155135][T15316] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20
[ 475.522313][ T30] audit: type=1804 audit(4294967330.330:20): pid=15376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3779" name=22050820 dev="tmpfs" ino=698 res=1 errno=0
[ 475.595256][ T30] audit: type=1800 audit(4294967330.330:21): pid=15376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3779" name=22050820 dev="tmpfs" ino=698 res=0 errno=0
[ 478.439396][T15419] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3800'.
[ 483.137492][T15535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3847'.
[ 483.314235][T15541] FAULT_INJECTION: forcing a failure.
[ 483.314235][T15541] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 483.422579][T15541] CPU: 1 UID: 0 PID: 15541 Comm: syz.1.3850 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 483.422636][T15541] Tainted: [U]=USER
[ 483.422647][T15541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 483.422685][T15541] Call Trace:
[ 483.422696][T15541]
[ 483.422710][T15541] dump_stack_lvl+0x16c/0x1f0
[ 483.422771][T15541] should_fail_ex+0x512/0x640
[ 483.422827][T15541] should_fail_alloc_page+0xe7/0x130
[ 483.422864][T15541] prepare_alloc_pages+0x3c2/0x610
[ 483.422910][T15541] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 483.422965][T15541] ? __alloc_frozen_pages_noprof+0x294/0x23f0
[ 483.423020][T15541] ? kasan_save_stack+0x42/0x60
[ 483.423066][T15541] ? kasan_save_stack+0x33/0x60
[ 483.423120][T15541] ? kasan_save_track+0x14/0x30
[ 483.423168][T15541] ? __kasan_slab_alloc+0x89/0x90
[ 483.423218][T15541] ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[ 483.423267][T15541] ? __pmd_alloc+0xbf/0x930
[ 483.423302][T15541] ? __handle_mm_fault+0xaac/0x5490
[ 483.423343][T15541] ? handle_mm_fault+0x589/0xd10
[ 483.423384][T15541] ? do_user_addr_fault+0x7a6/0x1370
[ 483.423427][T15541] ? exc_page_fault+0x5c/0xb0
[ 483.423473][T15541] ? asm_exc_page_fault+0x26/0x30
[ 483.423508][T15541] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 483.423556][T15541] ? __x64_sys_timer_create+0x199/0x1d0
[ 483.423604][T15541] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 483.423664][T15541] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 483.423718][T15541] ? policy_nodemask+0xea/0x4e0
[ 483.423777][T15541] alloc_pages_mpol+0x1fb/0x550
[ 483.423811][T15541] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 483.423844][T15541] ? do_raw_spin_lock+0x12c/0x2b0
[ 483.423893][T15541] ? find_held_lock+0x2b/0x80
[ 483.423930][T15541] alloc_pages_noprof+0x131/0x390
[ 483.423964][T15541] pte_alloc_one+0x1c/0x3a0
[ 483.424017][T15541] __do_fault+0x320/0x490
[ 483.424066][T15541] ? __pfx_filemap_map_pages+0x10/0x10
[ 483.424128][T15541] __handle_mm_fault+0x374c/0x5490
[ 483.424187][T15541] ? __pfx___handle_mm_fault+0x10/0x10
[ 483.424228][T15541] ? __pfx_mt_find+0x10/0x10
[ 483.424285][T15541] ? find_vma+0xbf/0x140
[ 483.424318][T15541] ? __pfx_find_vma+0x10/0x10
[ 483.424356][T15541] handle_mm_fault+0x589/0xd10
[ 483.424401][T15541] ? __pkru_allows_pkey+0x41/0xb0
[ 483.424449][T15541] do_user_addr_fault+0x7a6/0x1370
[ 483.424500][T15541] ? rcu_is_watching+0x12/0xc0
[ 483.424537][T15541] exc_page_fault+0x5c/0xb0
[ 483.424588][T15541] asm_exc_page_fault+0x26/0x30
[ 483.424620][T15541] RIP: 0010:rep_movs_alternative+0x11/0x90
[ 483.424664][T15541] Code: c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 bd 10 04 00 66 66 2e 0f
[ 483.424699][T15541] RSP: 0018:ffffc9000e8c7d20 EFLAGS: 00050202
[ 483.424727][T15541] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000004
[ 483.424747][T15541] RDX: fffff52001d18fbb RSI: ffffc9000e8c7dd8 RDI: 0000000000000000
[ 483.424767][T15541] RBP: 0000000000000000 R08: 0000000000000000 R09: fffff52001d18fbb
[ 483.424786][T15541] R10: 0000000000000003 R11: 0000000000000001 R12: ffffc9000e8c7dd8
[ 483.424805][T15541] R13: 0000000000000004 R14: 00007ffffffff000 R15: 0000000000000000
[ 483.424846][T15541] _copy_to_user+0xbb/0xd0
[ 483.424903][T15541] do_timer_create+0x6dc/0x14e0
[ 483.424956][T15541] ? __pfx_do_timer_create+0x10/0x10
[ 483.425000][T15541] ? __pfx_do_futex+0x10/0x10
[ 483.425055][T15541] __x64_sys_timer_create+0x199/0x1d0
[ 483.425116][T15541] ? __pfx___x64_sys_timer_create+0x10/0x10
[ 483.425162][T15541] ? fput+0x70/0xf0
[ 483.425195][T15541] ? xfd_validate_state+0x61/0x180
[ 483.425238][T15541] ? __pfx_ksys_write+0x10/0x10
[ 483.425298][T15541] do_syscall_64+0xcd/0x490
[ 483.425333][T15541] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 483.425366][T15541] RIP: 0033:0x7f43ca38e929
[ 483.425394][T15541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 483.425427][T15541] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de
[ 483.425458][T15541] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 483.425479][T15541] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[ 483.425497][T15541] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[ 483.425517][T15541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 483.425536][T15541] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 483.425579][T15541]
[ 484.548390][T15550] netlink: 206 bytes leftover after parsing attributes in process `syz.2.3852'.
[ 484.586060][T15549] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3853'.
[ 487.363197][T15598] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3873'.
[ 487.956778][T15608] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input21
[ 488.304067][T15614] netlink: set zone limit has 8 unknown bytes
[ 490.634892][T15664] netlink: 130 bytes leftover after parsing attributes in process `syz.1.3898'.
[ 490.961266][T15666] nbd: socks must be embedded in a SOCK_ITEM attr
[ 490.968667][T15666] block nbd3: shutting down sockets
[ 493.054942][T15704] sd 0:0:1:0: PR command failed: 1026
[ 493.068113][T15704] sd 0:0:1:0: Sense Key : Illegal Request [current]
[ 493.098200][T15704] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 494.100504][T15720] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3923'.
[ 494.472031][T15725] zswap: compressor 000 not available
[ 495.235909][T15752] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 496.793135][T15802] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3955'.
[ 496.989225][T15807] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3957'.
[ 497.803429][T15826] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3963'.
[ 498.401570][T15840] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3970'.
[ 498.946675][T15852] netlink: 'syz.1.3975': attribute type 21 has an invalid length.
[ 498.994019][T15852] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3975'.
[ 499.191126][T15857] netlink: 'syz.2.3977': attribute type 1 has an invalid length.
[ 499.293340][T15862] openvswitch: netlink: IP tunnel dst address not specified
[ 499.340083][T15862] openvswitch: netlink: IP tunnel dst address not specified
[ 500.803958][T15897] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3992'.
[ 500.810570][T13666] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260
[ 500.812908][T13666] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260
[ 500.827982][T13666] Bluetooth: hci2: Unknown advertising packet type: 0x7f
[ 500.828040][T13666] Bluetooth: hci2: adv larger than maximum supported
[ 500.835499][T13666] Bluetooth: hci2: Malformed LE Event: 0x0d
[ 500.863779][T15897] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3992'.
[ 501.378881][T15914] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4000'.
[ 501.570842][T15922] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4004'.
[ 501.858192][T15931] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4008'.
[ 502.579287][T15955] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4020'.
[ 502.607343][T15958] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4019'.
[ 503.372406][T15988] netlink: 'syz.0.4032': attribute type 15 has an invalid length.
[ 503.380616][T15988] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4032'.
[ 503.580535][T15997] netlink: 'syz.3.4034': attribute type 1 has an invalid length.
[ 504.798177][T16029] zswap: compressor not available
[ 504.896839][T16041] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4054'.
[ 505.638252][T16063] netlink: 'syz.0.4063': attribute type 11 has an invalid length.
[ 505.715622][T16065] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4064'.
[ 505.732294][T16067] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4065'.
[ 507.777019][T16129] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4090'.
[ 509.051545][T16168] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4109'.
[ 509.596129][T16181] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4113'.
[ 509.863997][T16192] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^'
[ 510.716211][T16217] FAULT_INJECTION: forcing a failure.
[ 510.716211][T16217] name failslab, interval 1, probability 0, space 0, times 0
[ 510.770940][T16217] CPU: 0 UID: 0 PID: 16217 Comm: syz.2.4128 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 510.770997][T16217] Tainted: [U]=USER
[ 510.771007][T16217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 510.771026][T16217] Call Trace:
[ 510.771037][T16217]
[ 510.771049][T16217] dump_stack_lvl+0x16c/0x1f0
[ 510.771106][T16217] should_fail_ex+0x512/0x640
[ 510.771157][T16217] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 510.771206][T16217] should_failslab+0xc2/0x120
[ 510.771238][T16217] __kmalloc_cache_noprof+0x6a/0x3e0
[ 510.771286][T16217] ? nci_allocate_device+0x105/0x430
[ 510.771337][T16217] nci_allocate_device+0x105/0x430
[ 510.771386][T16217] virtual_ncidev_open+0x6f/0x220
[ 510.771427][T16217] ? __pfx_virtual_ncidev_open+0x10/0x10
[ 510.771469][T16217] misc_open+0x35d/0x420
[ 510.771519][T16217] ? __pfx_misc_open+0x10/0x10
[ 510.771560][T16217] chrdev_open+0x231/0x6a0
[ 510.771614][T16217] ? __pfx_apparmor_file_open+0x10/0x10
[ 510.771656][T16217] ? __pfx_chrdev_open+0x10/0x10
[ 510.771712][T16217] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 510.771766][T16217] do_dentry_open+0x744/0x1c10
[ 510.771815][T16217] ? __pfx_chrdev_open+0x10/0x10
[ 510.771877][T16217] vfs_open+0x82/0x3f0
[ 510.771919][T16217] path_openat+0x1de4/0x2cb0
[ 510.771983][T16217] ? __pfx_path_openat+0x10/0x10
[ 510.772032][T16217] ? __lock_acquire+0xb8a/0x1c90
[ 510.772081][T16217] do_filp_open+0x20b/0x470
[ 510.772129][T16217] ? __pfx_do_filp_open+0x10/0x10
[ 510.772212][T16217] ? alloc_fd+0x471/0x7d0
[ 510.772268][T16217] do_sys_openat2+0x11b/0x1d0
[ 510.772305][T16217] ? __pfx_do_sys_openat2+0x10/0x10
[ 510.772360][T16217] __x64_sys_openat+0x174/0x210
[ 510.772398][T16217] ? __pfx___x64_sys_openat+0x10/0x10
[ 510.772455][T16217] do_syscall_64+0xcd/0x490
[ 510.772488][T16217] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 510.772531][T16217] RIP: 0033:0x7f43ba78e929
[ 510.772558][T16217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 510.772593][T16217] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 510.772626][T16217] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[ 510.772648][T16217] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 510.772668][T16217] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[ 510.772687][T16217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 510.772706][T16217] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[ 510.772749][T16217]
[ 511.046611][T16222] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^'
[ 511.942795][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 511.950069][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 512.063539][T16242] netlink: 'syz.2.4137': attribute type 64 has an invalid length.
[ 512.080269][T16242] netlink: 74 bytes leftover after parsing attributes in process `syz.2.4137'.
[ 512.257116][T16210] kexec: Could not allocate control_code_buffer
[ 512.391175][T16253] cifs: Unknown parameter 'no+ 1`rsFn)aHāh`9kA}1\D@.ZCg^'
[ 512.577535][T16258] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4144'.
[ 512.761591][T16262] FAULT_INJECTION: forcing a failure.
[ 512.761591][T16262] name failslab, interval 1, probability 0, space 0, times 0
[ 512.778318][T16262] CPU: 1 UID: 0 PID: 16262 Comm: syz.2.4146 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 512.778384][T16262] Tainted: [U]=USER
[ 512.778394][T16262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 512.778412][T16262] Call Trace:
[ 512.778422][T16262]
[ 512.778433][T16262] dump_stack_lvl+0x16c/0x1f0
[ 512.778491][T16262] should_fail_ex+0x512/0x640
[ 512.778537][T16262] ? fs_reclaim_acquire+0xae/0x150
[ 512.778578][T16262] ? ima_alloc_init_template+0x19d/0x720
[ 512.778609][T16262] should_failslab+0xc2/0x120
[ 512.778640][T16262] __kmalloc_noprof+0xd2/0x510
[ 512.778705][T16262] ? __print_lock_name+0xb1/0xe0
[ 512.778745][T16262] ima_alloc_init_template+0x19d/0x720
[ 512.778781][T16262] ? take_dentry_name_snapshot+0x319/0x7d0
[ 512.778823][T16262] ima_store_measurement+0x1eb/0x5c0
[ 512.778860][T16262] ? __pfx_ima_store_measurement+0x10/0x10
[ 512.778896][T16262] ? vfs_getxattr_alloc+0xec/0x340
[ 512.778953][T16262] ? __pfx_ima_get_hash_algo+0x10/0x10
[ 512.779009][T16262] process_measurement+0x1ddb/0x23e0
[ 512.779076][T16262] ? __pfx_process_measurement+0x10/0x10
[ 512.779133][T16262] ? alloc_empty_file+0x73/0x1e0
[ 512.779167][T16262] ? hugetlb_file_setup+0x4cd/0x620
[ 512.779201][T16262] ? ksys_mmap_pgoff+0x189/0x5c0
[ 512.779239][T16262] ? __x64_sys_mmap+0x125/0x190
[ 512.779355][T16262] ima_file_mmap+0x1b1/0x1d0
[ 512.779405][T16262] ? __pfx_ima_file_mmap+0x10/0x10
[ 512.779468][T16262] security_mmap_file+0x88c/0x990
[ 512.779515][T16262] vm_mmap_pgoff+0xec/0x450
[ 512.779552][T16262] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 512.779582][T16262] ? __pfx_alloc_file_pseudo+0x10/0x10
[ 512.779621][T16262] ? hugetlbfs_get_inode+0x31f/0x730
[ 512.779667][T16262] ksys_mmap_pgoff+0x1c8/0x5c0
[ 512.779711][T16262] __x64_sys_mmap+0x125/0x190
[ 512.779761][T16262] do_syscall_64+0xcd/0x490
[ 512.779795][T16262] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 512.779827][T16262] RIP: 0033:0x7f43ba78e929
[ 512.779855][T16262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 512.779889][T16262] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 512.779920][T16262] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[ 512.779941][T16262] RDX: 00004000000000df RSI: 0000000000000004 RDI: 0000000000000000
[ 512.779960][T16262] RBP: 00007f43ba810b39 R08: 0000000000000401 R09: 0000300000000000
[ 512.779981][T16262] R10: 0000000000040eb1 R11: 0000000000000246 R12: 0000000000000000
[ 512.780000][T16262] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[ 512.780043][T16262]
[ 512.781695][ T30] audit: type=1804 audit(4294967299.000:22): pid=16262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.2.4146" name="anon_hugepage" dev="hugetlbfs" ino=43274 res=0 errno=0
[ 513.856572][T13666] Bluetooth: hci2: SCO packet for unknown connection handle 0
[ 514.128623][T16301] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4163'.
[ 515.071053][T16324] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4172'.
[ 515.086753][T16324] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4172'.
[ 517.008826][T16364] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4188'.
[ 517.111480][T16362] netlink: 74 bytes leftover after parsing attributes in process `syz.0.4187'.
[ 517.280279][T16372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4191'.
[ 517.515311][T16380] netlink: 'syz.0.4193': attribute type 64 has an invalid length.
[ 517.526405][T16380] netlink: 74 bytes leftover after parsing attributes in process `syz.0.4193'.
[ 517.881588][T16392] FAULT_INJECTION: forcing a failure.
[ 517.881588][T16392] name failslab, interval 1, probability 0, space 0, times 0
[ 517.896522][T16392] CPU: 0 UID: 0 PID: 16392 Comm: syz.2.4199 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 517.896576][T16392] Tainted: [U]=USER
[ 517.896587][T16392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 517.896633][T16392] Call Trace:
[ 517.896644][T16392]
[ 517.896657][T16392] dump_stack_lvl+0x16c/0x1f0
[ 517.896713][T16392] should_fail_ex+0x512/0x640
[ 517.896761][T16392] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 517.896809][T16392] should_failslab+0xc2/0x120
[ 517.896842][T16392] __kmalloc_cache_noprof+0x6a/0x3e0
[ 517.896888][T16392] ? snd_pcm_oss_change_params_locked+0x247/0x3a30
[ 517.896929][T16392] ? kasan_save_track+0x14/0x30
[ 517.896982][T16392] snd_pcm_oss_change_params_locked+0x247/0x3a30
[ 517.897033][T16392] ? rcu_is_watching+0x12/0xc0
[ 517.897071][T16392] ? __mutex_lock+0x1ca/0xb90
[ 517.897099][T16392] ? lockdep_hardirqs_on+0x7c/0x110
[ 517.897155][T16392] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 517.897199][T16392] ? __pfx___mutex_lock+0x10/0x10
[ 517.897227][T16392] ? tomoyo_path_number_perm+0x295/0x580
[ 517.897281][T16392] ? __lock_acquire+0xb8a/0x1c90
[ 517.897337][T16392] snd_pcm_oss_get_active_substream+0x168/0x1d0
[ 517.897385][T16392] snd_pcm_oss_get_formats+0x7e/0x340
[ 517.897421][T16392] ? find_held_lock+0x2b/0x80
[ 517.897454][T16392] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10
[ 517.897491][T16392] ? __might_fault+0x13b/0x190
[ 517.897551][T16392] snd_pcm_oss_ioctl+0x2efb/0x37a0
[ 517.897591][T16392] ? find_held_lock+0x2b/0x80
[ 517.897622][T16392] ? hook_file_ioctl_common+0x145/0x410
[ 517.897659][T16392] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[ 517.897704][T16392] ? __fget_files+0x20e/0x3c0
[ 517.897755][T16392] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[ 517.897803][T16392] __x64_sys_ioctl+0x18b/0x210
[ 517.897842][T16392] do_syscall_64+0xcd/0x490
[ 517.897876][T16392] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 517.897910][T16392] RIP: 0033:0x7f43ba78e929
[ 517.897938][T16392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 517.897971][T16392] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 517.898003][T16392] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[ 517.898037][T16392] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000004
[ 517.898057][T16392] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[ 517.898076][T16392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 517.898097][T16392] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[ 517.898141][T16392]
[ 519.278676][T16430] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4211'.
[ 519.410949][T16433] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4212'.
[ 519.718129][T16446] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4218'.
[ 519.896477][T16453] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4221'.
[ 520.036501][T16457] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4223'.
[ 520.129627][T16461] netlink: 'syz.2.4225': attribute type 13 has an invalid length.
[ 520.649273][T16487] FAULT_INJECTION: forcing a failure.
[ 520.649273][T16487] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 520.663787][T16487] CPU: 1 UID: 0 PID: 16487 Comm: syz.2.4236 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 520.663850][T16487] Tainted: [U]=USER
[ 520.663861][T16487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 520.663880][T16487] Call Trace:
[ 520.663890][T16487]
[ 520.663902][T16487] dump_stack_lvl+0x16c/0x1f0
[ 520.663962][T16487] should_fail_ex+0x512/0x640
[ 520.664016][T16487] core_sys_select+0x949/0xc10
[ 520.664073][T16487] ? __pfx_core_sys_select+0x10/0x10
[ 520.664172][T16487] ? set_user_sigmask+0x21b/0x2b0
[ 520.664203][T16487] ? __pfx_set_user_sigmask+0x10/0x10
[ 520.664231][T16487] ? find_held_lock+0x2b/0x80
[ 520.664272][T16487] do_pselect.constprop.0+0x19f/0x1e0
[ 520.664320][T16487] ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 520.664374][T16487] ? __x64_sys_futex+0x1e0/0x4c0
[ 520.664418][T16487] __x64_sys_pselect6+0x182/0x240
[ 520.664464][T16487] ? __pfx___x64_sys_pselect6+0x10/0x10
[ 520.664521][T16487] do_syscall_64+0xcd/0x490
[ 520.664553][T16487] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 520.664586][T16487] RIP: 0033:0x7f43ba78e929
[ 520.664610][T16487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 520.664641][T16487] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 520.664671][T16487] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[ 520.664692][T16487] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[ 520.664712][T16487] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[ 520.664730][T16487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 520.664747][T16487] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[ 520.664787][T16487]
[ 521.209539][T16499] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4242'.
[ 521.490148][T13666] Bluetooth: hci1: SCO packet for unknown connection handle 0
[ 522.173126][T16531] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4255'.
[ 522.297581][T16535] netlink: 206 bytes leftover after parsing attributes in process `syz.3.4257'.
[ 522.503485][T16544] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 522.514524][T16544] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8
[ 523.193707][T16565] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4270'.
[ 524.128280][T16593] netlink: 206 bytes leftover after parsing attributes in process `syz.3.4281'.
[ 524.222981][T16595] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 524.763100][ T30] audit: type=1800 audit(4294967306.900:23): pid=16616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4293" name="file0" dev="tmpfs" ino=5593 res=0 errno=0
[ 526.693642][T16689] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4322'.
[ 527.350452][T16718] sctp: [Deprecated]: syz.1.4332 (pid 16718) Use of int in max_burst socket option deprecated.
[ 527.350452][T16718] Use struct sctp_assoc_value instead
[ 528.922422][T16763] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4353'.
[ 529.243713][T16770] Invalid ELF header magic: != ELF
[ 529.654594][T16787] netlink: 'syz.3.4364': attribute type 3 has an invalid length.
[ 530.877056][T16829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4382'.
[ 530.894638][T16829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4382'.
[ 531.796725][T16850] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4392'.
[ 532.687080][T16878] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4402'.
[ 532.702714][T16878] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4402'.
[ 532.714353][T16879] netlink: 130 bytes leftover after parsing attributes in process `syz.3.4403'.
[ 533.232911][T16896] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4411'.
[ 533.264364][T16896] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4411'.
[ 534.500204][T13666] Bluetooth: hci2: command 0x0406 tx timeout
[ 534.882495][T16944] netlink: 'syz.3.4432': attribute type 1 has an invalid length.
[ 535.398300][T16955] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4436'.
[ 535.918710][T16970] Device name cannot be null; rc = [-22]
[ 536.400221][T16978] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4445'.
[ 539.968279][T17061] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4476'.
[ 540.284221][T17063] zswap: compressor not available
[ 541.984094][T17110] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4494'.
[ 542.789600][T17129] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4502'.
[ 542.975108][T17132] nbd: must specify at least one socket
[ 544.362940][T17167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4517'.
[ 544.417982][T17171] netlink: 206 bytes leftover after parsing attributes in process `syz.2.4521'.
[ 545.557138][T17195] lo: entered allmulticast mode
[ 545.725668][T17196] lo: left allmulticast mode
[ 548.256848][T17251] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4552'.
[ 548.364264][T17254] netlink: 346 bytes leftover after parsing attributes in process `syz.2.4554'.
[ 548.589493][T17259] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4556'.
[ 548.691650][T17262] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4557'.
[ 550.189790][T17300] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4575'.
[ 551.196001][T17335] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4590'.
[ 551.328491][T17341] random: crng reseeded on system resumption
[ 551.679177][T17354] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4598'.
[ 551.736123][T17349] sctp: [Deprecated]: syz.3.4595 (pid 17349) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 551.736123][T17349] Use struct sctp_sack_info instead
[ 552.429228][T17370] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4603'.
[ 552.892596][T17387] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4610'.
[ 553.787392][T17414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4620'.
[ 553.824428][T17414] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4620'.
[ 556.468478][T17489] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4650'.
[ 556.593703][T17491] netlink: 346 bytes leftover after parsing attributes in process `syz.1.4652'.
[ 556.988770][T17503] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4657'.
[ 557.364139][T17511] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4667'.
[ 557.846771][T17522] netlink: 'syz.0.4664': attribute type 1 has an invalid length.
[ 557.867582][T17522] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4664'.
[ 557.889821][T17522] netlink: 'syz.0.4664': attribute type 1 has an invalid length.
[ 557.908094][T17522] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4664'.
[ 558.524174][T17534] GUP no longer grows the stack in syz.3.4671 (17534): 14000-401000 (4000)
[ 558.544403][T17534] CPU: 0 UID: 0 PID: 17534 Comm: syz.3.4671 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 558.544461][T17534] Tainted: [U]=USER
[ 558.544473][T17534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 558.544492][T17534] Call Trace:
[ 558.544501][T17534]
[ 558.544515][T17534] dump_stack_lvl+0x16c/0x1f0
[ 558.544574][T17534] gup_vma_lookup+0x1d2/0x220
[ 558.544610][T17534] __get_user_pages+0x271/0x3b80
[ 558.544662][T17534] ? process_vm_rw_core.constprop.0+0x1d8/0x9a0
[ 558.544716][T17534] ? kasan_save_stack+0x42/0x60
[ 558.544765][T17534] ? __pfx___get_user_pages+0x10/0x10
[ 558.544800][T17534] ? register_lock_class+0x41/0x4c0
[ 558.544842][T17534] ? __x64_sys_process_vm_readv+0xe2/0x1c0
[ 558.544894][T17534] ? do_syscall_64+0xcd/0x490
[ 558.544936][T17534] __gup_longterm_locked+0x20d/0x1850
[ 558.544977][T17534] ? __lock_acquire+0xb8a/0x1c90
[ 558.545027][T17534] ? __pfx___gup_longterm_locked+0x10/0x10
[ 558.545088][T17534] pin_user_pages_remote+0xed/0x140
[ 558.545138][T17534] ? __pfx_pin_user_pages_remote+0x10/0x10
[ 558.545174][T17534] ? mm_access+0x22d/0x2e0
[ 558.545228][T17534] process_vm_rw_core.constprop.0+0x41b/0x9a0
[ 558.545304][T17534] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[ 558.545363][T17534] ? iovec_from_user+0xbb/0x140
[ 558.545415][T17534] ? iovec_from_user+0xbb/0x140
[ 558.545451][T17534] process_vm_rw+0x216/0x2c0
[ 558.545505][T17534] ? __pfx_process_vm_rw+0x10/0x10
[ 558.545570][T17534] ? task_mm_cid_work+0x37b/0x910
[ 558.545642][T17534] ? xfd_validate_state+0x61/0x180
[ 558.545686][T17534] ? __task_pid_nr_ns+0x17c/0x500
[ 558.545736][T17534] __x64_sys_process_vm_readv+0xe2/0x1c0
[ 558.545791][T17534] ? do_syscall_64+0x91/0x490
[ 558.545819][T17534] ? lockdep_hardirqs_on+0x7c/0x110
[ 558.545870][T17534] do_syscall_64+0xcd/0x490
[ 558.545903][T17534] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 558.545937][T17534] RIP: 0033:0x7f3e1438e929
[ 558.545964][T17534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 558.545999][T17534] RSP: 002b:00007f3e1529f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[ 558.546031][T17534] RAX: ffffffffffffffda RBX: 00007f3e145b5fa0 RCX: 00007f3e1438e929
[ 558.546053][T17534] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 000000000000033a
[ 558.546073][T17534] RBP: 00007f3e14410b39 R08: 0000000000000003 R09: 0000000000000000
[ 558.546093][T17534] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[ 558.546123][T17534] R13: 0000000000000000 R14: 00007f3e145b5fa0 R15: 00007ffc7b4bfd08
[ 558.546167][T17534]
[ 558.958243][T17542] binder: 17541:17542 ioctl 600004 3 returned -22
[ 559.798869][T17572] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4685'.
[ 559.823785][T17572] gre0: entered promiscuous mode
[ 559.834870][T17572] gre0: entered allmulticast mode
[ 560.060735][T17577] FAULT_INJECTION: forcing a failure.
[ 560.060735][T17577] name failslab, interval 1, probability 0, space 0, times 0
[ 560.127908][T17577] CPU: 1 UID: 0 PID: 17577 Comm: syz.2.4688 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 560.127964][T17577] Tainted: [U]=USER
[ 560.127974][T17577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 560.127994][T17577] Call Trace:
[ 560.128013][T17577]
[ 560.128027][T17577] dump_stack_lvl+0x16c/0x1f0
[ 560.128086][T17577] should_fail_ex+0x512/0x640
[ 560.128137][T17577] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 560.128185][T17577] should_failslab+0xc2/0x120
[ 560.128218][T17577] __kmalloc_cache_noprof+0x6a/0x3e0
[ 560.128262][T17577] ? _raw_spin_unlock+0x28/0x50
[ 560.128306][T17577] ? snd_ctl_open+0x174/0x5e0
[ 560.128359][T17577] snd_ctl_open+0x174/0x5e0
[ 560.128409][T17577] ? __pfx_snd_ctl_open+0x10/0x10
[ 560.128455][T17577] snd_open+0x1fe/0x450
[ 560.128488][T17577] ? __pfx_snd_open+0x10/0x10
[ 560.128518][T17577] chrdev_open+0x231/0x6a0
[ 560.128569][T17577] ? __pfx_apparmor_file_open+0x10/0x10
[ 560.128610][T17577] ? __pfx_chrdev_open+0x10/0x10
[ 560.128665][T17577] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 560.128717][T17577] do_dentry_open+0x744/0x1c10
[ 560.128766][T17577] ? __pfx_chrdev_open+0x10/0x10
[ 560.128825][T17577] vfs_open+0x82/0x3f0
[ 560.128866][T17577] path_openat+0x1de4/0x2cb0
[ 560.128925][T17577] ? __pfx_path_openat+0x10/0x10
[ 560.128976][T17577] ? __lock_acquire+0xb8a/0x1c90
[ 560.129032][T17577] do_filp_open+0x20b/0x470
[ 560.129081][T17577] ? __pfx_do_filp_open+0x10/0x10
[ 560.129158][T17577] ? alloc_fd+0x471/0x7d0
[ 560.129215][T17577] do_sys_openat2+0x11b/0x1d0
[ 560.129250][T17577] ? __pfx_do_sys_openat2+0x10/0x10
[ 560.129303][T17577] __x64_sys_openat+0x174/0x210
[ 560.129341][T17577] ? __pfx___x64_sys_openat+0x10/0x10
[ 560.129397][T17577] do_syscall_64+0xcd/0x490
[ 560.129430][T17577] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 560.129464][T17577] RIP: 0033:0x7f43ba78e929
[ 560.129490][T17577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 560.129520][T17577] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 560.129550][T17577] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[ 560.129572][T17577] RDX: 0000000000000080 RSI: 0000200000000280 RDI: ffffffffffffff9c
[ 560.129592][T17577] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[ 560.129612][T17577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 560.129631][T17577] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[ 560.129675][T17577]
[ 563.304574][T17644] Device name cannot be null; rc = [-22]
[ 563.924987][T17664] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4711'.
[ 564.259623][T17673] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4715'.
[ 565.218166][T13666] Bluetooth: hci3: command 0x0406 tx timeout
[ 566.163342][T17717] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4732'.
[ 566.326646][T17724] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4736'.
[ 566.784928][T17739] netlink: 26 bytes leftover after parsing attributes in process `syz.1.4742'.
[ 566.808101][T17739] openvswitch: netlink: IP tunnel dst address not specified
[ 567.683012][T17772] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4757'.
[ 567.982077][T14345] Bluetooth: hci1: unexpected event 0x03 length: 725 > 11
[ 568.486826][T17780] netlink: 186 bytes leftover after parsing attributes in process `syz.1.4761'.
[ 568.519754][T17780] netlink: 186 bytes leftover after parsing attributes in process `syz.1.4761'.
[ 569.657279][T17820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4775'.
[ 570.077291][T17834] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4782'.
[ 570.905598][T17854] HfR: entered promiscuous mode
[ 570.922683][T17854] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4789'.
[ 570.932759][T17854] HfR: left promiscuous mode
[ 572.881363][T17892] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4804'.
[ 573.393418][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 573.400151][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 573.852012][T17924] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4815'.
[ 574.133175][T17931] netlink: 'syz.0.4818': attribute type 35 has an invalid length.
[ 574.565534][T17943] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4824'.
[ 574.577142][T17943] mac80211_hwsim hwsim18 wlan1: entered allmulticast mode
[ 576.409418][T17993] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4844'.
[ 577.768021][T18023] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4852'.
[ 579.410123][T18051] netlink: 'syz.3.4862': attribute type 2 has an invalid length.
[ 579.437041][T18051] netlink: 'syz.3.4862': attribute type 2 has an invalid length.
[ 580.517029][T18076] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4873'.
[ 581.107655][T18094] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4880'.
[ 583.955785][T18155] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4902'.
[ 584.218847][T18164] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4905'.
[ 584.876697][T14345] Bluetooth: hci1: ISO packet too small
[ 585.646206][T18195] syz.0.4916 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 587.377599][T18226] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4927'.
[ 588.715293][T14345] Bluetooth: hci0: ISO packet too small
[ 589.324445][T18258] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4940'.
[ 589.866262][T18258] team0: Port device team_slave_1 removed
[ 590.376020][T18277] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4948'.
[ 591.006353][T18296] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4962'.
[ 593.005935][T18335] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4969'.
[ 594.044741][T18360] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4976'.
[ 594.069009][T18360] veth0_vlan: entered allmulticast mode
[ 594.193430][T18363] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4977'.
[ 594.211091][T18363] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4977'.
[ 595.240805][T18384] netlink: 'syz.1.4986': attribute type 2 has an invalid length.
[ 595.276438][T18384] netlink: 'syz.1.4986': attribute type 2 has an invalid length.
[ 595.365949][T18388] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4988'.
[ 595.581713][T18393] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4990'.
[ 596.307424][T18407] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4996'.
[ 596.848053][T18421] netlink: 'syz.2.4998': attribute type 2 has an invalid length.
[ 596.889766][T18421] netlink: 'syz.2.4998': attribute type 2 has an invalid length.
[ 597.229694][T18432] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5004'.
[ 597.335101][T18432] team0: Port device team_slave_1 removed
[ 598.896798][T18479] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5025'.
[ 598.911897][T18479] hsr0: entered allmulticast mode
[ 598.917926][T18479] hsr_slave_0: entered allmulticast mode
[ 598.923834][T18479] hsr_slave_1: entered allmulticast mode
[ 599.996753][T18512] netlink: 'syz.2.5036': attribute type 19 has an invalid length.
[ 600.005053][T18512] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5036'.
[ 601.400473][T18547] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5046'.
[ 601.438676][T18547] vcan0: entered promiscuous mode
[ 602.845520][T18562] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5052'.
[ 603.972195][T18581] netlink: 'syz.2.5061': attribute type 4 has an invalid length.
[ 603.991182][T18581] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5061'.
[ 605.685517][T18609] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5071'.
[ 606.663752][T18635] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5082'.
[ 606.757516][T18637] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 607.558724][T18664] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5094'.
[ 609.171930][T18717] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5116'.
[ 609.344299][T18727] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5120'.
[ 609.359590][T18727] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 609.367237][T18727] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 609.378331][T18727] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 609.385963][T18727] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 610.895853][T18773] netlink: 'syz.0.5138': attribute type 3 has an invalid length.
[ 611.869855][T18812] netlink: 'syz.1.5155': attribute type 27 has an invalid length.
[ 611.884569][T18812] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5155'.
[ 612.583812][T18837] openvswitch: netlink: Unknown nsh attribute 0
[ 613.775101][T18869] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5177'.
[ 613.817972][T18869] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 613.825503][T18869] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 613.872509][T18869] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 613.890236][T18869] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 614.364384][T14345] Bluetooth: hci0: Malformed LE Event: 0x1b
[ 615.042235][T18906] FAULT_INJECTION: forcing a failure.
[ 615.042235][T18906] name failslab, interval 1, probability 0, space 0, times 0
[ 615.060598][T18906] CPU: 0 UID: 0 PID: 18906 Comm: syz.2.5192 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 615.060652][T18906] Tainted: [U]=USER
[ 615.060662][T18906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 615.060682][T18906] Call Trace:
[ 615.060692][T18906]
[ 615.060704][T18906] dump_stack_lvl+0x16c/0x1f0
[ 615.060764][T18906] should_fail_ex+0x512/0x640
[ 615.060814][T18906] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 615.060863][T18906] ? __pfx_blk_mq_debugfs_open+0x10/0x10
[ 615.060900][T18906] should_failslab+0xc2/0x120
[ 615.060931][T18906] __kmalloc_cache_noprof+0x6a/0x3e0
[ 615.060975][T18906] ? single_open+0x4d/0x1f0
[ 615.061013][T18906] ? __pfx_blk_mq_debugfs_open+0x10/0x10
[ 615.061050][T18906] ? __pfx_blk_mq_debugfs_show+0x10/0x10
[ 615.061083][T18906] single_open+0x4d/0x1f0
[ 615.061119][T18906] blk_mq_debugfs_open+0x14a/0x250
[ 615.061160][T18906] full_proxy_open_regular+0x1b9/0x360
[ 615.061201][T18906] do_dentry_open+0x744/0x1c10
[ 615.061251][T18906] ? __pfx_full_proxy_open_regular+0x10/0x10
[ 615.061297][T18906] vfs_open+0x82/0x3f0
[ 615.061338][T18906] path_openat+0x1de4/0x2cb0
[ 615.061399][T18906] ? __pfx_path_openat+0x10/0x10
[ 615.061467][T18906] ? __lock_acquire+0xb8a/0x1c90
[ 615.061515][T18906] do_filp_open+0x20b/0x470
[ 615.061562][T18906] ? __pfx_do_filp_open+0x10/0x10
[ 615.061639][T18906] ? alloc_fd+0x471/0x7d0
[ 615.061693][T18906] do_sys_openat2+0x11b/0x1d0
[ 615.061729][T18906] ? __pfx_do_sys_openat2+0x10/0x10
[ 615.061784][T18906] __x64_sys_openat+0x174/0x210
[ 615.061823][T18906] ? __pfx___x64_sys_openat+0x10/0x10
[ 615.061878][T18906] do_syscall_64+0xcd/0x490
[ 615.061912][T18906] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 615.061945][T18906] RIP: 0033:0x7f43ba78e929
[ 615.061974][T18906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 615.062006][T18906] RSP: 002b:00007f43bb64f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 615.062038][T18906] RAX: ffffffffffffffda RBX: 00007f43ba9b5fa0 RCX: 00007f43ba78e929
[ 615.062060][T18906] RDX: 0000000000000001 RSI: 0000200000000280 RDI: ffffffffffffff9c
[ 615.062080][T18906] RBP: 00007f43ba810b39 R08: 0000000000000000 R09: 0000000000000000
[ 615.062099][T18906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 615.062119][T18906] R13: 0000000000000000 R14: 00007f43ba9b5fa0 R15: 00007ffdbb2286a8
[ 615.062159][T18906]
[ 615.551550][T18912] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5194'.
[ 615.581714][T18915] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5195'.
[ 615.989759][T18925] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5199'.
[ 616.010135][T18925] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5199'.
[ 616.232332][T18931] netlink: 350 bytes leftover after parsing attributes in process `syz.3.5202'.
[ 616.496925][ T30] audit: type=1800 audit(4294967303.400:24): pid=18939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5205" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0
[ 616.892576][T18948] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5209'.
[ 617.810838][T14345] Bluetooth: hci3: Malformed LE Event: 0x1b
[ 620.010702][T19048] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5254'.
[ 620.321298][T19061] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 620.366911][T19066] netlink: 350 bytes leftover after parsing attributes in process `syz.3.5262'.
[ 620.932025][T19081] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5268'.
[ 621.323094][T19089] netlink: 74 bytes leftover after parsing attributes in process `syz.1.5272'.
[ 621.421946][T19097] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5275'.
[ 621.705272][T19106] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5279'.
[ 621.828252][T19115] netlink: 'syz.3.5281': attribute type 4 has an invalid length.
[ 622.104961][T19125] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5286'.
[ 622.748461][T19147] netlink: 'syz.0.5296': attribute type 28 has an invalid length.
[ 622.777995][T19147] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5296'.
[ 624.883252][T19171] ovs_: entered promiscuous mode
[ 624.991156][T13666] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 625.008007][T13666] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 625.017287][T13666] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 625.030987][T13666] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 625.048204][T13666] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 625.612258][T19173] chnl_net:caif_netlink_parms(): no params data found
[ 625.887937][T19190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 625.933356][T19173] bridge0: port 1(bridge_slave_0) entered blocking state
[ 625.958140][T19173] bridge0: port 1(bridge_slave_0) entered disabled state
[ 625.978050][T19173] bridge_slave_0: entered allmulticast mode
[ 626.002837][T19173] bridge_slave_0: entered promiscuous mode
[ 626.031587][T19173] bridge0: port 2(bridge_slave_1) entered blocking state
[ 626.048193][T19173] bridge0: port 2(bridge_slave_1) entered disabled state
[ 626.061120][T19173] bridge_slave_1: entered allmulticast mode
[ 626.089529][T19173] bridge_slave_1: entered promiscuous mode
[ 626.269610][T19173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 626.309866][T19173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 626.491122][T19173] team0: Port device team_slave_0 added
[ 626.524026][T19173] team0: Port device team_slave_1 added
[ 626.814225][T19173] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 626.821645][T19173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 626.887934][T19173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 626.912710][T19173] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 626.937833][T19173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 627.007477][T19173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 627.130600][T19173] hsr_slave_0: entered promiscuous mode
[ 627.138255][T13666] Bluetooth: hci1: command tx timeout
[ 627.175286][T19173] hsr_slave_1: entered promiscuous mode
[ 627.191335][T19173] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 627.235326][T19173] Cannot create hsr debugfs directory
[ 627.992521][T19173] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 628.262382][T19173] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 628.440597][T19173] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 628.664162][T19173] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 629.105721][T19173] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 629.185372][T19173] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 629.218284][T13666] Bluetooth: hci1: command tx timeout
[ 629.242868][T19173] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 629.255093][T19173] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 629.581522][T19173] 8021q: adding VLAN 0 to HW filter on device bond0
[ 629.644291][T19173] 8021q: adding VLAN 0 to HW filter on device team0
[ 629.680083][ T76] bridge0: port 1(bridge_slave_0) entered blocking state
[ 629.687366][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 629.754857][ T76] bridge0: port 2(bridge_slave_1) entered blocking state
[ 629.762210][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 630.159319][T19254] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5333'.
[ 630.202592][T19254] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5333'.
[ 630.513636][T19173] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 630.640914][T19173] veth0_vlan: entered promiscuous mode
[ 630.679568][T19173] veth1_vlan: entered promiscuous mode
[ 630.773362][T19173] veth0_macvtap: entered promiscuous mode
[ 630.804847][T19173] veth1_macvtap: entered promiscuous mode
[ 630.861194][T19173] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 630.884257][T19173] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 630.966083][T19173] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 630.999477][T19173] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 631.019197][T19173] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 631.037390][T19173] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 631.298032][T13666] Bluetooth: hci1: command tx timeout
[ 631.351974][ T3526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 631.397963][ T3526] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 631.519143][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 631.527270][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 631.915439][T19290] netlink: 'syz.1.5344': attribute type 4 has an invalid length.
[ 631.954951][T19290] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5344'.
[ 632.879076][T19314] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5354'.
[ 633.378131][T13666] Bluetooth: hci1: command tx timeout
[ 634.019844][T19335] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5362'.
[ 634.301919][T19341] netlink: 'syz.0.5365': attribute type 4 has an invalid length.
[ 634.639232][T19348] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5368'.
[ 634.823817][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 634.830955][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 635.094088][T19358] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5372'.
[ 635.579461][T19367] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5375'.
[ 635.603423][T19367] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5375'.
[ 635.993683][T19374] netlink: 'syz.2.5379': attribute type 19 has an invalid length.
[ 636.022334][T19374] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5379'.
[ 636.082250][T19376] sctp: [Deprecated]: syz.0.5378 (pid 19376) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 636.082250][T19376] Use struct sctp_sack_info instead
[ 637.475965][T19400] bridge0: port 3(macvlan0) entered blocking state
[ 637.506005][T19400] bridge0: port 3(macvlan0) entered disabled state
[ 637.546703][T19400] macvlan0: entered allmulticast mode
[ 637.580208][T19400] veth1_vlan: entered allmulticast mode
[ 637.610590][T19400] macvlan0: entered promiscuous mode
[ 637.634665][T19400] bridge0: port 3(macvlan0) entered blocking state
[ 637.641543][T19400] bridge0: port 3(macvlan0) entered forwarding state
[ 638.617424][T19417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5395'.
[ 638.627486][T19416] netlink: 338 bytes leftover after parsing attributes in process `syz.0.5396'.
[ 638.674668][T19417] netlink: 13 bytes leftover after parsing attributes in process `syz.2.5395'.
[ 639.193428][T19423] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5399'.
[ 639.666682][T19432] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5402'.
[ 640.134398][T19439] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5405'.
[ 640.317096][T19441] netlink: 74 bytes leftover after parsing attributes in process `syz.2.5406'.
[ 640.855578][T19449] netlink: 'syz.2.5408': attribute type 27 has an invalid length.
[ 640.887434][T19449] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5408'.
[ 641.045542][T19451] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5410'.
[ 641.526280][T19465] FAULT_INJECTION: forcing a failure.
[ 641.526280][T19465] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 641.591302][T19465] CPU: 0 UID: 0 PID: 19465 Comm: syz.1.5418 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 641.591362][T19465] Tainted: [U]=USER
[ 641.591373][T19465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 641.591391][T19465] Call Trace:
[ 641.591402][T19465]
[ 641.591414][T19465] dump_stack_lvl+0x16c/0x1f0
[ 641.591475][T19465] should_fail_ex+0x512/0x640
[ 641.591533][T19465] should_fail_alloc_page+0xe7/0x130
[ 641.591569][T19465] prepare_alloc_pages+0x3c2/0x610
[ 641.591609][T19465] ? rcu_is_watching+0x12/0xc0
[ 641.591654][T19465] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 641.591709][T19465] ? __lock_acquire+0xb8a/0x1c90
[ 641.591774][T19465] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 641.591826][T19465] ? do_raw_spin_lock+0x12c/0x2b0
[ 641.591886][T19465] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 641.591937][T19465] ? find_held_lock+0x2b/0x80
[ 641.591983][T19465] ? __lock_acquire+0xb8a/0x1c90
[ 641.592025][T19465] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 641.592079][T19465] ? policy_nodemask+0xea/0x4e0
[ 641.592137][T19465] alloc_pages_mpol+0x1fb/0x550
[ 641.592170][T19465] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 641.592214][T19465] folio_alloc_mpol_noprof+0x36/0x2f0
[ 641.592255][T19465] shmem_alloc_folio+0x135/0x160
[ 641.592297][T19465] shmem_alloc_and_add_folio+0x499/0xc20
[ 641.592354][T19465] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 641.592407][T19465] ? shmem_allowable_huge_orders+0xcb/0x2f0
[ 641.592463][T19465] shmem_get_folio_gfp+0x67f/0x1600
[ 641.592519][T19465] ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 641.592569][T19465] ? __pfx___might_resched+0x10/0x10
[ 641.592611][T19465] shmem_fallocate+0x795/0xf50
[ 641.592677][T19465] ? __pfx_shmem_fallocate+0x10/0x10
[ 641.592731][T19465] ? aa_file_perm+0x4d6/0xfb0
[ 641.592790][T19465] ? __lock_acquire+0xb8a/0x1c90
[ 641.592838][T19465] ? __lock_acquire+0x622/0x1c90
[ 641.592915][T19465] ? __pfx_shmem_fallocate+0x10/0x10
[ 641.592965][T19465] vfs_fallocate+0x60b/0x10c0
[ 641.593020][T19465] ? __pfx_vfs_fallocate+0x10/0x10
[ 641.593083][T19465] __x64_sys_fallocate+0xd5/0x150
[ 641.593137][T19465] do_syscall_64+0xcd/0x490
[ 641.593172][T19465] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 641.593206][T19465] RIP: 0033:0x7f43ca38e929
[ 641.593233][T19465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 641.593267][T19465] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 641.593300][T19465] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 641.593321][T19465] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 8000000000000003
[ 641.593341][T19465] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[ 641.593360][T19465] R10: 00000000004cbd5d R11: 0000000000000246 R12: 0000000000000000
[ 641.593379][T19465] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 641.593422][T19465]
[ 642.156827][T19476] sd 0:0:1:0: PR command failed: 1026
[ 642.162761][T19476] sd 0:0:1:0: Sense Key : Illegal Request [current]
[ 642.169887][T19476] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 643.136870][T19492] sg_write: data in/out 476/16086 bytes for SCSI command 0x0-- guessing data in;
[ 643.136870][T19492] program syz.1.5427 not setting count and/or reply_len properly
[ 643.250633][T19497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5429'.
[ 643.281714][T19497] netlink: 13 bytes leftover after parsing attributes in process `syz.0.5429'.
[ 643.298250][T19497] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5429'.
[ 643.646934][T19509] netlink: 'syz.2.5434': attribute type 16 has an invalid length.
[ 643.676590][T19509] netlink: 306 bytes leftover after parsing attributes in process `syz.2.5434'.
[ 643.792015][T19512] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5436'.
[ 643.846803][T19514] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5435'.
[ 643.954708][T19518] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5438'.
[ 644.986396][T19540] netlink: 'syz.2.5447': attribute type 27 has an invalid length.
[ 645.012551][T19540] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5447'.
[ 646.358971][T19572] netlink: 'syz.3.5460': attribute type 4 has an invalid length.
[ 646.715213][T19580] __nla_validate_parse: 3 callbacks suppressed
[ 646.715240][T19580] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5462'.
[ 646.760145][T19580] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5462'.
[ 646.969857][T19585] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5464'.
[ 647.060129][T19587] netlink: 'syz.0.5465': attribute type 1 has an invalid length.
[ 647.068072][T19587] netlink: 306 bytes leftover after parsing attributes in process `syz.0.5465'.
[ 647.397914][T19598] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5469'.
[ 647.604007][T19602] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5470'.
[ 647.769703][T19606] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5472'.
[ 648.000452][T19606] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5472'.
[ 648.611806][T19611] netlink: 186 bytes leftover after parsing attributes in process `syz.1.5475'.
[ 650.151873][T13666] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[ 650.563673][T19655] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5489'.
[ 650.622260][T19638] netlink: 'syz.3.5484': attribute type 33 has an invalid length.
[ 652.009439][T19682] __nla_validate_parse: 2 callbacks suppressed
[ 652.009466][T19682] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5501'.
[ 652.421969][T19693] netlink: 'syz.2.5504': attribute type 4 has an invalid length.
[ 652.791673][T19700] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5506'.
[ 655.603670][T19729] FAULT_INJECTION: forcing a failure.
[ 655.603670][T19729] name failslab, interval 1, probability 0, space 0, times 0
[ 655.648050][T19729] CPU: 1 UID: 0 PID: 19729 Comm: syz.1.5515 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 655.648109][T19729] Tainted: [U]=USER
[ 655.648120][T19729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 655.648139][T19729] Call Trace:
[ 655.648149][T19729]
[ 655.648162][T19729] dump_stack_lvl+0x16c/0x1f0
[ 655.648221][T19729] should_fail_ex+0x512/0x640
[ 655.648270][T19729] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 655.648318][T19729] should_failslab+0xc2/0x120
[ 655.648350][T19729] __kmalloc_cache_noprof+0x6a/0x3e0
[ 655.648394][T19729] ? cec_open+0xdb/0x690
[ 655.648445][T19729] cec_open+0xdb/0x690
[ 655.648505][T19729] ? __pfx_cec_open+0x10/0x10
[ 655.648556][T19729] ? kobject_get_unless_zero+0x156/0x1e0
[ 655.648589][T19729] ? find_held_lock+0x2b/0x80
[ 655.648624][T19729] ? chrdev_open+0x10b/0x6a0
[ 655.648679][T19729] ? __pfx_cec_open+0x10/0x10
[ 655.648723][T19729] chrdev_open+0x231/0x6a0
[ 655.648773][T19729] ? __pfx_apparmor_file_open+0x10/0x10
[ 655.648817][T19729] ? __pfx_chrdev_open+0x10/0x10
[ 655.648871][T19729] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 655.648924][T19729] do_dentry_open+0x744/0x1c10
[ 655.648975][T19729] ? __pfx_chrdev_open+0x10/0x10
[ 655.649034][T19729] vfs_open+0x82/0x3f0
[ 655.649074][T19729] path_openat+0x1de4/0x2cb0
[ 655.649144][T19729] ? __pfx_path_openat+0x10/0x10
[ 655.649194][T19729] ? __lock_acquire+0xb8a/0x1c90
[ 655.649242][T19729] do_filp_open+0x20b/0x470
[ 655.649297][T19729] ? __pfx_do_filp_open+0x10/0x10
[ 655.649376][T19729] ? alloc_fd+0x471/0x7d0
[ 655.649441][T19729] do_sys_openat2+0x11b/0x1d0
[ 655.649567][T19729] ? __pfx_do_sys_openat2+0x10/0x10
[ 655.649621][T19729] __x64_sys_openat+0x174/0x210
[ 655.649659][T19729] ? __pfx___x64_sys_openat+0x10/0x10
[ 655.649715][T19729] do_syscall_64+0xcd/0x490
[ 655.649749][T19729] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 655.649782][T19729] RIP: 0033:0x7f43ca38e929
[ 655.649810][T19729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 655.649843][T19729] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 655.649873][T19729] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 655.649894][T19729] RDX: 0000000000101901 RSI: 0000200000002c00 RDI: ffffffffffffff9c
[ 655.649923][T19729] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[ 655.649943][T19729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 655.649962][T19729] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 655.650004][T19729]
[ 656.869105][T19744] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5521'.
[ 657.651136][T19751] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5524'.
[ 657.952321][T19754] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5525'.
[ 659.038334][T19770] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5533'.
[ 659.385482][T19777] netlink: 'syz.3.5535': attribute type 8 has an invalid length.
[ 659.419538][T19777] netlink: 'syz.3.5535': attribute type 8 has an invalid length.
[ 659.956980][ T30] audit: type=1800 audit(4294967346.860:25): pid=19793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5544" name="dbroot" dev="configfs" ino=54634 res=0 errno=0
[ 662.053695][T19836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5557'.
[ 662.134092][T19832] netlink: 9 bytes leftover after parsing attributes in process `syz.1.5557'.
[ 662.180757][T19832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5557'.
[ 662.312740][T19841] netlink: 'syz.3.5561': attribute type 28 has an invalid length.
[ 662.324313][T19841] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5561'.
[ 662.368260][T19842] netlink: 'syz.3.5561': attribute type 28 has an invalid length.
[ 662.376812][T19842] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5561'.
[ 662.684878][T19850] netlink: 326 bytes leftover after parsing attributes in process `syz.1.5563'.
[ 663.553685][T19865] netlink: 122 bytes leftover after parsing attributes in process `syz.1.5570'.
[ 663.591451][T19872] netlink: 'syz.2.5574': attribute type 14 has an invalid length.
[ 663.691110][T19872] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5574'.
[ 667.919716][T19947] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5602'.
[ 669.051771][T19960] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 669.152605][T19963] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5609'.
[ 669.316953][T19967] netlink: 322 bytes leftover after parsing attributes in process `syz.1.5610'.
[ 670.215292][T19987] FAULT_INJECTION: forcing a failure.
[ 670.215292][T19987] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 670.253513][T19988] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5620'.
[ 670.265279][T19987] CPU: 0 UID: 0 PID: 19987 Comm: syz.1.5618 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 670.265335][T19987] Tainted: [U]=USER
[ 670.265345][T19987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 670.265363][T19987] Call Trace:
[ 670.265382][T19987]
[ 670.265393][T19987] dump_stack_lvl+0x16c/0x1f0
[ 670.265463][T19987] should_fail_ex+0x512/0x640
[ 670.265511][T19987] should_fail_alloc_page+0xe7/0x130
[ 670.265542][T19987] prepare_alloc_pages+0x3c2/0x610
[ 670.265582][T19987] __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 670.265631][T19987] ? mas_next_slot+0x12d3/0x21b0
[ 670.265662][T19987] ? __up_read+0x1f8/0x750
[ 670.265711][T19987] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 670.265755][T19987] ? mas_find+0x2f6/0x530
[ 670.265782][T19987] ? validate_mm+0x40a/0x570
[ 670.265824][T19987] ? __pfx_validate_mm+0x10/0x10
[ 670.265866][T19987] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 670.265911][T19987] ? policy_nodemask+0xea/0x4e0
[ 670.265957][T19987] alloc_pages_mpol+0x1fb/0x550
[ 670.265985][T19987] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 670.266021][T19987] alloc_pages_noprof+0x131/0x390
[ 670.266049][T19987] __pud_alloc+0x3b/0x750
[ 670.266083][T19987] alloc_new_pud+0x267/0x320
[ 670.266125][T19987] move_page_tables+0x6b6/0x4070
[ 670.266172][T19987] ? __pfx_copy_vma+0x10/0x10
[ 670.266212][T19987] ? lockdep_hardirqs_on+0x7c/0x110
[ 670.266261][T19987] ? __pfx_move_page_tables+0x10/0x10
[ 670.266300][T19987] ? register_lock_class+0x41/0x4c0
[ 670.266338][T19987] ? __schedule+0x1181/0x5de0
[ 670.266421][T19987] ? __lock_acquire+0x622/0x1c90
[ 670.266464][T19987] copy_vma_and_data+0x216/0x750
[ 670.266510][T19987] ? __pfx_copy_vma_and_data+0x10/0x10
[ 670.266559][T19987] ? __vma_enter_locked+0x163/0x3f0
[ 670.266599][T19987] ? find_held_lock+0x2b/0x80
[ 670.266626][T19987] ? move_vma+0x536/0x1740
[ 670.266673][T19987] move_vma+0x548/0x1740
[ 670.266718][T19987] ? __pfx_move_vma+0x10/0x10
[ 670.266755][T19987] ? mm_get_unmapped_area+0x95/0xe0
[ 670.266788][T19987] ? shmem_get_unmapped_area+0x170/0xa00
[ 670.266823][T19987] ? cap_mmap_addr+0x4b/0x120
[ 670.266849][T19987] ? bpf_lsm_mmap_addr+0x9/0x10
[ 670.266877][T19987] ? security_mmap_addr+0x6c/0x1e0
[ 670.266912][T19987] ? __get_unmapped_area+0x267/0x440
[ 670.266947][T19987] ? vrm_set_new_addr+0x208/0x290
[ 670.266990][T19987] __do_sys_mremap+0xe07/0x1590
[ 670.267036][T19987] ? __pfx___do_sys_mremap+0x10/0x10
[ 670.267085][T19987] ? __fget_files+0x204/0x3c0
[ 670.267130][T19987] ? __x64_sys_futex+0x1e0/0x4c0
[ 670.267187][T19987] do_syscall_64+0xcd/0x490
[ 670.267215][T19987] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 670.267244][T19987] RIP: 0033:0x7f43ca38e929
[ 670.267267][T19987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 670.267295][T19987] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[ 670.267323][T19987] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 670.267343][T19987] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000000
[ 670.267360][T19987] RBP: 00007f43ca410b39 R08: 00007effffffb000 R09: 0000000000000000
[ 670.267384][T19987] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[ 670.267402][T19987] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 670.267439][T19987]
[ 670.338017][T19988] IPv6: NLM_F_CREATE should be specified when creating new route
[ 670.937523][T19995] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5623'.
[ 671.910443][T20008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5627'.
[ 671.925105][T20008] netlink: 13 bytes leftover after parsing attributes in process `syz.1.5627'.
[ 672.566524][T20035] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5640'.
[ 673.944199][T20084] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5659'.
[ 674.406246][T20098] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5665'.
[ 675.542218][T20132] netlink: 306 bytes leftover after parsing attributes in process `syz.0.5680'.
[ 676.573090][T20154] netlink: 146 bytes leftover after parsing attributes in process `syz.3.5690'.
[ 678.211776][T20187] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5702'.
[ 678.860892][T20193] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5703'.
[ 680.622887][T20231] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5719'.
[ 680.862613][T20236] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5721'.
[ 681.222646][T20242] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 681.243247][T20244] netlink: 322 bytes leftover after parsing attributes in process `syz.3.5724'.
[ 681.697523][T20252] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5727'.
[ 682.410685][T20270] netlink: 86 bytes leftover after parsing attributes in process `syz.2.5734'.
[ 684.794541][T20309] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5748'.
[ 685.859544][T20328] netlink: 'syz.1.5757': attribute type 4 has an invalid length.
[ 688.236668][T20378] netlink: 'syz.0.5772': attribute type 1 has an invalid length.
[ 688.261422][T20378] netlink: 318 bytes leftover after parsing attributes in process `syz.0.5772'.
[ 688.519290][T20383] netlink: 342 bytes leftover after parsing attributes in process `syz.0.5774'.
[ 688.604491][T20385] netlink: 338 bytes leftover after parsing attributes in process `syz.3.5775'.
[ 688.680695][T20385] bridge0: entered promiscuous mode
[ 689.069332][T20397] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5780'.
[ 689.501684][T20405] netlink: 'syz.1.5782': attribute type 21 has an invalid length.
[ 689.541352][T20405] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5782'.
[ 689.828663][T20412] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5785'.
[ 690.259450][T20420] netlink: 'syz.1.5788': attribute type 4 has an invalid length.
[ 690.267283][T20420] netlink: 314 bytes leftover after parsing attributes in process `syz.1.5788'.
[ 690.932966][T20440] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5795'.
[ 691.047809][T20442] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5796'.
[ 691.288813][T20448] FAULT_INJECTION: forcing a failure.
[ 691.288813][T20448] name failslab, interval 1, probability 0, space 0, times 0
[ 691.321802][T20448] CPU: 1 UID: 0 PID: 20448 Comm: syz.1.5800 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 691.321857][T20448] Tainted: [U]=USER
[ 691.321868][T20448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 691.321887][T20448] Call Trace:
[ 691.321897][T20448]
[ 691.321910][T20448] dump_stack_lvl+0x16c/0x1f0
[ 691.321976][T20448] should_fail_ex+0x512/0x640
[ 691.322030][T20448] should_failslab+0xc2/0x120
[ 691.322092][T20448] __kmalloc_cache_noprof+0x6a/0x3e0
[ 691.322138][T20448] ? nfc_genl_rcv_nl_event+0xc1/0x2e0
[ 691.322187][T20448] nfc_genl_rcv_nl_event+0xc1/0x2e0
[ 691.322228][T20448] notifier_call_chain+0xb9/0x410
[ 691.322265][T20448] ? __pfx_nfc_genl_rcv_nl_event+0x10/0x10
[ 691.322314][T20448] blocking_notifier_call_chain+0x69/0xa0
[ 691.322358][T20448] netlink_release+0x186b/0x2020
[ 691.322403][T20448] ? netlink_release+0x1de/0x2020
[ 691.322445][T20448] ? __pfx_netlink_release+0x10/0x10
[ 691.322485][T20448] ? __pfx_locks_remove_file+0x10/0x10
[ 691.322527][T20448] __sock_release+0xb0/0x270
[ 691.322565][T20448] ? __pfx_sock_close+0x10/0x10
[ 691.322595][T20448] sock_close+0x1c/0x30
[ 691.322622][T20448] __fput+0x3ff/0xb70
[ 691.322666][T20448] task_work_run+0x14d/0x240
[ 691.322716][T20448] ? __pfx_task_work_run+0x10/0x10
[ 691.322766][T20448] ? __pfx___do_sys_close_range+0x10/0x10
[ 691.322825][T20448] exit_to_user_mode_loop+0xeb/0x110
[ 691.322877][T20448] do_syscall_64+0x3f6/0x490
[ 691.322911][T20448] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 691.322945][T20448] RIP: 0033:0x7f43ca38e929
[ 691.322971][T20448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 691.323003][T20448] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 691.323033][T20448] RAX: 0000000000000000 RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 691.323065][T20448] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000
[ 691.323087][T20448] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[ 691.323106][T20448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 691.323125][T20448] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 691.323167][T20448]
[ 692.069114][T20447] raw_sendmsg: syz.3.5798 forgot to set AF_INET. Fix it!
[ 692.424081][T20475] FAULT_INJECTION: forcing a failure.
[ 692.424081][T20475] name failslab, interval 1, probability 0, space 0, times 0
[ 692.507654][T20475] CPU: 0 UID: 0 PID: 20475 Comm: syz.2.5808 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 692.507710][T20475] Tainted: [U]=USER
[ 692.507725][T20475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 692.507744][T20475] Call Trace:
[ 692.507754][T20475]
[ 692.507766][T20475] dump_stack_lvl+0x16c/0x1f0
[ 692.507821][T20475] should_fail_ex+0x512/0x640
[ 692.507868][T20475] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 692.507916][T20475] should_failslab+0xc2/0x120
[ 692.507947][T20475] __kmalloc_cache_noprof+0x6a/0x3e0
[ 692.507990][T20475] ? trace_kmalloc+0x2b/0xd0
[ 692.508029][T20475] ? snd_virmidi_input_open+0xc8/0x4a0
[ 692.508074][T20475] snd_virmidi_input_open+0xc8/0x4a0
[ 692.508115][T20475] open_substream+0x47b/0x9b0
[ 692.508160][T20475] rawmidi_open_priv+0x513/0x6e0
[ 692.508211][T20475] snd_rawmidi_open+0x4cc/0xbf0
[ 692.508261][T20475] ? __pfx_snd_rawmidi_open+0x10/0x10
[ 692.508310][T20475] ? __pfx_default_wake_function+0x10/0x10
[ 692.508349][T20475] ? kobject_get_unless_zero+0x156/0x1e0
[ 692.508389][T20475] ? __pfx_snd_rawmidi_open+0x10/0x10
[ 692.508434][T20475] snd_open+0x1fe/0x450
[ 692.508467][T20475] ? __pfx_snd_open+0x10/0x10
[ 692.508498][T20475] chrdev_open+0x231/0x6a0
[ 692.508547][T20475] ? __pfx_apparmor_file_open+0x10/0x10
[ 692.508590][T20475] ? __pfx_chrdev_open+0x10/0x10
[ 692.508647][T20475] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 692.508699][T20475] do_dentry_open+0x744/0x1c10
[ 692.508749][T20475] ? __pfx_chrdev_open+0x10/0x10
[ 692.508808][T20475] vfs_open+0x82/0x3f0
[ 692.508849][T20475] path_openat+0x1de4/0x2cb0
[ 692.508910][T20475] ? __pfx_path_openat+0x10/0x10
[ 692.508961][T20475] ? __lock_acquire+0xb8a/0x1c90
[ 692.509018][T20475] do_filp_open+0x20b/0x470
[ 692.509068][T20475] ? __pfx_do_filp_open+0x10/0x10
[ 692.509147][T20475] ? alloc_fd+0x471/0x7d0
[ 692.509204][T20475] do_sys_openat2+0x11b/0x1d0
[ 692.509241][T20475] ? __pfx_do_sys_openat2+0x10/0x10
[ 692.509297][T20475] __x64_sys_openat+0x174/0x210
[ 692.509335][T20475] ? __pfx___x64_sys_openat+0x10/0x10
[ 692.509392][T20475] do_syscall_64+0xcd/0x490
[ 692.509424][T20475] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 692.509458][T20475] RIP: 0033:0x7f3ab478e929
[ 692.509485][T20475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 692.509518][T20475] RSP: 002b:00007f3ab5636038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 692.509549][T20475] RAX: ffffffffffffffda RBX: 00007f3ab49b5fa0 RCX: 00007f3ab478e929
[ 692.509571][T20475] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 692.509591][T20475] RBP: 00007f3ab4810b39 R08: 0000000000000000 R09: 0000000000000000
[ 692.509610][T20475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 692.509628][T20475] R13: 0000000000000000 R14: 00007f3ab49b5fa0 R15: 00007ffd6d346fe8
[ 692.509670][T20475]
[ 694.887014][T20516] netlink: 334 bytes leftover after parsing attributes in process `syz.0.5824'.
[ 695.005458][T20520] sock: sock_timestamping_bind_phc: sock not bind to device
[ 696.205149][T20541] netlink: 'syz.1.5833': attribute type 19 has an invalid length.
[ 696.270715][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 696.277124][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 696.297881][T20541] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5833'.
[ 696.717435][T20553] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5840'.
[ 698.175926][T20572] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5847'.
[ 699.212890][T20592] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5855'.
[ 700.970579][T20631] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5872'.
[ 700.994008][T20629] FAULT_INJECTION: forcing a failure.
[ 700.994008][T20629] name failslab, interval 1, probability 0, space 0, times 0
[ 701.010814][T20631] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5872'.
[ 701.179830][T20629] CPU: 1 UID: 0 PID: 20629 Comm: syz.1.5871 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 701.179887][T20629] Tainted: [U]=USER
[ 701.179898][T20629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 701.179917][T20629] Call Trace:
[ 701.179928][T20629]
[ 701.179942][T20629] dump_stack_lvl+0x16c/0x1f0
[ 701.179999][T20629] should_fail_ex+0x512/0x640
[ 701.180048][T20629] ? __kmalloc_noprof+0xbf/0x510
[ 701.180110][T20629] ? get_modalias+0xbb/0x380
[ 701.180144][T20629] should_failslab+0xc2/0x120
[ 701.180177][T20629] __kmalloc_noprof+0xd2/0x510
[ 701.180227][T20629] ? get_modalias+0x20f/0x380
[ 701.180271][T20629] get_modalias+0xbb/0x380
[ 701.180314][T20629] ? __pfx_sys_dmi_modalias_show+0x10/0x10
[ 701.180351][T20629] sys_dmi_modalias_show+0x1f/0xb0
[ 701.180390][T20629] dev_attr_show+0x56/0xe0
[ 701.180426][T20629] ? __pfx_dev_attr_show+0x10/0x10
[ 701.180455][T20629] sysfs_kf_seq_show+0x213/0x3e0
[ 701.180505][T20629] seq_read_iter+0x509/0x12c0
[ 701.180564][T20629] kernfs_fop_read_iter+0x40f/0x5a0
[ 701.180598][T20629] ? rw_verify_area+0xcf/0x680
[ 701.180643][T20629] vfs_read+0x8bf/0xc60
[ 701.180694][T20629] ? __pfx___mutex_lock+0x10/0x10
[ 701.180724][T20629] ? __pfx_vfs_read+0x10/0x10
[ 701.180802][T20629] ksys_read+0x12a/0x250
[ 701.180846][T20629] ? __pfx_ksys_read+0x10/0x10
[ 701.180905][T20629] do_syscall_64+0xcd/0x490
[ 701.180937][T20629] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 701.180972][T20629] RIP: 0033:0x7f43ca38e929
[ 701.180998][T20629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 701.181032][T20629] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 701.181062][T20629] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 701.181082][T20629] RDX: 0000000000001016 RSI: 0000200000000000 RDI: 0000000000000003
[ 701.181110][T20629] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[ 701.181129][T20629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 701.181148][T20629] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 701.181190][T20629]
[ 702.032496][T20645] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5879'.
[ 702.059995][T20645] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5879'.
[ 702.079709][T20646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5877'.
[ 702.259268][T20649] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5880'.
[ 702.510271][T20653] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5877'.
[ 703.690911][T20671] netlink: 'syz.3.5888': attribute type 1 has an invalid length.
[ 703.758061][T20671] netlink: 230 bytes leftover after parsing attributes in process `syz.3.5888'.
[ 703.827991][T20673] bridge0: port 3(netdevsim1) entered blocking state
[ 703.888041][T20673] bridge0: port 3(netdevsim1) entered disabled state
[ 703.908596][T20673] netdevsim netdevsim0 netdevsim1: entered allmulticast mode
[ 703.932965][T20673] netdevsim netdevsim0 netdevsim1: entered promiscuous mode
[ 703.950481][T20673] bridge0: port 3(netdevsim1) entered blocking state
[ 703.957441][T20673] bridge0: port 3(netdevsim1) entered listening state
[ 704.569130][T20687] FAULT_INJECTION: forcing a failure.
[ 704.569130][T20687] name failslab, interval 1, probability 0, space 0, times 0
[ 704.607934][T20687] CPU: 1 UID: 0 PID: 20687 Comm: syz.2.5895 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 704.607997][T20687] Tainted: [U]=USER
[ 704.608008][T20687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 704.608028][T20687] Call Trace:
[ 704.608038][T20687]
[ 704.608051][T20687] dump_stack_lvl+0x16c/0x1f0
[ 704.608109][T20687] should_fail_ex+0x512/0x640
[ 704.608157][T20687] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[ 704.608215][T20687] should_failslab+0xc2/0x120
[ 704.608247][T20687] kmem_cache_alloc_lru_noprof+0x72/0x3b0
[ 704.608299][T20687] ? alloc_inode+0xc3/0x240
[ 704.608339][T20687] alloc_inode+0xc3/0x240
[ 704.608373][T20687] path_from_stashed+0x2be/0xb00
[ 704.608429][T20687] ? __pfx_path_from_stashed+0x10/0x10
[ 704.608491][T20687] open_namespace+0x8d/0x190
[ 704.608535][T20687] ? __pfx_open_namespace+0x10/0x10
[ 704.608591][T20687] ns_ioctl+0x496/0xe50
[ 704.608634][T20687] ? __pfx_ns_ioctl+0x10/0x10
[ 704.608676][T20687] ? __fget_files+0x20e/0x3c0
[ 704.608728][T20687] ? __pfx_ns_ioctl+0x10/0x10
[ 704.608786][T20687] __x64_sys_ioctl+0x18b/0x210
[ 704.608829][T20687] do_syscall_64+0xcd/0x490
[ 704.608864][T20687] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 704.608897][T20687] RIP: 0033:0x7f3ab478e929
[ 704.608924][T20687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 704.608959][T20687] RSP: 002b:00007f3ab5636038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 704.608991][T20687] RAX: ffffffffffffffda RBX: 00007f3ab49b5fa0 RCX: 00007f3ab478e929
[ 704.609014][T20687] RDX: 0000000000000000 RSI: 000000000000b701 RDI: 0000000000000003
[ 704.609033][T20687] RBP: 00007f3ab4810b39 R08: 0000000000000000 R09: 0000000000000000
[ 704.609053][T20687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 704.609071][T20687] R13: 0000000000000000 R14: 00007f3ab49b5fa0 R15: 00007ffd6d346fe8
[ 704.609113][T20687]
[ 705.116784][T20690] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.5898: No space for directory leaf checksum. Please run e2fsck -D.
[ 705.167018][T20690] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.5898: checksumming directory block 0
[ 705.190545][T20690] platform regulatory.0: loading /lib/firmware/updates/6.16.0-rc2-syzkaller-00162-g41687a5c6f8b/regulatory.db failed with error -74
[ 705.210868][T20690] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.5898: No space for directory leaf checksum. Please run e2fsck -D.
[ 705.227402][T20690] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.5898: checksumming directory block 0
[ 705.247625][T20690] platform regulatory.0: loading /lib/firmware/updates/regulatory.db failed with error -74
[ 705.283161][T20690] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.5898: No space for directory leaf checksum. Please run e2fsck -D.
[ 705.321309][T20690] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.5898: checksumming directory block 0
[ 705.334060][T20690] platform regulatory.0: loading /lib/firmware/6.16.0-rc2-syzkaller-00162-g41687a5c6f8b/regulatory.db failed with error -74
[ 705.358768][T20690] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.5898: No space for directory leaf checksum. Please run e2fsck -D.
[ 705.386503][T20690] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.5898: checksumming directory block 0
[ 705.402756][T20690] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -74
[ 705.422542][T20690] platform regulatory.0: Direct firmware load for regulatory.db failed with error -74
[ 705.457922][T20690] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 706.813804][T20714] netlink: 342 bytes leftover after parsing attributes in process `syz.3.5905'.
[ 707.733418][T20733] netlink: 346 bytes leftover after parsing attributes in process `syz.1.5913'.
[ 707.984674][T20739] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5915'.
[ 708.965828][T20757] netlink: 74 bytes leftover after parsing attributes in process `syz.3.5919'.
[ 709.284123][T20759] FAULT_INJECTION: forcing a failure.
[ 709.284123][T20759] name failslab, interval 1, probability 0, space 0, times 0
[ 709.316688][T20759] CPU: 0 UID: 0 PID: 20759 Comm: syz.1.5922 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 709.316746][T20759] Tainted: [U]=USER
[ 709.316758][T20759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 709.316778][T20759] Call Trace:
[ 709.316788][T20759]
[ 709.316801][T20759] dump_stack_lvl+0x16c/0x1f0
[ 709.316861][T20759] should_fail_ex+0x512/0x640
[ 709.316907][T20759] ? __kmalloc_cache_noprof+0x57/0x3e0
[ 709.316956][T20759] should_failslab+0xc2/0x120
[ 709.316990][T20759] __kmalloc_cache_noprof+0x6a/0x3e0
[ 709.317035][T20759] ? lockdep_init_map_type+0x5c/0x280
[ 709.317077][T20759] ? dummy_hrtimer_create+0x45/0x170
[ 709.317127][T20759] dummy_hrtimer_create+0x45/0x170
[ 709.317170][T20759] ? __pfx_dummy_hrtimer_create+0x10/0x10
[ 709.317210][T20759] dummy_pcm_open+0xd4/0x5b0
[ 709.317252][T20759] snd_pcm_open_substream+0xa60/0x17f0
[ 709.317302][T20759] ? __pfx_snd_pcm_open_substream+0x10/0x10
[ 709.317359][T20759] ? rcu_is_watching+0x12/0xc0
[ 709.317401][T20759] snd_pcm_open+0x29e/0x730
[ 709.317453][T20759] ? __pfx_snd_pcm_open+0x10/0x10
[ 709.317505][T20759] ? __pfx_default_wake_function+0x10/0x10
[ 709.317553][T20759] ? __pfx_snd_pcm_capture_open+0x10/0x10
[ 709.317598][T20759] snd_pcm_capture_open+0x89/0xe0
[ 709.317643][T20759] snd_open+0x1fe/0x450
[ 709.317676][T20759] ? __pfx_snd_open+0x10/0x10
[ 709.317711][T20759] chrdev_open+0x231/0x6a0
[ 709.317759][T20759] ? __pfx_apparmor_file_open+0x10/0x10
[ 709.317801][T20759] ? __pfx_chrdev_open+0x10/0x10
[ 709.317854][T20759] ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[ 709.317904][T20759] do_dentry_open+0x744/0x1c10
[ 709.317954][T20759] ? __pfx_chrdev_open+0x10/0x10
[ 709.318015][T20759] vfs_open+0x82/0x3f0
[ 709.318056][T20759] path_openat+0x1de4/0x2cb0
[ 709.318119][T20759] ? __pfx_path_openat+0x10/0x10
[ 709.318192][T20759] ? __lock_acquire+0xb8a/0x1c90
[ 709.318241][T20759] do_filp_open+0x20b/0x470
[ 709.318292][T20759] ? __pfx_do_filp_open+0x10/0x10
[ 709.318381][T20759] ? alloc_fd+0x471/0x7d0
[ 709.318441][T20759] do_sys_openat2+0x11b/0x1d0
[ 709.318479][T20759] ? __pfx_do_sys_openat2+0x10/0x10
[ 709.318533][T20759] __x64_sys_openat+0x174/0x210
[ 709.318573][T20759] ? __pfx___x64_sys_openat+0x10/0x10
[ 709.318631][T20759] do_syscall_64+0xcd/0x490
[ 709.318666][T20759] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 709.318700][T20759] RIP: 0033:0x7f43ca38e929
[ 709.318727][T20759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 709.318761][T20759] RSP: 002b:00007f43cb27b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 709.318794][T20759] RAX: ffffffffffffffda RBX: 00007f43ca5b5fa0 RCX: 00007f43ca38e929
[ 709.318817][T20759] RDX: 0000000000001200 RSI: 0000200000000400 RDI: ffffffffffffff9c
[ 709.318838][T20759] RBP: 00007f43ca410b39 R08: 0000000000000000 R09: 0000000000000000
[ 709.318857][T20759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 709.318876][T20759] R13: 0000000000000000 R14: 00007f43ca5b5fa0 R15: 00007ffd04edb938
[ 709.318918][T20759]
[ 709.412372][T20749] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 709.638312][T20749] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 709.645006][T20749] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 709.835254][T20749] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 709.848099][T20749] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 709.909322][T20749] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 710.041447][T20749] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 710.059794][T20749] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 710.145690][T20749] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 710.988573][T14345] Bluetooth: hci0: command 0x0c1a tx timeout
[ 711.697944][T14345] Bluetooth: hci2: command 0x0406 tx timeout
[ 711.858140][T14345] Bluetooth: hci3: command 0x0406 tx timeout
[ 712.106778][T14345] Bluetooth: hci1: command 0x0c1a tx timeout
[ 713.257004][T20846] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5954'.
[ 713.287896][T20846] hsr_slave_0: left promiscuous mode
[ 713.339247][T20846] hsr_slave_1: left promiscuous mode
[ 713.781174][T14345] Bluetooth: hci2: command 0x0406 tx timeout
[ 713.938023][T14345] Bluetooth: hci3: command 0x0406 tx timeout
[ 714.113947][T20857] workqueue: max_active 105682534 requested for writeback is out of range, clamping between 1 and 2048
[ 714.183381][T13666] Bluetooth: hci1: command 0x0c1a tx timeout
[ 715.546020][T20887] FAULT_INJECTION: forcing a failure.
[ 715.546020][T20887] name failslab, interval 1, probability 0, space 0, times 0
[ 715.596909][T20887] CPU: 1 UID: 0 PID: 20887 Comm: syz.2.5967 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 715.596967][T20887] Tainted: [U]=USER
[ 715.596979][T20887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 715.596999][T20887] Call Trace:
[ 715.597011][T20887]
[ 715.597027][T20887] dump_stack_lvl+0x16c/0x1f0
[ 715.597089][T20887] should_fail_ex+0x512/0x640
[ 715.597138][T20887] ? __kmalloc_noprof+0xbf/0x510
[ 715.597190][T20887] ? lsm_blob_alloc+0x68/0x90
[ 715.597239][T20887] should_failslab+0xc2/0x120
[ 715.597271][T20887] __kmalloc_noprof+0xd2/0x510
[ 715.597329][T20887] lsm_blob_alloc+0x68/0x90
[ 715.597382][T20887] security_sk_alloc+0x30/0x270
[ 715.597420][T20887] sk_prot_alloc+0xfb/0x2a0
[ 715.597462][T20887] sk_alloc+0x36/0xc20
[ 715.597512][T20887] inet_create+0x3a1/0x1090
[ 715.597598][T20887] ? inet_create+0x93/0x1090
[ 715.597653][T20887] __sock_create+0x338/0x8d0
[ 715.597703][T20887] smc_create_clcsk+0x37/0xd0
[ 715.597745][T20887] ? __pfx_smc_inet_init_sock+0x10/0x10
[ 715.597779][T20887] inet_create+0x936/0x1090
[ 715.597832][T20887] ? inet_create+0x93/0x1090
[ 715.597885][T20887] __sock_create+0x338/0x8d0
[ 715.597935][T20887] __sys_socket+0x14d/0x260
[ 715.597977][T20887] ? __pfx___sys_socket+0x10/0x10
[ 715.598020][T20887] ? xfd_validate_state+0x61/0x180
[ 715.598063][T20887] ? __pfx_do_writev+0x10/0x10
[ 715.598117][T20887] __x64_sys_socket+0x72/0xb0
[ 715.598157][T20887] ? lockdep_hardirqs_on+0x7c/0x110
[ 715.598208][T20887] do_syscall_64+0xcd/0x490
[ 715.598242][T20887] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 715.598277][T20887] RIP: 0033:0x7f3ab478e929
[ 715.598305][T20887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 715.598340][T20887] RSP: 002b:00007f3ab5636038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 715.598373][T20887] RAX: ffffffffffffffda RBX: 00007f3ab49b5fa0 RCX: 00007f3ab478e929
[ 715.598394][T20887] RDX: 0000000000000100 RSI: 0000000000000801 RDI: 0000000000000002
[ 715.598415][T20887] RBP: 00007f3ab4810b39 R08: 0000000000000000 R09: 0000000000000000
[ 715.598435][T20887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 715.598455][T20887] R13: 0000000000000000 R14: 00007f3ab49b5fa0 R15: 00007ffd6d346fe8
[ 715.598498][T20887]
[ 716.105950][T13666] Bluetooth: hci3: command 0x0406 tx timeout
[ 716.263398][T13666] Bluetooth: hci1: command 0x0c1a tx timeout
[ 716.644339][T20898] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5972'.
[ 717.632463][T20918] netlink: 'syz.1.5981': attribute type 22 has an invalid length.
[ 717.688228][T20918] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5981'.
[ 719.298646][ C0] bridge0: port 3(netdevsim1) entered learning state
[ 720.162763][T20963] delete_channel: no stack
[ 720.218515][T20965] netlink: 'syz.1.5996': attribute type 29 has an invalid length.
[ 720.226431][T20965] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5996'.
[ 720.624510][T20967] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5999'.
[ 726.265314][T21060] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6032'.
[ 727.023496][T21073] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6039'.
[ 728.296680][T21091] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6044'.
[ 728.713190][T21100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6048'.
[ 728.746263][T21100] netlink: 5 bytes leftover after parsing attributes in process `syz.1.6048'.
[ 728.782487][T21105] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6049'.
[ 728.803305][T21100] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6048'.
[ 729.597070][T21129] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6062'.
[ 730.376599][T21160] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6074'.
[ 731.395056][T21190] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6088'.
[ 731.602399][T21196] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6091'.
[ 731.653350][T21199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6093'.
[ 732.532274][T21227] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6104'.
[ 734.227985][T21269] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6124'.
[ 734.659385][ C0] bridge0: port 3(netdevsim1) entered forwarding state
[ 734.666372][ C0] bridge0: topology change detected, propagating
[ 735.504912][T21302] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6135'.
[ 735.789574][T21308] ima: policy update failed
[ 735.794982][ T30] audit: type=1802 audit(4294967422.700:26): pid=21308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.6140" res=0 errno=0
[ 735.820933][T21312] : renamed from gre0 (while UP)
[ 737.140986][T21337] netlink: 'syz.3.6147': attribute type 22 has an invalid length.
[ 737.157961][T21337] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6147'.
[ 740.136388][T21411] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6175'.
[ 740.301682][T21414] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6176'.
[ 741.542407][T21446] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6189'.
[ 741.569835][T21446] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6189'.
[ 741.775379][T21450] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6192'.
[ 742.254407][T21462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6196'.
[ 743.278180][T21486] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6204'.
[ 744.283584][T21522] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6218'.
[ 744.293854][T21522] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6218'.
[ 745.133940][T21541] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6226'.
[ 746.714854][T21569] netlink: 322 bytes leftover after parsing attributes in process `syz.1.6236'.
[ 746.973425][T21574] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6239'.
[ 747.409712][T21592] netlink: 'syz.0.6246': attribute type 27 has an invalid length.
[ 747.438439][T21592] netlink: 334 bytes leftover after parsing attributes in process `syz.0.6246'.
[ 748.502007][T21612] netlink: 'syz.0.6254': attribute type 16 has an invalid length.
[ 748.529507][T21612] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6254'.
[ 748.548105][T21614] i2c i2c-0: new_device: Instantiated device card: at 0x01
[ 749.591534][T21643] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6266'.
[ 750.002770][T21653] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6269'.
[ 750.165832][T21657] netlink: 146 bytes leftover after parsing attributes in process `syz.0.6280'.
[ 750.169627][T21660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6273'.
[ 751.973381][T21702] netlink: 186 bytes leftover after parsing attributes in process `syz.1.6288'.
[ 751.998958][T21702] netlink: 186 bytes leftover after parsing attributes in process `syz.1.6288'.
[ 753.868804][T21727] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 754.406059][ T30] audit: type=1800 audit(4294967450.307:27): pid=21738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6298" name="lu_gp_id" dev="configfs" ino=61420 res=0 errno=0
[ 754.428057][T21738] ALUA lu_gp_id: 654336 exceeds maximum: 0x0000ffff
[ 755.344775][T21761] netlink: 146 bytes leftover after parsing attributes in process `syz.2.6309'.
[ 755.479999][T21765] netlink: 338 bytes leftover after parsing attributes in process `syz.0.6311'.
[ 755.499182][T21765] veth1_macvtap: left promiscuous mode
[ 755.588780][T21767] mkiss: ax0: crc mode is auto.
[ 755.883199][T21774] netlink: 110 bytes leftover after parsing attributes in process `syz.3.6314'.
[ 756.212237][T21786] netlink: 202 bytes leftover after parsing attributes in process `syz.0.6319'.
[ 757.707362][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 757.713867][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 757.892788][T21821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 757.902608][T21821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 757.911833][T21821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 757.922903][T21821] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 757.936781][T21821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 758.500133][T21818] chnl_net:caif_netlink_parms(): no params data found
[ 758.910635][T13892] ------------[ cut here ]------------
[ 758.916188][T13892] ODEBUG: free active (active state 0) object: ffff8880337792d8 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0
[ 758.932194][T13892] WARNING: CPU: 0 PID: 13892 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0
[ 758.942572][T13892] Modules linked in:
[ 758.946547][T13892] CPU: 0 UID: 0 PID: 13892 Comm: syz.0.3217 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 758.960364][T13892] Tainted: [U]=USER
[ 758.964222][T13892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 758.974593][T13892] RIP: 0010:debug_print_object+0x1a2/0x2b0
[ 758.980626][T13892] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd c0 74 15 8c 4c 89 e6 48 c7 c7 40 69 15 8c e8 2f 8a 9c fc 90 <0f> 0b 90 90 58 83 05 46 50 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[ 759.000743][T13892] RSP: 0018:ffffc900025cf768 EFLAGS: 00010286
[ 759.006892][T13892] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8
[ 759.015021][T13892] RDX: ffff88807be78000 RSI: ffffffff817aa1b5 RDI: 0000000000000001
[ 759.016028][T21818] bridge0: port 1(bridge_slave_0) entered blocking state
[ 759.023849][T13892] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 759.039446][T13892] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c156fe0
[ 759.047482][T13892] R13: ffffffff8bafe740 R14: ffffffff8a87a810 R15: ffffc900025cf868
[ 759.047989][T21818] bridge0: port 1(bridge_slave_0) entered disabled state
[ 759.055877][T13892] FS: 0000000000000000(0000) GS:ffff88812475f000(0000) knlGS:0000000000000000
[ 759.068347][T21818] bridge_slave_0: entered allmulticast mode
[ 759.071765][T13892] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 759.084202][T13892] CR2: 0000564ee7116cb8 CR3: 0000000034bc2000 CR4: 00000000003526f0
[ 759.085440][T21818] bridge_slave_0: entered promiscuous mode
[ 759.092290][T13892] Call Trace:
[ 759.092305][T13892]
[ 759.092317][T13892] ? __pfx_hci_devcd_timeout+0x10/0x10
[ 759.092370][T13892] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 759.092423][T13892] debug_check_no_obj_freed+0x4b7/0x600
[ 759.092471][T13892] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 759.092508][T13892] ? rcu_is_watching+0x12/0xc0
[ 759.133722][T13892] ? kmem_cache_free+0x2d1/0x4d0
[ 759.139376][T13892] kfree+0x28f/0x4d0
[ 759.143354][T13892] ? hci_release_dev+0x4d8/0x600
[ 759.148761][T13892] hci_release_dev+0x4d8/0x600
[ 759.153618][T13892] ? __pfx_hci_release_dev+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 759.159331][T13892] ? rcu_is_watching+0x12/0xc0
[ 759.164178][T13892] ? kfree+0x24f/0x4d0
[ 759.168369][T13892] bt_host_release+0x6a/0xb0
[ 759.170435][T21818] bridge0: port 2(bridge_slave_1) entered blocking state
[ 759.172993][T13892] ? __pfx_bt_host_release+0x10/0x10
[ 759.185858][T13892] device_release+0xa1/0x240
[ 759.190986][T13892] kobject_put+0x1e7/0x5a0
[ 759.195504][T13892] ? __pfx_vhci_release+0x10/0x10
[ 759.200680][T13892] put_device+0x1f/0x30
[ 759.201329][T21818] bridge0: port 2(bridge_slave_1) entered disabled state
[ 759.205115][T13892] vhci_release+0x81/0xf0
[ 759.216489][T13892] __fput+0x3ff/0xb70
[ 759.220664][T13892] task_work_run+0x14d/0x240
[ 759.225340][T13892] ? __pfx_task_work_run+0x10/0x10
[ 759.231305][T13892] do_exit+0x864/0x2bd0
[ 759.235558][T13892] ? __pfx_do_exit+0x10/0x10
[ 759.240755][T13892] ? cgroup_update_frozen_flag+0x107/0x210
[ 759.247134][T13892] ? find_held_lock+0x2b/0x80
[ 759.252157][T21818] bridge_slave_1: entered allmulticast mode
[ 759.254530][T21818] bridge_slave_1: entered promiscuous mode
[ 759.258166][T13892] do_group_exit+0xd3/0x2a0
[ 759.268666][T13892] get_signal+0x2673/0x26d0
[ 759.273251][T13892] ? hrtimer_nanosleep+0x187/0x380
[ 759.278484][T13892] ? __pfx_get_signal+0x10/0x10
[ 759.283413][T13892] ? __pfx_hrtimer_wakeup+0x10/0x10
[ 759.288739][T13892] arch_do_signal_or_restart+0x8f/0x790
[ 759.294374][T13892] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 759.300704][T13892] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[ 759.307181][T13892] exit_to_user_mode_loop+0x84/0x110
[ 759.312685][T13892] do_syscall_64+0x3f6/0x490
[ 759.317346][T13892] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 759.323400][T13892] RIP: 0033:0x7fca085c11e5
[ 759.327917][T13892] Code: Unable to access opcode bytes at 0x7fca085c11bb.
[ 759.335718][T13892] RSP: 002b:00007fca09352f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[ 759.345153][T13892] RAX: fffffffffffffdfc RBX: 00007fca087b5fa0 RCX: 00007fca085c11e5
[ 759.353567][T13892] RDX: 00007fca09352fc0 RSI: 0000000000000000 RDI: 0000000000000000
[ 759.361674][T13892] RBP: 00007fca08610b39 R08: 0000000000000000 R09: 0000000000000000
[ 759.369752][T13892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 759.377936][T13892] R13: 0000000000000001 R14: 00007fca087b5fa0 R15: 00007ffea35bea58
[ 759.385994][T13892]
[ 759.389137][T13892] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 759.396479][T13892] CPU: 0 UID: 0 PID: 13892 Comm: syz.0.3217 Tainted: G U 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full)
[ 759.410186][T13892] Tainted: [U]=USER
[ 759.414026][T13892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 759.424123][T13892] Call Trace:
[ 759.427425][T13892]
[ 759.430387][T13892] dump_stack_lvl+0x3d/0x1f0
[ 759.435035][T13892] panic+0x71c/0x800
[ 759.438985][T13892] ? __pfx_panic+0x10/0x10
[ 759.443452][T13892] ? show_trace_log_lvl+0x29b/0x3e0
[ 759.448756][T13892] ? check_panic_on_warn+0x1f/0xb0
[ 759.454026][T13892] ? debug_print_object+0x1a2/0x2b0
[ 759.459267][T13892] check_panic_on_warn+0xab/0xb0
[ 759.464254][T13892] __warn+0xf6/0x3c0
[ 759.468199][T13892] ? debug_print_object+0x1a2/0x2b0
[ 759.473448][T13892] report_bug+0x3c3/0x580
[ 759.477835][T13892] ? debug_print_object+0x1a2/0x2b0
[ 759.483074][T13892] handle_bug+0x184/0x210
[ 759.487463][T13892] exc_invalid_op+0x17/0x50
[ 759.492009][T13892] asm_exc_invalid_op+0x1a/0x20
[ 759.496893][T13892] RIP: 0010:debug_print_object+0x1a2/0x2b0
[ 759.502737][T13892] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd c0 74 15 8c 4c 89 e6 48 c7 c7 40 69 15 8c e8 2f 8a 9c fc 90 <0f> 0b 90 90 58 83 05 46 50 ca 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[ 759.522413][T13892] RSP: 0018:ffffc900025cf768 EFLAGS: 00010286
[ 759.528527][T13892] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817aa1a8
[ 759.536543][T13892] RDX: ffff88807be78000 RSI: ffffffff817aa1b5 RDI: 0000000000000001
[ 759.544556][T13892] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 759.552565][T13892] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c156fe0
[ 759.560573][T13892] R13: ffffffff8bafe740 R14: ffffffff8a87a810 R15: ffffc900025cf868
[ 759.568584][T13892] ? __pfx_hci_devcd_timeout+0x10/0x10
[ 759.574103][T13892] ? __warn_printk+0x198/0x350
[ 759.578916][T13892] ? __warn_printk+0x1a5/0x350
[ 759.583732][T13892] ? debug_print_object+0x1a1/0x2b0
[ 759.588961][T13892] ? __pfx_hci_devcd_timeout+0x10/0x10
[ 759.594464][T13892] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 759.600327][T13892] debug_check_no_obj_freed+0x4b7/0x600
[ 759.605925][T13892] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 759.612039][T13892] ? rcu_is_watching+0x12/0xc0
[ 759.616849][T13892] ? kmem_cache_free+0x2d1/0x4d0
[ 759.621925][T13892] kfree+0x28f/0x4d0
[ 759.625863][T13892] ? hci_release_dev+0x4d8/0x600
[ 759.630851][T13892] hci_release_dev+0x4d8/0x600
[ 759.635665][T13892] ? __pfx_hci_release_dev+0x10/0x10
[ 759.641000][T13892] ? rcu_is_watching+0x12/0xc0
[ 759.645803][T13892] ? kfree+0x24f/0x4d0
[ 759.649921][T13892] bt_host_release+0x6a/0xb0
[ 759.654552][T13892] ? __pfx_bt_host_release+0x10/0x10
[ 759.659886][T13892] device_release+0xa1/0x240
[ 759.664527][T13892] kobject_put+0x1e7/0x5a0
[ 759.669008][T13892] ? __pfx_vhci_release+0x10/0x10
[ 759.674084][T13892] put_device+0x1f/0x30
[ 759.678312][T13892] vhci_release+0x81/0xf0
[ 759.682698][T13892] __fput+0x3ff/0xb70
[ 759.686734][T13892] task_work_run+0x14d/0x240
[ 759.691372][T13892] ? __pfx_task_work_run+0x10/0x10
[ 759.696543][T13892] do_exit+0x864/0x2bd0
[ 759.700753][T13892] ? __pfx_do_exit+0x10/0x10
[ 759.705387][T13892] ? cgroup_update_frozen_flag+0x107/0x210
[ 759.711252][T13892] ? find_held_lock+0x2b/0x80
[ 759.715977][T13892] do_group_exit+0xd3/0x2a0
[ 759.720533][T13892] get_signal+0x2673/0x26d0
[ 759.725085][T13892] ? hrtimer_nanosleep+0x187/0x380
[ 759.730242][T13892] ? __pfx_get_signal+0x10/0x10
[ 759.735139][T13892] ? __pfx_hrtimer_wakeup+0x10/0x10
[ 759.740405][T13892] arch_do_signal_or_restart+0x8f/0x790
[ 759.746027][T13892] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 759.752231][T13892] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[ 759.758455][T13892] exit_to_user_mode_loop+0x84/0x110
[ 759.763811][T13892] do_syscall_64+0x3f6/0x490
[ 759.768441][T13892] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 759.774428][T13892] RIP: 0033:0x7fca085c11e5
[ 759.778891][T13892] Code: Unable to access opcode bytes at 0x7fca085c11bb.
[ 759.785945][T13892] RSP: 002b:00007fca09352f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[ 759.794399][T13892] RAX: fffffffffffffdfc RBX: 00007fca087b5fa0 RCX: 00007fca085c11e5
[ 759.802484][T13892] RDX: 00007fca09352fc0 RSI: 0000000000000000 RDI: 0000000000000000
[ 759.810502][T13892] RBP: 00007fca08610b39 R08: 0000000000000000 R09: 0000000000000000
[ 759.818557][T13892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 759.826558][T13892] R13: 0000000000000001 R14: 00007fca087b5fa0 R15: 00007ffea35bea58
[ 759.834607][T13892]
[ 759.838036][T13892] Kernel Offset: disabled
[ 759.842390][T13892] Rebooting in 86400 seconds..